Virus remains after formatting (bis)

[Pizz]

Hey, guys, I have the same problem as the one in this thread.
I performed the recommended procedure:

1) Booted from WINDOWS 7 CD.
2) At language screen, hit shift/f10 to go cmd prompt
3) diskpart
4) list disk
5) select disk 0
6) clean all

7) install windows

With no result. I even flashed my BIOS before booting on the windows DVD (while I did it from the desktop so I guess it's not enough but I have no clue how to perform that correctly). I must add based on this old thread that my windows DVD is supposed to be clean. I dled it with the help of the Microsoft Windows and Office ISO Download Tool which was recommended by How to Geek. Even if it was infected, I don't think there is a single chance it was infected by the exact same virus. I also burned on DVD the tool I use to detect the virus. It's not a false positive because a lot of shit happened. In fact, I installed a Linux and even on this OS, my connection had the same problem. They are a DNS and a browser hijackers btw. Oh and I didn't install any drivers so even if it want it couldn't connect to my router. Weirdly enough, it can detect the viruses only when I change the language for unicode softwares (and reboot).

Thank you for your help.

 

[TrustMe]

Maybe they changed some settings in your router. Try resetting it back to factory default. Then reconfigure it again.

Maybe try to use Google's public DNS. If you decide to try this, write down or take a screen shot of your present settings, just in case you need to revert back.

Google DNS

Preferred: 8.8.8.8
Alternate: 8.8.4.4

Here is a guide on how to switch to Google DNS. If you do a Google search for, Google DNS, you can find more.


How to change IPv4 DNS server address to public DNS in Windows? - Microsoft Community

 

[samuria]

Do you have any other PCs on the same network as it may have jumped to them have you done a factory reset on the router

 

[Pizz]

I don't understand why both of you are talking about my router when I said this PC can't connect to it even if it wanted like my network card doesn't have any driver installed... It seems to not be the problem.

 

[torchwood]

W7 comes driver complete, so it doesnt matter if you havn't installed the genuine ones, MS pushes a generic driver to the device.
The ony way to check is in device manager, general tab.
>>>This device is working correctly<<<

Roy

 

[Pizz]

Sorry for the extra long wait.
So, first, MS didn't install drivers for everything that was under network card. First time I formatted, I had to install drivers to connect to my router.
Second, I redid the whole procedure with my router and my second infected PC turned off. So no network at all. Still infected.

At this point, I think I can say that diskpart is not 100% efficient. On the other thread, they are debating if diskpart is working against bootviruses and someone said no but how is it true when diskpart is run like a software from the booted DVD, i.e. after a bootvirus is supposed to be activated?
Any other solution than diskpart, please?

 

[samuria]

How do you know you have a virus?

diskpart WOULD CLEAN THE DISK AND INSTALLING A CLEAN COPY OF WIN 7 WOULD REWRITE PARITIONS AND mbr BOOTSECTOR. So unless you are installing something thats infected it should be clean.

Is it now connected to the internet?

 

[Eric3742]

How do you know you have a virus?

diskpart WOULD CLEAN THE DISK AND INSTALLING A CLEAN COPY OF WIN 7 WOULD REWRITE PARITIONS AND mbr BOOTSECTOR. So unless you are installing something thats infected it should be clean.

Is it now connected to the internet?

samuria

I think that OP knew the virus

They are a DNS and a browser hijackers btw.

but did not remove them before continue.

Then OP mentioned on not to install drivers, again thinking the virus is on the drivers.
This is where TrustMe and you come in.

But torchwood mentioned

MS pushes a generic driver to the device.

but OP still unable to understand.


The problem lies in OP mind keeping searching other forums.
Jumping from one forum to another, it will not resolved the problem.

If solution is not resolve, then move on to other forum.

Read OP 1st post.
From one old thread here, and then move to another forum "recommended by How to Geek".

Now come back after weeks, which OP is still searching on others forum...

