Most of the self-help books that have been written about XP say the same
thing: if you can’t start XP in Safe Mode, you might have a virus so run an
anti-virus program. Well, all of my anti-virus packages were downloaded, so I
have no install disks. But even if I had an install disk, if I can’t boot
Windows, or I can’t connect to the internet, a disk won’t do me any good. So
how do I run an anti-virus scan under these conditions? And if I reformat and
reinstall XP, isn’t there a possibility that a virus could attach itself to the
new install if I haven’t eliminated it before hand?
You’re experiencing a definite chicken-and-egg situation. You need to run an
anti-virus program to possibly fix Windows, but you need to be able to run
Windows in order to run the anti-virus program.
Seems like a no-win situation.
There are approaches and they all begin with booting something
else.
]]>
When things are this broken, I often suggest just reinstalling Windows. If you do reformat and reinstall, you’ll be erasing everything – including any viruses – so you don’t have to worry about them tagging along. If you rebuild the system in the correct order, you can stay safe from the beginning and be virus-free.
The problem, of course, is that this is a lot of work and erases everything, including all of your programs and data. If you’ve backed up properly, this shouldn’t cause you too much grief; on the other hand, if you’re like too many people, losing all of that data may be a real problem.
So, we’ll look at a couple of options that don’t involve a complete reformat.
Microsoft Standalone System Sweeper
Using another computer, download and burn to CD the Windows Defender Offline.
This relatively new tool is probably exactly what you need. It’s a version of Microsoft’s anti-malware software that runs directly from the CD when you boot it.
Make sure to download the latest version so that the most recent threats are covered.
Bootable anti-malware discs
Several anti-malware companies actually also provide recovery disc images that you can download for this purpose as well.†
In fact, you’ll note a common thread: “rescue” media of some sort. If you have a favorite anti-malware tool, it’s worth searching for that “tool-name rescue CD” and you may find that they have one available.
Download that, burn it to CD, and boot your affected system from it to begin the cleanup process.
All-in-one Utility CDs
There are several popular free CD images available that contain collections of tools that can be used not only to recover from malware infections, but also to perform other maintenance and repair on otherwise compromised machines.†
Each of these CDs are free downloads, and when burned to CD, they create bootable media that you can use to recover and repair your unbootable machine.
Live CDs
Many, if not most, distributions of Linux are free. Another approach is to use one of the Linux “Live CDs”.
Live CDs are free, downloadable images that can be burned to CD. Boot from that CD and your machine is running a version of Linux without having to make any changes to your system or hard disk. You can then run anti-virus software or other tools against the Windows installation on your hard disk.
The most popular Linux Live CD is Knoppix.
Another promising Live CD is Ubuntu. Ubuntu’s Live CD doubles as its install CD should you ever want to switch.
The great thing about all of these bootable CDs is that once you do boot, even if you can’t perform the virus scan, you can still examine your Windows hard disk and possibly repair problems by hand, or at least recover files before taking more drastic action.
Because I tend to be a computer geek, I have copies of both Knoppix and Ubuntu lying around, and I am typically prepared to grab the latest Microsoft System Sweeper, should I need it.
•
† Products listed are just examples for reference and no endorsement is implied.
(This is an update to an article originally published July 17, 2006.)
Many programms include spyware modules. Use anti-spyware for protect your privacy.
As for me, I like professional anti-spy software like PrivacyKeyboard by Raytown Corporation LLC.
You can download it here: http://download.softsecurity.com/1/14/prvkbd.zip (~4MB)
Anti-Spyware: Efficiency of the Means of Defense
I used Knoppix to recover from an LSASS error (endpoint format is invalid). Since the error occurred before the Windows Desktop loaded and I couldn’t even boot in SAFE mode, I booted from a Knoppix CD, navigated to my data, and saved them to a portable USB hard drive. Although I was totally unfamiliar with the user interface (I can barely SPELL Linux), it was intuitive enough for me to use easily. I then formatted and re-installed.
Thanks, Shanzola for the encouragement. I have a hard time spelling SPELL if that gives you a clue about my computer expertise. You’ve given me the encouragement to give it a try. And thanks to you too, Leo for another informative article!
If you can, please help me…
I have a boot virus that doesn’t alow me to install windows (any type XP,2k) it creates an error at instalation and it restarts the PC after installation. I used Ultimate boot disk cd 3.4 and it doesn’t recognises the virus, only the bios antivirus. If you can, please let me know what to do because I’m out of options. Thank you.
Try Live CD suggestions in the article: knoppix, for one example.
If you have a second PC you can hang the (possibly) infected drive on the second PC as a slave drive and scan it that way.
