I recently had my first Windows Virus experience: A friend caught on to the "Security Tool" virus from the Internet while downloading free mp3 songs. This post is about how to remove the virus files, but basically, its a case-in-point about removing any stubborn or harmful Windows files or copying them out.
This software is a really nasty piece of code, it resembles a genuine anti-virus/anti-spyware tool, tempting users to click on it. It makes the system really sluggish, even worse, it changes the registry files. I also found that it had corrupted the Master Boot Record (though this may have been because of multiple hard resets).
The virus files basically sit in a folder with the following path:
C:\Documents and Settings\All Users\Application Data\[random numbers]\
So this is the folder that needs to be removed.
There are available programs that will remove Security Tool, but this presumes that the system is responsive enough to allow you to download the anti-malware, and that it boots up fine in the safe mode. These programs are a easier way to go forward if these two conditions are met.
However, the computer I worked on, was beyond that point, getting the blue screen of death on every boot. It was more important to get all the useful data out to some external storage, since the data was not backed up.
So, we had, Ubuntu to the rescue. The idea is to create a bootable CD of Ubuntu, which is one of the best Linux distributions, and then boot from the CD. (This requires your BIOS setting to have CD as a preferred boot device to the Hard disk, but that's normally the case in most computers - In case its not, this can be changed. Here's how)
Once Ubuntu has booted from CD, next step is to mount the Windows Hard disk drive. This can be done using the terminal(Here's how) for those more comfortable with it, or with the Disk Manager Utility in System Administration(Here's Ubuntu Manual).
Once mounted, copying data out to an external disk, or deleting files will look familiar to most of the us used to pretty GUIs.
So why not Windows recovery console? I tried, it did not seem to work well for me.
Does this work when Windows has an administrative password? I don't know for sure, but it should. I had a dual boot system that had admin password for Windows, but that never stopped the Linux distro from reading/writing files there.
Lessons to learn? Stay safe on the Internet, and backup data frequently.
Thoughts? Makes me uneasy about how easy it may be to steal files from random unattended computers,I wonder what can be done about it (Have the hard disk password protected?).. Also, May be Windows Vista or Windows 7 is safer, with stricter control on what gets installed..
Acknowledgments? a gifted collaborator, my liege lord, and my close friend, who gave me my learning platform.