Senin, 26 Oktober 2009

Virus Removal - NTFS Partitions

Virus Removal - NTFS Partitions

Courtesy of the alt.comp.virus newsgroup participants.
(These "anti-malware" pages are the result of a continuing cooperative effort.)

Anti-Virus Main Menu
Main Menu
Removing a virus from a computer running Windows 2000 or Windows XP (with NTFS)...

Often, a DOS-based Anti-Virus is recommended as the best method to deal with virus removal and disinfection. However, there is a problem using DOS-based Anti-Virus software on NTFS - DOS doesn't recognize NTFS partitions!

Here are some options for you to try:
  1. Use the Windows 2000/XP Recovery Console to remove and replace the infected files.

    For more information see:

    Windows 2000
    Description of the Windows 2000 Recovery Console
    HOW TO: Install the Windows 2000 Recovery Console


    Windows XP
    Description of the Windows XP Recovery Console (Q314058)
    HOW TO: Install and Use the Recovery Console in Windows XP (Q307654)
  2. Boot to safe mode and use an anti-virus product such as...
    McAfee's Stinger
    Trend Micro's Sysclean
  3. Create a boot disk using Bart PE, which sports plugins(*) for various AV products. Note that this is not an easy task: it works only if you have a full version of Windows XP/2003 (not a preinstalled version with a recovery CD) and can be a rather lengthy procedure. So it's probably not the best solution to an existing, pressing viral infection. However, it can be highly useful to have such a boot disk in order to be prepared for future infections.

    * Bart PE includes plugins for McAfee (VirusScan & Stinger) and AdAware SE Personal. There are third party plugins available for other products as well.
  4. Use NTFSDOS Pro or ERD Commander from Winternals Software, to remove and replace the infected files.
  5. Install the infected drive as slave in a clean system and then remove and replace the infected files.
  6. When all else fails Reformat, Reinstall & Restore.
    (Note: this option is a last resort and should only be used when all other recovery attempts have failed. It may also be a good idea to format if you have had to deal with a backdoor or a vulnerability since in such cases you may have become the victim of something else as well, in addition to the original malicious program.)

(Jeff Setaro - January, 2003; updated by Frederic Bonroy on June 30, 2005)
Diposting oleh di
Label: ,

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)