English Community

Software and Operating SystemSecurity & Malware
All Forum Topics
Options

10 Posts

04-30-2009

UK

19 Signins

263 Page Views

  • Posts: 10
  • Registered: ‎04-30-2009
  • Location: UK
  • Views: 263
  • Message 1 of 14

Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition?

2010-01-19, 23:11 PM

Hi

 

My T60 (WindowsXP Pro)  has been infected with several viruses.

Is it safe to re-install from the WindowsXP partition?

Or should I kill absolutely everything on the disk (eg. by running KillDisk off a CD)?

 

And if I do the latter, how on earth to I register it with Microsoft because the laptop did not come with any CDs.
(I can borrow a Windows XP Pro CD from work - but I presume that there will be problems with the Product Key and License number etc)

Any thoughts?

With thanks



Ship

 

Solved! See the solution
Reply
Options

10 Posts

04-30-2009

UK

19 Signins

263 Page Views

  • Posts: 10
  • Registered: ‎04-30-2009
  • Location: UK
  • Views: 263
  • Message 2 of 14

Re: Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition

2010-01-20, 10:56 AM

For clarification that's a T60 laptop.

 

Cheers

 

Ship

Shiperton Henethe

P.S. Btw, how do you see a list of your own postings on this site? 

Reply
Options

10 Posts

04-30-2009

UK

19 Signins

263 Page Views

  • Posts: 10
  • Registered: ‎04-30-2009
  • Location: UK
  • Views: 263
  • Message 3 of 14

Can Windows XP installation partition get infected ? (on a Lenovo/Thinkpad T60)

2010-01-20, 11:01 AM

Hi

 

Is it technically possible for the special Windows XP installation partition (that came with my Lenovo T60 laptop) to become infected with a virus?

Cheers

 

 

Ship

Reply
Options

994 Posts

03-10-2009

Michigan

1453 Signins

21182 Page Views

  • Posts: 994
  • Registered: ‎03-10-2009
  • Location: Michigan
  • Views: 21182
  • Message 4 of 14

Re: Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition

2010-01-20, 13:10 PM

Hi Ship,

 

To see a list of your postings on the site, you can click on your username.

 

Interesting question about whether the recovery partition is safe from viruses. I don't see why it would be, maybe others can comment? Safest thing would be to re-install from the Product Recovery CDs -- you can get them from Lenovo if your ThinkPad is still under warranty. (If you're out of warranty it's probably still worth giving Lenovo a call to see what your options are.)

 

Best regards,

Frank

---------

Results of Your Ideal Business-Class Laptop survey, concluded 2009-07-29.

Did someone help you?
Say thanks! with a kudo.
Even better: Pay it forward, help someone else. :smileyhappy:
Reply
Options

20986 Posts

12-20-2008

Australia, Melbourne

20622 Signins

444194 Page Views

  • Posts: 20986
  • Registered: ‎12-20-2008
  • Location: Australia, Melbourne
  • Views: 444194
  • Message 5 of 14

Re: Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition

2010-01-20, 13:30 PM

It is safe to recover from the factory recovery partition, the partition is not user modifiable (not unless someone has intentionally tried to hack into the partition and modifying it).

Regards,

Jin Li

May this year, be the year of 'DO'!

I am a volunteer, and not a paid staff of Lenovo or Microsoft
Reply
Options

994 Posts

03-10-2009

Michigan

1453 Signins

21182 Page Views

  • Posts: 994
  • Registered: ‎03-10-2009
  • Location: Michigan
  • Views: 21182
  • Message 6 of 14

Re: Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition

2010-01-20, 13:36 PM

wrote:

the [recovery] partition is not user modifiable (not unless someone has intentionally tried to hack into the partition and modifying it).


That's the interesting part. :smileywink:

While I'm not aware of any ThinkPad-specific viruses that target the recovery partition, what prevents a virus from modifying that partition?

---------

Results of Your Ideal Business-Class Laptop survey, concluded 2009-07-29.

Did someone help you?
Say thanks! with a kudo.
Even better: Pay it forward, help someone else. :smileyhappy:
Reply
Options

10 Posts

04-30-2009

UK

19 Signins

263 Page Views

  • Posts: 10
  • Registered: ‎04-30-2009
  • Location: UK
  • Views: 263
  • Message 7 of 14

Re: Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition

2010-01-20, 20:13 PM

> While I'm not aware of any ThinkPad-specific viruses that target the recovery partition,
> what prevents a virus from modifying that partition?

 

Exactly. And more to the point would it necessarily NEED to be a ThinkPad-specific virus?

Reply
Options

20986 Posts

12-20-2008

Australia, Melbourne

20622 Signins

444194 Page Views

  • Posts: 20986
  • Registered: ‎12-20-2008
  • Location: Australia, Melbourne
  • Views: 444194
  • Message 8 of 14

Re: Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition

2010-01-20, 21:53 PM

the way the recovery partition is made, a normal virus wouldn't able to infect the files, this is why the recovery partition was there, to allow people to recover (make sure you do the full factory recovery, don't save anything) in case there was a virus infection. 

