salvaging a TDL3 infected HDD

My main 1 TB HDD got infected with TDL3 late last month. It eventually escalated to redirecting google searches, an inability to use Windows Update as well as a few other online services and then finally I was left with a system that would not boot at all, only blue screen. Repeated safe mode reboots and MSE scans removed a few nasty infections but I was still left with an infected PC. Finally giving up I tried the onboard Gateway repair option to erase everything and reinstall Windows. Then I was left with an unbootable PC that would bluescreen before Windows could start and finish setting up.

Antivirus removal options proved too expensive so I ordered the Gateay recovery CDs, only for that to fail. A local shop confirmed it was likely TDL3 so I bought a new HDD and installed fresh. But all I could get was a cheap on-sale drive with less capacity. The local shop said they could purge all data for $10 so I took that choice, but when I plugged it in and booted Windows, Alureon.a tried to run from the E: drive 2nd HDD. MSE stopped the attempted run, I "cleaned" it, shut down and unplugged the 2nd HDD. I've downloaded and ran Hitman Pro(3 times) and Malwarebytes(once normal, once safe mode restart) and neither have found anything so it appears the trojan was stopped before it could infect this copy of Windows, thankfully. I do not need a recurring infection destroying my PC again.

So I am left with a 1 TB HDD that's been shop formatted but still infected. They might try to charge $75 to clean it. Are there any safe, cheap alternatives to do this myself or should I junk the drive totally, forget it and just buy another drive if I want the extra storage? Wich frankly, if I'd known they were not going to clean out the infected boot sector it'd be in the trash now.

oreo27 said:

There is a bootable dvd I'm going to recommend to wipe your drive. This way, you won't have to load any OS for the Virus to spread.

DBAN Download | Darik's Boot And Nuke

Darik's Boot and Nuke ("DBAN") is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.

I've used this quite a number of times when reformatting. And I can confirm that this low level drive wiping tool works perfectly. Give it a try mate.

Alright, I've downloaded and burned a copy. I'll probably run this later. It also gives me a repair option should I get infected again, which it looks like it did not tonight, but I've become so paranoid over this after dealing with it for almost 2 weeks I'm going to worry anyway.

oreo27 said:

Sorry you lost me there mate. What gives a repair option?

Please let us know what happens.

Gateway has a repair option as part of the same menu that selects safe mode. It's basically the recovery software on a protected volume of the HDD. Unfortunately, while that can wipe data and reinstall Windows it doesn't clear out TDL3/Alureon or touch the MBR. It's why I had to buy another HDD to start with.

But now that I have DNAB I can hopefully totally purge this drive and should I get another infection I can use it to start fresh again. TDL3 is a very nasty bit of malware to get rid of.

EDIT: oh, you meant in regards to my posted sentence. DNAB would give me a quick way to wipe an infected W7 if I were to get it again. I simply can not afford the $150 or more local shops charge for antivirus services.

Darik's Boot and Nuke ("DBAN") works very well, I used it on my old laptop that I gave away.

You can try Hitman Pro. Its very good at detecting and removing rootkit. Upon removal, it will replace the infected file with a new one.