A friend downloaded what he thought was a legitimate copy the xp sp2 exe, but it has totally wrecked his laptop. The laptop will not start normally, but I managed to get it started under safe mode, and ran avg. Found 1406 viruses which seemed to be on only exe files. In the middle of avg trying to repair, the laptop switched off, and won't re-start. Needless to say it's totally knackered.

The only files needed off the laptop HDD are photos, and the address book files.

The HDD is loaded with files infected with viruses. The method I would use is to take out the laptop HDD. Put it in an external USB HDD housing, and then connected to a desktop which is protected with AVG.

Questions are ...
Can AVG on the desktop run a virus check on the laptop's HDD - which will be connected via usb, and eliminate/fix viruses found.
Will AVG check each file that is being copied from the laptop to the desktop.
Will I be able to copy the photos and address files to the desktop - i.e. will AVG stop all files from an infected HDD being copied (even if they are not infected).

Regards,

Rannoch

PS The desktop is a spare with no required data, and can be easily rebuld if required.

I really don't know about that, but VOPTHIS might be able to tell you. I'm sure he will see this soon.

Have never given such logistics much thought and have limited experience with AVG. Suggest you go to their FORUM and ask your questions there:

http://forum.grisoft.cz/freeforum/index.php?0


For a previously heavily infected hard drive I would not rely solely on one AV tool (several 2nd opinions highly advisable). You want to work with (pre-qualify) as clean a disk as possible before proceeding with file copying.




Click here to download Dr.Web CureIt and save it to your desktop.

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, see if you can click the icon next to the files found:
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

Kaspersky is always a very good additional scan except it doesn't actually offer to fix anything:

Do an online scan (scan only tool) with Kaspersky WebScanner
[Internet Explorer required]


Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  • Scan using the following Anti-Virus database:
    - Extended (if available otherwise Standard)
  • Scan Options:
    - Scan Archives
    - Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Thanks fro the information.

Tried the recommendatons, but didn't get far as another major problem happened.

When I connected the laptop's HDD to the desktop I got the following message.

"windows - delayed write failed. windows unable to save all data for the file e:\$Mft". E: is the drive letter of the HDD.
I gather this is the master file table for NTFS. Even File Scavenger can't see the required files.

Any ideas of how I can see the files.

Rannoch

Your 'Master File Table (MFT)' may have been damaged (defrag seems to get mentioned for this) and may need to be repaired (if that is possible). You may require professional assistance to ensure a successful outcome:

http://www.google.ca/search?hl=en&q=...om&btnG=Search


Here are a few additional links that might suggest an investigative path with similar circumstances:

http://www.google.ca/search?hl=en&q=...=Google+Search


Otherwise, you may be able to get more suggestions in the 'XP FORUM' from those that may have actually experienced/resolved such an issue.