Virus infection on a T60 ==> how best to reinstall WindowsXP? Can I safely still use the special Windows installation partition?
in [Windows Viruses]
|
From: ship on 20 Jan 2010 05:49 On Jan 20, 6:58 am, "PA Bear [MS MVP]" <PABear...(a)gmail.com> wrote: > HOW TO do a clean install of WinXP: Seehttp://michaelstevenstech.com/cleanxpinstall.html#stepsand/or Method 1 inhttp://support.microsoft.com/kb/978307 > > After the clean install, you'll have the equivalent of a "new computer" so > take care of everything on the following page before otherwise connecting > the machine to the internet or a network and before using a flash drive or > SDCard that isn't brand-new or hasn't been freshly formatted: > > 4 steps to help protect your new computer before you go online > http://www.microsoft.com/security/pypc.aspx > > Other helpful references include: > > HOW TO get a computer running WinXP Gold (no Service Packs) fully patched > (after a clean install)http://groups.google.com/group/microsoft.public.windowsupdate/msg/3f5... > > HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a > clean install)http://groups.google.com/group/microsoft.public.windowsxp.general/msg... > > Tip: After getting the computer fully-patched, download/install KB971029 > manually:http://support.microsoft.com/kb/971029 > > NB: Any Norton or McAfee free-trial that came preinstalled on the computer > when you bought it will be reinstalled (but invalid) when Windows is > reinstalled. You MUST uninstall the free-trial and download/run the > appropriate removal tool before installing any updates, Windows Service > Packs or IE upgrades and before installing your new anti-virus application > (which will require WinXP SP3 to be installed). > > Norton Removal Tool > ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_... > > McAfee Consumer Products Removal Tool > http://download.mcafee.com/products/licensed/cust_support_patches/MCP... > > Also see: > > Steps To Help Prevent Spywarehttp://www.microsoft.com/security/spyware/prevent.aspx > > Steps to Help Prevent Computer Wormshttp://www.microsoft.com/security/worms/prevent.aspx > > Avoid Rogue Security Software!http://www.microsoft.com/security/antivirus/rogue.aspx > -- > ~Robear Dyer (PA Bear) > MS MVP-IE, Mail, Security, Windows Client - since 2002www.banthecheck.com > > > > ship wrote: > > Hi > > > My T60 (WindowsXP Pro) has been infected with several viruses. > > > Is it safe to re-install from the WindowsXP partition? > > > Or should I kill absolutely everything on the disk (eg. by running > > KillDisk off a CD)? > > > And if I do the latter, how on earth to I register it with Microsoft > > because the laptop did not come with any CDs. > > (I can borrow a Windows XP Pro CD from work - but I presume that there > > will be problems with the Product Key and License number etc) > > > Any thoughts? > > > With thanks > > > Ship- Hide quoted text - > > - Show quoted text - All helpful suggestions, but nobody seems to have answered my central questions: A). Do I need to delete the special WindowXP installation partition? i.e. is it theoretically possible for a virus to get into it? And B). How am I supposed to reinstall WindowsXP correctly without it? With thanks Ship Shiperton Henethe
From: PA Bear [MS MVP] on 20 Jan 2010 13:18 ship wrote: >> HOW TO do a clean install of WinXP: >> Seehttp://michaelstevenstech.com/cleanxpinstall.html#stepsand/or Method 1 >> inhttp://support.microsoft.com/kb/978307 >> >> After the clean install, you'll have the equivalent of a "new computer" >> so >> take care of everything on the following page before otherwise connecting >> the machine to the internet or a network and before using a flash drive >> or >> SDCard that isn't brand-new or hasn't been freshly formatted: >> >> 4 steps to help protect your new computer before you go online >> http://www.microsoft.com/security/pypc.aspx >> >> Other helpful references include: >> >> HOW TO get a computer running WinXP Gold (no Service Packs) fully patched >> (after a clean >> install)http://groups.google.com/group/microsoft.public.windowsupdate/msg/3f5... >> >> HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a >> clean >> install)http://groups.google.com/group/microsoft.public.windowsxp.general/msg... >> >> Tip: After getting the computer fully-patched, download/install KB971029 >> manually:http://support.microsoft.com/kb/971029 >> >> NB: Any Norton or McAfee free-trial that came preinstalled on the >> computer >> when you bought it will be reinstalled (but invalid) when Windows is >> reinstalled. You MUST uninstall the free-trial and download/run the >> appropriate removal tool before installing any updates, Windows Service >> Packs or IE upgrades and before installing your new anti-virus >> application >> (which will require WinXP SP3 to be installed). >> >> Norton Removal Tool >> ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_... >> >> McAfee Consumer Products Removal Tool >> http://download.mcafee.com/products/licensed/cust_support_patches/MCP... >> >> Also see: >> >> Steps To Help Prevent >> Spywarehttp://www.microsoft.com/security/spyware/prevent.aspx >> >> Steps to Help Prevent Computer >> Wormshttp://www.microsoft.com/security/worms/prevent.aspx >> >> Avoid Rogue Security >> Software!http://www.microsoft.com/security/antivirus/rogue.aspx -- >> ~Robear Dyer (PA Bear) >> MS MVP-IE, Mail, Security, Windows Client - since 2002www.banthecheck.com >> >> >> >> ship wrote: >>> Hi >> >>> My T60 (WindowsXP Pro) has been infected with several viruses. >> >>> Is it safe to re-install from the WindowsXP partition? >> >>> Or should I kill absolutely everything on the disk (eg. by running >>> KillDisk off a CD)? >> >>> And if I do the latter, how on earth to I register it with Microsoft >>> because the laptop did not come with any CDs. >>> (I can borrow a Windows XP Pro CD from work - but I presume that there >>> will be problems with the Product Key and License number etc) >> > > All helpful suggestions, but nobody seems to have answered my central > questions: > A). Do I need to delete the special WindowXP installation partition? > i.e. is it theoretically possible for a virus to get into it? Assuming you're referring to the hidden Recovery partition: No & it's a very, very remote possibility
