Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: The Rogue Antivirus that survives through a format

31 Mar 2010   #1
Lebon14

Windows 7 Home Premium x64 SP1
 
 
The Rogue Antivirus that survives through a format

Hi guyz.

Today, someone called me that they had a problem with their computer. They explained the problem and I concluded that it was a rogue antivirus.

I presented myself at their home and saw it : there were NO way that I could access the machine. The rogue antivirus took over the machine completely : even in Safe Mode. Since the mister wanted his computer backed up quickly, we all decided to format it. He had XP Home on a Sempron and 440MB of RAM.

So, I booted up my CLEAN SP2 CD I had. I used this CD multiple times before so I'm positive that it was clean. Formatted (quick format...) then re-installed Windows without a hitch.

First boot, checked if I could access the net, yes I could. Then, I proceed to find the drivers. Downloaded the Chipset, installed reboot. A-OK. Then, installed the Audio-driver then rebooted.

Upon rebooting, his old wallapaper appeared with the rogue antivirus were back on!!!!! I never EVER saw that before.

The mister, upon seeing this, was really irritated and called the guy that did his PC before. I HIGHLY doubt he will be able to have his computer back back for tomorrow.

I have my hypothesis as for why it came back... it created a very hidden partition with a system image somehow. Well, anyway... I'm stumped. Really, I am.

Btw, the rogue antivirus was a variant of "VirusProtectPro". It loads on boot and take the whole screen. We can't close it, we can't stop it. Even with ALT-F4, we can't see the desktop because it doesn't load - even in Safe Mode.


My System SpecsSystem Spec
.
31 Mar 2010   #2
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

In a case like this I would erase the whole disk with a linux distro (# shred) and then reinstall. But that was a real nasty one.
My System SpecsSystem Spec
31 Mar 2010   #3
drywallguy

Windows 7 Pro x64
 
 

As if there wasn't enough to worry about already. A Sempron machine gained control.
Best of luck with the format.
My System SpecsSystem Spec
.

31 Mar 2010   #4
Dark Nova Gamer

Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04
 
 

Quote   Quote: Originally Posted by whs View Post
In a case like this I would erase the whole disk with a linux distro (# shred) and then reinstall. But that was a real nasty one.
Agreed, download an iso for the live ubuntu CD, run GParted after booting up the cd, and wipe the drive clean.
My System SpecsSystem Spec
31 Mar 2010   #5
thefabe

Windows 7 ultimate 64 bit / XP Home sp3
 
 

Now that's what i call a nasty one. Any ideas of were he acquired it from? Fabe Fabe
My System SpecsSystem Spec
31 Mar 2010   #6
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

Quote   Quote: Originally Posted by DarkNovaGamer View Post
Quote   Quote: Originally Posted by whs View Post
In a case like this I would erase the whole disk with a linux distro (# shred) and then reinstall. But that was a real nasty one.
Agreed, download an iso for the live ubuntu CD, run GParted after booting up the cd, and wipe the drive clean.
When I leave the house and suspect to get near a PC, I always put my Fedora on the stick into my pocket. Has helped me already a few times. A man needs tools.
My System SpecsSystem Spec
31 Mar 2010   #7
DocBrown

Win7 Enterprise, Win7 x86 (Ult 7600), Win7 x64 Ult 7600, TechNet RTM on AMD x64 (2.8Ghz)
 
 

Sounds like a job for the RKill program

http://www.sevenforums.com/system-se...tml#post508231
My System SpecsSystem Spec
31 Mar 2010   #8
Lebon14

Windows 7 Home Premium x64 SP1
 
 

Quote   Quote: Originally Posted by thefabe View Post
Any ideas of were he acquired it from? Fabe Fabe
I'm not too sure myself...

Anyway, the guy ditched me because the virus re-appeared after wiping the disc during the install like I said in the first post. I'm a pro-Windows so getting a Linux disc before hand was really not a thing I would thought of.

Next time, I will bring UBCD and get the hard-drive get 0'ed using a third party tool included.

Like I said, I highly doubt he'll have his computer ready tonight... even if it's another guy doing it.
My System SpecsSystem Spec
31 Mar 2010   #9
Shook

Windows 7 Ultimate x64
 
 

I'm a fan of Active KILLDISK....
My System SpecsSystem Spec
31 Mar 2010   #10
thathagat

windows 7 ultimate 64 bit,Windows 7 ultimate 32 bit,Windows XP sp3 home
 
 

Darik's Boot and Nuke ("DBAN") is a good option that securely wipes the hard disks of most computers

Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing

Quote:
DBAN is a means of ensuring due diligence in computer recycling, a way of preventing identity theft if you want to sell a computer, and a good way to totally clean a Microsoft Windows installation of viruses and spyware. DBAN prevents or thoroughly hinders all known techniques of hard disk forensic analysis.
My System SpecsSystem Spec
Reply

 The Rogue Antivirus that survives through a format




Thread Tools





Similar help and support threads
Thread Forum
Event viewer information survives low level format! Spooky - read on!
I have replicated a strange occurrence involving event viewer data over and over in case I was going insane and I would like to share this story in case someone can explain this spooky occurrence! A while ago I had to use system image restore (windows 7 image restore) to restore my entire system...
Backup and Restore
Rogue antivirus
Why is it that no anti virus program seems able to thwart the Rouge Antivirus viruses? lots of folks get tricked by these, and the major anti virus companies have done little to stop it. Anybody have any idea why it is so tough to prevent infection from these sorts of viruses?
System Security
FBI: Rogue antivirus scammers have made $150M
Bug keeps some Office users from their files. Some users of an older version of Microsoft Office may find that their protected documents are now not only protected, but completely inaccessible. Microsoft warned on December 11 that a glitch is causing users of Office 2003 to be unable to access...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:49.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App