Virus on external hard drive

Page 1 of 2 12 LastLast

  1. Posts : 9
    Windows 7 Ultimate 6.1.7600 Build 7600 X86-based PC
       #1

    Virus on external hard drive


    Hey people.

    Last night my girlfriend plugged an external/portable hard drive into her Mac OSX and message came up saying there is a virus on the HD. So she unplugged the drive in fear of being infected and shut down the Mac before I could have a look what was said in the message.

    So I ran a scan from my laptop with MSE and got the following viruses :
    -Trojan:Win32/Orsam!rts
    -VirTool:Win32/Obfuscator.C
    -Virus:Win32/Virut.BM
    -Trojan:Unix/Rootkit.C

    (she brings home a lot of media from a network hub at work)

    So here is my problemo...

    -Trojan:Unix/Rootkit.C - was removed

    -Trojan:Win32/Orsam!rts - was quarantined but showed up on 2nd scan

    -Virus:Win32/Virut.BM - and - VirTool:Win32/Obfuscator.C - I get this error message from MSE on both scans :
    Microsoft Security Essentials encountered the following error: Error code 0x8007065e. Data of this type is not supported.

    Guys I am clueless on how to proceed and want to do so cautiously.

    -Please could you guys help me remove these threats without formatting the portable HD
    - Is there a chance I could infect my PC (did a scan just now and MSE says my baby is still clean)
    (Running Windows Ultimate 32bit on a Toshiba laptop)

    * Ive scanned the external HD with Maleware-Bytes and Ad Aware and they have picked up nothing...
    Last edited by James78; 13 Feb 2010 at 03:09. Reason: added *
      My Computer


  2. Posts : 8,476
    Windows® 8 Pro (64-bit)
       #2

    James78 said:
    Hey people.

    Last night my girlfriend plugged an external/portable hard drive into her Mac OSX and message came up saying there is a virus on the HD. So she unplugged the drive in fear of being infected and shut down the Mac before I could have a look what was said in the message.

    So I ran a scan from my laptop with MSE and got the following viruses :
    -Trojan:Win32/Orsam!rts
    -VirTool:Win32/Obfuscator.C
    -Virus:Win32/Virut.BM
    -Trojan:Unix/Rootkit.C

    (she brings home a lot of media from a network hub at work)

    So here is my problemo...

    -Trojan:Unix/Rootkit.C - was removed

    -Trojan:Win32/Orsam!rts - was quarantined but showed up on 2nd scan

    -Virus:Win32/Virut.BM - and - VirTool:Win32/Obfuscator.C - I get this error message from MSE on both scans :
    Microsoft Security Essentials encountered the following error: Error code 0x8007065e. Data of this type is not supported.

    Guys I am clueless on how to proceed and want to do so cautiously.

    -Please could you guys help me remove these threats without formatting the portable HD
    - Is there a chance I could infect my PC (did a scan just now and MSE says my baby is still clean)
    (Running Windows Ultimate 32bit on a Toshiba laptop)

    * Ive scanned the external HD with Maleware-Bytes and Ad Aware and they have picked up nothing...
    Scan your PC with Avast and Hitman Pro.
      My Computer


  3. Posts : 9
    Windows 7 Ultimate 6.1.7600 Build 7600 X86-based PC
    Thread Starter
       #3

    Sweet, Will download Avast and run the scan on the portable HD and then PC.
    Will my PC be at risk if I plug in the hard drive ?
      My Computer


  4. Posts : 8,476
    Windows® 8 Pro (64-bit)
       #4

    James78 said:
    Sweet, Will download Avast and run the scan on the portable HD and then PC.
    Will my PC be at risk if I plug in the hard drive ?
    Yes it might be. But install the anti virus on the main PC so that it can prevent any infection.
      My Computer


  5. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #5

    Read about Virus:Win32/Virut.BM
    http://www.microsoft.com/security/po...n32%2fVirut.BM

    You're not only dealing with Virut but you are also dealing with a lot of other malware as well.
    What I suggest in your case is to format and reinstall the OS. This is because, Virut is a file infector which infects every .exe present on your system. The problem with Virut is, this is a buggy file infector and that's why scanners cannot disinfect them properly either > result > files are corrupted, won't work anymore.
    And as I already explained, Virut infects every .exe. This means that you may not delete these files, but they should be disinfected. And since it's a buggy virus, the files cannot be properly disinfected.
    This unfortunately means that this is a game over situation and there's nothing much you can do besides formatting and reinstalling Windows.
    Don't backup your files either, because when you backup .exe files, they are also infected. You can however backup pictures and documents.
      My Computer


  6. Posts : 842
    Windows 7 Ultimate 64 - OEM Service Pack 1
       #6

    That sounds like a nasty son of a bitch he has there
      My Computer


  7. Posts : 9
    Windows 7 Ultimate 6.1.7600 Build 7600 X86-based PC
    Thread Starter
       #7

    Hi Denesh and Jacee. Many thanks for the help so far.

    I might not have explained myself well in my first post, sorry. The external hard drive doesn't have an OS, its just used to store pictures, videos, games, etc.
    Im not sure if that makes a difference? Can the virus still infect other exe. files on the drive. "Virut is a file infector which infects every .exe present on your system".

    In other words, would I treat the infected hard drive/media device(with no OS) the same way I would my Computer?
    So far Ive scanned the previously infected folders that MSE said were infected and Avast came up with the following, which it deleted,

    win32:Vitro (3 of these)
    win32:Trojan-gen
    win32:junkpoly[Cryp]
    error:the file is a decompression bomb(42110) (many of these msg's)

    So now Im running a full scan of the media device (its at 25% and going for 55 minutes ):)

    Thanks
    James
      My Computer


  8. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #8

    win32:Vitro <-- new variation of Virut
    PolyMorphic Win32:Vitro Most Viraulent Virus : Tech-Linkblog.com

    win32:junkpoly[Cryp] <-- more Virut
    A virus that can perform various modifications in Windows system files including logon functions. Win32:JunkPoly [Cryp] can also disable Windows registry editor, Task Manager and kill various running programs on the compromised computer.

    win32:Trojan-gen <-- Backdoor Trojan

    I sure wouldn't want to save anything on that external hard drive if it was mine!!
      My Computer


  9. Posts : 9
    Windows 7 Ultimate 6.1.7600 Build 7600 X86-based PC
    Thread Starter
       #9

    Damn!!! That is not what I wanted to hear... Guess I'll have to format....

    Just out of interest
    - the scan took 8 hours...
    - 800 Gigs of media
    - 6 additional infections were found

    I know you said you wouldn't advise to save anything, but is there no way I could safely keep some of the stuff. I dont mind deleting all exe. files etc, there are soo many photos and video's I would really love to keep. In fact the pics are irreplaceable, I just cant bring myself to del them.(and some of the home vids)

    Is it ok to navigate through the external hard drive without infecting my PC, and save some of the pics etc to a flash drive? (PC is virus free)

    Sorry about all the question:)
    Thanks a lot for all the help
    Attached Thumbnails Attached Thumbnails Virus on external hard drive-avast-scan.png  
      My Computer


  10. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #10

    You can save your personal pictures and documents. Look at my posts above.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:44.
Find Us