using xp recovery console

**pmarc** · August 21st, 2011, 07:50 PM

I'm a mid-level, non-programmer wanting to rid my HD of a virus. As the virus disallows opening files, I'm trying recovery - not the fresh install - to get the HD back to reasonable working condition. I have not backed up.

I get to a point.. from the Cd-Rom [XP Home].. but I'm perplexed about how to continue:

I get past F8 to agree with the license.. then there's " R " vs ENTER and so forth.. I can't seem to find the right steps / order.

It shows I have partitioned and non-partitioned spaces. I ran chkdsk /p c: ... it says I have one or more errors in the volume.

I assume I should do recovery, and in the same partition my current XP OS is in.

Should I do a pc-pc data migration (or other) prior to recovery - I assume the data would be contaminated on the second PC.

**Niclo Iste** · August 22nd, 2011, 05:07 AM

If this is truly a virus, I doubt a repair installation is going to really resolve the issue unless you've already removed the infector. With that said if you've already removed the infector you just have to hit enter, to get to the intallation menu so you can go to the repair installation function.

**pmarc** · August 22nd, 2011, 06:15 AM

the repair installation function

I can not see a way that guarantees a recovery instal and not the clean instal - a big difference as I've read.

**Platypus** · August 22nd, 2011, 06:53 AM

Niclo is right to caution that a repair install may not clear out an infection. But Microsoft's instructions for an in-place upgrade, also known as a repair installation, are here:

http://support.microsoft.com/kb/978788

**pmarc** · August 22nd, 2011, 07:06 AM

I guess it's chkdsk / r ?

**Niclo Iste** · August 22nd, 2011, 07:59 AM

I apologize I assumed you would have known what to look for once you got to the installation menu. Thank you for picking up where I left off Platypus.

**slgrieb** · August 22nd, 2011, 09:27 AM

An infection is likely to prevent a repair installation from completing successfully, and the most probable outcome is that you'll have a non-working Windows. Assuming you have data you wish to save, pull the hard drive from the computer and connect it to another machine that's running some industrial strength protection, and scan it. By "industrial strength" I mean a top end AV software like NOD32, Kaspersky, or NAV, plus a supplemental full scan from Malwarebytes Antimalware. Once you've done this, I'd suggest copying any data files you want to save. I would recommend saving to a pendrive or external drive rather than the host machine doing the scan, just in case you don't kill the infection.

Afterwards, reinstall the drive and if windows is functional, scan with ComboFix, Malwarebytes, and a good AV once more. If Windows is still not working correctly, I'd just go straight for the nuclear option and format the drive followed by a clean install.

While I think ComboFix is one of the best removal tools around, the current builds are very aggressive. If ComboFix detects an infection, it will delete your Hosts file, and if you use Citrix Go To Meeting, ComboFix will invariably give a false positive on the file g2mdlhlpx.exe and break the application. Easy fixes, but you need to be aware of the issues.

**pmarc** · August 22nd, 2011, 01:22 PM

The infected HD can not open files nor go online.

Do you mean add the infected HD to PC #2 and run scans from the PC #2 HD?

This means PC #2 operates 2 HD's...?? not done that before.

Incidentally, I can throw away PC #2. NP.

**slgrieb** · August 22nd, 2011, 02:26 PM

Originally Posted by pmarc

Do you mean add the infected HD to PC #2 and run scans from the PC #2 HD?

This means PC #2 operates 2 HD's...?? not done that before.

Incidentally, I can throw away PC #2. NP.

Yep, running the scan from the second pc is exactly what I mean. You can do it with a USB drive adapter or install it in the second machine. I generally use a USB adapter which is slower, but doesn't require cracking the case and doing internal connections. After all, I'm just going to stick the machine off in a corner on a bench and let it run scans. If it takes an hour longer to do them with a USB adapter, I don't usually consider that a big deal.

In the best case scenario, Windows will be functional after the scan, but you still need to re-scan from programs running on the drive. Again, if it doesn't function after the initial scans from the second PC, nuke it from orbit.

**pmarc** · August 22nd, 2011, 03:51 PM

I've got 2 internal HD's in pc #2. 1 HD is infected. I'm up in windows on the non-infected HD.

I got up AVG, for starters, and I could not find a way inside AVG to designate the infected HD to scan. You end up scanning the HD that AVG is on.

And also, for the other scanners... same issue..??

**Niclo Iste** · August 23rd, 2011, 08:24 AM

I don't use AVG so I'm not sure if there is a setting to change or where it is.

NOD32, Kaspersky, plus the near useless McAfee and Norton all have options for scanning individual drives so I would assume AVG can as well, or maybe it won't give that much control if you're using the free one.

You could also try a rescue disk on the original machine, the one I like a lot so far is Kasperky's Rescue CD which is free. http://support.kaspersky.com/viruses/rescuedisk

**slgrieb** · August 23rd, 2011, 11:23 AM

Originally Posted by pmarc

I've got 2 internal HD's in pc #2. 1 HD is infected. I'm up in windows on the non-infected HD.

I got up AVG, for starters, and I could not find a way inside AVG to designate the infected HD to scan. You end up scanning the HD that AVG is on.

And also, for the other scanners... same issue..??

Let me repeat myself once again. You need a quality AV solution, not AVG, which at best is a replica of antivirus software. It's just like the difference between a real Rolex and one of those fakes. You can download a fully functional, free, time-limited trial of most AV software, including Eset's NOD32, so don't waste your time with a 3rd rate POS like AVG.

**Niclo Iste** · August 23rd, 2011, 11:28 AM

Originally Posted by slgrieb

Let me repeat myself once again. You need a quality AV solution, not AVG, which at best is a replica of antivirus software. It's just like the difference between a real Rolex and one of those fakes. You can download a fully functional, free, time-limited trial of most AV software, including Eset's NOD32, so don't waste your time with a 3rd rate POS like AVG.

Tell us how you really feel about AVG SL!

Side note, I normally would uninstall and install a different antivirus on a pc only if I know for sure it's clean. Since that is in doubt now go with the scan with a boot CD like I had suggested. Once you are sure the system is clean then do the unistallation and installation of a replacement scanner.

**slgrieb** · August 23rd, 2011, 11:42 AM

Originally Posted by Niclo Iste

Tell us how you really feel about AVG SL!

I would, but I'm not sure I'm creative enough to do it without violating the forum's Acceptable Use Policy. Well, no guts, no glory! Harumph!

"AVG is well-known and free. So is gonorrhea."

Best I can do off the cuff, on 4 hours sleep. Comparisons to syphilis and AIDS would be, I think, somewhat overstating the case.

But, here's a link to Eset's product comparison page, and suggested reading over at Virus Bulletin and AV Comparatives.

**pmarc** · August 24th, 2011, 07:53 AM

running Eset on my infected HD - essentially a viral bees hive at the moment, yielded nothing - clean. Why with all those award winning tests?

Thread: using xp recovery console

Thread Tools

Display

using xp recovery console

ok..

ok

huh?

ok..

ok

Similar Threads

Intel 82371AB/EB PCI Bus Master IDE Controller

XP console (reparation)

RAID % and XP Installation problems

Question About XP Pro vs. XP Home

xp recovery console

Bookmarks

Bookmarks

Posting Permissions