The Rogue Antivirus that survives through a format

Page 1 of 2 12 LastLast

  1. Posts : 1,326
    Windows 10 Professional 64-bit
       #1

    The Rogue Antivirus that survives through a format


    Hi guyz.

    Today, someone called me that they had a problem with their computer. They explained the problem and I concluded that it was a rogue antivirus.

    I presented myself at their home and saw it : there were NO way that I could access the machine. The rogue antivirus took over the machine completely : even in Safe Mode. Since the mister wanted his computer backed up quickly, we all decided to format it. He had XP Home on a Sempron and 440MB of RAM.

    So, I booted up my CLEAN SP2 CD I had. I used this CD multiple times before so I'm positive that it was clean. Formatted (quick format...) then re-installed Windows without a hitch.

    First boot, checked if I could access the net, yes I could. Then, I proceed to find the drivers. Downloaded the Chipset, installed reboot. A-OK. Then, installed the Audio-driver then rebooted.

    Upon rebooting, his old wallapaper appeared with the rogue antivirus were back on!!!!! I never EVER saw that before.

    The mister, upon seeing this, was really irritated and called the guy that did his PC before. I HIGHLY doubt he will be able to have his computer back back for tomorrow.

    I have my hypothesis as for why it came back... it created a very hidden partition with a system image somehow. Well, anyway... I'm stumped. Really, I am.

    Btw, the rogue antivirus was a variant of "VirusProtectPro". It loads on boot and take the whole screen. We can't close it, we can't stop it. Even with ALT-F4, we can't see the desktop because it doesn't load - even in Safe Mode.
      My Computer


  2. whs
    Posts : 26,210
    Vista, Windows7, Mint Mate, Zorin, Windows 8
       #2

    In a case like this I would erase the whole disk with a linux distro (# shred) and then reinstall. But that was a real nasty one.
      My Computer


  3. Posts : 71
    Windows 7 Pro x64
       #3

    As if there wasn't enough to worry about already. A Sempron machine gained control.
    Best of luck with the format.
      My Computer


  4. Posts : 3,639
    Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04
       #4

    whs said:
    In a case like this I would erase the whole disk with a linux distro (# shred) and then reinstall. But that was a real nasty one.
    Agreed, download an iso for the live ubuntu CD, run GParted after booting up the cd, and wipe the drive clean.
      My Computer


  5. Posts : 4,280
    Windows 7 ultimate 64 bit / XP Home sp3
       #5

    Now that's what i call a nasty one. Any ideas of were he acquired it from? Fabe Fabe
      My Computer


  6. whs
    Posts : 26,210
    Vista, Windows7, Mint Mate, Zorin, Windows 8
       #6

    DarkNovaGamer said:
    whs said:
    In a case like this I would erase the whole disk with a linux distro (# shred) and then reinstall. But that was a real nasty one.
    Agreed, download an iso for the live ubuntu CD, run GParted after booting up the cd, and wipe the drive clean.
    When I leave the house and suspect to get near a PC, I always put my Fedora on the stick into my pocket. Has helped me already a few times. A man needs tools.
      My Computer


  7. Posts : 9,606
    Win7 Enterprise, Win7 x86 (Ult 7600), Win7 x64 Ult 7600, TechNet RTM on AMD x64 (2.8Ghz)
       #7

    Sounds like a job for the RKill program

    https://www.sevenforums.com/system-se...tml#post508231
      My Computer


  8. Posts : 1,326
    Windows 10 Professional 64-bit
    Thread Starter
       #8

    thefabe said:
    Any ideas of were he acquired it from? Fabe Fabe
    I'm not too sure myself...

    Anyway, the guy ditched me because the virus re-appeared after wiping the disc during the install like I said in the first post. I'm a pro-Windows so getting a Linux disc before hand was really not a thing I would thought of.

    Next time, I will bring UBCD and get the hard-drive get 0'ed using a third party tool included.

    Like I said, I highly doubt he'll have his computer ready tonight... even if it's another guy doing it.
      My Computer


  9. Posts : 109
    Windows 7 Ultimate x64
       #9

    I'm a fan of Active KILLDISK....
      My Computer


  10. Posts : 268
    windows 7 ultimate 64 bit,Windows 7 ultimate 32 bit,Windows XP sp3 home
       #10

    Darik's Boot and Nuke ("DBAN") is a good option that securely wipes the hard disks of most computers

    Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing

    DBAN is a means of ensuring due diligence in computer recycling, a way of preventing identity theft if you want to sell a computer, and a good way to totally clean a Microsoft Windows installation of viruses and spyware. DBAN prevents or thoroughly hinders all known techniques of hard disk forensic analysis.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:57.
Find Us