Should i flash my bios to get rid of infection

jimbo45 · 21 Nov 2009

Hi there
1) DISCONNECT MACHINE FRON NET AND LAN

1) scan the DATA FILES for infection - Disk by disk and copy OK data to brand new CD / DVD -R. After copy when each disk is full FINALIZE it this will stop any further writes to the CD / DVD so clean files won't get infected.

2) once you are happy you have a clean computer with clean HDD's you can then copy your data from the CD's / DVD's you've just made to HD.

3) Now you can re-connect to LAN and net - but scan your machine regularly.

You shouldn't have to "trash" most of your old data files.

(Actually the idea of sending back a Tax return to the tax authorities with a virus in it sounds very appealing - but unless the thought of doing serious jail time doesn't bother you - don't do it).

Cheers
jimbo

vicvic · 21 Nov 2009

thanks Jimbo

i feel better knowing that i might be able to get my data off. I will wait until we work out what it is because scans are not locating anything at all. I just know by the common behaviour across 3 generation of microsoft computers.

I did think just hang onto the harddrive and if i get auditored by the tax office i just say here we go have this but there is a virus on the drive - lol

thanks for the advice

Jacee · 21 Nov 2009

I've read both topics at Bleeping ... One thing I want to ask you, after reformatting and doing a 'clean' install, did you change your passwords? This is very important because whoever or however your machine was infected, most likely knows how to get back into it when you're on the Internet.

If you had Virut, then all your backups of .exe files (during that time) will be infected. Usually this infection doesn't touch your personal pictures or Documents.
It's a buggy file infector so the files can't be disinfected.

Etihtsarom · 21 Nov 2009

Hello,
Do you have a second computer somewhere? If so, secure that computer with HIPS (you can get excellent HIPS from Comodo's IS Suite), you can also use Returnil to fortify your computer, then:
1. Disable autorun on your computer
2. unplug turn all the drives from the infected computer into external drives
3. Plug them into the clean computer, scan them all with your AV, then scan them again with various online scanners. If you need a list of those, let me know.

If the scans do not show any infection, enable autorun, replug those drives and let the HIPS pick out the offenders. Hope it helps and sorry if it confuses you.

frontech · 21 Nov 2009

I don't think so! Repartitioning the hard disk may help?

vicvic · 21 Nov 2009

thank yes the passwords have been changed.

I have 3 computers infected the seven one - newest 2-3 months old, my old laptop with vista on it very infected and an xp desktop which is bsod in the middle of reinstallation it could be hardware as the machine is 5 years old can't run checks on the system at the moment as can't burn the disks.

I am now in wait mode i will do nothing until i hear back from beeping

turning off auto run doesn't work. when you open files on the disk it will infect the computer. It will reactivate auto run so everything placed in the drive will auto run from that point.

It will be worked out

thanks for your help guys

Jacee · 22 Nov 2009

I hope the laptop is not connected to your network or the Internet!

vicvic · 22 Nov 2009

Not that laptop it is turned off. The only one plugged in is the seven machine. It seems to be running ok but one doesn't know with what ever i have

cheers

Jacee · 22 Nov 2009

I've looked at your HJT post (windows 7) and I don't see a problem with the running files

Can you do this for me please ...
Click Start =>Run, type in CMD, press OK.
Copy and paste this into the Command prompt:
netsh winsock reset catalog
Press Enter
Then copy and paste this in:
netsh int ip reset reset.log
Press Enter.
When finished restart your computer.

Also, do this to disinfect your flash drive ...
http://download.bleepingcomputer.com...isinfector.exe
Next, turn off the Autorun feature in Windows
http://www.howtogeek.com/howto/windo...nd-usb-drives/
*** Note: Be sure to insert your flashdrives before you begin!
Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

vicvic · 23 Nov 2009

hi jacee

I did the cmd thing- little unsure that i should have but is should be ok as they are only internet reset

when i restarted my computer i had to force restart as i have a blank disk in the drive. This is a new disk out of a packet.

Avast was mentioned and it said that identified a disk in the drive, I have never seen this before

I then scanned the disk once restart and have this message. Unsure what it means

Disk D: Boot record unable to scan: The parameter is incorrect

Any ideas