Running a second copy of XP on the same box to avoid a virus on the first copy

M

mm

Running a second copy of XP on the same box to avoid a virus on the
first copy?

A while back we had a short exchange about running a second copy of
the same OS, like XP home, in a second partition on the same
harddrive, and one person said he did that.

Now my friend has, it seems, a series of viruses, and her ability to
run windows-based anti-virus programs seems very much thwarted.
Several including Superantispyware and Malbyteware won't install or
won't run.

What if I create a second partition, install XP Home in it (in this
case from the Dell Reinstallation CD that came with the computer),
install SP3, and then install those AV programs and run them?

Would this work? Would the viruses in the first partition spread to
the new one, even if I never read or wrote to the first partition
except to run the AV.

Any other problems?


Right now she can run windows but it is very slow, and somethings
won't run. She has only one drive. Either it has plenty of empty
space, or I could lend her one of my old drives. I want to help her
and I figure everything I learn working on her computer will help my
other friends or me someday.

Thanks a lot.
 
P

Pegasus [MVP]

mm said:
Running a second copy of XP on the same box to avoid a virus on the
first copy?

A while back we had a short exchange about running a second copy of
the same OS, like XP home, in a second partition on the same
harddrive, and one person said he did that.

Now my friend has, it seems, a series of viruses, and her ability to
run windows-based anti-virus programs seems very much thwarted.
Several including Superantispyware and Malbyteware won't install or
won't run.

What if I create a second partition, install XP Home in it (in this
case from the Dell Reinstallation CD that came with the computer),
install SP3, and then install those AV programs and run them?

Would this work? Would the viruses in the first partition spread to
the new one, even if I never read or wrote to the first partition
except to run the AV.

Any other problems?


Right now she can run windows but it is very slow, and somethings
won't run. She has only one drive. Either it has plenty of empty
space, or I could lend her one of my old drives. I want to help her
and I figure everything I learn working on her computer will help my
other friends or me someday.

Thanks a lot.

Since you have some spare disks the safest method would go like this:
1. Disconnect her existing disk.
2. Connect your disk.
3. Install Windows and a virus scanner.
4. Connect here disk as a slave disk.
5. Scan her disk.

Note, however, that virus scanners are good at *preventing* infection. They
can only do a moderate job at *cleaning* infections. It all depends on the
damage that the virus did. After going through the above steps, her machine
might still be crippled. If it was my own machine then I would do a clean
installation. Much less hassle and a guaranteed outcome.
 
D

Daave

mm said:
Running a second copy of XP on the same box to avoid a virus on the
first copy?

A while back we had a short exchange about running a second copy of
the same OS, like XP home, in a second partition on the same
harddrive, and one person said he did that.

Now my friend has, it seems, a series of viruses, and her ability to
run windows-based anti-virus programs seems very much thwarted.
Several including Superantispyware and Malbyteware won't install or
won't run.

What if I create a second partition, install XP Home in it (in this
case from the Dell Reinstallation CD that came with the computer),
install SP3, and then install those AV programs and run them?

Would this work? Would the viruses in the first partition spread to
the new one, even if I never read or wrote to the first partition
except to run the AV.

Any other problems?


Right now she can run windows but it is very slow, and somethings
won't run. She has only one drive. Either it has plenty of empty
space, or I could lend her one of my old drives. I want to help her
and I figure everything I learn working on her computer will help my
other friends or me someday.

Thanks a lot.

I agree with Pegasus.

Some malware is easier to get rid of than others. And some malware can
be so entrenched that a Clean Install is the quickest way to get back to
a working PC.

Perhaps if you told us the name of this infection, we could have a
better idea which method you would be wisest to use.

Installing another instance of XP on the hard drive is not necessary if
you can slave the hard drive to a working machine and use the good PC to
scan it (it would definitely be quicker!). Or you could use one of these
devices:

http://www.newegg.com/Product/Produ...ers+and+gender+changers-_-Apricorn-_-12161002

http://www.newegg.com/Product/Product.aspx?Item=N82E16812232002
 
J

Jose

Running a second copy of XP on the same box to avoid a virus on the
first copy?

