Purely for your amusement, burn this CD on another computer. This
is a virus scanner that runs outside Windows, and it doesn't care of
you even *have* a registry.
http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/
23 Jun 2009 10:05:01 119,701,504 bytes kav_rescue_2008.iso
That is an ISO9660 file. Use a program that knows how to convert an
ISO into a bootable CD. (You don't just "copy" the file to the CD,
the burner program has to know how to parse the ISO.) I use Nero
for that, but there are also free burner programs that can do it.
Wikipedia has a list of free burner programs.
When you boot the infected PC with that CD, the OS on the CD uses
DHCP for networking. For example, my ADSL modem and router have DHCP
capability, automatically giving an IP address, DNS addresses and the
like, to a connected computer. Your networking setup must support
automatic connection to the Internet, so that the program can get its
virus updates. You can see from the date of the CD, that the CD is not
updated daily. The very first step the program carries out, is contacting
Kaspersky to get updates. If it cannot set up the network interface
on the computer, that step may fail. And that would reduce your fun
measurably. (Without updates, it may miss stuff.)
The AV scanner interface has "drive letters". They might show C:, D:,
and so on. Those are *not* the drive letters you would normally be
using on the PC. They're a simple enumeration alphabetically of the
visible partitions. The program can access FAT32 or NTFS partitions,
so that isn't a problem. For example, on one machine I scanned here,
my Windows C: drive was "F:" in the program interface. You can open
a terminal window in that environment, and cd to the disk in question
and use "ls" to list the contents at the top level. That is how
I figured out the partition label scheme.
Depending on the amount of data on the computer, you have the option
of ticking all the partition boxes, so every partition gets scanned.
That eliminates the need to figure out the lettering.
The program will pop up a window when a virus is detected. For example,
I placed a copy of EICAR on the C: drive, and the program found it. I
didn't test though, what happens to quarantined files. Some AV scanners
of this type, move the file to system memory, and you can lose all the
quarantine files when the computer is rebooted. For a first scan,
it may suffice to simply take note of the malware it detects by name.
Or perhaps to store a copy of the virus report on a floppy.
The program gives itself write access to all partitions. It will even
use the pagefile, as swap for Linux (so make sure you properly shut
down WinXP before running it - don't hibernate WinXP and run the scan).
If you know a bit of Linux, you could also attempt other things while
in there. But for the moment, I recommend this tool just for a quick
evaluation. As the other poster "C" suggests, there may be enough malware
on there, to just reinstall Windows. It all depends on how much time you
have to spend, and whether you can find a good malware buster private web
forum, to go through the necessary steps for cleanup.
I think there may be a BitDefender CD, that works along the same lines.
Good luck,
Paul
