|Dell desktop running Win XP Pro SP3. Infected with viruses. User said they clicked on a link within Facebook that said something like "I saw these pictures of you on the internet" then all heck broke loose.|
User's PC is password protected. They've given me their password. I can normal boot, but basically can't do anything - IE is being controlled by viruses because when I navigate to virus removal websites I'm told the website can't be found and often times I'm routed to another website that I didn't request.
Can boot and login with user's password into Safe Mode with Networking, but here I can't run any EXE files (including RegEdit).
When I try to boot into safe mode with command prompt, the user's login/password combo doesn't work - not sure why.
I was able to hook up the 3.5" SATA HDD to my computer using a USB converter cable. Doing this I was able to 1) remove the viruses using my Norton and 2) backup the important data files - however, user would prefer not to reformat and reinstall Windows as this will cause them to have to reinstall all their software.
I've also been trying Hiren's BootCD 10.5, but I haven't had any luck with it. Mini Win XP won't boot for me and I don't find that any of the menus in this boot cd to be user friendly for a novice user.
I've used a Win XP Pro CD to boot from, but the Recovery Console doesn't let me past the Administrator password. I hit enter assuming it's blank and it says incorrect password. I wouldn't think reinstalling Windows (without formatting the hard drive and losing everything) would be this difficult - but maybe I'm doing something wrong here.
BUT since I CAN view everything on the hard drive using my laptop via the USB cable, is there a way for me to "restore" the critical aspects of Windows XP Pro to a point that I could get EXE files and the like to start working again? If so great, but I'd need precise details in order to do this since I've never done it before. For instance, copy File so and so from laptop (also running Windows XP Pro SP3) into directory (\xxxx\xxxx\etc) on the desktop's harddrive.
Many thanks in advance for any help that you can provide.