 |
Windows 7: The Rogue Antivirus that survives through a format
|
31 Mar 2010
|
#1 | |
Windows 7 Home Premium x64 SP1 QC, Canada |
The Rogue Antivirus that survives through a format
Hi guyz.
Today, someone called me that they had a problem with their computer. They explained the problem and I concluded that it was a rogue antivirus.
I presented myself at their home and saw it : there were NO way that I could access the machine. The rogue antivirus took over the machine completely : even in Safe Mode. Since the mister wanted his computer backed up quickly, we all decided to format it. He had XP Home on a Sempron and 440MB of RAM.
So, I booted up my CLEAN SP2 CD I had. I used this CD multiple times before so I'm positive that it was clean. Formatted (quick format...) then re-installed Windows without a hitch.
First boot, checked if I could access the net, yes I could. Then, I proceed to find the drivers. Downloaded the Chipset, installed reboot. A-OK. Then, installed the Audio-driver then rebooted.
Upon rebooting, his old wallapaper appeared with the rogue antivirus were back on!!!!! I never EVER saw that before.
The mister, upon seeing this, was really irritated and called the guy that did his PC before. I HIGHLY doubt he will be able to have his computer back back for tomorrow.
I have my hypothesis as for why it came back... it created a very hidden partition with a system image somehow. Well, anyway... I'm stumped. Really, I am.
Btw, the rogue antivirus was a variant of "VirusProtectPro". It loads on boot and take the whole screen. We can't close it, we can't stop it. Even with ALT-F4, we can't see the desktop because it doesn't load - even in Safe Mode. | My System Specs |
| Computer type PC/Desktop
System Manufacturer/Model Number Custom build
OS Windows 7 Home Premium x64 SP1
CPU Core i7 950 3.06 GHz
Motherboard Gigabyte X58A-UD3R
Memory Corsair XSM3 6GB 1333MHz DDR3 9-9-9-24
Graphics Card Asus nVidia GeForce GTX460 Factory Overclocked
Sound Card HT-Omega Claro 7.1
Monitor(s) Displays Asus VW246H 24"
Screen Resolution 1920x1080
Keyboard Logitech K350
Mouse Logitech M510
PSU Xigmatek NRP-PC702 700W (cable hell)
Case Lian-Li Lancool PC-K62
Cooling Stock fans for PC case, Cooler Master Hyper N520 for CPU
Hard Drives 1x90GB OCZ Vertex 2 SSD (System, internal)
1x1TB Western Digital Green (Internal)
1x1TB Samsung/Seagate 7200RPM (Internal)
1x500GB Hitachi 7200RPM (Internal)
Internet Speed 30Mbits dl - 10Mbits up
Browser Firefox v20
Other Info Sound system : Eagle Arion ET-AR504LR-BK 35 Watts RMS 2.1
Printer : Samsung ML-2010 Mono
Scanner : Canon Canoscan LiDE 200
|
31 Mar 2010
|
#2 | |
Vista, Windows7, Mint Mate, Zorin, Windows 8 Florida in winter, Black Forest/Germany |
In a case like this I would erase the whole disk with a linux distro (# shred) and then reinstall. But that was a real nasty one. | | My System Specs | | System Manufacturer/Model Number HP, Dell, Gateway, Toshiba - 4 laptops and 2 desktops
OS Vista, Windows7, Mint Mate, Zorin, Windows 8
CPU from 1.6GHz Duo to i7
Monitor(s) Displays 2x HP w2207
Keyboard with trackball - no mices
Mouse Trackball mice
Hard Drives 5x HDD, 7x SSD, 12x Externals
Internet Speed DSL 6000
|
31 Mar 2010
|
#3 | |
Windows 7 Ultimate x64 Austin |
As if there wasn't enough to worry about already. A Sempron machine gained control.
