Several weeks ago when I started my computer a message appeared at the bottom of the screen claiming that someone was trying to access my computer to obtain my credit card details. This was followed by a pop-up window flooding the screen called Security Tool which said it could fix the problem, but only if I paid a fee by entering my credit card details. The only way to regain control over the computer was switching the power off at the power outlet. Now whenever I try to start the computer the following message appears “We apologise for the inconvenience but Windows did not start successfully. If your computer stopped responding revert to the last known good configuration that worked…” and several options are presented: Safe mode, Safe mode with command prompt, Safe mode with networking, Last known good configuration, and Start Windows normally. If I attempt to “Start Windows normally” (or wait 30 seconds, after which time the computer will attempt to Start Windows normally anyway) a message appears saying that “A problem has been detected and Windows shut down to prevent damage to your computer”. The computer automatically reboots after this message appears and then the cycle commences again. The end result is that I cannot use the computer at all. I would like to get this problem resolved as there is some important data on the hard drive that I would like to keep, although the majority of other data on the drive is not important and can be lost if necessary. The computer is running Windows XP.

It seems that your computer has been infected with some fairly aggressive spyware. As you have likely already realised, it was a bit convenient that a message appeared informing you that someone is attempting to access your credit card details which was then followed by some pop-up windows claiming that they could clean the infection for a nominal fee. Whenever an unsolicited message appears on your computer claiming there is an infection and offering to fix the infection for a fee it is certainly a scam, so I am glad that you recognised this potential and did not surrender your credit card details to the offer. However, this does not bring us any closer to fixing the rather persistent problem which is now preventing your computer from booting. We will also need to find a method to access the data on the computer’s hard drive so that we can save the important data which you require.

We will first try starting Windows in Safe Mode. This is a special mode of Windows which loads the bare minimum to get the computer running by not loading any unnecessary drivers or startup programs and processes. So long as the malware has not completely totalled your installation of Windows on the computer we should be able to boot into a basic version of Windows to extract the important data. Once that has been done we can then format the hard drive and reinstall Windows. To boot into Safe Mode, when the Windows boot menu appears, select “Safe Mode” and press the ENTER key. The boot process may take longer than usual as we are booting into a special mode of Windows. If Windows successfully boots and you can access the Windows desktop then it seems we have had a stroke of luck, as Windows itself is still basically functional. This should provide us with enough access to backup any data which you need to keep. The easiest method to backup the files you need to keep is to copy the files to a USB drive (such as a USB thumb drive or external USB hard drive). If you do not have a USB drive then this may be a good opportunity to purchase one, since they are very handy for backup purposes. Should you need to buy a USB drive then my recommendation is to purchase a USB thumb drive. You can buy quite high capacity thumb drives (such as 8 GB or 16 GB) for around $30 - $50, making them a good investment for backup and data transfer.

Once you have obtained a USB drive, plug it into the computer after Windows has booted into Safe Mode. Open My Computer or Windows Explorer and then open the USB drive. At this point you may encounter the problem that the USB drive does not appear in My Computer or Windows Explorer. This is because the drive has not been assigned a drive letter, and thus Windows has no way to display the drive. To fix this problem go to the “Start” menu > “Control Panel” and open the “Administrative Tools” control panel (you may need to first click “Switch to Classic View” in the left-hand pane of the Control Panel window). In the Administrative Tools control panel, open “Computer Management”. In the Computer Management window there should be a listing of various sections on the left-hand side of the window. Expand the “Storage” category and select “Disk Management”. In the right-hand pane you will see a listing of all storage devices connected to the computer. Find the USB drive in the listing. You should be able to determine which item relates to the USB drive by looking at the disk name and checking whether it is listed as “Removable” and also whether the listed capacity of the drive matches the capacity of the USB drive (give or take a few megabytes, as the usable capacity of a drive which Windows displays is usually a bit less than the advertised capacity of the drive). Once you have located the USB drive, right-click on the entry for that drive and select “Change Drive Letters and Paths”. In the window that appears click “Add” to assign this drive a drive letter, and in the next window click “Assign the following drive letter” and select a drive letter to use. As a rule of thumb, use the first available drive letter after the letter D. Click OK and the drive letter will be assigned to that drive. You should now be able to see and access the USB drive through My Computer or Windows Explorer using that drive letter.

