New
#1
The Rogue Antivirus that survives through a format
Hi guyz.
Today, someone called me that they had a problem with their computer. They explained the problem and I concluded that it was a rogue antivirus.
I presented myself at their home and saw it : there were NO way that I could access the machine. The rogue antivirus took over the machine completely : even in Safe Mode. Since the mister wanted his computer backed up quickly, we all decided to format it. He had XP Home on a Sempron and 440MB of RAM.
So, I booted up my CLEAN SP2 CD I had. I used this CD multiple times before so I'm positive that it was clean. Formatted (quick format...) then re-installed Windows without a hitch.
First boot, checked if I could access the net, yes I could. Then, I proceed to find the drivers. Downloaded the Chipset, installed reboot. A-OK. Then, installed the Audio-driver then rebooted.
Upon rebooting, his old wallapaper appeared with the rogue antivirus were back on!!!!! I never EVER saw that before.
The mister, upon seeing this, was really irritated and called the guy that did his PC before. I HIGHLY doubt he will be able to have his computer back back for tomorrow.
I have my hypothesis as for why it came back... it created a very hidden partition with a system image somehow. Well, anyway... I'm stumped. Really, I am.
Btw, the rogue antivirus was a variant of "VirusProtectPro". It loads on boot and take the whole screen. We can't close it, we can't stop it. Even with ALT-F4, we can't see the desktop because it doesn't load - even in Safe Mode.