Emergency!

[ClubMed]

I need your help, one of my best friends just called about his computer, a few days ago it kept on restarting every few minutes, and today it wont start anymore, he gets a message that the .ini file in System32 is corrupt.

The problem is that his thesis is on the hard disk, as well as the raw footage (20-30GB) of a movie he is making for a short film contest, neither is backed up

Sounds like the Blaster worm to me.

So my question is, if I install his hard disk into my comp in order to copy only the movie footage and the word document, are there any chances that the virus will hop on to my system?

As far as i know viruses do not reside in movie and word files??

Thanks!

[sharder8]

Still make sure yer' "Def files" are up to date!

[Martoch]

Hehe, can't even leave the Community for a technical question eh?


Psst...about your assumption goes:
http://www.viruslist.com/eng/viruslist.html?id=7

[J-Excel]

Can't run a virus check on that drive before you copy the files over?

[Target]

Not knowing for sure what is causing the issue (virus, corrupt software, bad hardware) I think you would be wise to assume that it could effect your machine as well and proceed from there if you are willing to take that risk.

As mentioned, make sure your AV definition files are up to date. Disconnect your machine from any network while his hard disk is in your PC, and see if you can safely nab the files quickly and cleanly.

Though probably not needed at this point as I am sure he/she is already panic'd, it might also be a good time to gently remind your friend of just how much they stand to lose by not keeping backups. I know if it were my thesis, that sucker would be copied/backed-up to 2-3 different places each time I worked on it.

[Bill in SD, CA]

Can't you scan the files for viruses?

Bill

[ClubMed]

oops I thought I clicked on the technical forum sorry

I don't have the hard disk yet so I can't scan, I just spoke to him by phone.

To answer some of your questions, he cant scan it either because his computer is not starting up, he gets a black screen with white writing informing him that some ini file is corrupt and it just sits there waiting.

I'll be sure to update my virus checker before proceeding with this.

I just wanted to know if simply copying one or two files would somehow activate the virus, if it is a virus.

I don’t think I will remind him to make backups just yet, he didn't sound good on the phone as you can imagine, the thesis is due in next week, and he also has to give in a preliminary copy of his movie.

He's an atheist, however I think for a few days to come he is going to be a devout God fearing Christian

[osprey4]

Yes, don't kick the guy when he's down. He needs help, not a lecture.

Whether the virus can spread through these file depends on the virus. If they're infected, he's in trouble.

[korgul]

What OS is he running?

I am gonna take a guess and say W2K, since I just ran into this issue when installing a SP from MS.

make sure your virus defs are upto date.
Slave the drive into your machine.
browse to C:winnt\system32\config\
copy the files named software.*
There shoud be 3 or 4
Paste these file to his machine in the same location
Shutdown and remove the slave drive
Place it back into machine and try to boot.
If you do not have his machine, try it in yours.

I have not tried this going cross OS's. I have only tried this with W2K.

When the computer reboots it detected the NIC and I had to reinstall it.
I'm not sure if it will let you copy and paste the files because they are in use. If not let me know by PM and I can send them to you, I made copies of them onto the server incase we ran into it again.

[ClubMed]

Thanks korgul, he is using Win XP.