A while back we had a short exchange about running a second copy of
the same OS, like XP home, in a second partition on the same
harddrive, and one person said he did that.

Now my friend has, it seems, a series of viruses, and her ability to
run windows-based anti-virus programs seems very much thwarted.
Several including Superantispyware and Malbyteware won't install or
won't run.

What if I create a second partition, install XP Home in it (in this
case from the Dell Reinstallation CD that came with the computer),
install SP3, and then install those AV programs and run them?

Would this work?  Would the viruses in the first partition spread to
the new one, even if I never read or wrote to the first partition
except to run the AV.

Any other problems?

Right now she can run windows but it is very slow, and somethings
won't run.  She has only one drive.  Either it has  plenty of empty
space, or I could lend her one of my old drives.  I want to help her
and I figure everything I learn working on her computer will help my
other friends or me someday.

Thanks a lot.

Which is it with MBAM and SAS - won't install or won't run?

Some malware knows what the installation programs and executables of
MBAM and SAS look like by their file names and will not let them
launch, so you sometimes have to outsmart them. The malware is afraid
of MBAM and SAS.

The solution (if you got it downloaded) it to rename the installation
file and/or the executable to something the malware will not recognize
- like jose.exe, then it will launch.

MBAM does not recommend running in Safe Mode, I don't know why it is
ever even suggested (oh yeah - it is always preceded with the word
"try").

Here is info from the Malwarebytes CEO:

MBAM loses some effectiveness for detection & removal when used in
safe mode because the program includes a special driver which does not
work in safe mode. Further, scanning in safe mode prevents some types
of malware from running so it may be missed during the detection
process. Additionally, there are various types of malware infections
which target the safeboot keyset so booting into safe mode is not
always possible. For optimal removal, normal mode is recommended so
it
does not limit the abilities of MBAM.

Scanning in Normal Mode, that is the best for detection rates.
--------------------
Marcin Kleczynski
Malwarebytes President and CEO

Installing a second copy of Windows is not a solution, since you have
not fixed the problem.
 
8

8os.8

AVG now has a Rescue CD that's free. They also have a free USB
download that should work on newer systems that can boot from a
USB device.

unless the rescue disks have method to access latest definitoins, that usb version
looks most practical. be nice id the avira cd could instal to (bootable) usb.

http://www.raymond.cc/blog/archives/2010/08/09/run-kaspersky-rescue-disk-10-from-
usb-flash-drive/

ther are multi-tool rescue cds
ubcd
ubcd4win

i don' think most linux-based cds are as oriented toward cleaning infections.
this one has 5 scans:
http://trinityhome.org/Home/index.php?content=2.1_VIRUSSCAN&front_id=12&
i don't know myself, since i've never dealt with any infections (knock on ABS)
 
B

BillW50

In Daave typed on Sun, 12 Sep 2010 10:55:50 -0400:
[.]
Some malware is easier to get rid of than others. And some malware can
be so entrenched that a Clean Install is the quickest way to get back
to a working PC.

Actually restoring from a backup is far faster. ;-)
 
G

Guest

BillW50 said:
In Daave typed on Sun, 12 Sep 2010 10:55:50 -0400:
[.]
Some malware is easier to get rid of than others. And some malware can
be so entrenched that a Clean Install is the quickest way to get back
to a working PC.

Actually restoring from a backup is far faster. ;-)

Not a solution but good as a sandbox to open the suspicious package
you just downloaded: Virtual PC.

Run it as many times as you want after selecting the option to undo
disks. If/when you encounter a nasty, just throw away the disk changes
and you're back to where you started.
 
M

mm

Running a second copy of XP on the same box to avoid a virus on the
first copy?

A while back we had a short exchange about running a second copy of
the same OS, like XP home, in a second partition on the same
harddrive, and one person said he did that.

Now my friend has, it seems, a series of viruses, and her ability to
run windows-based anti-virus programs seems very much thwarted.
Several including Superantispyware and Malbyteware won't install or
won't run.