From: ship on 20 Jan 2010 15:46 Well I spoke to Lenovo and they want to sting me for GBP 40.00 for an installation disk. I refuse point blank to do this partly as a matter of principle and partly because it will proably take a while for the CD to arrive by post. I have dug out the number from Control Panel > System > General Tab which looks like this 99999-OEM-9999999-99999 (except with actual numbers instead of "9"s) I also spoke to Microsoft who were extremely insistant that using a different CD would definitely fail to work (I suspect that they are probably fibbing). Apparently I will to give them an "Installation ID" (9 groups of 6 digits), and they will then need to give me a "Confirmation ID" I've not followed any of the links above yet - will they be able to generate a "Product Key" or "Confirmation ID" ? I am slightly hazy about what all these "IDs" and "Keys" are and where and when they are required by WindowsXP. The spare CD I have comes from my old PC. It is definitely a genuine Windows XP Professional CD, and I have the product key for *it* (but I presume that it wont work...) Wait a minute - *yes* on the back of the Lenovo Laptop is indeed a "product key", and with 5 groups of 5 characters. Looks promising :) Is there anything else that I need to do ? i.e. do I still need the likes of http://magicaljellybean.com/keyfinder/ or do I now have the information that I need? * * * But as some of you imply, MAYBE there is not need to format the Windows installation parition. But just how hard can it be for a virus to write to a hidden partition? NOT hard I would imagine. If I was writing a virus that is exactly the sort of thing I would get it to do to ensure that it survived a re-formatting of the C: drive... but what do I know? Ship (OP)
From: David H. Lipman on 20 Jan 2010 15:50 From: "ship" <shiphen(a)gmail.com> < snip > | But as some of you imply, MAYBE there is not need to format the | Windows installation parition. | But just how hard can it be for a virus to write to a hidden | partition? NOT hard I would imagine. | If I was writing a virus that is exactly the sort of thing I would get | it to do to ensure that it | survived a re-formatting of the C: drive... but what do I know? | Ship (OP) There 'ya go again saying "virus" and you still haven't provided that information. So I now repeat... What "viruses" (assuming they were viruses and not plain old trojans) were they ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: ship on 20 Jan 2010 18:47
On Jan 20, 8:50 pm, "David H. Lipman" <DLipman~nosp...(a)Verizon.Net> wrote: > From: "ship" <ship...(a)gmail.com> > > < snip > > > | But as some of you imply, MAYBE there is not need to format the > | Windows installation parition. > | But just how hard can it be for a virus to write to a hidden > | partition? NOT hard I would imagine. > | If I was writing a virus that is exactly the sort of thing I would get > | it to do to ensure that it > | survived a re-formatting of the C: drive... but what do I know? > > | Ship (OP) > > There 'ya go again saying "virus" and you still haven't provided that information. > > So I now repeat... > What "viruses" (assuming they were viruses and not plain old trojans) were they ? > > -- > Davehttp://www.claymania.com/removal-trojan-adware.html > Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp Well here is a selection of what was reported - but the came so thick and fast I didnt take note of them all: AVAST: Win32:Tibs-AFH [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel.msg Win32:Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\The Kiss.msg Win32:Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\The Kiss.msg Win32:Tibs-AGA [Wrm] C:\documents and settings\XXXX\local settings \temp\X1Server\Forever in Love.msg Win32:Tibs-AIE [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\I Would Give you Anything.msg Win32:Tibs-AFH [Trj] MSE: Nuwar.N(a)mm!CME-711 C:\DOCUME~1\ALECST~1\LOCALS~1\Temp\_avast4_ \unp28372.tmp Trojan: Win32/Vxidl.gen!B File:C:\DOCUME~1\ALECST~1\LOCALS~1\Temp \_avast4_\unp69768409.tmp Trojan: Win32/Vxidl.gen!dam File:C:\DOCUME~1\ALECST~1\LOCALS~1\Temp \_avast4_\unp142407802.tmp Win32:Small-JBK [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\Sadam Hussein safe and sound!.msg Win32:Tibs-AFA [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\Happy World Religion Day!.msg Win32:Tibs-AFP [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\I Love Thee.msg Win32:Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\The Kiss.msg Win32:Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\Unmatchable Beauty.msg Win32:Tibs-AGA [Wrm] C:\documents and settings\XXXX\local settings \temp\X1Server\Forever in Love.msg MSE: Backdoor:Win32/Ryknos.BC (Alert level: *Severe") AVAST: Win32:Small-JBK [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\Sadam Hussein safe and sound!.msg Win32:Tibs-AFA [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\Happy World Religion Day!.msg Win32:Tibs-AFP [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\I Love Thee.msg MSE: Backdoor:Win32/Ryknos.BC (Alert level: *Severe") file:C:\Documents and Settings\XXXX\Local Settings\Temp\ARC70F.tmp Worm:Win32/Mtob.NP(a)mm (Alert level: *Severe") file:C:\Documents and Settings\XXXX\Local Settings\Temp\ARC1405.tmp Description: This program is dangerous and self-propagates over a network connection. Backdoor:Win32/Ryknos.BC [AGAIN] (Alert level: *Severe") file:C: \Documents and Settings\XXXX\Local Settings\Temp\ARC1B59.tmp Worm:Win32/Mtob.NP(a)mm file:C:\Documents and Settings\XXXX\Local Settings\Temp\ARC285D.tmp Does that help? Ship |