Please register or login. There are 0 registered and 1037 anonymous users currently online. Current bandwidth usage: 326.30 kbit/s September 21 - 04:10pm EDT 
Hardware Analysis
Forums Product Prices

  Latest Topics 

More >>


  You Are Here: 
/ Forums / Windows XP, 2000, 98 /

 Date Written 
Jessica Perez Oct 27, 2010, 08:35am EDT Report Abuse
I was downloading music from a friend and got a Trojan. My pc ended up going to the screen where it gives the option of restarting in Safe mode, safe mode with command prompt, last known good config, or normal. I have tried all of the options and it keeps going back to the same screen. I don't have the software for my pc but was advised to use a boot disk. Will this wipe my pc? I am trying to save my pics/music. I am also not very computer savy but I'm trying to avoid having to take it to be fixed. Any suggestions will be appreciated.

Want to enjoy fewer advertisements and more features? Click here to become a Hardware Analysis registered user.
john albrich Oct 27, 2010, 09:31am EDT Report Abuse
>> Re: virus

There are a number of ways to approach this. For your consideration here is some beginning info on them. Exactly what you do depends a lot on how important, unique, and/or irreplaceable the data on your original disk are to you. The final solution may include a combination of parts of all these items.

1) If you provide detailed information on models, brands, etc. that might help people provide better responses.

These are just overviews of the various ways to approach this problem.

2) Obtain a strong and up-to-date AV/anti-malware package that you can either directly boot on your system, or install on a 2nd PC and then scan your hard drive. Note: a strong AV program MAY automatically quarantine or delete any and all files it determines have been infected. That could include operating system files and personal files you consider important. It depends on the AV program and the settings assigned by the user. The trade-off of course, is that the threat is neutralized.

3) You can uninstall your hard drive and connect it to a 2nd system*. This allows you to EASILY copy your important data/pics/music to the 2nd PC. This assumes the files aren't copy protected in some manner. It is also advisable to ensure the 2nd PC has strong and up-to-date AV/anti-malware software installed and that you scan your connected hard drive before-hand AND scan the copied files as they are being transferred to a location on the 2nd PC. This will NOT cause any damage to your hard drive or generally speaking, your files. However, a strong AV program on the 2nd computer MAY automatically quarantine or delete any and all files it determines have been infected. That could include operating system files and personal files you consider important. It depends on the AV program and the settings assigned by the user.

4) You MAY have what's called a recovery partition on your existing hard drive. Manufacturers often do this when they don't supply installation or recovery CDs. This would allow you to rebuild your operating system from scratch once the malware is removed (however, the malware could be smart enough to infect the recovery partition, too. But it's worth looking for this 2nd partition on your hard drive. Can you get any manuals for your computer from the source or from the web? They could provide more info on this possibility.

5) You can download and use a "live" Linux distro like Ubuntu or Knoppix, obtain and install some storage medium (like another hard drive) in your computer, boot under the Linux distro and copy your data files to the drive you installed. Then you can remove that drive, connect it to a second system (again, robust AV), scan it separately from the 2nd system to make sure none of your personal files have been infected. Meanwhile, you check out your original system disk as mentioned above. Reinstall the OS from the recovery partition if possible, etc.

6) Obtain a new hard drive, an OS, robust AV software and with your current drive removed from the system, configure a new functional system using the new components. Once you have that going, connect your infected drive and run thorough AV/anti-malware scans on it. Then move your important data to the "new" system. Format and use your original disk as more storage or as backup storage.

*There are several ways you can connect your hard drive to a 2nd PC. Via internal connectors like any internal drive would be connected (using any necessary mechanical and/or interface adapter(s)). Using an USB2IDE+SATA adapter (about US$20 these days) which allows you to connect your hard drive to the 2nd system via a USB connector. Via eSATA if available. etc.

Sofia Brown Dec 27, 2010, 09:23am EST Report Abuse
>> Re: virus
1. Reboot your computer.
2. Launch an antivirus program that you should have installed on your computer, such as Symantec's Norton, Kaspersky or McAfee. Wait for the program's window to appear, then go to "Disk View." Highlight your computer, then select "Scan/Repair" so that the antivirus can detect the Trojan and trash it.
3. Exit the antivirus program on your Mac. Restart your computer again to ensure that the Trojan has been deleted. Empty the trash can on your computer once it is back up and running.
4. Disable the System Restore feature if you're a Windows user. Go to "Start" at the bottom of your screen, then right-click the "My Computer" icon to go to "Properties." Check "Turn off System Restore" under the System Restore tab in the "Properties" window, then select "Apply." Confirm that you want to disable System Restore by clicking "Yes" and "OK."
5. Update your virus definitions in your antivirus program. Open the program, or go to the website, to download the latest definitions so that you can receive the most recent alerts and keep your computer protected.
6. Scan your files to detect the Trojan file. Follow the instructions in your antivirus program to delete any suspicious files. You may want to write down the path and file name of the Trojan, which is usually found in the "C:\" hard drive. Then, edit your computer's backup registry by choosing "Start," then "Run." Type "regedit" in the window that appears and click "OK."
7. Search for the registry entry from which the Trojan derived, which may begin with "HKEY" followed by the file path. Delete the registry entry to ensure that the Trojan is removed. Exit the registry entry, and restart your computer so that the changes can take effect.

James Dean Aug 10, 2011, 08:58am EDT Report Abuse
>> Re: virus
You MUST disable your System Restore before attempting any removal! After successful removal, you can re-enable System Restore. Here is how to turn off System Restore:

For Windows XP

Log on as Administrator.
Right-click the My Computer icon on the desktop and click Properties.
Click the System Restore tab.
Select Turn off System Restore.
Click Apply > Yes > OK.
Continue with the scan/clean process. Files under the _Restore folder can now be deleted.
Re-enable System Restore by clearing Turn off System Restore.

Make absolutely sure you have the latest "paid for" versions of removal tools such as Ad-aware and Spybot Search & Destroy. Reboot your system in "safe mode".

In "safe mode", run Ad-aware, and if still needed, Spybot. If you have the "paid for" versions of these products, make sure you install the "add-ons" they have. For example, Ad-Aware has a special add-on to help remove a very nasty Trojan named VX2 (or Transponder).

Reboot your system in normal mode and rerun Ad-Aware and Spybot. Hopefully you will get a clean report...

Once your get a clean report, use the same System Restore procedure as above, but this time turn System Restore back on.



  Topic Tools 
RSS UpdatesRSS Updates

  Related Articles 

A weekly newsletter featuring an editorial and a roundup of the latest articles, news and other interesting topics.

Please enter your email address below and click Subscribe.