Virus Won't Let Me Access Files

tss210 · March 12, 2013, 12:48:32 AM

Hi,

I am running Windows XP on a Dell Laptop. We were searching about auto repairs and got some type of virus. A message came on the screen that the computer user had copy written material and needed to pay a fine. There were also inappropriate images on the screen. It was impossible to get out of the screen. I tried going into Safe Mode but the same screen appeared. There was no way to shut it down. I have Malwarebytes on the computer but it is not possible to run any programs. There was anti virus software running but it did not stop the virus. I can't recall what I had running. I tried turning on the computer again and the desktop screen appears for a second then it just goes to a white page.

My main concern is getting the files off the hard drive. If I have too reinstall the operating system. it's fine. Unless I can get around this. What do you suggest? If I just want to get the files off, what is the easiest way?

Thanks in advance for your help.

Corrine · March 12, 2013, 02:47:34 PM

Hi, tss210. Welcome to LandzDown Forum.

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Here is a tutorial on using Ubuntu to back up your files: Use Ubuntu Live CD to Backup Files from Your Dead Windows Computer.

Although you indicated you cannot get Malwarebytes to run, are you able to navigate to your Program Files? If so, open the Malwarebytes folder and then open the the Chameleon Help File, chameleon.chm. Click the Chameleon buttons one at a time to attempt to run Chameleon. The buttons are numbered 1-12.

If unsuccessful, please run Windows Defender Offline. See my instructions here.

You should then be able to provide the logs requested at Log Posting Instructions.

In the event you are still seeing the message about the copywrite violation, please provide additional information about what is shown. Removal instructions vary depending upon the variation of the ransomeware.

tss210 · March 13, 2013, 10:59:59 PM

I burned Ubuntu to a DVD and inserted it into the Dell laptop. I made the change in the Bios to boot from the cd/dvd, but when I start the computer I get the message "No bootable devices-strike F1 to retry boot, F2 for setup utility, press F5 to run onboard diagnostics.

Also, you asked if I can navagate to any files...I can not get to any files.

Thanks

tss210 · March 13, 2013, 11:10:03 PM

Not sure if this is important, but I downloaded ubuntu-12.10-desktop-i386.iso.

Corrine · March 14, 2013, 12:10:59 AM

Did you try Windows Defender Offline?

In searching the message you received, the results led to the Dell Community Forum (No bootable devices, strike f1 to retry boot, f2 for setup utility, press f5 to run onboard diagnostics).

I suggest you start with the suggestion to "Run the Onboard Diagnostics F5 including the extended (not the quick) hard drive check to see if the drive has failed."

In the meantime, I'll check with some friends who are familiar with Linux.

tss210 · March 14, 2013, 03:32:30 AM

I ran through all the Onboard Diagnostics tests and everything passed. I then tried to run Windows Defender Offline and got the following error message:

Unable to detect a Windows system drive. This could be due to missing drivers, an encrypted drive, or a corrupted Windows installation.
Error Code: 0x8004cc01

tss210 · March 14, 2013, 05:15:03 AM

I just tried burning the program to another disc and it is working now. The version I downloaded was 12.10 and the directions you suggested don't match this version. Should I burn a different version?

On the left of the desktop there is a WinXP icon I clicked that but when I go into Documents and Settings and All Users the folders are all empty. I hope this is not where I would find the files I need to recover. There are files in the Application Data folders, but the Desktop, Documents, and Favorites folders are all empty.

I did not install Ubunto I chose the Try option, so it should not have deleted the files.

After pressing the WinXP icon a screen appears and The WinXP appears under Devices...Under Compter It says File System but it does not show any drives as the directions stated. There is a Network catagory. Then it says Browse Network I chose that and it displayed Windows Network. Then I got the message Unable to mount location. This was similar to the directions except there was not a "Details" option only an "OK" button.

I am thinking I may have to use the terminal but I won't have the correct information for the mount command.

tss210 · March 14, 2013, 02:37:45 PM

Sorry to keep adding to this but I was ready to shut everything down and realized that if I went to the top of the Ubuntu desktop there was an option to click on "Go" > "Computer" there the 160 GB Hard Disk WinXp was listed as well as Cd/DVD Drive and File system. I selected 160 GB Hard Drive and it was the same as the WinXP. Once I selected Documents and Settings the Document folder was empty. I am getting worried...Could that virus wipe out all the files? In the Users folder there are not any users names listed, so it seems I am not evenn looking in the right place. I don't know if I am accessing the right file system or partition.

Corrine · March 14, 2013, 08:13:03 PM

Hi, tss210.

Sorry, I haven't been available most of yesterday or today. I've asked if a Linux expert from Scot's Newsletter Forum is available to provide assistance. They will be in a much better position to advise you about what you are seeing than I am since they are regular Linux users.

tss210 · March 14, 2013, 09:02:03 PM

I finally figured it out. I kept reading online and I was able to get to the files. The directions were different for the version I downloaded, so it was throwing me off, but I finally got.

I will plan on doing a clean install, since I won't be able to remove the virus. I may even try Ubuntu. Are there other open source operating systems that you would suggest?

Thanks for your help.

LilBambi · March 14, 2013, 09:17:52 PM

So glad you got your documents! A fresh install is likely the best thing at this point.

For the future, I have been using a very nice recovery Linux LiveCD called Trinity Rescue Kit to retrieve files from dead/dying/infected computers, and to also do some virus scanning as well as removing passwords, etc.

Corrine · March 14, 2013, 09:34:11 PM

Thank you, LilBambi! I'll make a note of Trinity Rescue Kit for the future.

tss210 -- great job on getting your files. FYI, LilBambi is a fellow Administrator at Scot's Newletter Forum (SNF) -- well, she's actually the "Senior Administrator", having been there since the site opened 10 years ago. I didn't join until a number of months later.

My advice to you for learning about Linux and selecting a distro is to register at SNF and ask in the Bruno's All Things Linux. You'll get advice on the best distro for starting out. (Note: we manually approve all new members so if you register there don't be discouraged if there is a bit of a delay receiving the registration approval e-mail.)

LilBambi · March 14, 2013, 09:41:35 PM

My pleasure, Corrine!

Trinity Rescue kit is a very good rescue LiveCD for sure. There are quite a few helpful items on the disk.

And yes, BATL (Bruno's All Things Linux) forum over at Scot's Newsletter Forums (SNF) is a great place for Linux help.

:GRAFX:

:dance:

winchester73 · March 14, 2013, 10:48:58 PM

LilBambi ...

Thanks for the assist here :flowers:

LilBambi · March 15, 2013, 01:13:03 AM

winchester73, anytime. Happy to help. :mitch: