Any ideas on how to remove a virus when you can't start it? Can you do anything in safe mode?
This thread was automatically locked due to age.
There are two approaches.
1.) If a machine has been infected by a virus, it is a sensible assumption that its integrity has possibly been breached so deep that it is no longer trustworthy, even after a disinfection.
This is sensible because many viruses will not only implant their own binaries, but they will also fiddle with generic security settings for the machine like changing ACLs for files or registrykeys, modifying the firewall settings, editing hosts and so on.
Therefore, formatting the machine and reinstalling it is required to re-establish total trust in this computer.
2.) If you are willing to accept the risks of lowered security through the virus' manipulations, you may mount the harddrive in a second computer and perform a full scan of the drive. Let the second computer entirely disinfect the drive.
Sophos does not offer a Windows PE- or Linuxbased bootmedium which might do this without the need for a second computer.
However, if the machine is so badly compromised that it does not even boot, I wouldn't take the risk of working with a disinfected system.
Best regards,
Detlev Rackow
There are two approaches.
1.) If a machine has been infected by a virus, it is a sensible assumption that its integrity has possibly been breached so deep that it is no longer trustworthy, even after a disinfection.
This is sensible because many viruses will not only implant their own binaries, but they will also fiddle with generic security settings for the machine like changing ACLs for files or registrykeys, modifying the firewall settings, editing hosts and so on.
Therefore, formatting the machine and reinstalling it is required to re-establish total trust in this computer.
2.) If you are willing to accept the risks of lowered security through the virus' manipulations, you may mount the harddrive in a second computer and perform a full scan of the drive. Let the second computer entirely disinfect the drive.
Sophos does not offer a Windows PE- or Linuxbased bootmedium which might do this without the need for a second computer.
However, if the machine is so badly compromised that it does not even boot, I wouldn't take the risk of working with a disinfected system.
Best regards,
Detlev Rackow