cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
shiphen
Punch Card
Posts: 10
Registered: ‎04-30-2009
Location: UK
Views: 2,272
Message 1 of 14

Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition?

Hi

 

My T60 (WindowsXP Pro)  has been infected with several viruses.

Is it safe to re-install from the WindowsXP partition?

Or should I kill absolutely everything on the disk (eg. by running KillDisk off a CD)?

 

And if I do the latter, how on earth to I register it with Microsoft because the laptop did not come with any CDs.
(I can borrow a Windows XP Pro CD from work - but I presume that there will be problems with the Product Key and License number etc)

Any thoughts?

With thanks



Ship

 

shiphen
Punch Card
Posts: 10
Registered: ‎04-30-2009
Location: UK
Views: 2,243
Message 2 of 14

Re: Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition

For clarification that's a T60 laptop.

 

Cheers

 

Ship

Shiperton Henethe

P.S. Btw, how do you see a list of your own postings on this site? 

Retired Guru
Posts: 993
Registered: ‎03-10-2009
Location: Michigan
Views: 2,236
Message 4 of 14

Re: Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition

Hi Ship,

 

To see a list of your postings on the site, you can click on your username.

 

Interesting question about whether the recovery partition is safe from viruses. I don't see why it would be, maybe others can comment? Safest thing would be to re-install from the Product Recovery CDs -- you can get them from Lenovo if your ThinkPad is still under warranty. (If you're out of warranty it's probably still worth giving Lenovo a call to see what your options are.)

 

Best regards,

Frank

---------

Results of Your Ideal Business-Class Laptop survey, concluded 2009-07-29.

Did someone help you?
Say thanks! with a kudo.
Even better: Pay it forward, help someone else. Smiley Happy
lead_org Microsoft MVP Contributor
Microsoft MVP Contributor
Posts: 21,009
Registered: ‎12-19-2008
Location: Australia, Melbourne
Views: 2,227
Message 5 of 14

Re: Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition

It is safe to recover from the factory recovery partition, the partition is not user modifiable (not unless someone has intentionally tried to hack into the partition and modifying it).

Regards,

Jin Li

May this year, be the year of 'DO'!

I am a volunteer, and not a paid staff of Lenovo or Microsoft
Retired Guru
Posts: 993
Registered: ‎03-10-2009
Location: Michigan
Views: 2,224
Message 6 of 14

Re: Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition


@lead_org wrote:

the [recovery] partition is not user modifiable (not unless someone has intentionally tried to hack into the partition and modifying it).


That's the interesting part. Smiley Wink

While I'm not aware of any ThinkPad-specific viruses that target the recovery partition, what prevents a virus from modifying that partition?

---------

Results of Your Ideal Business-Class Laptop survey, concluded 2009-07-29.

Did someone help you?
Say thanks! with a kudo.
Even better: Pay it forward, help someone else. Smiley Happy
shiphen
Punch Card
Posts: 10
Registered: ‎04-30-2009
Location: UK
Views: 2,202
Message 7 of 14

Re: Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition

> While I'm not aware of any ThinkPad-specific viruses that target the recovery partition,
> what prevents a virus from modifying that partition?

 

Exactly. And more to the point would it necessarily NEED to be a ThinkPad-specific virus?

lead_org Microsoft MVP Contributor
Microsoft MVP Contributor
Posts: 21,009
Registered: ‎12-19-2008
Location: Australia, Melbourne
Views: 2,192
Message 8 of 14

Re: Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition

the way the recovery partition is made, a normal virus wouldn't able to infect the files, this is why the recovery partition was there, to allow people to recover (make sure you do the full factory recovery, don't save anything) in case there was a virus infection. 

Regards,

Jin Li

May this year, be the year of 'DO'!

I am a volunteer, and not a paid staff of Lenovo or Microsoft
Retired Guru
Posts: 993
Registered: ‎03-10-2009
Location: Michigan
Views: 2,188
Message 9 of 14

Re: Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition

AFAIK the only way to prevent a Windows virus from writing to any area of the hard drive it wants, is to set up an ATA Host Protected Area (HPA). Some ThinkPads have used those; ThinkWiki has more details. More recent ThinkPads use a Rescue and Recovery Partition, which is ordinarily hidden from (but not inaccessible from) the OS. I think it is possible (though perhaps unlikely) that a virus could access and corrupt the R&R partition.

---------

Results of Your Ideal Business-Class Laptop survey, concluded 2009-07-29.

Did someone help you?
Say thanks! with a kudo.
Even better: Pay it forward, help someone else. Smiley Happy
shiphen
Punch Card
Posts: 10
Registered: ‎04-30-2009
Location: UK
Views: 2,160
Message 10 of 14

Re: Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition

I dont know if this helps but for the record here are SOME of the viruses that were flagged up by AVAST and by MSE...

 



AVAST:
Win32:Tibs-AFH [Trj]   C:\documents and settings\XXXX\local settings\temp\X1Server\U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel.msg
Win32:Tibs-AFX [Trj]   C:\documents and settings\XXXX\local settings\temp\X1Server\The Kiss.msg
Win32:Tibs-AFX [Trj]   C:\documents and settings\XXXX\local settings\temp\X1Server\The Kiss.msg
Win32:Tibs-AGA [Wrm]   C:\documents and settings\XXXX\local settings\temp\X1Server\Forever in Love.msg
Win32:Tibs-AIE [Trj]   C:\documents and settings\XXXX\local settings\temp\X1Server\I Would Give you Anything.msg
Win32:Tibs-AFH [Trj]

MSE:
Nuwar.N@mm!CME-711     C:\DOCUME~1\ALECST~1\LOCALS~1\Temp\_avast4_\unp28372.tmp

Trojan: Win32/Vxidl.gen!B      File:C:\DOCUME~1\ALECST~1\LOCALS~1\Temp\_avast4_\unp69768409.tmp
Trojan: Win32/Vxidl.gen!dam    File:C:\DOCUME~1\ALECST~1\LOCALS~1\Temp\_avast4_\unp142407802.tmp

Win32Smiley Frustratedmall-JBK [Trj]   C:\documents and settings\XXXX\local settings\temp\X1Server\Sadam Hussein safe and sound!.msg
Win32:Tibs-AFA [Trj]   C:\documents and settings\XXXX\local settings\temp\X1Server\Happy World Religion Day!.msg
Win32:Tibs-AFP [Trj]   C:\documents and settings\XXXX\local settings\temp\X1Server\I Love Thee.msg

Win32:Tibs-AFX [Trj]  C:\documents and settings\XXXX\local settings\temp\X1Server\The Kiss.msg
Win32:Tibs-AFX [Trj]  C:\documents and settings\XXXX\local settings\temp\X1Server\Unmatchable Beauty.msg
Win32:Tibs-AGA [Wrm]  C:\documents and settings\XXXX\local settings\temp\X1Server\Forever in Love.msg

MSE:
Backdoor:Win32/Ryknos.BC (Alert level: *Severe")

AVAST:
Win32Smiley Frustratedmall-JBK [Trj]    C:\documents and settings\XXXX\local settings\temp\X1Server\Sadam Hussein safe and sound!.msg
Win32:Tibs-AFA [Trj]     C:\documents and settings\XXXX\local settings\temp\X1Server\Happy World Religion Day!.msg
Win32:Tibs-AFP [Trj]     C:\documents and settings\XXXX\local settings\temp\X1Server\I Love Thee.msg

MSE:
Backdoor:Win32/Ryknos.BC (Alert level: *Severe") file:C:\Documents and Settings\XXXX\Local Settings\Temp\ARC70F.tmp
Worm:Win32/Mtob.NP@mm    (Alert level: *Severe") file:C:\Documents and Settings\XXXX\Local Settings\Temp\ARC1405.tmp Description: This program is dangerous and self-propagates over a network connection.
Backdoor:Win32/Ryknos.BC [AGAIN] (Alert level: *Severe")  file:C:\Documents and Settings\XXXX\Local Settings\Temp\ARC1B59.tmp
Worm:Win32/Mtob.NP@mm    file:C:\Documents and Settings\XXXX\Local Settings\Temp\ARC285D.tmp

Ship (OP)




 

lead_org Microsoft MVP Contributor
Microsoft MVP Contributor
Posts: 21,009
Registered: ‎12-19-2008
Location: Australia, Melbourne
Views: 2,124
Message 11 of 14

Re: Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition

you sure have a lot of viruses, spyware and trojan on your computer.

Regards,

Jin Li

May this year, be the year of 'DO'!

I am a volunteer, and not a paid staff of Lenovo or Microsoft

Check out current deals!


Shop current deals