Thanks everyone - much appreciation!
Please don't bother posting anymore advice on how to access laptop's hard drive ...
That part of the complex problem I have with Dad's laptop has been solved.
It's complex because I discovered the culprit being a Win32:Vitro virus infection.
I just read
an entire 17-page thread on this specific virus on Avast!WebForum... finding out that not only is this virus missed by many popular AV programs but also that those which detect it are unable to repair the infected files.
Before reading above link, I (thought I had) cleaned up the Win32:Vitro. At least what I had done now enables me to enter safe mode for backing up documents etc.
(I requested this thread to be renamed to
Win32:Vitro and moved to the Networking Forum - so if some mod happens to be reading this...
)
____________________________________________________________________________
For who might be interested about this Win32:Vitro, here's what I've learnt so far:
1) At present to-date it is unrepairable.
Few AV programs detect it - and those which do are only able to move infected files to chest or delete them.
2) It infects exe and htm or html files which are smaller than 100K.
However, the few av programs which detect Vitro detect only the exe files, ignoring infected htm and html files totally!
3) Disconnect infected computer if it's on a shared network.
4) First thing to do is to enter Safe Mode immediately and backup any important files you don't want to lose, and afterwards format the HDD and make a clean fresh OS install.
Things won't get worse since in Safe Mode (per online rumours...) Vitro lies inactive.
--------As weird as this might sound - If you need make any backups -
DO NOT scan or follow any suggestions your AV program comes up with.
Doing so will move or delete (never repair!) essential Windows System32 executables like mnmsrvc.exe, progman.exe, userinit.exe etc and on reboot you get either an OS which doesn't load at all or an infinite logon/logoff loop.
Keeping in mind that at the end you'd be getting no choice other than reformatting and fresh OS install (or binning pc!), it's definitely counterproductive to attempt any form of repair before backing up what you need to back up.
--------For same above reasons
DO not reboot infected pc at all no testing unless you're sure you got nothing to lose. Enter Safe Mode at the first Win32:Vitro warning you get. Period.
Every reboot spreads Vitro to more files, your OS will get worse, giving you logon/logoff loops or just a black screen - and it'd be even more difficult to make your precious backups!
This was what happened to my Dad's laptop. He had left it running overnight, waking up to the Avast 'radio-active spinning fan' virus alert.
Now Dad's no techie - he wouldn't imagine the consequences for following Avast's suggestion and move or delete userinit.exe so he moved/deleted every file Avast brought up and shut down the laptop.
Later same day, he persisted in scanning and rebooting "hoping it'll go away", finally phoning me when "XP wasn't allowing him in anymore" and for him all hope was lost!
When he brought me his laptop, there was
no way to log in at all not even in Safe Mode (hence me starting this thread!)
Ultimately, I entered Safe Mode "half-way" having just mouse pointer and black screen, no taskbar, no icons.
Just for lack of anything else I pressed Ctrl-Alt-Del and luck had it that the Task Manager popped up!
At the time I didn't even know there was a virus, let alone its name..
I started Avast using 'New Task' in Task Manager getting a warning immediately on starting the memory scan. I scheduled a boot scan and rebooted.
I deleted all virus threats in bootscan, thinking laptop would be clean and just needing to run Windows Repair to replace the deleted system files.
What I got in reality was a bootable OS (with a different login screen than the usual XP one) which rang bells when I found myself unable to update windows, turn on firewall or update Avast...
5) Treat any storage media you connected to the infected pc as infected as well.
Before restoring your backed up data, scan it with AV and delete ALL htm and html files.
I wouldn't suggest trying to repair or clean up the infection without formatting, unless you are very bored and have loads of patience and spare time!
It's been described as one of the worst viruses ever, using polymorphism to disguise itself.
It's a virut strain and is capable of even infecting other malware (think a virus getting infected with another virus?)
Polonus (malware fighter) said:
W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.
* NtCreateFile
* NtCreateProcess
* NtCreateProcessEx
* NtOpenFile
* NtQueryInformationProcess
It disables Windows System File Protection (SFP) by injecting code into WINLOGON.EXE. This injected code patches sfc_os.dll in memory which in turn allows the virus to infect files protected by SFP.
We haven't a clue what the purpose of this corrupting file infector is, while leaving a computer beyond repair. You cannot use it as a zombie in a botnet, you cannot use it for launching spyware. However, this malware is so advanced in nature that it cannot have been developed but by very apt malcreants.
But why it is pure negative, then? It has a random encrypted file infecting routine making it very hard to recover from.
Ruins files in a random way, partially or entirely, circumventing the Windows File Protecting scheme and ruining every executable from memory it finds reappearing and going on infecting even if only a small trace of the infector is left (copies, archives). Its actions are astonishingly fast, we have to throw in the towel - it's a virus developed just to ruin an operational system as best it can, it cannot be beaten, there is no cure against it.
This virus was "just created to junk your computer and make as much damage as possible", in this sense it is an anti-MS virus a la carte.
I just lost a computer to this virus. Going with scorched earth. Also, it jumped to my USB drive (autorun?) and almost got my laptop. Avast is catching this, when Norton and McAfee did NOT.
In the thread linked above, it's rumoured that Vista and Windows 7 users are immune to Win32:Vitro.
Uhh, if someone would be willing to test... I got plenty of Vitro-infected files available to share
Myself, I've been checking my 2 Vista x64 rigs in system specs the entire afternoon (good reason enough since I regularly exchange pendrives/emails/downloads with dad - 2 days ago I even let him access my NAS remotely
) Thankfully I got no Vitro - dunno if it's due to be being careful or just because my OS is Vista and not XP.