Best of luck with the format. | | My System Specs | | System Manufacturer/Model Number Drywallguy
OS Windows 7 Ultimate x64
CPU AMD Phenom II X4 920
Motherboard Asus M4A79 Deluxe
Memory 8GB OCZ PC2 6400
Graphics Card Sapphire Radeon 4830
Sound Card On board
Monitor(s) Displays Samsung Syncmaster 2253 & LG Flatron W2242T
Screen Resolution 1680 X 1050
Keyboard Microsoft DMK Office Pack
Mouse Microsoft Trackball Explorer
PSU OCZ StealthXStream 700W
Case Rosewill
Cooling Stock
Hard Drives 5 Western Digital and Seagate mix
Totaling 2.5 TB
|
31 Mar 2010
|
#4 | |
Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04 Pembroke |
Quote: Originally Posted by whs  In a case like this I would erase the whole disk with a linux distro (# shred) and then reinstall. But that was a real nasty one. Agreed, download an iso for the live ubuntu CD, run GParted after booting up the cd, and wipe the drive clean. | | My System Specs | | System Manufacturer/Model Number Custom | Whitebox
OS Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04
CPU Intel E6750 @ 3.80GHz
Motherboard Gigabyte GA-EP45-UD3L (Revision 1.1)
Memory 2x2GB & 2x1GB (6GB) OCZ Reaper 1066MHz @ 1080MHz
Graphics Card EVGA nVidia GTX 260 896mb (216 Core) FTW Edition
Sound Card Realtek ALC888
Monitor(s) Displays 21" VIZIO TV
Screen Resolution 1680x1050 @ 60Hz
Keyboard Logitech Wireless S520
Mouse Logitech Wireless S520 - Microsoft Wireless Arc Mouse
PSU Corsair 750W
Case NZXT Nemesis Elite
Cooling Thermaltake SpinQ
Hard Drives Western Digital WD6401AALS - 640GB
Hitachi HDP725016GLA380 - 160GB
Internet Speed Download: 20mbps, Upload: 3mbps
|
31 Mar 2010
|
#5 | |
Windows 7 ultimate 64 bit / XP Home sp3 Gulf Coast Texas |
Now that's what i call a nasty one. Any ideas of were he acquired it from? Fabe Fabe | | My System Specs | | System Manufacturer/Model Number Self Built
OS Windows 7 ultimate 64 bit / XP Home sp3
CPU intel Core 2 Duo E8400 3.0ghz
Motherboard Asus P5ND bios 1401
Memory 8 gigs 1066 OCZ Fata1ty
Graphics Card EVGA GTX 580 Call of Duty Black Ops Edition
Sound Card Creative Soundblaster Audigy 2zs
Monitor(s) Displays Asus 24in LCD's 2MS X2
Screen Resolution 1920x1080p @60Hz
Keyboard Logitech Bluetooth Wireless MX5000
Mouse Logitech Bluetooth Wireless MX1000
PSU OCZ 700W GameXtreme
Case NZXT Apollo
Cooling Corsair H50 CPU/120mm x3 /60mm x2 /Corsair Dominator Ram
Hard Drives WD Caviar 500 Black/ WD Caviar 200 Blue
Internet Speed Download 19.83 Upload 0.97
Other Info Logitech Z2300 Speakers/ Bose Noise Cancelling Headphones/Avermedia PCI-e Hybrid TV Bravo/Epson NX415 all in one/ 4 Port Powered USB Hub/ LG 10x Bluray Burner /TSST Corp DVDRW External
|
31 Mar 2010
|
#6 | |
Vista, Windows7, Mint Mate, Zorin, Windows 8 Florida in winter, Black Forest/Germany |
Quote: Originally Posted by DarkNovaGamer
Quote: Originally Posted by whs In a case like this I would erase the whole disk with a linux distro (# shred) and then reinstall. But that was a real nasty one. Agreed, download an iso for the live ubuntu CD, run GParted after booting up the cd, and wipe the drive clean. When I leave the house and suspect to get near a PC, I always put my Fedora on the stick into my pocket. Has helped me already a few times. A man needs tools. | | My System Specs | | System Manufacturer/Model Number HP, Dell, Gateway, Toshiba - 4 laptops and 2 desktops
OS Vista, Windows7, Mint Mate, Zorin, Windows 8
CPU from 1.6GHz Duo to i7
Monitor(s) Displays 2x HP w2207
Keyboard with trackball - no mices
Mouse Trackball mice
Hard Drives 5x HDD, 7x SSD, 12x Externals
Internet Speed DSL 6000
|
31 Mar 2010
|
#7 | |
Win7 Enterprise, Win7 x86 (Ult 7600), Win7 x64 Ult 7600, TechNet RTM on AMD x64 (2.8Ghz) SomeWhere in the HOT Arizona Desert ! |
| | My System Specs | | Computer type PC/Desktop
System Manufacturer/Model Number Built them myself, Science Experiments !