Here’s a question, once upon a time I remember Nortons antivirus disk being bootable with a Dos scan and virus removal utility in it. does anything like that still exsits? and if so what company still makes it it was fantastic if you thought you were infected and couldn’t boot. scanned EVERTYHING , you’d load your dat files a floppy after you booted to the CD and run it from there.
Try to use Avast boot scan. It runs before Windows GUI is loaded. It is also free for non-commercial use. This is no advertisment :) I use it too in this situation. http://avast.com/
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Another approach are to use the Linux “live” CDs like
Knoppix, or to build a Windows Boot CD yourself using a tool
like BartPE. Unfortunately a Windows boot CD cannot be
distributed (it’s piracy of Windows), but you can make your
own using your own copy of Windows if you think to do so
before you have a problem.
Leo
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFH5unLCMEe9B/8oqERAvL9AJ9so++uWjKncsUdUYyY4EJ7tv3t/wCbBCQu
nIb894jJdsuliQ3nQhg5m8I=
=dUmk
—–END PGP SIGNATURE—–
Very interesting but difficult for a non-expert: I tried to implement using.
1. BartPe. Created a cd but couldn’t implement an antivirus plugin. The documentation doesn’t seem to be up to date. Do you have a working example?
2. I have a Ubuntu live CD but it doesn’t include an antivirus scanner. Can’t download one as Ubuntu live won’t store to the hard disk.
3. Chaleem suggested doing an Avast boot scan. I use the free Avast version but it doesn’t include the boot scan.
4. re Max Taylor’s note I have an old Norton Systemworks cd and it does a boot scan but only of the a drive!
my emachine winxp he just went to a black screen oneday that said boot failure insert system disk and press any key. i do not have a sys disk just the two disks that came with my pc. i tried different things that i saw on these forums and am now at NTDLR MISSING i can get into my boot menu and my bios setting but thats all i cant get into windows any help out there please. ty
My Grandparents computer is bogged down will not bring up Icons or windows bar at the bottom is trying to get them to purchase protection before they can user there computer afain could not find safe MODE ….ANY IDEAS??
24-Aug-2009
Hello.
New here, just signed up this morning.
Tried to go to the following:
“using Knoppix to perform a Virus Scan” http://go.ask-leo.com/060717a.
Get redirected to:
http://blog.makezine.com/archive/hacks/.
Nothing there I can use to do a virus scan.
Help.
Thanks,
Fred.
Norton does still have bootable disks for system recovery. It comes free with yor NIS. If you don’t know where to get yours, you can ask Norton Support and they will provide the download url. You will need your Norton Product Key to run the virus scan.
I have the same problem as the others. XP operating system, with SP2, on a computer maybe 5+ years old. Plenty of anti-virus software. Computer started rebooting itself for no known reason last week. Tried Repairing it several times but it kept rebooting itself every time it got into Windows. The time spent in Windows got shorter and shorter until I couldn’t even get into the OS. Just a black and white text screen, wouldn’t even get past the boot menu – the computer froze every time.
I created a Knoppix (Linux) bootable CD as suggested. Put it into the CD drive… turned it on… CD booted up… got the splash screen… got a message that it was loading Linux… and then everything went black and the CD stopped spinning. Dead to the world.
And somehow when the bad computer rebooted itself, another computer which was plugged into the same router also rebooted itself over and over and over and over and over…
Two computers dead. How can it pass through a router?
Any and all suggestions to help fix these electronic paperweights would be GREATLY appreciated.
My computer did the exact same thing as Iggy’s. I have a router is my iPod that runs on the same network in any danger?
I downloaded and started puppy linux. Downloaded avast for linux (debian & rpm), then tried to ‘install / run’ the avast from the usb flash-disk where I had unzipped it. Being only a windows user I did not succeed. Is there a ‘step by step’ for this task ?
same problem as others. My virus loaded into bios and transfers into boot sector. I disconnected HD and flashed bios, connected HD and ran Seagate low level format, then wiped HD (many times). The ba—- bug is still there. This is a new HD, the old one stopped working because of this problem.
I CANNOT FIND A DOS ANTI-VIRUS PROGHRAM TO PUT ON A BOOTABLE DEVICE. IS THERE SUCH A THING?
Joe
I removed the hard disk, loaded it into a hard
disk case, connected it to USB drive of another
machine and ran
AVG Antivirus and Malwarebytes to
scan the disk and followed it with Spyware Search
and Destroy.
The disk was clean for reinstallation into the
first machine.
First of all: Thanks for the great advice Leo! :-)
I had a very agressive rogue virus called “Antimalware Doctor” on my computer. I was able to remove the virus with Rkill, Malwarebytes and a few other anti-virus programs, but after that it went downhill with my computer.
