Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: ENTIRE HDD Erased!

22 Dec 2009   #81
GEWB

Linux (Mint is primary) / XP, Win7 Home / Win7 Pro, Ultimate / Win8.1 / Win10 archived VM
 
 

First post shows XP and Win 7 computers and router with minimal protection. Sounds like reinfection from CD/DVD or networked XP.

Found this:

VGHD.EXE has been seen to perform the following behavior:
  • Executes a Process
  • Registers a Dynamic Link Library File
  • Adds products to the system registry
  • Adds a Registry Key (RUN) to auto start Programs on system start up
  • Adds a Registry Key (RUNONCE) to auto start Programs on system start up
  • Writes to another Process's Virtual Memory (Process Hijacking)
  • The Process is polymorphic and can change its structure
  • Uses rootkit techniques to conceal its presence, interrogation or removal
  • Found on infected systems and resists interrogation by security products
  • Makes outbound connections to other computers using NETBIOSOUT protocols
  • The Process is packed and/or encrypted using a software packing process
VGHD.EXE has been the subject of the following behavior:
  • Created as a process on disk
  • Executed as a Process
  • Terminated as a Process
  • Has code inserted into its Virtual Memory space by other programs
  • Changes to the file command map within the registry
  • Deleted as a process from disk
  • Added as a Registry auto start to load Program on Boot up
  • Registered as a Dynamic Link Library File

Sounds like it is "hiding" in memory or in the MBR which is NOT affected by format commands unless specified to do so.

Regards,
GEWB


My System SpecsSystem Spec
.
22 Dec 2009   #82
GEWB

Linux (Mint is primary) / XP, Win7 Home / Win7 Pro, Ultimate / Win8.1 / Win10 archived VM
 
 

Do a Google search on this string:

how to use linux to remove viruses from windows

See if a live Linux distribution might help.

Regards,
GEWB
My System SpecsSystem Spec
22 Dec 2009   #83
pparks1

Windows 7 Ultimate x64
 
 

Perhaps it's a wireless router with open security and somebody who is leaching on your bandwidth who is also infecting your computer???
My System SpecsSystem Spec
.

22 Dec 2009   #84
Lordbob75

Windows 7 Ultimate x64, Mint 9
 
 

Or perhaps it corrupted the router firmware, or something in the network...

~Lordbob
My System SpecsSystem Spec
26 Dec 2009   #85
Tepid

Win 7 Ultimate 32bit
 
 

It is not common (pretty rare) , (but possible, and does happen) for any viruses/malware to infect the MBR's of HDD's these day.
Not saying this is not the case, and definitely can/should try, but playing with the MBR of the HDD can cause problems.

Again, I say it is very rare (if at all) for Malware to infect the MBR, and no long all that common for Viruses.

I think this is an infection from a linked (know or unknown) computer (inclduing but not limited to),, Desktops, Laptops NAS Device, External Storage of any kind.

Or someone is really screwing with you.

At this point,, if you have not done so already.,.. to eliminate the drive as the problem.. Go buy a New drive,, they are very cheap now, for small sized drives and test install that way.
If you get infected,, then it isn't anything with the drive (which I do not think it is).
My System SpecsSystem Spec
26 Dec 2009   #86
MacGyvr

Windows 7 Ultimate RTM (Technet)
 
 

Quote   Quote: Originally Posted by Tepid View Post
It is not common (pretty rare) , (but possible, and does happen) for any viruses/malware to infect the MBR's of HDD's these day.
Not saying this is not the case, and definitely can/should try, but playing with the MBR of the HDD can cause problems.

Again, I say it is very rare (if at all) for Malware to infect the MBR, and no long all that common for Viruses.

I think this is an infection from a linked (know or unknown) computer (inclduing but not limited to),, Desktops, Laptops NAS Device, External Storage of any kind.

Or someone is really screwing with you.

At this point,, if you have not done so already.,.. to eliminate the drive as the problem.. Go buy a New drive,, they are very cheap now, for small sized drives and test install that way.
If you get infected,, then it isn't anything with the drive (which I do not think it is).
I'm with Tepid on this. It's not something embedded in the drive. This is a simple re-infection occurring as the user "sets up" their system.
My System SpecsSystem Spec
28 Dec 2009   #87
karthurk

W7 X64 Ultimate, OSX, Linux
 
 

Quote   Quote: Originally Posted by MacGyvr View Post
Quote   Quote: Originally Posted by Tepid View Post
It is not common (pretty rare) , (but possible, and does happen) for any viruses/malware to infect the MBR's of HDD's these day.
Not saying this is not the case, and definitely can/should try, but playing with the MBR of the HDD can cause problems.

Again, I say it is very rare (if at all) for Malware to infect the MBR, and no long all that common for Viruses.

I think this is an infection from a linked (know or unknown) computer (inclduing but not limited to),, Desktops, Laptops NAS Device, External Storage of any kind.

Or someone is really screwing with you.

At this point,, if you have not done so already.,.. to eliminate the drive as the problem.. Go buy a New drive,, they are very cheap now, for small sized drives and test install that way.
If you get infected,, then it isn't anything with the drive (which I do not think it is).
I'm with Tepid on this. It's not something embedded in the drive. This is a simple re-infection occurring as the user "sets up" their system.

You are wrong, I have ZERO-ed all my HHD, everything is ok, 4 days now, same "setup process", the only difference now is that everyting is zeroed, and on my main hdd I have intalled MAcOSx Snow Leopard, to do my work from that OS, and W7 on the secondary for everything else. Still having some hw issues with my soundcard in Snow Leopard, but everything else works.

