[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 10/11/11 10:55, tom wrote:
Friend with XP thinks he has something deleting files on his system. He's turned it off but where do we go from here? Any advice welcome... Tom te tom te tom
I've done all of the following at one time or another.Easiest method is to hope the user has set a System Restore Point and go back to that. i.e. Start/All Programs/Accessories/System Tools/System Restore.
Failing that reinstall. ORBoot into SystemRescueCD (google for it) or any linux livecd with clamav on it.
run clamd and then freshclam (ensures clam database is up to date)run fdisk -l and note the boot partition marked with and asterisk (eg/dev/sda1)
as root type: cd mkdir mnt mount /dev/sda1 /mnt/windows(/dev/sda1 is the partition labelled with the asterisk and it's now mounted as /mnt/windows)
cd /mnt/windows now run clamscan -irv --remove /mnt/windows(this will scan all files and show a summary) This step is where the expertise comes in. If an infected files is found you'll be prompted to remove it yes or no. If the file is a system file then it's probably easier go into Safe Mode back up user data, format and reinstall else just remove the file.
And Educate the user about security. Keith -- ------------------------------------------------------------------------ All e-mails including their file attachments are scanned for viruses and spam using Symantec's and ClamAV's scan engines. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq