ENTIRE HDD Erased!

[karthurk]

You need to back up your projects as soon as you can, from this running Windows installation - only data files of your projects, no programs or scripts at all.

After that, put your Windows DVD into your DVD ROM, and, FROM THAT disc, delete all partitions on your hard disk, format it (no need for a low level format) and reinstall Windows from scratch.

I hope you're not lying to us and it isn't really your Windows 7 installation that is corrupted.

Do not consider your PC clean just because antivirus scanners didn't find anything. Start anew, from a clean, clean disk.

Now why would I lie if I wanted help? the installation disk is an iso downloaded through MSDNAA academic program and licensed through the same institution.

 

[Zidane24]

You need to back up your projects as soon as you can, from this running Windows installation - only data files of your projects, no programs or scripts at all.

After that, put your Windows DVD into your DVD ROM, and, FROM THAT disc, delete all partitions on your hard disk, format it (no need for a low level format) and reinstall Windows from scratch.

I hope you're not lying to us and it isn't really your Windows 7 installation that is corrupted.

Do not consider your PC clean just because antivirus scanners didn't find anything. Start anew, from a clean, clean disk.

Now why would I lie if I wanted help? the installation disk is an iso downloaded through MSDNAA academic program and licensed through the same institution.

I have been reading through this thread and it has been a mess...let me jump in a bit...

So I understand...you had malware->your formatted/clean install->malware came back->you are now fighting against the same malware again

I imagine that in the new installation you would have at some point pulled your Data off the external devices...that is where the infection lies. It explains why a new clean install is being infected without you downloading any of the cracks like you used to...

 

[karthurk]

You need to back up your projects as soon as you can, from this running Windows installation - only data files of your projects, no programs or scripts at all.

After that, put your Windows DVD into your DVD ROM, and, FROM THAT disc, delete all partitions on your hard disk, format it (no need for a low level format) and reinstall Windows from scratch.

I hope you're not lying to us and it isn't really your Windows 7 installation that is corrupted.

Do not consider your PC clean just because antivirus scanners didn't find anything. Start anew, from a clean, clean disk.

Now why would I lie if I wanted help? the installation disk is an iso downloaded through MSDNAA academic program and licensed through the same institution.

I have been reading through this thread and it has been a mess...let me jump in a bit...

So I understand...you had malware->your formatted/clean install->malware came back->you are now fighting against the same malware again

I imagine that in the new installation you would have at some point pulled your Data off the external devices...that is where the infection lies. It explains why a new clean install is being infected without you downloading any of the cracks like you used to...

Yes, that is the long story short, but I recovered only PSD and mp3 files, no exe or scripts or anything in the neighborhood.

EDIT: It did return butnot completely, only partially, the first application that would start the unfortunate final destination 4 like chian of events, VIRTUAL GIRL HD, it came out of thin air with my UAC set to paranoid and AV+Firewall+Malware Shield on. It's like I would install it, even when I install files UAC jumps on my throat, accept or not, nothing like that ever happened.

 

[pparks1]

Just plugging in that external drive, if infected, could be the transfer method of the files to your hard drive.

 

[Zidane24]

Just plugging in that external drive, if infected, could be the transfer method of the files to your hard drive.

Exactly what I was thinking...it has to be the cause

Like I said it explains everything

 

[karthurk]

Just plugging in that external drive, if infected, could be the transfer method of the files to your hard drive.

Exactly what I was thinking...it has to be the cause

Like I said it explains everything

That external hard drive is COMPLETELY EMPTY, everything deleted on it(it was plugged in when the malware started to kick my pc in the balls), I didn't dare to format it yet until I recover at least my PSD's. After that, full format on everything, as i did with my other HDD on which W7 is installed...

 

[Zidane24]

Just plugging in that external drive, if infected, could be the transfer method of the files to your hard drive.

Exactly what I was thinking...it has to be the cause

Like I said it explains everything

That external hard drive is COMPLETELY EMPTY, everything deleted on it(it was plugged in when the malware started to kick my pc in the balls), I didn't dare to format it yet until I recover at least my PSD's. After that, full format on everything, as i did with my other HDD on which W7 is installed...

Well...either the External HD wasn't formatted as you thought (just because it appears empty doesn't mean it is) or you redwonloaded the malware un-expectantly...

Tews was quite right above...if the malware didn't resurface from the external drive or any other device that may have been corrupted...it had to have been re-downloaded (knowlingly or not)

That kind of malware just doesn't show up...the biggest clue is the fact that you are battling the SAME MALWARE as before

 

[karthurk]

Exactly what I was thinking...it has to be the cause

Like I said it explains everything

That external hard drive is COMPLETELY EMPTY, everything deleted on it(it was plugged in when the malware started to kick my pc in the balls), I didn't dare to format it yet until I recover at least my PSD's. After that, full format on everything, as i did with my other HDD on which W7 is installed...

Well...either the External HD wasn't formatted as you thought (just because it appears empty doesn't mean it is) or you redwonloaded the malware un-expectantly...