First my internet connection was completely gone, then I couln’t boot Windows XP in normal mode anymore and after that I wasn’t even able to start it in safe mode anymore. So the only thing that interested me at this point was to recover some files I didn’t have a backup of. (I could do a clean install of Windows after that.)
I have first tried Knoppix, but for me it was really a struggle to make it work. I had to do complicated things just to download it and eventualy it didn’t work on my computer. After that I have tried Ubuntu. And it was so amazingly more easy! You just download it from their very clear website, burn it on a cd without worrying too much about anything, put it in your computer, restart your computer et voila! It just boots properly and you are able to use a very nice operation system that is very fast too! I was able to see my hard drive with my non-backupped files on and I just plugged in an external hard drive to copy these files to. An idiot can do it. :-)
I don’t have any problem doing the reformat and reinstall solution, but the issue is that I don’t know how to do it now that my computer won’t access Windows. It only shows me a black screen with the mouse pointer. Help please!
Dear Friends,
In one of my process computers, I m facing problem with internet connection. The system boots in normal mode but internet (neither IE nor Opera) is not working. My computer is not booting in Safe Mode (it simply restarts). At the same time, System Restore shows Switched Off by Group Policiesand is not resetting even through editing the registry. And though I have backed up the data, I cannot Format the HDD. The reason is that I have installed Siemens Softwares, namely WinCC and Simatic Step-7 into my HDD. These softwares need their keys to be installed on HDD which already exist. Now if I format the HDD, the keys will be lost. And I do not have the tool for key trasfer from HDD to some other device (the key transfer tools for the two softwares were in two different floppy disks which, due to some electromagnetic interference got damaged.
Can you please tell me of some good virus cleaner effective for Windows-XP virus that can be started from an USB/CD where USB/CD can be made bootable using some Linux based or other (which?) system?
I have that problem. My computer gets the virus. I don’t understand at once. My computer normally works approximately 30 second, but then my computer hanged. I couldn’t work afterward. At first time I thought that my computer had the hardware problem. In order to work I forced the reboot my computer 5 or 6 times. . I don’t understand why my computer did it. But then I understood that my computer got the virus from Internet. After that I forced re-install Windows XP SP2. Such I have one question: How can I clean my computer from that virus, if I will get such situation, without re-install Windows XP SP2?
@Firuz
The surest way to get rid of a virus is to reformat and reinstall Windows, but in most cases it’s possible to remove a virus without such an extreme measure.
http://ask-leo.com/microsoft_standalone_system_sweeper_clean_malware_from_your_machine.html
http://ask-leo.com/my_computers_infected_with_a_virus_how_do_i_clean_it_up.html
I take the hard drive out and slave it in another computer. I can then scan it with the anti-virus program loaded on that machine. There is a slight danger of infecting the machine it is slaved in but most virus only run on windows startup.
For those that have systems that will not boot and have boot sector viruses, first you have my sympathy, second you will need to use one of the boot disks that Leo suggests to at least start the cleaning.
After that you may need a Windows XP installation disk for your computer. If you do not have one, so many people don’t because they have a system restore partition that can also get infected, see if you can find one to borrow.
Run it and when it stops at the XP installation screen choose repair on that screen. It will ask you for the Administrator password. If you don’t know what it is you can try just hitting enter. It works more often than not.
Now you are at a DOS prompt and you need to type in “fixboot” without the quotes. It will ask do you wish to rewrite the boot sector. Type y and then enter.
If you are lucky it will fix the boot sector virus. You should be able to boot to Windows now. If not you will need to reinstall Windows.
I’ve been here before.
I had a lot of difficulty getting any of the CD / DVD things to work – the virus disabled booting from these devices. I did, however, manage to make a USB-bootable version of Microsoft Standalone System Sweeper, and clean/repair the pc enough to get some anti-virus software on and running.
04-Oct-2011
Even if you are able to remove the virus with the rescue disk, the virus will often mess with your files and registry. So even after removing the virus you will often have a system that’s not really running properly. So I still prefer to back up peoples files after cleaning the virus off of their system. Then I just go ahead and reformat and then restore their files. No matter how good you are at cleaning one up, nothing runs quite as good as a freshly formatted computer. Plus when they reinfect their computer they can’t deny it and say I didn’t really get it clean. Most people who get viruses tend to be habitual offenders. At least that’s been my personal observation. I can run a computer with no antivirus, just Windows firewall without getting infected. I don’t see how so many people manege to get these things so often. Some people will just click anything I guess.
Here’s another bootable program worth mentioning.. Bit Defender Rescue CD… its a “Live CD”… its free and it also has network abilities so it goes out and downloads the latest virus definitions automatically each time it boots up.. After running the scan & cleaning the computer another option on the “Live CD Desktop” is “Firefox” … here’s the instructional link for making the Bit Defender Rescue CD..
http://www.bitdefender.com/support/How-to-create-a-BitDefender-Rescue-CD-627.html
I used a computer of a friend. I did a search on what I thought was an innocuous subject (speech). I got malware. We could not get the malware off. It froze the computer. It would not reboot. We tried to reinstall Windows but the malware changed the BIOS so it would not boot from a CD. Nothing would work. How would one be able to reinstall an OS on something like this?
04-Oct-2011
Anyone heard about the new deal MS is cooking up with hardware manufacturers? Booting to any kind of livecd might be getting more difficult in the near future:
Read this article about SecureBoot to see what I mean. Still possible I guess, just a pain.
Before you pick up such a virus that prevents a boot, make a boot CD that is virus-free. Actually, I have tried to do this, but without success so far. I will keep trying.
Another good solution to running antivirus without using a rescue disk is to remove the hard drive, and place it into a USB enclosure. Then, attach it to an uninfected computer, and scan the drive with several programs (separately).
22-Oct-2011
@Craig Parker
Not the end of livecd’s – Just disable secure-boot in bios. Luckily no manufacture would be dumb enough to produce motherboards that only support windows 8.
My son was trying to fix an issue with my keyboard and installed a new one but it didn’t correct the issue with keys not working in certain sector of keyboard, found issue listed on several forums that it might be an issue with malware/virus, but also had an issue with it starting to list “no bootable device detect” so he also took the laptop apart to check all connections and removed hard drive and then re-installed, now the computer won’t boot at all. It had also started doing a ticking sound part time then it would stop.A system restore was done but didn’t correct the keyboard issue & the computer did boot up at least once after that but now the computer won’t boot at all. Could a virus/malware do this or is it a dead hard drive? It won’t safe boot either. He tried booting ubuntu from a flash drive but said he didn’t get that to work either. Should I just go ahead and try to run the Malware suggestions or the Microsoft standalone system sweeper? If it is a dead hard drive is there any way to get my pictures and files from it, yes I know I should have done more backups on the system but my husband usually uses it for more internet surfing then files and I just plain forgot common sense maintenance with it. Thanks for any other suggestions. ( Windows Vista OS- 3 yrs old laptop)
I used the Microsoft Standalone System Sweeper to boot and scan my computer. It did a great job of getting a Trojan virus I had on my computer. I had also downloaded the Ubuntu Live CD. After I had removed the virus, my system still would not boot up. Well, I would see the Windows logo, then my computer went into setup mode. It said that setup is being restarted… Then it said: “Please insert CD labeled “Windows XP Professional Service Pack 3 CD” into your CD-ROM drive D: and then click OK. You can click OK if you want files to be copied from an alternate location, such as a floppy disk!” I inserted my Windows XP Pro disk that came with my Dell computer when I bought it. It was the service pack 2, however, as I bought my machine in 2005. I had gotten to SP3 through the download center at Microsoft.com. When I inserted my CD that came with the computer, I got a Fatal Error Message. It said “One of the components that Windows needs to continue setup could not be installed. The operation was cancelled by the user. Then I got an Error message under that which read: “The signature for Windows XP Professional Upgrade is invalid. The error code is 80060100. No signature was present in the subject.”
Like I said, I had also downloaded the Ubuntu Live CD. When I put it in the CD drive, I could try the CD before using it, but I could not install Ubuntu. When I tried it, I could see all of my programs on my computer, but I could not use any of them. Then I used my Windows XP Pro SP2 CD to run chkdsk /r/f at the recovery option of installing Windows XP again. It removed all of the bad files, and stated that the disk had been repaired. However, when I tried to boot into Windows, I got the same error messages as before. So I tried the Ubuntu disk again. This time I was able to load Ubuntu onto my computer. It partitioned a external hard drive I have, and loaded itself unto it. However, my programs are still not working. I can view all of my pictures, but I cannot access any of my music or videos. These are the ones I had backed up on the external drive. I have tried to access some of the programs on my internal hard drive. but I have no success loading any of them. What am I doing wrong. I saw a Microsoft Product called Diagnostics and Recovery Tool. There is a Version (5) for XP. Do you think this application would solve my problem? Thanks for your patience and guidance!!
i have reinstalled windows becasue of security check virus blocking me from booting, however i still cant boot after restart is it possible the virus has stayed somehow? how do i fix this?
How do I run a bootable virus scan such as Microsoft Standalone System Sweeper when my machine doesn’t see the CD driver until Windows boots up?
10-Jul-2012
I got hit with the FBI white screen greentag virus on my Dell mimi with no cd drive.
Cannot reboot system locks up with the white screen. How can I remove this from my dell mini 10, no cd drive. Sytem will not boot from flash drive eighter? How to I check BIOS?
winxp ie8 sent from main system.
thank you
Felix