Regards,

Jin Li

May this year, be the year of 'DO'!

I am a volunteer, and not a paid staff of Lenovo or Microsoft
Reply
Options

994 Posts

03-10-2009

Michigan

1453 Signins

21182 Page Views

  • Posts: 994
  • Registered: ‎03-10-2009
  • Location: Michigan
  • Views: 21182
  • Message 9 of 14

Re: Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition

2010-01-20, 22:11 PM

AFAIK the only way to prevent a Windows virus from writing to any area of the hard drive it wants, is to set up an ATA Host Protected Area (HPA). Some ThinkPads have used those; ThinkWiki has more details. More recent ThinkPads use a Rescue and Recovery Partition, which is ordinarily hidden from (but not inaccessible from) the OS. I think it is possible (though perhaps unlikely) that a virus could access and corrupt the R&R partition.

---------

Results of Your Ideal Business-Class Laptop survey, concluded 2009-07-29.

Did someone help you?
Say thanks! with a kudo.
Even better: Pay it forward, help someone else. :smileyhappy:
Reply
Options

10 Posts

04-30-2009

UK

19 Signins

263 Page Views

  • Posts: 10
  • Registered: ‎04-30-2009
  • Location: UK
  • Views: 263
  • Message 10 of 14

Re: Virus on T60 ==> how best to reinstall WindowsXP? Safe to use Windows installation partition

2010-01-20, 23:51 PM

I dont know if this helps but for the record here are SOME of the viruses that were flagged up by AVAST and by MSE...

 



AVAST:
Win32:Tibs-AFH [Trj]   C:\documents and settings\XXXX\local settings\temp\X1Server\U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel.msg
Win32:Tibs-AFX [Trj]   C:\documents and settings\XXXX\local settings\temp\X1Server\The Kiss.msg
Win32:Tibs-AFX [Trj]   C:\documents and settings\XXXX\local settings\temp\X1Server\The Kiss.msg
Win32:Tibs-AGA [Wrm]   C:\documents and settings\XXXX\local settings\temp\X1Server\Forever in Love.msg
Win32:Tibs-AIE [Trj]   C:\documents and settings\XXXX\local settings\temp\X1Server\I Would Give you Anything.msg
Win32:Tibs-AFH [Trj]

MSE:
Nuwar.N@mm!CME-711     C:\DOCUME~1\ALECST~1\LOCALS~1\Temp\_avast4_\unp28372.tmp

Trojan: Win32/Vxidl.gen!B      File:C:\DOCUME~1\ALECST~1\LOCALS~1\Temp\_avast4_\unp69768409.tmp
Trojan: Win32/Vxidl.gen!dam    File:C:\DOCUME~1\ALECST~1\LOCALS~1\Temp\_avast4_\unp142407802.tmp

Win32:Small-JBK [Trj]   C:\documents and settings\XXXX\local settings\temp\X1Server\Sadam Hussein safe and sound!.msg
Win32:Tibs-AFA [Trj]   C:\documents and settings\XXXX\local settings\temp\X1Server\Happy World Religion Day!.msg
Win32:Tibs-AFP [Trj]   C:\documents and settings\XXXX\local settings\temp\X1Server\I Love Thee.msg

Win32:Tibs-AFX [Trj]  C:\documents and settings\XXXX\local settings\temp\X1Server\The Kiss.msg
Win32:Tibs-AFX [Trj]  C:\documents and settings\XXXX\local settings\temp\X1Server\Unmatchable Beauty.msg
Win32:Tibs-AGA [Wrm]  C:\documents and settings\XXXX\local settings\temp\X1Server\Forever in Love.msg

MSE:
Backdoor:Win32/Ryknos.BC (Alert level: *Severe")

AVAST:
Win32:Small-JBK [Trj]    C:\documents and settings\XXXX\local settings\temp\X1Server\Sadam Hussein safe and sound!.msg
Win32:Tibs-AFA [Trj]     C:\documents and settings\XXXX\local settings\temp\X1Server\Happy World Religion Day!.msg
Win32:Tibs-AFP [Trj]     C:\documents and settings\XXXX\local settings\temp\X1Server\I Love Thee.msg

MSE:
Backdoor:Win32/Ryknos.BC (Alert level: *Severe") file:C:\Documents and Settings\XXXX\Local Settings\Temp\ARC70F.tmp
Worm:Win32/Mtob.NP@mm    (Alert level: *Severe") file:C:\Documents and Settings\XXXX\Local Settings\Temp\ARC1405.tmp Description: This program is dangerous and self-propagates over a network connection.
Backdoor:Win32/Ryknos.BC [AGAIN] (Alert level: *Severe")  file:C:\Documents and Settings\XXXX\Local Settings\Temp\ARC1B59.tmp
Worm:Win32/Mtob.NP@mm    file:C:\Documents and Settings\XXXX\Local Settings\Temp\ARC285D.tmp

Ship (OP)




 

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete