Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Help QUICK with HDD swaping blunder (LONGWINDED)

08 Oct 2011   #81
seavixen32

Windows 7 Ultimate SP1 64-Bit
 
 

Quote   Quote: Originally Posted by rubyrubyroo View Post
and on a side note - i did figure out the credits thing before but just in general, just wondered the edicate, like can i give one to each post a person places on the thread to help them for mucho help, or it that like abuse of the system?
Just rep the helper once, rather than for each post. If you try to rep an individual in quick succession you'll be notified you can't and you'll be advised to spread things out.


My System SpecsSystem Spec
.
08 Oct 2011   #82
gregrocker

 

Run MS Standalone System Sweeper from CD or flashstick, plus Malwarebytes from Safe Mode if necessary.

Replace AVG with MSE or Avast 6.
My System SpecsSystem Spec
08 Oct 2011   #83
rubyrubyroo

MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade
 
 

sweeper is running... but avg detected 29 rootkits alone(in the MBR) was the main "Rootkit.TDSS.TDL4" and the rest were named after their eploit of choice in win32 - ie file lock, driver change, etc... I grabbed a screen shot but no way I'm signing on to send it now.


so Im guessing that this is the c:\ci.dll corruptor in the boot area and when I found a way around the lock out by using a mode that doesnt allow/need ci.dll, it let me in, but then i guess it went nuclear since they all ran at bootup (malware) w/ startup.exe names

sound close?
My System SpecsSystem Spec
.

08 Oct 2011   #84
rubyrubyroo

MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade
 
 

greg

oh, and i cant get in safe mode because ci.dll is utilized (only exceptions is the driver sig ignore mode and the debugger mode for the kernal, so i guess antimalwarebytes shold just be run from one of those two modes
My System SpecsSystem Spec
08 Oct 2011   #85
gregrocker

 

I would offload my files to strict quarantine DVD/flash stick for repeat disinfection using all known rootkit killers. Our Security forum can help you with that.

Then I would wipe the HD with Diskpart Clean All command to overwrite all code, especially in the boot sector: SSD - HDD Optimize for Windows Reinstallation

Then I would clean reinstall following these exact steps to get a perfect baseline reinstall: Reinstalling Windows 7

Then hope that the BIOS was not infected which can be a fatal infection to the mobo.
My System SpecsSystem Spec
08 Oct 2011   #86
rubyrubyroo

MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade
 
 

greg,

all that, while your paddling on a board?!?!

but seriously, I know your right, the only true 100% certian malware removal is a complete wipe and reinstall no cleaned files carried over, but I prefer your 98.4% odds to keep these files!

I hate to do it but I just might.... im on the fence about thisone being day 5 or 6 and nearly 10 clients waiting for me to look at their computers. It's a tough call, but maybe it isn't....

thanks
mike
My System SpecsSystem Spec
08 Oct 2011   #87
gregrocker

 

The only question to me is whether you should reimport those files even after repeat disinfection. I'd ask in Security forum for the odds on doing so.

You may risk infecting the BIOS if you try to juggle such a badly infected system. The experts there will know this with certainty.

Suggest you keep the briefing for Security experts as brief as possible as they are very busy and not to be trifled with.
My System SpecsSystem Spec
08 Oct 2011   #88
rubyrubyroo

MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade
 
 

greg,

to put it lightly, i have to put the files back - i'll use radiation if i have to. they belong to a very good friend of mine who only trusts me to even touch these files! I am no longer feeling so special by now!

every client file is on that computer (a peer network "server") I have sold him probibly 2 ext hdd's every year or two but he agrees to back up and has never done so, and I cannot find a single backed up file in his office on any media for the 36 years he has been practicing law. his office is literally closed this week waiting for me, thats a big financial loss for him - and he could get disbarred and/or got to fed prison if the files are considered negelected. but he is truely the nicest man i know, and i'd do this for him for free to be honest.

I obviously advocate his interests, but it that feeding the family, staying out of trouble, probibly the later, but it adds a layer of complexity and several of pepto to my stomach!

I tend to agree w/ you and will probibly take that path.

thanks again!
mike
My System SpecsSystem Spec
08 Oct 2011   #89
rubyrubyroo

MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade
 
 

system sweeper finished a full scan and located 2 high risk "lvl 2" pot.harmful.software:

1.) Trojan: win32/Alureon.DX, and
2.) Trojan: DOS/Alureon.A

where #1 is a file in win\sys32 dir and #2 is locatedat boot//./PHYSICALDRIVE0\(MBR)
I went ahead and askd it to remove them both and they were both removed sucessfully according to the sweeper prog. I am rerunning another full scan, and for fun I'll check what AVG does have to say about a new scan results, finally I'll tocuh base with the Security forum for additional steps i should take or be told i sholdn't have done that! Thenmaybe antimalwarebytes and change out my avg, probibly with avast... but I probibly also need to re-repair that ci.dll file so windows will boot - maybe 3 rounds of startup repair.
My System SpecsSystem Spec
Reply

 Help QUICK with HDD swaping blunder (LONGWINDED)




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Swaping back from SSD to HDD
Hello, I do have a small problem! I just got a ssd 64gb from kingston (i don't know how good or bad they are,but it has some good reviews) and i am planing to test it on my laptop! My problem is that after changing from hdd to ssd and test it...later on i want to put back my hdd. Will my laptop...
Backup and Restore
Quick answer please? - Getting SP1 the quick way - or bad idea?
Hi guys, Having built my new puter Im now re-building my old one to become my wifes puter. Ive just started the W7 clean install process on it and came to a realisation: The old RETAIL W7 64bit HP disk from which I installed the OS a few years ago does not have SP1 on the disk. For my...
Installation & Setup
Having problems swaping displays (AMD RADEON with Catalyst Control)
So, I have been searching mindlessly around to figure out how to swap my displays (IE. display 2 as display 1 and vise-versa) and I finally figured out in Catalyst control center, you can swap these displays, I currently have it configured in the control center like this:...
Graphic Cards
Swaping motherboard with new one
I am getting a ASRock 890GX EXTREME4 and a 1tb hdd and was wondering what would be the best way if possible to install the new motherboard while keeping my games and everything installed only changing the drivers for my old mobo with the new one? I am thinking of cloning my drive to the new one and...
Installation & Setup
Quick Quick Question :D
ok. i have win7 ultimate 64bit RC. now if i buy win7 ultimate 64bit will i have to format my drive in the process? or would i be able to keep everything i have installed? thanks people.
Installation & Setup


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:27.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App