We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
cant access safe mode due to a virus/malaware
Options
Comments
-
Me again. Still no luck. I tried all the rescue discs: AVG, G.Data, Kapersky, Panda, Aviro to no avail. Kapersky gave me an error message "There is not enough disk space to copy required files. 219 Mb of free space are needed. The files will be stored in the memory".
To proceed I only have an 'OK' option. The 'C' Drive is not mounted. Interestingly the other rescue discs also appear to NOT find my C Drive. They all load, perform a scan and identify nothing. I suspect that this is due to the fact that it is not scanning the C drive (or My Computer) and thats where this malware/virus is sitting.
Any suggestions or advice?0 -
Basically none of the rescue discs are mounting the partition (drive C).
You can use 'Photorec' to get your photos and music off the infected drive. It should be able to see the files even if the rescue CDs couldn't.
You can stick the drive into another computer, or into an external casing - and run Photorec off a non-infected PC. Alternatively you can run PhotoRec from the infected PC using any of a number of rescue CDs, and back files up onto an external hard drive. Documentation and the program is available here:
http://www.cgsecurity.org/wiki/PhotoRec
Just decide which way works best for you, based on what you have to hand. External casings are cheap for laptops (2.5"), but more expensive generally for 3.5" drives.
Photorec comes as part of the package with Testdisk. This wikipedia article lists some of the rescue CDs that include it:
http://en.wikipedia.org/wiki/TestDisk
After you back anything important up, then you can think about the next step.0 -
Really appreciate your assistance Russ. I will try your suggested option next week (need to take a break from my pc for a couple of days......this problem has been driving me mad!). My pc is a desktop dell dimension 2400 running XP, and not a laptop. Not sure if this makes any difference. Anyway fingers crossed for next week. Will let you know how I get on. Thanks again.0
-
Ive been searching the net and found it turns out that the ransomware has overwritten the MBR, Master Boot Record, so recovery is more complex than just remotely scanning the hard drive to remove it. None of the usual rescue tools and discs cannot even see the hard drive nevermind running scans. One option I have seen involves putting the XP Windows disc into my pc, reboot from that and press R to repair and then run fixmbr. Is that my best way forward do you think?0
-
Ive been searching the net and found it turns out that the ransomware has overwritten the MBR, Master Boot Record, so recovery is more complex than just remotely scanning the hard drive to remove it. None of the usual rescue tools and discs cannot even see the hard drive nevermind running scans. One option I have seen involves putting the XP Windows disc into my pc, reboot from that and press R to repair and then run fixmbr. Is that my best way forward do you think?
No, definitely not. Run Photorec or something similar and recover your files first. FIXMBR might make everything worse, and has done if you look in some of the forums.
We know the MBR has been altered - but we don't know if it has been overwritten, or just had code inserted before it. Normally it's the latter.
After you've backed things up, then you can mess around with all the options. Personally I'd use Testdisk and try to rebuild the partition tables if all antivirus solutions failed (including running scans on the HDD from another PC) - but only after getting everything off.
You can take a copy of the MBR and have it examined by your antivirus vendor, e.g. using various MBR tools including aswMBR.
Sometimes rescue discs fail to mount drive C even on non-infected PCs for various reasons, although not usually all of them.0 -
I've downloaded Testdisk 6.12 which comes in a win zip file. Im not upto speed on anything too techy Im afraid. Do I simply burn all the contents of the zip file to a cd and insert? Sorry to be useless0
-
No, that's not how it works
Start from the beginning - what computers do you have? Presumably you have an infected computer that you can't use, and a non-infected one that you are accessing this forum with?
Do both have DVD drives?0 -
Yes both have dvd0
-
Do you think you'll be able to stick the infected hard drive into the working computer?
That way you just can run Photorec or the like from the working computer.0 -
Over my head now I think. Not sure how you do this. I think its becoming too complicated for me now. I might just have to accept that Ive lost my data. Thanks for your help though0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards