Virus infection on a T60 ==> how best to reinstall WindowsXP?Can I safely still use the special Windows installation partition?
in [Setup and Deployment]
|
Prev: Virus infection on a T60 ==> how best to reinstall WindowsXP?Can I safely still use the special Windows installation partition?
Next: Virus infection on a T60 ==> how best to reinstall WindowsXP? Can I safely still use the special Windows installation partition?
From: MEB on 20 Jan 2010 10:28 On 01/20/2010 05:49 AM, ship wrote: > On Jan 20, 6:58 am, "PA Bear [MS MVP]" <PABear...(a)gmail.com> wrote: >> HOW TO do a clean install of WinXP: Seehttp://michaelstevenstech.com/cleanxpinstall.html#stepsand/or Method 1 inhttp://support.microsoft.com/kb/978307 >> >> After the clean install, you'll have the equivalent of a "new computer" so >> take care of everything on the following page before otherwise connecting >> the machine to the internet or a network and before using a flash drive or >> SDCard that isn't brand-new or hasn't been freshly formatted: >> >> 4 steps to help protect your new computer before you go online >> http://www.microsoft.com/security/pypc.aspx >> >> Other helpful references include: >> >> HOW TO get a computer running WinXP Gold (no Service Packs) fully patched >> (after a clean install)http://groups.google.com/group/microsoft.public.windowsupdate/msg/3f5... >> >> HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a >> clean install)http://groups.google.com/group/microsoft.public.windowsxp.general/msg... >> >> Tip: After getting the computer fully-patched, download/install KB971029 >> manually:http://support.microsoft.com/kb/971029 >> >> NB: Any Norton or McAfee free-trial that came preinstalled on the computer >> when you bought it will be reinstalled (but invalid) when Windows is >> reinstalled. You MUST uninstall the free-trial and download/run the >> appropriate removal tool before installing any updates, Windows Service >> Packs or IE upgrades and before installing your new anti-virus application >> (which will require WinXP SP3 to be installed). >> >> Norton Removal Tool >> ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_... >> >> McAfee Consumer Products Removal Tool >> http://download.mcafee.com/products/licensed/cust_support_patches/MCP... >> >> Also see: >> >> Steps To Help Prevent Spywarehttp://www.microsoft.com/security/spyware/prevent.aspx >> >> Steps to Help Prevent Computer Wormshttp://www.microsoft.com/security/worms/prevent.aspx >> >> Avoid Rogue Security Software!http://www.microsoft.com/security/antivirus/rogue.aspx >> -- >> ~Robear Dyer (PA Bear) >> MS MVP-IE, Mail, Security, Windows Client - since 2002www.banthecheck.com >> >> >> >> ship wrote: >>> Hi >> >>> My T60 (WindowsXP Pro) has been infected with several viruses. >> >>> Is it safe to re-install from the WindowsXP partition? >> >>> Or should I kill absolutely everything on the disk (eg. by running >>> KillDisk off a CD)? >> >>> And if I do the latter, how on earth to I register it with Microsoft >>> because the laptop did not come with any CDs. >>> (I can borrow a Windows XP Pro CD from work - but I presume that there >>> will be problems with the Product Key and License number etc) >> >>> Any thoughts? >> >>> With thanks >> >>> Ship- Hide quoted text - >> >> - Show quoted text - > > All helpful suggestions, but nobody seems to have answered my central > questions: > A). Do I need to delete the special WindowXP installation partition? > i.e. is it theoretically possible for a virus to get into it? And > > B). How am I supposed to reinstall WindowsXP correctly without it? > > With thanks > > > Ship > Shiperton Henethe Theoretically? Yes, anything is possible as it is just another partition on your disk regardless of "hiding" or otherwise. Same holds true for the Restore Point saves/partition or even encrypted devices, e.g., anything writable. Has it been? Ahhhh..... As for what you can do now: not much [qualified, see below ORs] except use it as you apparently "failed" to do what you were *supposed* to do when you obtained the new computer; burn your one legal copy [most computers come pre-configured to bug you at least once when first started to burn a backup copy], or the ability to backup/image the entire disk at some point which can be done at anytime by anyone [e.g., not by the original purchaser]. OR, You might be able to contact the manufacturer and plead your issue attempting to obtain an OEM installation disk and/or manufacturer setup disk(s) [like the old days of retail purchased systems]. OR, Using a Live/bootable CD/DVD, either Linux or one of the PE style troubleshooting, you can attempt to scan and potentially clean the installation partition from there. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___---
