Virus slipped in

[levon]

My friend who uses avast home edition, which seems to update daily,  received an email that said something like, My email address has changed, the new one is inside.  His daughter opened it. Now he cannot open the computer.  He has XP Home Edition.   When he tried to boot up after that, he had a blue screen that said scan disk can not continue because of corrupted folders now when he tries to boot up, he gets to the XP opening screen and can go no further.  He never gets to the Start button. When he uses F8 he cannot get into safe mode and so far he has not been able to get into the boot mod. Is it possible to get in and remove the malware?
levon

[Lisandro]

The only thing I can imagine now is booting from a CD and trying to install Windows over the old installation...
But you should wait if anybody else has a better idea.

[felipevidal]

You might want to try the Ultimate Boot CD for Windows known as UBCD4WIN.  It's based on BartPE and makes a bootable Windows CD with a simple shell and lots of utilities for recovering data.  I use it near daily booting off the CD with an attached USB HD to dump my customer's data on from systems that either don't boot properly or are too infested with crap to use the OS on the HD.  My philosophy is - if it has been compromised then its not to be trusted.  Backup the real data and wipe the system and put in a clean image.

The URL is http://www.ubcd4win.com.  It will take some work to make the disc but the instructions on the site are pretty decent.  You will also need an XP CD that it can read to create the BartPE image.  There are several anti-virus programs in the package.  There is also the DOS UBCD which is great for checking out the hardware like MB and HD.  All the major manufacturer's HD test utils are in the image.  It can be found at http://www.ultimatebootcd.com/.  Just download and burn the ISO to disc then boot off the CD.  A pretty self-explanatory menu will appear.

Good luck,
-felipe

[timcan]

levon, you will possibly have to change the boot up order if it hasn't been changed in order to boot from cd.

To change the computer's boot order, restart your computer.


Just as your computer is booting, long before Windows starts, look on the screen for some text that says something similar to Press X to Enter Startup, where X is generally the F2 key or the DEL key.


If you do not see this message, try pressing the F2 and DEL keys over and over right after restarting your computer.


After pressing those keys, you should be taken into your computer's BIOS settings.


If Windows starts and you do not see your BIOS settings, you will need to press a different set of keys to enter your BIOS. Click here for a list of other BIOS keys.


Once in the BIOS, look for a setting called Boot Order or Boot Sequence. Change that setting to have either your diskette or CDROM drive first in the list before the hard drive. Depending on your BIOS, your mouse may not be active and you will need to use the keyboard to navigate the screens.


After making the change, save your settings and exit. This is generally done by pressing the ESC key and then pressing Y to save the settings.

[alanrf]

Most computers built in at least the last 7 years and shipped with a CDROM built in have been set up to boot from a CD in preference to a hard drive if a bootable CD is in the CD drive. 

Please do not make any changes to your BIOS unless you check first and find that you are unable to boot from a CD.  Changing your BIOS settings unless absolutely necessary could only compound the problem.

[timcan]

Good advice alanrf about checking to see if will boot from cd first.Should have added this to post .Can only speak from experience with my 2 HP machines,as they don't.The oldest one is around 3 years old.

[levon]

Many thanks  for the very helpful replies.  I have the computer here and I will work with your suggestions today.  I think this is setup to open on a floppy first, if no floppy then it tries to open with the CD and if no CD then it opens using the hard drive. In this case that would be the C drive. If I copy the ISO to the hard drive (I have done that) then copy that to a CD is there anything special that I have to do to make the CD useful. Once I was playing with Linux I had to copy Linux as ISO and then burn a CD and it seems that it came out as an ISO and there was something else that I had to to do to make it a CD that worked. Been so long that I forgot what I did.  Thanks again for all the help.
Levon

[Spiritsongs]

   Regardless if the suggestions work, I would advise you,
     at some point, to seek the assistance of the Experts at
     your antiSPYWARE provider .