Tews was quite right above...if the malware didn't resurface from the external drive or any other device that may have been corrupted...it had to have been re-downloaded (knowlingly or not)

That kind of malware just doesn't show up...the biggest clue is the fact that you are battling the SAME MALWARE as before

Yep. I am almost finished backing up my projects, and I will reformat everything and fresh install everything, hopefully everything will be ok.

 

[stevieray]

Could that malware be hiding in the Windows.old folder?

 

[gregrocker]

Formatting is never enough, especially Win7 quick formatting.

You need full zeroing, which is CLEAN ALL in Diskpart, or use DBAN or your HD diagnostics Zero-disk option.

 

[karthurk]

Formatting is never enough, especially Win7 quick formatting.

You need full zeroing, which is CLEAN ALL in Diskpart, or use DBAN or your HD diagnostics Zero-disk option.

I did not use W7 Quick Format, I used hiren Boot CD for full format.

Could that malware be hiding in the Windows.old folder?

Windows.old implies that I never formatted. And I did.



_________________________




So far everything Ok, I deleted last evening that Vghd.exe file and all it's registry entries and now nothign appeared since last night.

 

[Teerex]

Formatting is never enough, especially Win7 quick formatting.

You need full zeroing, which is CLEAN ALL in Diskpart, or use DBAN or your HD diagnostics Zero-disk option.

A usual format is enough, provided the MBR is clean. MBR can be cleaned by using Diskpart clean command (without all), after that, any malware leftovers are quite beyond resurrection. Zeroing the drive is a time consuming overkill - in my opinion.

 

[Tews]

In this case the OP system was so infested that IMO a full zeroing of the drive was the only way of insuring that re-infestation would not occur ... we have yet to see what he/she has done...

 

[Lordbob75]

I agree.
Nuke the drive using DBAN or something similar.

Sorry, your pirating has removed all other options.

~Lordbob

 

[karthurk]

Hey, everything seems OK now, I am scanning daily, nothing appeared so far. Why do people relate to pirating everytime, I know that is the biggest source of malware, as I told you, I use cracked software only if IT IS VERY NECESSARY(meaning I do not have the money to buy it, Romanian wages SUCK!), anyhow, there's much to comment on this, illegal, non-ethical, dangerous etc.

E.g. A full Master Collection CS4 license here in Romania equals 23months of not paying the rent.

 

[pparks1]

E.g. A full Master Collection CS4 license here in Romania equals 23months of not paying the rent.

It is a shame that software like this is so expensive for you.

On the other hand...maybe it's not really necessary for you to need/use a full Master Collection CS4 license.

There are other alternatives out there which aren't this expensive...and maybe not as cool, trendy or the de facto standard...but when the defacto standard is so darn expensive sometimes sacrifices are necessary.

I have numerous computers at home, but I only run Windows 7 on one of them because paying the cost for windows upgrades is too expensive for me to justify on my other computers. So, some will stay with the Vista they came with, 1 still uses the Windows XP it was licensed with and the remainder run Linux as cost here is a non-issue.

 

[pallesenw]

A usual format is enough, provided the MBR is clean. MBR can be cleaned by using Diskpart clean command (without all), after that, any malware leftovers are quite beyond resurrection. Zeroing the drive is a time consuming overkill - in my opinion.

True. As long as program code is not referenced/executed it is harmless. All kinds of malware that was active in the old file system is no longer active after a simple quick format.

A little edit-note: it was first in Vista that zeroing was introduced in the builtin formatting utility. Before that a full format didn't erase more sectors than a quick format did.

 

[gregrocker]

A usual format is enough, provided the MBR is clean. MBR can be cleaned by using Diskpart clean command (without all), after that, any malware leftovers are quite beyond resurrection. Zeroing the drive is a time consuming overkill - in my opinion.

True. As long as program code is not referenced/executed it is harmless. All kinds of malware that was active in the old file system is no longer active after a simple quick format.

A little edit-note: it was first in Vista that zeroing was introduced in the builtin formatting utility. Before that a full format didn't erase more sectors than a quick format did.

If you used Hiren's to format Win7, you should have applied Win7 formatting from the DVD before installing. XP formatting is incompatible; a slightly different partition table.

 

[MacGyvr]

I've never had to zero a drive to remove a trojan or virus and I've been doing it for 15+ years. Your mileage may vary.

 

[BugOutMachine]

c.) Always, always, ALWAYS have a Backup Plan in place. Whether you burn your data to DVD, have a backup HDD, RAID configuration, online storage, etc. This is probably the single most important best practice that many PC users still neglect until it's too late.

Not trying to nitpick...but;

RAID should never be confused with a backup. Even with a mirrored config, if you accidentally delete a file or get a virus which wipes out files..it gets both hard drives instantly. RAID is strictly for performance or for using multiple drives to make a large single drive...even with the various levels or redundancy.

If you have a spare hard drive at home, disconnect your normal drive. Use the secondary as a test hard drive...just load the OS from your OS disc and see what you get. If you have something right from step 1..your OS is obviously been compromised.

My OP has been corrected and I appreciate your feedback.