What if I create a second partition, install XP Home in it (in this
case from the Dell Reinstallation CD that came with the computer),
install SP3, and then install those AV programs and run them?

Would this work? Would the viruses in the first partition spread to
the new one, even if I never read or wrote to the first partition
except to run the AV.

Thank you all for all your helpful suggestions, I've saved all of
them, and will use some or all to fix her computer, and maybe others
in the future. And I really am grateful for the time it took you to
type and for sharing your knowledge with me. Thank you Pegasus, Elmo,
8os, Daave, Bill, Harry, Jose, and Jo-Anne.

But... I'm still interested, for more than one reason, in my first
question which no one addressed.

If I make another partition and install in it the reinstall version of
windows in her Dell, are the viruses likely to make it from the old
partition to the new one????


And now another 2 questions. She can't find her Dell Reinstallation
CD for XP Home. I don't have one. She could buy one or....
A) Can I use my retail copy of XP Home and when it comes to putting
in the Product Key, use the one on the sticker on her computer?
B) Her computer came with XPSP2, but my Retail copy is SP0, so to
speak. I can install that, using her product key, and then SP3,
right?


Thanks a lot.
 
M

mm

Which is it with MBAM and SAS - won't install or won't run?

I asked her again and they just won't run.
Some malware knows what the installation programs and executables of
MBAM and SAS look like by their file names and will not let them
launch, so you sometimes have to outsmart them. The malware is afraid
of MBAM and SAS.
Heh-heh-heh.

The solution (if you got it downloaded) it to rename the installation
file and/or the executable to something the malware will not recognize
- like jose.exe, then it will launch.

Okay. I think I'll call it jose.exe, after you.
MBAM does not recommend running in Safe Mode, I don't know why it is
ever even suggested (oh yeah - it is always preceded with the word
"try").

Here is info from the Malwarebytes CEO:

MBAM loses some effectiveness for detection & removal when used in
safe mode because the program includes a special driver which does not
work in safe mode. Further, scanning in safe mode prevents some types
of malware from running so it may be missed during the detection
process. Additionally, there are various types of malware infections
which target the safeboot keyset so booting into safe mode is not
always possible. For optimal removal, normal mode is recommended so
it does not limit the abilities of MBAM.

Those sound like 3 good reasons. Very good to know.
Scanning in Normal Mode, that is the best for detection rates.
--------------------
Marcin Kleczynski
Malwarebytes President and CEO

Installing a second copy of Windows is not a solution, since you have
not fixed the problem.

I didn't want to use the second copy as if it were the original, only
to fix the first partition, for example in this case to scan for
viruses in the first partition, to get that working again.

Also in the past, I would run backups of OS-1 when I was in OS-2**,
and vice versa, because iirc, some files couldn't even be copied when
they were in use, but could be when I was in another OS.

**I mean the second OS, not OS2. :)

Thanks a lot.
 
P

Paul

mm said:
BitDefender and Panda definitely have that. I think each displays a
message and you have to wait while they get the latest defs.
Kaspersky might also. I've already forgotten. Panda or Kaspersky
might have taken a half hour to do this, because the date on the .iso
file on the webpage was last January. Maybe that's why my friend
thought Panda CD wasn't doing anything.

The latest KAV I have a link to, is here.

http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk10/

The advantage of using that one, is less of a download during
the fetch of the definitions. But the disadvantage, is one
of the boot time options is missing. When I use the older
version, I use "rescue docache" as the boot option, and that
loads the CD into RAM. Then, I can unmount the CD and remove
it from the drive, for the 2+ hours it takes to scan my small
C: partition. The newer CD, I still haven't figured out how
to get to a boot option (short of re-mastering the CD). The
previous CD was crude enough, you can do stuff with it.

