Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Multiple serious infections

10 Aug 2012   #11
gregrocker

 

Thanks Borg for explaining. That's enough to know it's time to cut to the wipe and reinstall.

I posted my thread because I wanted to learn more about cleaning up the hairiest infections, knowing full well I would probably wipe the HD to Clean Reinstall - Factory OEM Windows 7 which I have now done. Performance is fine so far.

It wasn't necessary to slave the HD since I used the installer Command Line to wipe first with Diskpart Clean Command - however like OldMX I wasn't willing to wait any longer once I read more about the infection.



My System SpecsSystem Spec
.
10 Aug 2012   #12
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Greg, even I won't try to clean up a Rootkit infested machine! Most especially an MBR related Rootkit/Bootkit.
As you know, my experience is in 'security'. I've been at it for over 10 yrs now and this stuff is getting harder and harder to really "fix or cure" without nuking and clean install.
My System SpecsSystem Spec
10 Aug 2012   #13
gregrocker

 

Thanks, Jacee. As a Clean Reinstall obsessive I have always cut to the reinstall on heavily infected machines.

However you helped me clean up a serious fake AV infection with hidden files on a roommate's machine which I did via TeamViewer while traveling: Fake AV infection - files hidden?

I promised roommate I'd reinstall as soon as I got back, however he said performance was good enough that he didn't even want a reinstall. Since then I've been warily circling the machine, ready to pounce.

Is Alureon one of the MBR infections that can leech into the BIOS? I never saw any sign it had created a partition, but do you think Diskpart Clean Command - which is normally sufficient to overwrite conflicting boot sector code - is sufficient? I could have run Clean All but had an exchange with you or Corrine some years ago where it seemed to be deemed unnecessary to wipe infection.
My System SpecsSystem Spec
.

10 Aug 2012   #14
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

I would have suggested a clean install also, but you mentioned you wanted to save the install, so I thought you might take a try at removing it.

I've never read anything about Alureon getting into the BIOS, but that doesn't mean it hasn't evolved. The latest Sirefef variants trick the AV by presenting a valid, clean MS file & then after that runs, switches over to the infected file. It wouldn't surprise me if other viruses started using this pattern as it seems most effective at dodging AV's scans.

I noticed that in almost all the cases of Alureon, the hidden boot sector doesn't show up on the Disk Management console, but running G Parted from a boot disk usually reveals it.
My System SpecsSystem Spec
10 Aug 2012   #15
gregrocker

 

Yes, basically I have this friend's older HP dv5-1235dx laptop for 12 days while housesitting for him on the beach here. He's not been able to even use it for months and I didn't know what to expect.

I figured I'd spend a few days practicing virus cleanup due to the apparent success of the one prior cleanup I posted above. But your description of the virus made me wary it could cause possible damage to the machine. I've yet to personally come across an MBR or BIOS infection but understand some can damage hardware.

So at that point I reinstalled finding all drivers were in the installer, and after just an hour's updates and setup have a perfectly fast laptop I'll use for the rest of my stay.

Thanks again, all!
My System SpecsSystem Spec
10 Aug 2012   #16
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

At least you have access to disks. One clean up I had to do, the nice lady had NO disks of any kind ("Were they important?" she asked), her kids had scratched the Win # sticker off the machine (So much for d/l ing Windows), and when the machine booted, it was a black screen with a flashing cursor. It also had Alureon (and about 27 other viruses) that I had no choice but to work out . I was able to use the factory restore (And a few AV/repair boot disks), that took up a day & 1/2 of my time....but hey, I got it working again....somehow
My System SpecsSystem Spec
10 Aug 2012   #17
gregrocker

 

I'd heard the DV5 runs hot which is why it's elevated and sure enough its keyboard feels hot. I installed Core Temp to the tray and it is staying around 30C so I'm not sweating it even tho hot keyboards are unpleasant in general.
My System SpecsSystem Spec
Reply

 Multiple serious infections




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
HAPPILI and possible other infections/redirects
I recently came here to the forums to remove HAPPILI. I followed several of the steps in a certain thread but still got redirected to HAPPILI. Now (a couple days later) I have stopped seeing HAPPILI redirect but am getting redirected to another fake search results page...very generic looking,...
Performance & Maintenance
Infections EVEN after formatting and installation?
Hello, I've had a lot of problems with my computer recently, for example, not being able to boot up and system repair not working and many more. I reinstalled my system, transferred my files from the external hard drive back onto the computer but still the problem occured, only even worse. This...
System Security
Does anyone recognize these three infections? Google doesn't
c:\users\rusty\appdata\local\ojimocin.dll c:\users\rusty\appdata\local\ehevurijanoxoz.dll c:\users\rusty\appdata\local\ayimeqaguvi.dll The last one got caught by NIS when I booted this morning. The other two got caught together a week ago. After the first incident I did full scans with...
System Security
AVG or Windows Defender came up informing me of 2 infections
Hi all, I'm not sure if repair install could help me but I've never had anything of the sort occur with my computer before. Last night I was surfing away, just looking at a few websites. I opened a new one (from google search) and either AVG or Windows Defender came up informing me of 2...
System Security
virus infections
hey gang. I work at a service depot as a depot technician. I'm studying the MCTS, and a few of my collegues were discussing infections and how they're related to having or not having a NAT firewall device (hardware; i.e. router). Their argument was that not having a router vs. having a router...
System Security
Have you ever lost data due to infections?
I'm just curious to know: How many of you have ever lost information due to an infection of some sort? Did you manage to recover all or any of your data? How has it changed your approach to system security now? Multiple answers are allowed, if you only choose 1 otion, please make it the...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:46.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App