Cleaning an infected laptop
December 29, 2008 9:05 AM   Subscribe

How can I clean an infected laptop without booting to it's own drive?

I'm working on a laptop (Win XP) that is fairly jacked up with some malware. I'm pretty certain I can clean it successfully without resorting to wiping the whole OS, but when I get into the drive (even safemode) it's almost totally unusable.

So now I'm trying to think of a way to just link the laptop drive to my main desktop so I can clean it from there. Any ideas?

I'm also looking into going with some type of live cd that I could boot to in order to try and clean it from there (like BartPE or miniPE). I've never used one of these before but I'm sure I can get into the drive. My question with live cd's is, will they include the tools I need to clean the infections off? Any folks have experience doing this sort of thing?

Thanks for any help you can provide!!
posted by covert7 to Computers & Internet (5 answers total) 3 users marked this as a favorite
Best answer: You have two easy choices:

1. Make the BartPE disc and add the Adaware and McAfee plugins. I dont know how up to date these plugins are. Im assuming they can update themselves once booted.

2. Get a 2.5 to 3.5" adapter for the laptop drive and mount it on your PC. Run whatever tools you like.

An alternative to BartPE is UBCD for windows. By default it comes with a lot more tools.
posted by damn dirty ape at 9:13 AM on December 29, 2008

More BartPE plugins here.
posted by damn dirty ape at 9:43 AM on December 29, 2008

If you can get into safe mode with networking at all and it doesn't look the the bad stuff is loading up there, try to download malwarebytes, update it and run a scan. (alternately, you can install it from a USB key... OR take the drive out of the machine, plug it into another windows machine and run malware bytes there)

While still in safe mode, run msconfig.exe and chose diagnostic startup.

Restart and scan in regular windows mode.

Run msconfig and choose regular startup, restart and see if stuff is still screwed up.

If it hosed administrative functions (like task manager or control panel stuff), Ctrl-F for what is missing here and you should be able to find the fix to re-enable it.
posted by ijoyner at 10:01 AM on December 29, 2008

The BartPE route is pretty solid. If you're still needing to remove the drive and work it from your own machine, a 2.5" USB drive enclosure is pretty much the way to go.

wow, it's just my day to link newegg, innit?
posted by FatherDagon at 11:55 AM on December 29, 2008

Response by poster: Thanks for the info folks! I was able to create a UBCD and get it updated with the latest definition files for all it's anti-malware components. Then booted into it and cleaned out the gunk!

Thanks again!!
posted by covert7 at 7:21 AM on December 30, 2008

« Older Central NJ Spots'o'Beauty   |   Peppy pop Newer »
This thread is closed to new comments.