Never did found out what the actual threat was, besides VGHD, I am happy nothing hapenned so far.

Thanks for all the advices, if my pc starts going crazy again, I'm going to let you now,


THANKS!
My System SpecsSystem Spec
28 Dec 2009   #88
InternetLord

Windows 7 Eternity Build 7600 RTM Activated x86
 
 

Quote   Quote: Originally Posted by gregrocker View Post
Run another AV, need second opinion.

In the future, anything you download from a torrent needs to be extracted and rightclick scanned with AV and Spybot before running.
this is the far better option than the other users scolding him for downloading torrents when they are doing it themselves. dam hypocrites. now as for uac shut it down.

1. next time make sure you have a router between your machine and the modem. even if it is the only machine you have hooked up to the net.
2. use a third party antivirus / firewall / spyware solution(disable the windows firewall).
3. run a second spyware solution.
4. do not use security software from microsoft.
5. i suggest creating a folder on your desktop and anything you download, download directly there and then scan it with both your programs. then you can move the file to the location you want it stored(anywhere but c).
6. setup your scheduled scans to only scan drive c because the files on the other drives you would have all ready scanned.
My System SpecsSystem Spec
28 Dec 2009   #89
pparks1

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by InternetLord View Post
this is the far better option than the other users scolding him for downloading torrents when they are doing it themselves. dam hypocrites. now as for uac shut it down.
While I do agree with the approach....I don't agree with the rest of your sentiments.

My OS copies are legal/legit and all of my software that I use is as well. (of course, 95% of it is open source and free to begin with). I don't have a need to use any pirated, or otherwise hacked software. So, while I may scold against using torrented software...I'm no hypocrite either.

With regards to UAC..I don't see any need to turn it off. It's there to protect you from software which wants to automatically escalate to admin levels to do something. And with Windows 7, it's configured to not warn when you (the admin) try to do something with requires admin level permissions. While UAC won't protect you from running something malicious and saying YES when prompted...it might bring to light an application which is trying to automatically switch to admin without the end user knowing. Even being a savvy home user myself and a systems admin/engineer for a living (12+ years), I cannot imagine NOT wanting to know when this is happening. While I have a very good grasp on the few software packages that I use, I cannot absolutely guarantee that nothing nefarious is happening. At least with UAC, I know if it wants to become admin.
My System SpecsSystem Spec
28 Dec 2009   #90
Lordbob75

Windows 7 Ultimate x64, Mint 9
 
 

Quote   Quote: Originally Posted by pparks1 View Post
Quote   Quote: Originally Posted by InternetLord View Post
this is the far better option than the other users scolding him for downloading torrents when they are doing it themselves. dam hypocrites. now as for uac shut it down.
While I do agree with the approach....I don't agree with the rest of your sentiments.

My OS copies are legal/legit and all of my software that I use is as well. (of course, 95% of it is open source and free to begin with). I don't have a need to use any pirated, or otherwise hacked software. So, while I may scold against using torrented software...I'm no hypocrite either.

With regards to UAC..I don't see any need to turn it off. It's there to protect you from software which wants to automatically escalate to admin levels to do something. And with Windows 7, it's configured to not warn when you (the admin) try to do something with requires admin level permissions. While UAC won't protect you from running something malicious and saying YES when prompted...it might bring to light an application which is trying to automatically switch to admin without the end user knowing. Even being a savvy home user myself and a systems admin/engineer for a living (12+ years), I cannot imagine NOT wanting to know when this is happening. While I have a very good grasp on the few software packages that I use, I cannot absolutely guarantee that nothing nefarious is happening. At least with UAC, I know if it wants to become admin.
+1

~Lordbob
My System SpecsSystem Spec
Reply

 ENTIRE HDD Erased!




Thread Tools




Similar help and support threads
Thread Forum
Erased D partition recovery
Hi I have accidentally erased my D partition wile I was installing a fresh copy of W7. I'll walk you throw the hole ordeal.First I deleted and than formatted and then again deleted the partition in question so can I recover anything from that partition now and can I do it my self since profesional...
Hardware & Devices
Everything looks erased
Hi,I have a problem with my PC. everything on the monitor look like a fluding just crossed on my descktop. What should I do?
General Discussion
Erased password: Can't log in!
I erased my password through the control panel in XP mode in hopes of not ever having to enter the password. Now when I try to log-on, I get this message: Old password: The system cound not log you on. Make sure your User name and domain are correct, then type your password again. Letters in...
Virtualization
Registry Erased
Help, I downloaded a registry cleaner only instead it wiped out my whole registry. I think it was a rogue. Anyhow when I start up my Windows 7 I can log in to my desktop but nothing works. All the shortcuts look like blank file icons, as well with all the shortcuts in the taskbar. Even when I...
General Discussion
One of my partitions erased please help.
i had my 500g c: drive partitioned into two partitions, lastnight i went on my computer and the D: partition was showing and and unformatted space when nothing on it.I then formatted it hoping my files would show up again but nothing.Would a partition file recovery program allow me to get my files...
Hardware & Devices
HELP! Entire Shared Directory erased after using XPM!
I had XPM set up to share a directory which is on one of my partitions used by my Win7 host environment. I was running an application which was saving a file to a subdirectory in that directory. I noticed the file write time was taking way too long, but it eventually finished. When I checked in...
Virtualization


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:53.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App