OS Win7 Enterprise, Win7 x86 (Ult 7600), Win7 x64 Ult 7600, TechNet RTM on AMD x64 (2.8Ghz)
CPU AMD fx8350 4ghz, AMD-32 2400mhz, AMD-64 3200mhz, AMDx64 2.8G
Motherboard SIS 755, ECS-K8M890M-M (Ult 7600), GigaByte & others
Memory 2gb, 4gb on the Ult 7600, 4gb on Technet RTM, 32gb on FX8350
Graphics Card Draw my own Graphics, several nVidia cards
Sound Card on motherboard
Monitor(s) Displays 19" flat scr, 28" I-Inc widescr,22" Emprex Widescr, 23" Acer
Screen Resolution 1280 x 1024, 1440 x 900, 1920 x 1080
Keyboard Compaq & Dell recycled from GoodWill
Mouse Made in China Optical Wired Mouse
PSU 430w, 550w, 600w, 700, 800, etc
Case All Generic Full Towers
Cooling Open Air & a few fans, some w/ colored LEDs
Hard Drives 6 pata Ide HD's & 2 Sata HD's
added 80gb external on Ult 7600 computer,
numerous extra 1tb, 2TB, 3Tb SATA HD's
A collection of ext HD Docks w/ HDs
Internet Speed Fast Cable InterNet
Antivirus AVG Free on 24 different Desktops, NO Problems!
Browser IE 8 is preferred, but use FireFox sometimes
Other Info Linksys Routers, switches, & Hubs
Too Many USB Flash Drives to count, Biggest is 64GB !
Eight computers in my home network.
Sixteen computers at my business network.
Linked via TeamViewer !
Lots of old used spare computer parts everywhere!
|
31 Mar 2010
|
#8 | |
Windows 7 Home Premium x64 SP1 QC, Canada |
Quote: Originally Posted by thefabe Any ideas of were he acquired it from? Fabe Fabe I'm not too sure myself...
Anyway, the guy ditched me because the virus re-appeared after wiping the disc during the install like I said in the first post. I'm a pro-Windows so getting a Linux disc before hand was really not a thing I would thought of.
Next time, I will bring UBCD and get the hard-drive get 0'ed using a third party tool included.
Like I said, I highly doubt he'll have his computer ready tonight... even if it's another guy doing it. | | My System Specs | | Computer type PC/Desktop
System Manufacturer/Model Number Custom build
OS Windows 7 Home Premium x64 SP1
CPU Core i7 950 3.06 GHz
Motherboard Gigabyte X58A-UD3R
Memory Corsair XSM3 6GB 1333MHz DDR3 9-9-9-24
Graphics Card Asus nVidia GeForce GTX460 Factory Overclocked
Sound Card HT-Omega Claro 7.1
Monitor(s) Displays Asus VW246H 24"
Screen Resolution 1920x1080
Keyboard Logitech K350
Mouse Logitech M510
PSU Xigmatek NRP-PC702 700W (cable hell)
Case Lian-Li Lancool PC-K62
Cooling Stock fans for PC case, Cooler Master Hyper N520 for CPU
Hard Drives 1x90GB OCZ Vertex 2 SSD (System, internal)
1x1TB Western Digital Green (Internal)
1x1TB Samsung/Seagate 7200RPM (Internal)
1x500GB Hitachi 7200RPM (Internal)
Internet Speed 30Mbits dl - 10Mbits up
Browser Firefox v20
Other Info Sound system : Eagle Arion ET-AR504LR-BK 35 Watts RMS 2.1
Printer : Samsung ML-2010 Mono
Scanner : Canon Canoscan LiDE 200
|
31 Mar 2010
|
#9 | |
|
I'm a fan of Active KILLDISK.... | | My System Specs | | System Manufacturer/Model Number ME
OS Windows 7 Ultimate x64
CPU Intel i5 2500k @ 4.7Ghz
Motherboard ASUS P8Z68-V
Memory 16GB Corsair Vengeance DDR3 1600
Graphics Card EVGA Classified GTX560ti 448 core
Sound Card ASUS Xonar DG - Logitech G930 Headset
Monitor(s) Displays ASUS 24" VE247
Screen Resolution 1920x1080
Keyboard Logitech G15
Mouse Logitech G9x
PSU Seasonic x650 Gold Certified Modular
Case Corsair 400R / NZXT Sentry Mesh Fan Controller
Cooling Corsair H100 / XIGMATEK 120mm White LED x 9
Hard Drives 120GB OCZ Agility 3 SSD
WD 500GB Caviar Blue x 2
Internet Speed 20Mbit
|
31 Mar 2010
|
#10 | |
windows 7 ultimate 64 bit,Windows 7 ultimate 32 bit,Windows XP sp3 home |
Darik's Boot and Nuke ("DBAN") is a good option that securely wipes the hard disks of most computers Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing Quote: DBAN is a means of ensuring due diligence in computer recycling, a way of preventing identity theft if you want to sell a computer, and a good way to totally clean a Microsoft Windows installation of viruses and spyware. DBAN prevents or thoroughly hinders all known techniques of hard disk forensic analysis. | | My System Specs | | OS windows 7 ultimate 64 bit,Windows 7 ultimate 32 bit,Windows XP sp3 home
The Rogue Antivirus that survives through a format problems? All times are GMT -5. The time now is 01:19 PM. |  |
