Author Topic: How do we remove a virus that prevents loading windows AND safemode?  (Read 13428 times)

Offline katy98

  • Jr. Member
  • **
  • Posts: 28
  • Gender: Female
  • I'm a llama!
    • Personal Message (Offline)
Hi All!  I apologize sincerely if this has been asked and answered before but I didn't know how to word the 'search' for this.  How does one remove a virus when we cannot boot up into windows XP nor get into safe mode.  this virus probably got in with a 'free program' download and now PC can't be booted to windows OR windows safe mode.  Is there a way to scan for virus through a floppy or USB or some other magical method?   I know safe mode cannot get online to scan further for virus, so is there is any way at all to hopefully get to windows normal mode?

TIA for any ideas........katy

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69198
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
The malware may have deleted the SafeBoot registry keys.
Here are some options to restore them:

http://didierstevens.wordpress.com/2006/06/26/restoring-safeboot/
http://didierstevens.wordpress.com/2007/02/19/restoring-safe-mode-with-a-reg-file/

If you can't even boot into windows normal, then you have a greater problem as you can't apply the above changes outside windows. I have never used the Recovery Console, essentially inserting your windows CD and booting into that, you need to change the boot order in your BIOS so your CD drive is the first boot device.

A google search for XP recovery console tutorial might give more helpful information, http://www.google.com/search?q=recovery+console+tutorial.

This is just one of them http://www.bleepingcomputer.com/tutorials/tutorial117.html
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline katy98

  • Jr. Member
  • **
  • Posts: 28
  • Gender: Female
  • I'm a llama!
    • Personal Message (Offline)
Thanks David!  The recovery console from CD looks like the most promising at this point  ;)  Thanks again for your super and quick response!!! katy

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69198
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Your welcome, sorry I can't be of more help as I have no personal experience of using the recovery console.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline al968

  • avast! Evangelist
  • Advanced Poster
  • ***
  • Posts: 851
  • Gender: Male
    • Personal Message (Offline)
Was the probelm resolved ?
If not you can use the recovery cd BartPe to change the registry  ;)

Al968

Offline Berksgal

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: How do we remove a virus that prevents loading windows AND safemode?
« Reply #5 on: March 07, 2009, 12:06:22 PM »
Despite having Avast antivirus installed and updated on his notebook, my son downloaded some type of virus or malware along with a software program he thought he could trust.   The effects were the same as described here.  His notebook would not load Windows Vista, even in safe mode.  This HP notebook has a built in recovery drive but even that could not be accessed.  The only recourse was a full system format and recovery using the back-up CD's that we created soon after the initial boot when the notebook was first purchased.

To boot from the CD we had to change the order of the boot options.

First turn off the computer.
Wait one minute before turning the power back on.
As the computer starts up, press the F2 key. (This might not work. For most computers F2 will be the right key but different computers may require the use of a different function key.  We unsuccessfully tried F11, F2, and F8 before finding the right key for our notebook - F10. Each successive try will require you to turn off the computer and turn it back on until you find the right function key.)
As the Computer restarts, keep holding down the function key, watch for the BIOS Setup Message
Enter the BIOS Setup Utility (You may be offered other selections, such as "close."  You don't want to close at this point.  You want BIOS setup.)
Locate and Navigate to the Boot Order Options in BIOS
Make Changes to the Boot Order by moving Boot from CD into the first position.
Save Changes to the BIOS Setup Utility
Confirm Boot Order Changes and Exit BIOS
Insert the recovery CD.
Turn off the computer.
After one minute, turn the computer back on.
It will boot from the CD.
You will get a message asking if you want to "format and recover," "complete system recovery" or something similar. 
Click "yes," "ok" or enter (whatever allows you to confirm this recovery action).
Your computer will begin the recovery process.  This will take at least 20 minutes.
Check on it from time to time because you may be asked to confirm certain actions along the way for the reinstallation of drivers, original preloaded software etc. You will also be prompted when to insert the next CD/DVD, if you have more than one recovery CD.
When the recovery has been completed, you will receive a message on the screen to that effect.
Follow the instructions (for example: "remove CD and restart"
When your computer next restarts, it will be exactly the way it was when you first purchased it.  You will have to reinstall (from CD or download) any software that was not preloaded and recover your documents, music and pictures from your back-up CD's, DVD's, thumb drives or external hard drives (where ever you store backed up files).
If you haven't performed regular back ups, you are out of luck because you will have lost all your files in the format and recovery.

If your computer did not come with system restore/recovery CD's or DVD's and you failed to create any yourself, you have a problem that is beyond the scope of my home user knowledge.

Offline CharleyO

  • avast! Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7102
  • Gender: Male
  • Be alert for error code - ID 10T
    • Personal Message (Offline)
Re: How do we remove a virus that prevents loading windows AND safemode?
« Reply #6 on: March 07, 2009, 05:23:41 PM »
***

My computers have been set with first boot being the cd drive for as long as the OS has been on cd's. And, before that, they were set with first boot being the floppy drive. Second boot should be the hard drive. This eleminates having to go in and set it when you have a problem such as now. At normal start-up, the time taken to check the cd for first boot is only a couple of seconds.


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69198
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: How do we remove a virus that prevents loading windows AND safemode?
« Reply #7 on: March 07, 2009, 06:38:50 PM »
Same for me I always have the optical drive as the first boot device, saves a lot of hassle if you need to do that regularly.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now