Windows 7: Virus remains after formatting

Hi all,

Upon running MalwareBytes it reports that I have "Trojan.DNSChanger". The log says quarantined successfully and then requires reboot. Next time I run it, though, and it's still there.

So I decided to reformat and reinstall OS. I'm never had to do this before but am certain I did it correctly, having watched a youtube tutorial. I booted from my CD, highlighted the partition, clicked "delete". It then says 'unallocated space' as expected. I proceed with the install. But upon completion, the trojan remains!

In normal mode, I keep getting repetitious messages appearing on the taskbar saying something like 'malwarebytes: stopped outgoing message (svchost.exe).

I'm quite the novice, so any help you could provide is greatly appreciated.

Thank you.

Try this out for a reinstall: SSD / HDD : Optimize for Windows Reinstallation

Whenever it says to "clean all", do it, not just a "clean", as in:

Quote:

Now type clean all <enter> you will get a blinking cursor telling you that clean all is working like in the second snip down, just relax and let it work.
NOTE: You could type clean instead to do the same thing quicker, but just without a secure erase.

Let me know how it goes.

Tutorial Credit:
Bare Foot Kid

What are you reinstalling after the Win install?

Dwarfer makes a good point, make sure you aren't downloading anything until you have an antivirus installed

fralo,
After carrying out the instructions given by Dust Sailor then:

1. Install immediately MSE (Microsoft Security Essentials). Use the link in my signature.

2. Fully and completely update your Win 7.

3. Make a system image backup using Windows Backup and Restore to an external USB drive. This is so that you can reinstall a known good system in case you immediately reinfect yourself which shouldn't happen if you have carried out Step 1.

Here is the link to the tutorial for a system image backup:Backup Complete Computer - Create an Image Backup

Okay, I followed the instructions to no avail. But here's what I did step by step.

1) Booted from WINDOWS 7 CD.
2) At language screen, hit shift/f10 to go cmd prompt
3) diskpart
4) list disk
5) select disk 0
6) clean all
7) exit
8) exit

Now back at the install screen, I made it to the listing of partitions. Selected disk 0 (unallocated space).

After install, trojan remains.

It also affects the screen when booting up. There are different colors, checked background. Before it actually gets to the Starting Windows logo, there are a bunch of "aa" scattered across the screen.

Thank you all for your help thus far. I may have to just get a new hard drive.

and where did you get this windows 7 "cd"?

Incidentally,
I guarantee you that if you performed a CLEAN ALL, then no virus survived.

This means you infected the system after the clean all.

The clean all writes zeroes to each and every byte on your hard disk.

Hi Fralo.

Just another question. Do you have multiple partition? (C:, D:. E:, etc)
If yes, then it most likely the viruses or malwares reside in any drives other than C: drive.
As we always aware, when windows done installing, it then initially search for any other drives, read it, and lettering it. But it also will read a folder named "System Volume Information" on each drive. The problem is most of recent viruses and malwares reside inside those system protected folders and manipulate windows to read and execute them.

My suggestion is before reinstalling windows try to delete any files or folder inside "System Volume Information" on each drive. It sometime can be reached using bootable linux system.

Hope that helps a little.

Kevin

Edit: You have to know the folder also has some saved automatic or manual system restore data. When deleted, it will loss. But with newly installed windows, you might not need it anyway.

kevin,
Clean ALL will take care of that if they are all on the same physical drive.

If he has multiple physical hard drives, then the other drives should be physically removed.
After Win 7 is installed, then running WDO over all hard drives will be a necessity.