OK, whilst that is one option, there are others which do not require a reformat. These options cannot be used here, but can in the Malware Removal section linked in my previous post.
However, if you're still interested in going down the route of backing up and reformatting, here are instructions on how you can backup your data by booting into a Puppy Linux environment.
These instructions come courtesy of phillpower2 from Geeks To Go, and modified by LiquidTension.
- CD Burner (CDRW) Drive
- Blank CD
- Extra Storage Device (USB Flash Drive, External Hard Drive)
1. Burn Puppy Linux Live CD Using Clean PC
- Using your clean PC:
- Open BurnCDCC.
- Extract All files to a convenient location.
- Double-Click BurnCDCC.
- Click Browse and navigate to the Puppy Linux ISO file you downloaded earlier.
- Double-Click the file.
- Important: Adjust the speed bar to CD: 4x DVD: 1x.
- Click Start .
- Your CD Burner Tray will automatically open.
- Insert a blank CD and close the tray.
- Click OK.
- Your Puppy Linux Live CD will now be created.
2. Change BIOS Boot Priority
- Restart the infected PC.
- Read the following instructions (scroll down for Dell).
- Open your CD ROM drive and insert your Puppy Linux Live CD.
- Press F10 to save and exit.
- Press Y to continue.
- Your computer will restart and boot from your Puppy Linux Live CD.
3. Recover Your Data
Once Puppy Linux has loaded, it will in your computer's memory (RAM). You will see a fully functioning Graphical User Interface similar to what you consider your "normal computer". Internet access may or may not be available depending on your machine, so it is recommended you print the following instructions or ensure you have access using a different device.
Note: Double-clicking is unnecessary in Puppy Linux. To expand, or open folders/icons, a single click is all that is required.
3a. Mount Drives
- Click the Mount located at the top left corner of your Desktop.
- A Window will open. By default, the "drive" tab will be forward/highlighted. Click on Mount for your hard drive.
- Assuming you only have one hard drive and/or partition, there may only be one selection to mount.
- USB Flash Drives usually automatically mount upon boot, but click the "usbdrv" tab and make sure it is mounted.
- If using an external hard drive for the data recovery, do this under the "drive" tab. Mount it now.
3b. Transfer Files
- At the bottom left corner of your Desktop a list of all hard drives/partitions, USB Drives, and Optical Drives are listed with a familiar looking hard drive icon.
- Open your hard drive i.e. sda1
- Next, open your USB Flash Drive or External Drive. i.e. sdc or sdb1
- If you open the wrong drive, simply X out at the top right corner of the window that opens (just like in Windows)
- From your hard drive, drag and drop whatever files/folders you wish to transfer to your USB Drive's Window.
Remember, you need only click once! No double clicking! Once you drag and drop your first folder, you will notice a small menu appear giving you the option to move or copy. Choose COPY each time you drag and drop.
The safest practice is not to backup any executable (.exe), screensavers (.scr), dynamic link library (.dll), autorun (.ini) or script (.php,.asp, .htm, .html, .xml) files because they may be infected by malware. You should also avoid backing up compressed (.zip, .cab, .rar) files that have executables inside as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may disguise itself by hiding a file extension or by adding double file extensions and/or space(s) in the file's name to hide the real extension, so be sure you look closely at the full file name.
- Backing up documents, image, music and video is fine.
- To repeat, do not backup up files with the following extensions:
.exe, .scr, .bat, .com, .cmd, .msi, .pif, .ini, .htm, .html, .hta, .php, .asp, .xml, .zip, .rar, .cab
You are now done! Click Menu > Mouse Over Shutdown > Reboot/Turn Off Computer. Be sure to plug your USB Drive into another working windows machine to verify all data is there and transferred without corruption.