Paul
 
M

mm


Hmmm. That's very different from mine which is only 121 Meg, instead
of 202 meg. Yes, this might have been the one that was 8 months old.
I think I burned it already and gave it to a friend with a virus, but
I'll dl this one anyhow.
The advantage of using that one, is less of a download during
the fetch of the definitions. But the disadvantage, is one
of the boot time options is missing. When I use the older
version, I use "rescue docache" as the boot option, and that

I don't remember that. Maybe mine is too new to have this but too old
to be recent.
loads the CD into RAM. Then, I can unmount the CD and remove
it from the drive, for the 2+ hours it takes to scan my small

But if this is a boot cd, what else can you do with the CD drive when
you remove the CD?
 
P

Paul

mm said:
But if this is a boot cd, what else can you do with the CD drive when
you remove the CD?

In general, I don't like listening to that CD sitting there spinning
for 2+ hours. Neither is it good for the drive. I prefer loading
the file system into RAM, as then the computer can be
silent again. Many versions of Knoppix support "toram" as an option,
and as I have 2GB installed, and it only takes 700MB for a Knoppix
CD, there is room for me to do that. I guess I've been
spoiled by the Knoppix experience.

In the case of the KAV CD, the impact on RAM is smaller, as the
CD contents are smaller.

And no, there isn't much software on the older KAV CD, so you can't
play around while the scan is running. I think the newest CD,
may have a web browser, which to me, is a welcome addition
while you're sitting there waiting for the scan to finish.
It's just, I'd like to have a "docache" or "toram" option there,
so I don't have to listen to the CD drive all the time.

Paul
 
M

mm

In general, I don't like listening to that CD sitting there spinning
for 2+ hours. Neither is it good for the drive. I prefer loading
the file system into RAM, as then the computer can be
silent again. Many versions of Knoppix support "toram" as an option,
and as I have 2GB installed, and it only takes 700MB for a Knoppix
CD, there is room for me to do that. I guess I've been
spoiled by the Knoppix experience.

In the case of the KAV CD, the impact on RAM is smaller, as the
CD contents are smaller.

And no, there isn't much software on the older KAV CD, so you can't
play around while the scan is running. I think the newest CD,
may have a web browser, which to me, is a welcome addition
while you're sitting there waiting for the scan to finish.
It's just, I'd like to have a "docache" or "toram" option there,
so I don't have to listen to the CD drive all the time.

Paul

Thanks. I'll pay attention to what it/they offer.
 
D

Daave

mm said:
Thank you all for all your helpful suggestions, I've saved all of
them, and will use some or all to fix her computer, and maybe others
in the future. And I really am grateful for the time it took you to
type and for sharing your knowledge with me. Thank you Pegasus, Elmo,
8os, Daave, Bill, Harry, Jose, and Jo-Anne.

But... I'm still interested, for more than one reason, in my first
question which no one addressed.

If I make another partition and install in it the reinstall version of
windows in her Dell, are the viruses likely to make it from the old
partition to the new one????

I doubt it.

But it's fairly time-consuming to parallel-install an OS. If you're
going to do that, you might as well perform a Clean Install.

Also, in an earlier post, I told you that if you were considering a
parallel install, you would be better served to instead scan the drive
with a working PC's anti-malware programs. Then again, depending on the
malware (and I'm pretty sure you never identified it), it might wind up
being a waste of time (and therefore the parallel install would be,
too!). Some malware is just too tricky to get fully rid of.
And now another 2 questions. She can't find her Dell Reinstallation
CD for XP Home. I don't have one. She could buy one or....
A) Can I use my retail copy of XP Home and when it comes to putting
in the Product Key, use the one on the sticker on her computer?

No, won't work. Only OEM keys will work with OEM installation media.
B) Her computer came with XPSP2, but my Retail copy is SP0, so to
speak. I can install that, using her product key, and then SP3,
right?

Again, no.

Dell-branded XP installation CDs are very ubiquitous. Chances are either
you or she knows someone who has one.

You could find a cheap CD on Ebay:

http://shop.ebay.com/i.html?rt=nc&LH_BIN=1&_nkw=dell+xp+reinstallation+cd&_trksid=p3286.c0.m301

There are sellers with high ratings. If the price is low enough, the
risk is very low.

Or you could use the hidden recovery partition on the hard drive (if it
exists).
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top