Solved Trojan, Please HELP!!!

[EvilOzzmess]

I'm performing another Factory Restore... if it comes up again, then I'm going to try an Image Restore. The only reason I can think of for why this thing came back after the other Factory Restore, is because it is hiding within the hidden partition where Acer put the Factory Restore stuff in. So I'm thinking if I were to Restore from Image (disks), it can't come back.

I really wish I could Clean Install because that would absolutely obliterate everything on the drive before reinstalling 7, but that's not possible on a Pre-Loaded system like this as they don't give you an actual Windows 7 Install Disk. All I have is a Recovery disk for it, which wants you to install 7 from the recovery partition - or the image disks made from the Recovery partition.

I'm praying either of those work, otherwise I'm just screwed. Nothing will get rid of this... without a hefty price-tag that I just cannot afford right now.

 

[Jo 90]

I use Macrium Reflect and I take an image of my machine about once a month, it's quite easy to use and I have had to restore twice in the past after I messed things up, just download from there website, Macrium Reflect FREE Edition - Information and download make a rescue disk and make an image on an external HDD or network drive or a bunch of DVD's. It took about 40 mins to back up and the same to restore a 160gb HDD that was half full.

Jo 90 -

I've been thinking of giving this app a try. Which rescue method do you use (linux disk, linux usb, bartPE disk)?

Any tips/pointers in overall use?

THANKS!

Hi jo6pak,

I used the linux based CD, boot from that and your just a few clicks away from a full restore to your image of whole drives or just the partitions you need. One thing, if you reduce a partition size it can't restore it until you increase it again.

 

[EvilOzzmess]

Alright well... performed another Factory Restore and performed numerous scans with MBAM, Spybot and also Microsoft Security Essentials, in safe mode and not and they all detected a few things and got rid of them this time, I think the main one I was plagued with is gone, but I can't be sure.

IE hasn't come up with anything I haven't prompted it too either, but again that's no indication of the malware being 100% gone. Perhaps if I just completely uninstalled IE the problems can't continue even if the actual malware is still on here. What do you guys think?

Is IE necessary, at all, for anything that other browsers cannot or else cannot be made to do like IE can (for example, ActiveX Control dependent functions)?

 

[EvilOzzmess]

In fact... actually, how can I force those three programs to scan the hidden partition where all of the the Recovery data is stored? I think that is my problem! Because it's "hidden", these programs cannot detect the junk in there and so it's being regurgitated right back into the main C: drive after Factory Restore. If I could just get one or all of these programs to detect - and clean it, then I think it will purge whatever it is causing this issue out and make this system OK again.

 

[jimbo45]

Hi there
as I said the only SAFE way is to totally WIPE the disk and do a brand new CLEAN install.

1) Download GPARTED and do a FULL FORMAT and BINARY ZERO (x'00') write to every cluster on the Disk.

2) Install your OS from SCRATCH.

3) Add your CLEAN drivers -- printer/video etc.

4) NOW MAKE A BOOTABLE BACKUP IMAGE ON TO A DVD -- don't do it to a USB as this is WRITEABLE and could get infected. A "Finalilzed DVD" is the way to do it.

5) Now with GPARTED re-partion your disc into OS and data --the W7 OS shouldn't need more than 30 - 40 GB if even that size.

6) Add MSE and you should be OK.

Cheers
jimbo

 

[EvilOzzmess]

Alright, just to let you guys know... I am 98% certain that the malware is officially and absolutely gone this time. The second sweep through of the system with Factory Restore, coupled with a Windows Upgrade got it out. If it comes back, or rears it's ugly head again, I can now Clean Install the system to get rid of it from the disk I burned (thank you again - you know who you are ).

So yes, thank you all so much again everybody, and thank you for your patience with an idiot like me lol.