New
#1
File Infector Virus
Does reformatting all the hard disk partition deleted the file infector virus.?
Does reformatting all the hard disk partition deleted the file infector virus.?
I think so Parman. because when i run an application in the computer an .exe file is created in the startup folder. What do you think Parman?
cngerra,
Let's see if we can get to the root of the problem...
Please download RogueKiller:
Tlcharger RogueKiller (Site Officiel)
When you get to the website, go to where it says:
(Download link) Lien de téléchargement
Select the version that applies to your system: 32-bit or 64-bit. (See: Note (at the end))
Click the dark-blue button that applies.
Save to the Desktop.
Close all windows and browsers.
Right-click RogueKiller and select: Run as Administrator
Press: SCAN
When done, a report opens on the Desktop: RKreport.txt
Please provide the RKreport.txt (Mode: Scan) in your reply.
(Please do not delete anything!)
Note:
To find out if the system is 32 or 64 bit:
Click: Start
Type System in the Start Search box
Click System in the Programs list.
The operating system is displayed as follows:
For a 64-bit version operating system, under System > System type, it shows:
64-bit Operating System
For a 32-bit version operating system, it shows:
32-bit Operating System
cottonball
Will I do this before i reformat my computer??
Yes, do that before reformatting.
Cottonball just wants to see what the "file infector" is, so you'll be aware of it before infecting your newly reformatted disk again
Some file infectors can:
They bring with them a risk for Rootkits, etc.
- Infect the Master Boot Record (MBR)
- Run code in user mode
Formatting an existing partition doesn't rewrite the MBR...
Last edited by cottonball; 23 Apr 2013 at 22:54.
What I'm worrying is that this box appears...
Hi everyone this is the result of the scan.
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Christopher [Admin rights]
Mode : Scan -- Date : 04/23/2013 19:56:53
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 14ea7d3f16d242e19efba6e0a2248586
[BSP] c4fdb928998d49d79e915565f2da3e3d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 249899 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 512000000 | Size: 465403 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_04232013_02d1956.txt >>
RKreport[1]_S_04232013_02d1956.txt