Can't reinstall or repair Win XP

[PhoneMatt]

My bosses computer has gotten a virus. I got rid of it, but the damage is already done and I have to repair or reinstall windows. I do not have the recovery disc- she put it somewhere safe, safe enough that she can't find it. I've tried to use a full copy of Win XP, but, after it starts loading files, I get the blue screen telling me that Windows can't load anything else because of there may be a virus. I've scanned this thing many times, with a bunch of different programs, and get a clean result. I would prefer not to reformat the drive and really start over, just do a repair, but do I have any choice?
Any suggestions will be greatly appreciated.

[redwudz]

You can try repairs, but not so likely to work from what you describe. I'm assuming you ran your anti-malware in safe mode and unplugged from the internet. Safe mode will keep most malware from loading. I would also first delete any restore files XP has generated as malware can hide there also. I like Malware Bytes for malware scans.

As a alternative with no luck with the preceding, try deleting just the recovery partition, then try a repair install. May not work, but you haven't lost much if you don't have the recovery discs. It's possible malware is in the recovery partition. But I think you will end up with a clean install being the best alternative. XP wasn't too robust against malware, IMO.

If you decide to do a clean install of XP, you should have get an option to delete and create a new partition, then reformat the drive. You should have see two or more partitions. One is likely a recovery partition. I would delete them all and create one new one. Then install the OS. If you are able to save some files from the original install, OK. But be careful what you save as some may be corrupted and you don't want to have the same problem again.

With XP, you will also need all the hardware drivers for the motherboard. Make sure they are available before the OS install. I would also add a good antivirus program. I use Avast and it seems sufficient for a freeware program.

[Cornucopia]

Sounds like a rootkit to me.

We've been over this a couple of times recently - check the threads...

1. Boot via USB/CD/DVD to a WinPE OS for utilities, etc.
2. Offload ALL the needed/valuable data files - Just In Case.
3. Run the whole gamut of Disc Check, A/V, regcleaner and Anti-Malware apps, including rootkit checkers.
4. Run them again until it all comes up OK.
5. If it still doesn't boot up OK when tried normally, then:
6. Repartition & reformat the hard drive.
7. Re-install the OS (should work no problem this time) - but make sure you have your necessary drivers at hand.

Scott

[PhoneMatt]

Thanks, guys. Yes, I ran Malware Bytes and Super Anti-Spyware. I've backed up all of the important data to an external drive, which I plan to scan with an antivirus before reusing the files. (After all of this, I'm not about to be bitten again.) Everything was done in Safe Mode. I have not been able to connect this machine to the Internet for a few days. All viruses and malware were sent to the Trash, then emptied from the trash, I cannot get to the rtecovery partition. It doesn't show anywhere. (I even loaded Ubuntu from a CD to see if I could see or maybe mount the recovery partition. No luck.)
I'll run the utilities from BartPE and see what happens. I'm prepared to wipe everything, if I have to. Looks like I may not have a choice.

[handyguy]

U can get recovery disks from manf. of your computer.

[Ai Haibara]

I've seen rootkits prevent Safe Mode from running, or alter it so that the processes can't be detected there (or disable it in other ways). Plus, there's also been reports of malware/rootkits altering the restore partitions and System Restore backups, so that even if you do 'start fresh,' you can be infected all over again.

If you're planning to do a full erase/reinstall, you might do what handyguy suggested, and buy the restore discs for that particular system from the manufacturer (if they're still offering them). Otherwise, consider using a full-install (not upgrade) Windows setup disc to install the OS. The restore partition on that system could well be compromised.

If you know what rootkit or other malware might have infected the system, you can also try a specific removal tool (over just letting your antivirus/antimalware scanners brute-force delete the files). But even then, the only guarantee you'd have of returning to a 'clean' system might just be to reformat and reinstall.

Does your boss use this computer for work, or is it just for personal use? If the former, she might consider regular Ghost backups, or something of the sort. (But even for personal use, it still doesn't hurt to regularly back up the entire drive. )

[PhoneMatt]

Actually, I think that I've solved part of the problem. The computer was sold with Vista, but with the OS "rolled back" to Win XP. It also includes a RAID array. Apparently, from what I've read, Win XP barfs when you try to do a reinstall with an active RAID. What I did was go into the BIOS and change the configuration from RAID to IDE. Everything worked freom there. I'm not sure what attacked this computer, but I wiped the drive yesterday and left it to format overnight. I'm pretty sure that I found the restore disk, but it is a Vista Restore disk. Looks like they "rolled back" the OS, but didn't give an XP backup. I'm glad that we have a full copy of XP and some licenses left. The old install did have a full file of drivers, so this should make it a little easier to restore everything.
Ai Haibara, yes it is for business use, but also a lot of personal stuff. The last backup that she did was in December, 2009. Maybe, now, I can convince her to do it a little more frequently. (Doubtful, very doubtful.)