Help me save taxpayer's money

[basto]

My lab's comp has acquired a nasty virus, we were going to buy a new computer and extract the data for a total of $1500 because the "hardware" is compromised.

I checked, it's not, just has a nasty virus which blanks out the screen after the Intel screen pops up, never getting to Windows. It can get to the BIOS screen just fine but cannot get to Safe Mode.

I downloaded the Sweeper software, 32 bit burned it to CD and ran just fine upon boot. Then I get to the Update screen for malware and new definitions. I cannot update due "internet connectivity issues". When the ethernet is plugged in I get error x80070002, when it is unplugged, I get error x80072ee7.

I thought I could then get the bootable USB to work. Nope, same issue.

Any thoughts on how I can bypass this issue? Any other bootable virus sweeping programs? Thank you.

 

[GEWB]

Hello basto -

Bummer. Anyway, I'm sure you will get several suggestions from members of this forum.

One method I use is a live version of Linux with an up to date AV program. A Google or DuckDuckGo search should yield over 30 million hits with "using linux to clean windows of virus" as the search.

As an example (but a bit out-of-date) check out:

Scan a Windows PC for Viruses from a Ubuntu Live CD - How-To Geek

This example version of Linux is "old" but the process is really the same for the newer version of Ubuntu or numerous other versions of Linux.

I like using Knoppix Linux for this task. Do a search on "using knoppix to clean windows of virus" and get over 200k hits.

Regards,
GEWB

 

[Golden]

Hi,

Ubuntu is an excellent suggestion for accessing data from that disk. For a bootable anti-virus, I strongly recommend F-Secure:

F-Secure - How To - Remove threats - Free Removal Tools - Rescue CD

Regards,
Golden

 

[gregrocker]

Everything is in here, including alternate bootable AV's some of which post latest ISO's daily: Troubleshooting Windows 7 Failure to Boot - Windows 7 Forums

 

[karlsnooks]

basto,

I thought our tutorial explained installing to a USB stick. This is the better approach.

Either way, here is a write-up that has never failed me.

HOW TO USE WINDOWS DEFENDER OFFLINE ON A USB STICK
Windows Defender Offline
· is a free standalone, bootable malware and virus remover from Microsoft.
· performs an offline scan of an infected PC to remove viruses, rootkits and other advanced malware.

Download Windows Defender Offline (about 764 kB)

You will have the choice of downloading the 32bit version (x86) or the 64 bit version (x64).
The link will help you determine whether you are running a 32 bit version or 64 bit version of Windows

NOTE!! You can download and prepare a 32 bit version using a 64 bit version of Windows
NOTE!! You can download and prepare a 64 bit version using a 32bit version of Windows.

You run the 32 bit version on a 32 bit version of Windows.
You run the 64 bit version on a 64 bit version of Windows.

The 32 bit download file name is: mssstool32.exe
The 64 bit download file name is: mssstool64.exe

For the curious, this program was originally name Microsoft Standalone System Sweeper.


INSTALLATION:
You will need an Internet Connection.
Insert 512 mB (Microsoft’s 256 mB is no longer accurate) or larger USB stick into a usb port.
Run the downloaded program--mssstool64.exe or mssstool32.exe
NEXT button
Choose the option On a USB flash drive that is not password protected
NEXT button
NEXT button
.
The install program will format the usb stick using the NTFS format.
The install program will download about 210 mB.
The install program will name the USB stick WDO_Media32 or WDO_Media64
The WDO_Media32 usb stick will have used space of 255 mB (268,140,544 bytes)
The WDO_Media64 usb stick will have used space of 282 mB (296,165,376 bytes)
You can expect the number of mB to increase as more malware appears.

UPDATE Windows Defender Offline USB stick:
· reinsert the usb stick
· run the installation program, mssstool64.exe or mssstool32.exe, again.
· the update will download about 66 mB (mssstool32.exe) and 68 mB (mssstool64.exe).

Since the malware database is sometimes updated several times in a day, always update before running.

PERFORM AN OFFLINE SCAN
Bootup your computer from the USB stick
Windows Defender Offline will automatically perform a quick scan.
After the quick scan finishes, Choose Full Scan
Select all of your drives

The initial, full scan can easily take several hours, but
Remember, your computer is being very thoroughly checked for all types of malware.


RESULTS OF THE SCAN
The results will be in:
\Windows\Windows Defender Offline\Support,
file name format is MPLOG- as one or more files with a TXT extension which can be viewed with Notepad.
======================================

 

[profdlp]

I think you'll be fine with any of the previous recommendations, but for future reference I'll throw this in there. Assuming you're talking about the Microsoft standalone sweeper, it downloads as a tiny file originally. During the burn process it automatically reconnects to the Internet and gets the latest definitions. I've tried reusing old discs and thumbdrives I've made by having them try and download again after it boots from the disc, but have never had any success. A freshly made disc/thumbdrive will have the latest definitions in either case.

EDIT: Karl has you covered. I hadn't seen his response when I posted.