Stuck on Boot Up Phase Due to Worm
Hello fellow techies, got a problem here.
My laptop's internet wasn't working, so I went onto my mom's computer to use the internet.
It acquired the w32/blaster.worm (she still uses WinXP) and shutdown after a few moments.
I've tried using BartPE, but it doesn't actually get to the point of a PE being useable. It finishes the BIOS portion, and stalls on the boot loader phase.
Wondering what I can do to fix this. It's rather important because my mom has been using this computer for 5 years and as expected, many files on there are indispensable. Also, don't really want to have to extract the HDD etc to keep the data, due to a stricter budget.
Thanks a bunch if you are able to post a fix you have used or think would work, as I've tried to fix this and really don't know what to do at this point.
2 Comments • Newest first
Have you tried using a bootable Linux CD to boot into the computer and get to the Windows partition..? You could copy valuable files off that way at least.
The BART PE symptoms sound like the disc might not have been created successfully, unless you know it has worked in the past. The worm shouldn't have any effect on booting a clean OS from a CD, which is why I wonder about the disc.
Unfortunately, that removal tool of course isn't going to be of any use until you can get into Windows one way or another. I haven't looked at the BART distribution recently, but it may include a Blaster tool either as part of the standard package or as an option, so that's probably the most pressing thing to get working.
And really, if the files on the hard drive are that valuable, taking the drive out and installing it as a slave in a system you don't care about getting infected is probably the best way to make sure nothing further happens to them. It's a real pain, but it would at least let you copy the files to they're protected.
[url=http://www.symantec.com/security_response/writeup.jsp?docid=2003-081119-5051-99] A removal tool I found from Symantec. [/url] Are you able to boot into safe mode (spam F8 at start and enter safe mode with networking)? If you are use the removal tool. Also to be safe run a scan with an updated Malwarebytes after running the tool.