Now that you can access the drive it is time to backup any important data that you wish to keep. Copy all data that you wish to keep to the USB drive. Remember that we will be wiping the computer completely, so anything which you do not backup now will be permanently lost. As such, make completely certain that you are backing up all data that you wish to keep.

Once you have backed-up all data that you wish to keep we can commence the reinstallation process. As a final check, double-check that all the data has been successfully copied to the USB drive and also double-check that you have copied all of the data to the correct drive (i.e. that you have actually copied the data to the USB drive and not mistakenly to another different drive!). Once you are 100% comfortable that the data has been backed-up, safely eject the USB drive from the computer (by clicking the Safely Remove Hardware icon in the system tray, next to the clock) and then unplug the drive from the computer.

Before we venture to the reinstallation process, some other people may suggest that because we can boot into Safe Mode this could allow us to run some anti-malware utilities to possibly remove the malware infection on the computer. However, the reason I do not suggest this alternative is because I believe that once a computer has been infected with a virus or malware the installed system can never be trusted again. Even though you may be able to scan the computer and remove visible components of the infection you can never be completely sure that it has been totally removed and I would not want to be conducting, for example, bank transactions on a computer which I do not trust. Therefore, after a virus or malware infection I always recommend a fresh reinstallation of Windows.

If you have a brand name computer then they usually have a particular procedure should you wish to reinstall Windows. In these cases you should consult the documentation which came with your computer to determine how the computer manufacturer advises that you reinstall Windows.

On the other hand, if you have a generic non-branded computer then you will need to manually install Windows. Find your Windows XP CD and insert the CD into the CD drive in the computer. Restart the computer and it should automatically detect the CD in the drive and boot into the Windows installation (although you may be prompted to “Press any key to boot from CD…” in which case strike a key to boot from the CD). In the event that the computer does not boot from the CD, but instead attempts to boot Windows from the hard drive (which you will be able to see, since the Windows XP boot menu will appear) then it seems the computer has not been configured to boot from CD. In this case, restart the computer again and during the initial boot process (i.e. before the Windows boot menu appears) you should see a message which says to press a key to boot from an alternative boot device (such as a CD, network boot, etc.). Press that key and a boot menu should appear allowing you to select the CD drive as the boot device. Once the computer has commenced booting from the CD, follow the prompts to install Windows. When you arrive at the screen asking where you wish to install Windows, select the drive where your current installation of Windows resides, but make sure you format that hard drive so that the previous installation of Windows is completely wiped allowing you to complete a fresh install of Windows.

After the Windows installation has concluded you will need to install any drivers for the various devices which are present on your computer. Either use the driver CDs which came with those devices or alternatively you should be able to download the drivers from the manufacturer’s website on the internet. If you are reinstalling Windows on a brand name computer, with a particular procedure for reinstalling Windows, part of that procedure should include reinstalling all the drivers for devices which came with your computer.

However, before connecting to the internet or any form of network ensure that the Windows Firewall has been enabled on your internet connection to provide some elementary protection prior to installing additional security packages on your computer. You can ensure that the Windows Firewall is enabled by going to the “Start” menu > “Control Panel” then selecting the “Security Center” category and “Windows Firewall”. Once you are connected to the internet I suggest that your first order of business is to download and install antivirus for the computer. A very good antivirus software package which offers a 30 day trial is NOD32 (www.eset.com.au) so it may be worthwhile downloading and trying this software to see whether it meets your needs.

Once your computer has been protected with antivirus you should be able to start re-setting up the computer and copy the backed-up data onto your refreshed computer. It would also be prudent to use the antivirus scanner to scan the USB drive, just to make sure none of the nasties were transferred across onto the drive.

Finally, we should now consider the situation where you are unable to boot the computer into Safe Mode at all. This is problematic because you will not be able to backup the data on your computer. If you are able to make do without any data from your computer then you could just complete a reinstallation, but unfortunately from your question it seems that you do need some data from the computer. In this situation your best option is to take the computer to a computer repair shop, as they will be able to put the hard drive from your computer into another computer and backup the relevant data before reinstalling Windows. As I attempt to maintain a fairly neutral viewpoint I can’t recommend any specific computer repair shops in Canberra. However, as a rule of thumb I would contact a shop which has been established for a while and the entire procedure should not cost more than few hundred dollars (at the maximum).