Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Virus on external hard drive


13 Feb 2010   #1

Windows 7 Ultimate 6.1.7600 Build 7600 X86-based PC
 
 
Virus on external hard drive

Hey people.

Last night my girlfriend plugged an external/portable hard drive into her Mac OSX and message came up saying there is a virus on the HD. So she unplugged the drive in fear of being infected and shut down the Mac before I could have a look what was said in the message.

So I ran a scan from my laptop with MSE and got the following viruses :
-Trojan:Win32/Orsam!rts
-VirTool:Win32/Obfuscator.C
-Virus:Win32/Virut.BM
-Trojan:Unix/Rootkit.C

(she brings home a lot of media from a network hub at work)

So here is my problemo...

-Trojan:Unix/Rootkit.C - was removed

-Trojan:Win32/Orsam!rts - was quarantined but showed up on 2nd scan

-Virus:Win32/Virut.BM - and - VirTool:Win32/Obfuscator.C - I get this error message from MSE on both scans :
Microsoft Security Essentials encountered the following error: Error code 0x8007065e. Data of this type is not supported.

Guys I am clueless on how to proceed and want to do so cautiously.

-Please could you guys help me remove these threats without formatting the portable HD
- Is there a chance I could infect my PC (did a scan just now and MSE says my baby is still clean)
(Running Windows Ultimate 32bit on a Toshiba laptop)

* Ive scanned the external HD with Maleware-Bytes and Ad Aware and they have picked up nothing...


My System SpecsSystem Spec
.

13 Feb 2010   #2

Windows® 8 Pro (64-bit)
 
 

Quote   Quote: Originally Posted by James78 View Post
Hey people.

Last night my girlfriend plugged an external/portable hard drive into her Mac OSX and message came up saying there is a virus on the HD. So she unplugged the drive in fear of being infected and shut down the Mac before I could have a look what was said in the message.

So I ran a scan from my laptop with MSE and got the following viruses :
-Trojan:Win32/Orsam!rts
-VirTool:Win32/Obfuscator.C
-Virus:Win32/Virut.BM
-Trojan:Unix/Rootkit.C

(she brings home a lot of media from a network hub at work)

So here is my problemo...

-Trojan:Unix/Rootkit.C - was removed

-Trojan:Win32/Orsam!rts - was quarantined but showed up on 2nd scan

-Virus:Win32/Virut.BM - and - VirTool:Win32/Obfuscator.C - I get this error message from MSE on both scans :
Microsoft Security Essentials encountered the following error: Error code 0x8007065e. Data of this type is not supported.

Guys I am clueless on how to proceed and want to do so cautiously.

-Please could you guys help me remove these threats without formatting the portable HD
- Is there a chance I could infect my PC (did a scan just now and MSE says my baby is still clean)
(Running Windows Ultimate 32bit on a Toshiba laptop)

* Ive scanned the external HD with Maleware-Bytes and Ad Aware and they have picked up nothing...
Scan your PC with Avast and Hitman Pro.
My System SpecsSystem Spec
13 Feb 2010   #3

Windows 7 Ultimate 6.1.7600 Build 7600 X86-based PC
 
 

Sweet, Will download Avast and run the scan on the portable HD and then PC.
Will my PC be at risk if I plug in the hard drive ?
My System SpecsSystem Spec
.


13 Feb 2010   #4

Windows® 8 Pro (64-bit)
 
 

Quote   Quote: Originally Posted by James78 View Post
Sweet, Will download Avast and run the scan on the portable HD and then PC.
Will my PC be at risk if I plug in the hard drive ?
Yes it might be. But install the anti virus on the main PC so that it can prevent any infection.
My System SpecsSystem Spec
13 Feb 2010   #5
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Read about Virus:Win32/Virut.BM
http://www.microsoft.com/security/po...n32%2fVirut.BM

You're not only dealing with Virut but you are also dealing with a lot of other malware as well.
What I suggest in your case is to format and reinstall the OS. This is because, Virut is a file infector which infects every .exe present on your system. The problem with Virut is, this is a buggy file infector and that's why scanners cannot disinfect them properly either > result > files are corrupted, won't work anymore.
And as I already explained, Virut infects every .exe. This means that you may not delete these files, but they should be disinfected. And since it's a buggy virus, the files cannot be properly disinfected.
This unfortunately means that this is a game over situation and there's nothing much you can do besides formatting and reinstalling Windows.
Don't backup your files either, because when you backup .exe files, they are also infected. You can however backup pictures and documents.
My System SpecsSystem Spec
13 Feb 2010   #6

Windows 7 Ultimate 64 - OEM Service Pack 1
 
 

That sounds like a nasty son of a bitch he has there
My System SpecsSystem Spec
13 Feb 2010   #7

Windows 7 Ultimate 6.1.7600 Build 7600 X86-based PC
 
 

Hi Denesh and Jacee. Many thanks for the help so far.

I might not have explained myself well in my first post, sorry. The external hard drive doesn't have an OS, its just used to store pictures, videos, games, etc.
Im not sure if that makes a difference? Can the virus still infect other exe. files on the drive. "Virut is a file infector which infects every .exe present on your system".

In other words, would I treat the infected hard drive/media device(with no OS) the same way I would my Computer?
So far Ive scanned the previously infected folders that MSE said were infected and Avast came up with the following, which it deleted,

win32:Vitro (3 of these)
win32:Trojan-gen
win32:junkpoly[Cryp]
error:the file is a decompression bomb(42110) (many of these msg's)

So now Im running a full scan of the media device (its at 25% and going for 55 minutes )

Thanks
James
My System SpecsSystem Spec
13 Feb 2010   #8
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

win32:Vitro <-- new variation of Virut
PolyMorphic Win32:Vitro Most Viraulent Virus : Tech-Linkblog.com

win32:junkpoly[Cryp] <-- more Virut
A virus that can perform various modifications in Windows system files including logon functions. Win32:JunkPoly [Cryp] can also disable Windows registry editor, Task Manager and kill various running programs on the compromised computer.

win32:Trojan-gen <-- Backdoor Trojan

I sure wouldn't want to save anything on that external hard drive if it was mine!!
My System SpecsSystem Spec
14 Feb 2010   #9

Windows 7 Ultimate 6.1.7600 Build 7600 X86-based PC
 
 

Damn!!! That is not what I wanted to hear... Guess I'll have to format....

Just out of interest
- the scan took 8 hours...
- 800 Gigs of media
- 6 additional infections were found

I know you said you wouldn't advise to save anything, but is there no way I could safely keep some of the stuff. I dont mind deleting all exe. files etc, there are soo many photos and video's I would really love to keep. In fact the pics are irreplaceable, I just cant bring myself to del them.(and some of the home vids)

Is it ok to navigate through the external hard drive without infecting my PC, and save some of the pics etc to a flash drive? (PC is virus free)

Sorry about all the question
Thanks a lot for all the help


Attached Thumbnails
Virus on external hard drive-avast-scan.png  
My System SpecsSystem Spec
14 Feb 2010   #10
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

You can save your personal pictures and documents. Look at my posts above.
My System SpecsSystem Spec
Reply

 Virus on external hard drive




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 07:07 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33