From: Elmo on 20 Jan 2010 22:28 ship wrote: > Well I spoke to Lenovo and they want to sting me for GBP 40.00 for an > installation disk. > I refuse point blank to do this partly as a matter of principle and > partly because it will > proably take a while for the CD to arrive by post. > > I have dug out the number from Control Panel > System > General Tab > which looks like this > > 99999-OEM-9999999-99999 > > (except with actual numbers instead of "9"s) > > I also spoke to Microsoft who were extremely insistent that using a > different CD would > definitely fail to work (I suspect that they are probably fibbing). > > Apparently I will to give them an "Installation ID" (9 groups of 6 > digits), and they will then need to give me > a "Confirmation ID" > > I've not followed any of the links above yet - will they be able to > generate a "Product Key" or > "Confirmation ID" ? > > I am slightly hazy about what all these "IDs" and "Keys" are and where > and when they are > required by Windows XP. The spare CD I have comes from my old PC. It > is definitely a > genuine Windows XP Professional CD, and I have the product key for > *it* (but I presume > that it wont work...) Wait a minute - *yes* on the back of the Lenovo > Laptop is indeed > a "product key", and with 5 groups of 5 characters. Looks promising :) > > Is there anything else that I need to do ? > > i.e. do I still need the likes of > http://magicaljellybean.com/keyfinder/ > or do I now have the information that I need? > > * * * > > But as some of you imply, MAYBE there is not need to format the > Windows installation partition. > But just how hard can it be for a virus to write to a hidden > partition? NOT hard I would imagine. > If I was writing a virus that is exactly the sort of thing I would get > it to do to ensure that it > survived a re-formatting of the C: drive... but what do I know? > > Ship (OP) Look at it like this.. if malware is written to the installation partition, what would it matter unless there were a rootkit, or Windows malware to address it. It could only be activated if you installed from that partition. Then if you were to find malware on the new installation, you could suspect something on the installation partition. So just deal with your current infections.. heck, the CD's I suggested probably check that partition anyway. -- Joe =o)
From: Elmo on 21 Jan 2010 15:02
ship wrote: > On Jan 21, 12:48 pm, "FromTheRafters" <erratic @nomail.afraid.org> > wrote: >> "ship" <ship...(a)gmail.com> wrote in message >> >> news:f75bd367-13c9-4a0b-8bc3-a07f31d4d3e6(a)14g2000yqp.googlegroups.com... >> >>>> Also, he made another post >>>> and I'm pretty sure there was no evidence his OS even had an >>>> infection; >>>> that is, his AV program found suspect files in the the temp directory >>>> and unopened e-mail attachments. >>> How can I discover *for sure* whether I have an actual infection or >>> whether >>> the above a just viruses that have been lying dormant (e.g. in emails) >>> and which have never >>> actually been exectuted? >> The fact that they reside in temp files is no guarantee that they don't >> exist elsewhere as well. >> >> You can attempt to fix your computer by using the various antimalware >> programs available, but if you want to feel confident about the results >> it is best to restore to factory specifications and rebuild from there. >> My gut feeling, in view of how many things were reportedly found, is >> that safe practices were not in place on this computer - all the more >> reason to flatten and rebuild at this point. >> >> The lying thief "The Real Truth MVP" (even its moniker is a lie) may be >> right about the temp files. If you clear the temp files out, a >> subsequent scan may come up clean. If you are happy with that as a >> result, then so be it. Personally, I feel that you should familiarize >> yourself with the use of the restore partition and getting the updates >> installed. > > Ok... one thing though - what is to stop a virus from infecting all > your > previous restore points? (not to mention the restore process > itself...) Most a/v software checks the restore point files for malware and deletes infected dates. > I am certainly leaning toward a complete flatten plus rebuild. > > (I remain nervous that reinstalling WindowsXP may prove hard even > though I have a valid Product Key on the back... but shall probably > risk it anyhow!) Just disinfect, check with other software listed below, and trust that the malware was removed by the software designed to remove it. Malwarebytes© Corporation http://www.malwarebytes.org/mbam/program/mbam-setup.exe SuperAntispyware http://www.superantispyware.com/superantispywarefreevspro.html -- Joe =o) |