 

[samuria]

He does state he cant connect to the router or internet so how would he know he has dns changer virus if he isnt using dns?

 

[RoasterMen]

Maybe the OS you are trying to install comes with a virus?

 

[Pizz]

How do you know you have a virus?

I also burned on DVD the tool I use to detect the virus.

So I run this tool after the installation. Funny fact, this tool (called ZHP Diag/Cleaner > don't laugh, I trust it, it was the only one to detect my problem and I think my host file being rewritten with ads -among other stuff- is a fair proof it wasn't me being paranoid with a bad tool) detect those viruses only after I change my language setting for non unicode programs to japanese (that's how I usually set my computer).

Is it now connected to the internet?

I said I turned my router and every computer in my home off while I was doing this whole process (from booting my PC to after I run my tool to check for viruses). I didn't connect anything apart from the DVD I burned from a computer which was just recently bought, in another unrelated house. I don't see what I can do for you to believe my network is not related to my problem...

Then OP mentioned on not to install drivers, again thinking the virus is on the drivers.

I never said the viruses were on the drivers...
But like I am not skilled enough, I turned off my router and so on, so even if MS install drivers or not is not relevant to my problem.

Maybe the OS you are trying to install comes with a virus?

I must add based on this old thread that my windows DVD is supposed to be clean. I dled it with the help of the Microsoft Windows and Office ISO Download Tool which was recommended by How to Geek. Even if it was infected, I don't think there is a single chance it was infected by the exact same virus.

 

[TrustMe]

Does the Clean All command write zeros to the boot sector? Maybe try to clean the drive with DBAN. Disconnect all other hard drives from your PC if you try this.

Do you have a spare hard drive? Try changing out the infected hard drive with the spare. Disconnect all other hard drives in your PC, disconnect from your network and the internet. Do a clean install, change your language settings, and check for the virus. If the virus is present, it has to be in your Windows 7 installation media. The first thing I would do is download a new Windows 7 ISO file and check the SHA1, it has to match Microsoft's SHA1 exactly.

The only problem with this test is you might end up with two infected hard drives.

I never had to change the language. Do you have to install anything? If you do, maybe the language pack is infected?

Keep us updated if you find a solution.

 

[TrustMe]

Another thing I woul do before I went on the Internet is change my DNS settings. Change it to use Google's public DNS server.

Preferred is 8.8.8.8

Alternate is. 8.8.4.4

 

[UsernameIssues]

I didn't connect anything apart from the DVD I burned from a computer which was just recently bought, in another unrelated house.

Visit that house again (or use a computer that you hope is clean) to create bootable discs with offline* scanners.

*offline, as in the operating system being scanned is not running during the scan.

You can scan the drive after the diskpart > clean all step (prior to installing any OS).

You can scan it again after installing the OS and again after installing the stuff needed to get online.


Pick one or all three:

https://support.microsoft.com/en-us/help/17466/windows-defender-offline-help-protect-my-pc

How to create a Bitdefender Rescue CD

https://www.f-secure.com/en/web/labs_global/rescue-cd

Take a picture of what the scanners find and post the image(s) to this thread. That way, we know the name of the infection that you are dealing with.

 

[samuria]

What was written to the Host file and was there any other virus we need s name it tells us what we are dealing with

 

[Eric3742]

What was written to the Host file and was there any other virus we need s name it tells us what we are dealing with

I would think that OP may do have a serious "DNS and a browser hijackers".
What i am to say is i am not internet /virus geek, so do correct if i am wrong.

This is where the issue which OP cannot identify which one and how many.

We usually do have some fixed bookmarks to certain websites, which i do.
When i click on the bookmark to visit that particular website, it went thru another IP Address in name, with a lot of unknown characters.
This may be common.

From this point, some of the OP websites links may had been changed, as not easily recognized and unable to authentic it as correct or not.

I hope that this theory is not correct.

Thanks for reading.

Eric.