Virus disabled Windows - Need to get files off hard drive

HijackThis that works, I would visit a HJT Expert forum and let them look at a log. Please follow the directions in this thread.
http://reviews.cnet.com/5208-6132-0.html?forumID=32&threadID=107213&messageID=1223125

Download the Fixswen.inf file from the McAfee link below. The link is a direct link to the file and should cause your download dialogue window to open. Direct the file to your desktop. Once it's on the desktop, RIGHT click on the file, choose ''Install''. Running the file should cause the registry entries that botched your programs to be fixed and hopefully allow you to start them again.

http://download.nai.com/products/mcafee-avert/Fixswen.inf

Hope this helps.

Grif

WHERE the files are located or belongs to... - which username, what folder, etc.

IF let's say its on shared documents folder, you can easily copy by removing your HD and make it a slave drive on other computer.

If you ever 'make private' the username folder, then you can not use the above methode, you might need KNOPPIX CD, to do it.

I had something similar happen not too long ago.
Dang near every .exe file changed to a .lnf file (I think that's what it was).

I had a MS Certified Software Engineer come by and work with me, here's what we think happened:

I have all the goodies, SpyBot, SpywareBlaster, MS Anti-Spyware, AVG, AdAware, and the constant running add-on, AdWatch.

I had an AVG update.
I am quite concerned about security, as I've been hijacked several times, and now know pretty much what to do to prevent it.

The AdWatch started throwing up "attempted Registry changes", allow or block?

There had to be 30 of them (I was able to save a logfile, still have it somewhere) and only one mentioned AVG.
Well, when you're adrenalin is pumping, thinking some yay-who is trying to grab your system, you hit "block, block, block, block".

Almost every other change is fully identified by name of program (symantec, when I had it, lavasoft, MS ASW, etc) but not these ones.

Apparently, the update changed my registry, or tried to, but it deleted stuff first, or was in the process.

We tried everything, couldn't even get regedit.
Safe-mode, nada.
After 6 hours of me and 2 more with him, we decided to re-boot and ACCEPT all the registry mods (couldn't lose anything at that point), and it's been perfect ever since.

So, I ain't no ex-spurt, but can you tell me what it changed the .exe's to and what program had just run before this happened?

TOC

... is (using a clean machine) to go to a website that offers bootable CD based OS's for download (like knopper.net or ubuntu.org) and download an image and burn it to a CD (not forgetting to make it bootable).

Then, on your infected you can boot a safe operating system from the CDROM. Copy the files you want or need to another media (USB drive, floppy disk, etc).

Then, use your windows CDs to totally re-format the drive and re-install windows, install and configure your AV software and firewall, then connect to the internet and download all available updates. Then you should be ready to go.

As arduous as this sounds, I am willing to bet that you will get a working system faster this way than with any kind of clean up. It is also safer since that malware might have opened a backdoor on your system that the virus/spyware/adware repair people are not aware of, leaving you open in the future.

Just a thought

Do you know the 5 Win-DOS errorlevels?

1. Reatart Program
2. Restart/Reboot Windows or press reset button
3. Re-Install programme thet 'acts up'
4. Re-Install Windows
5. If all else fails, install Linux for a new life experience

I had the same problem about 3 years ago. After taking my laptop all over the city, receiving estimates from 100-400 dollars to recover the files on my hard drive. I was lost on what to do. I did not want to pay that much to recover the files. Then I saw in a magazine an empty storage box for a laptop hard drive. I did some investigation and found out that by using this box I can make my laptop hard drive an external USB drive.
Now, what to do to get a second hard drive for my laptop. I found a used computer store and bought a used 5 gig hard drive for a laptop. Plugged it in and loaded my recovery disc. After my OS was working correctly, I plugged in the laptop hard drive that I had taked out into the USB port and recovered all my files. Except for the OS. Total cost was 30 dollars. I also have used this remedy when someone changed the permissions for the OS files and my laptop could not boot. If you are doing this on a desktop, the idea is the same but the box will be different.

Heres the easiest way to get out viruses and other junk that I have found. If you cannot use your os and the removal tools won't clear up you hard drive, do these few steps and it usually will work. If you have a old pc that you can use make sure that it has all of the latest bug removal tools installed on it, then take out the infected hdd from the dell pc and set the pins to slave then hook it up to the old pc. Once installed in the other pc,use your virus and other tools on the slave drive. This should get rid of all or most of the infection on the hdd, if not it will tell you the name of the infection and you can get a removal tool and use it. Even if it is still infected you should be able to acess the files that you want and copy to the other hdd. The key to this process is that no programs will run on the slave hdd and you should be able to acess the files on it. Make sure that you put the files that you are copying into a folder and run your virus and other tools on the files before you open it. If the bug is still on the slave drive now you can reformat the hdd and clean it out completely then reinstall into the dell and reinstall the os and all of the files that you wanted to save. I have had to do this before and it works. Just a thought

You could hook your hard disc to another computer to a secondary IDE through an ATA cable. This way you rely on the 2nd computer's OP to extract your files. Thencomes the arduous task of repairing whatever was damaged which is not evident.

if you can get on line go to http://www.emsisoft.com/
and down load a2 which is (a squared free virsion)
then signup for a free account so you can up date it
it works great. give it a try!


Also nortin is overrated and aint worth a crap i dont see why people buy it as for the best virus program
Avast free version is the best!!!!! so give these 2 a try and i beleve they will get you going Cstag60@yahoo.com send me a note and let me know how you do Ok??