ENTIRE HDD Erased!

[gregrocker]

You ran Malwarebites in safe mode?

I would download Avast free home and accept its boot scan. See what else is picked up.

Next I would enter Safe Mode with networking and download Spybot S&D, only its scan function, update and run. If it finds little or nothing, then run Malwarebites again in Safe Mode and you can probably retrieve your files.

If you dont' see any end to it this way, then download Darik's Boot and Nuke and zero the HD before installing Win7. Only when zeroed will you know nothing can rise from the grave.

Yap, after I backup my data to optical storage I will low level format everything and then I will thoroughly scan my DVD's.

And the passwords changed ...... I use foxmarks for bookmarks and password sync (but not the sensitive login into whm or so). it'll be a mouthfull...

I edited Darik's out of my OP (use DISKPART) because optical drive media can be compromised in these situations: use a Win7 DVD copy made on another machine, scan or discard after reinstall.

Boot scan upon reinstall with Avast free home, Spybot in Safe Mode, Win7 DVD first.

The retrieved data DVD's will be a corruption path into any OS.

 

[karthurk]

I'm in safe mode now, scanning with malware bytes, I already found that Display. HiJacker that is displayed in the 3rd image attachment.

 

[sygnus21]

I'm a computer power user since '99(everythign that I used since '99 to 2007 so far was cracks and keygens)

Thus your problem now. As long as you continue to use cracks and keygens you'll run into the problems you have now.

I won't play holier than thou, we all used these things but those days have passed and the world is too dangerous to play with computer security.

Do yourself a favor and stay away from cracked software. Sometimes the guys providing those cracks are a lot smarter then we think.

Just my two cents.

Good luck with your repairs.

 

[karthurk]

Thanks,

I scanned in safe mode with SpyBot S&D and Malware Bytes and it is all clean, I'm gonna start the recovery and after that I'll scan again.


EDIT: After spybot s&d and malware bytes scanned and cleaned everything after restart, Lavasoft Ad-Aware found two XXX.Hack.XXC Bot something, deleted as well. I have a little farm here )

 

[gregrocker]

Run another AV, need second opinion.

In the future, anything you download from a torrent needs to be extracted and rightclick scanned with AV and Spybot before running.

 

[karthurk]

It's ok, now lavasoft Ad-Aware reports everything to be clean. Imma start digging.... let's see what surprises do I stumble upon )

It's freaky, with the system freshly installed, I had by default those 3 malwares. I didn't installed anything besides those anti malware and firefox and sync'ed my bookmarks. Need a low level format.

 

[Tepid]

Yeah,, well I always say there are ,.,....

Those who have lost data, and those who will lose data.

If your data is important,, then you should have already had a backup / disaster recovery plan.

Please research Disater Recovery, or Basic Back up planning and create one.

 

[stevieray]

Run SUPERAntiSpyware as well (the free version). Combined with Malwarebytes, this will identify pretty much every virus/trojan/bug out there.

Good luck!

 

[karthurk]

So, everything nice and dandy until 10 minutes ago, out of nowhere virtualgirlhd.exe appeared in my downloads folder and it was already installed when I checked.

I have antivirus, realtime protection from LavaSoft Ad-Aware, checked with Malware Bytes and nothing found. Now I am checking with spyBot S&D in safe mode,

in conclusion, the program installed itself automatically with UAC turned to paranoid and all those softwares protecting my PC, how the hell is that possible, and I wasn't afk at all, I am recovering data and scanning as I recover it, this is to freaky!

vghd.exe appears already in control panel, in the registries, deleted it from everywhere, waiting for another hit.

Ideas? THANKS!!!

 

[BugOutMachine]

A few excellent lessons are to be learned by this situation and should be noted by other users.

a.) UAC in Windows 7 is GOOD and should always stay enabled.
b.) Using cracked software is not only a security risk but it's piracy. You get what you pay for.
c.) Always, always, ALWAYS have a Backup Plan in place. Whether you burn your data to DVD, have a backup HDD, online storage, etc. This is probably the single most important best practice that many PC users still neglect until it's too late.

 

[Tews]

I guarantee that this piece of malware did not download and install on your computer all by its lonesome... read more about it -=> here

 

[Jacee]

You have a program or file saved that re-infected you. Get rid of all torrrents and cracks!
Adware-VirtualGirl

 

[Tews]

Some people never learn...

 

[karthurk]

I guarantee that this piece of malware did not download and install on your computer all by its lonesome... read more about it -=> here

How retarded could I be to download the file that appeared before every system failure that I had in the last day.

This a printscreen of all the programs installed since the reinstall, everything recovery related, and besides that Yahoo messenger and Winamp. NOTHING CRACKED.

And I recovered only PSD, eps and mp3 files.

 

[Jacee]

Run an online scan using Kaspersky .... it won't disinfect you, but it will show what and where the infection is:

Go to http://www.kaspersky.com/kos/english/kavwebscan.html
a.. 1. In the new window that opens, click the "Accept" button to
accept the user agreement, install the ActiveX control, and download the
program.
b.. 2. When you get the Windows dialog asking if you want to install this
software, click the "Install" button.
c.. 3. When the "Update progress" line changes to "Ready" and the
"NEXT ->" button lights up with a
green arrow, click it.
d.. 4. Click on the "Scan Settings" button, and in the next window
select the "extended" database, and click Ok.
e.. 5. Under "Please select a target to scan:", click My Computer
to start the scan.
6. When the scan is finished, click the "Save as Text" button, and
save the file as kavscan.txt to your Desktop, close the Kaspersky On-line
Scanner window, and view the text in kavscan.txt.

 

[Tews]

I thought that this was a clean install.... You have directories going back to July ... and the infection could be hiding any where... the only way you are going to clean your system is to do a COMPLETE format and reinstall.... or you can continue to hit your head against a wall trying to find it ...

 

[Teerex]

You need to back up your projects as soon as you can, from this running Windows installation - only data files of your projects, no programs or scripts at all.

After that, put your Windows DVD into your DVD ROM, and, FROM THAT disc, delete all partitions on your hard disk, format it (no need for a low level format) and reinstall Windows from scratch.

I hope you're not lying to us and it isn't really your Windows 7 installation that is corrupted.

Do not consider your PC clean just because antivirus scanners didn't find anything. Start anew, from a clean, clean disk.

 

[Colonel Travis]

Dban that HD

 

[karthurk]

I thought that this was a clean install.... You have directories going back to July ... and the infection could be hiding any where... the only way you are going to clean your system is to do a COMPLETE format and reinstall.... or you can continue to hit your head against a wall trying to find it ...

Those are the directory Windows created upon installation, I've been through two FULL formats of C: already. Either a low level format of everything will clear everything up, and if not it seems that someone with skills for whichever reason really wants to f**k me up.

 

[pparks1]

c.) Always, always, ALWAYS have a Backup Plan in place. Whether you burn your data to DVD, have a backup HDD, RAID configuration, online storage, etc. This is probably the single most important best practice that many PC users still neglect until it's too late.

Not trying to nitpick...but;

RAID should never be confused with a backup. Even with a mirrored config, if you accidentally delete a file or get a virus which wipes out files..it gets both hard drives instantly. RAID is strictly for performance or for using multiple drives to make a large single drive...even with the various levels or redundancy.

If you have a spare hard drive at home, disconnect your normal drive. Use the secondary as a test hard drive...just load the OS from your OS disc and see what you get. If you have something right from step 1..your OS is obviously been compromised.