Virus on external hard drive

James78 · Feb 13, 2010

Hey people.

Last night my girlfriend plugged an external/portable hard drive into her Mac OSX and message came up saying there is a virus on the HD. So she unplugged the drive in fear of being infected and shut down the Mac before I could have a look what was said in the message.

So I ran a scan from my laptop with MSE and got the following viruses :
-Trojan:Win32/Orsam!rts
-VirTool:Win32/Obfuscator.C
-Virus:Win32/Virut.BM
-Trojan:Unix/Rootkit.C
(she brings home a lot of media from a network hub at work)

So here is my problemo...

-Trojan:Unix/Rootkit.C - was removed

-Trojan:Win32/Orsam!rts - was quarantined but showed up on 2nd scan

-Virus:Win32/Virut.BM - and - VirTool:Win32/Obfuscator.C - I get this error message from MSE on both scans :
Microsoft Security Essentials encountered the following error: Error code 0x8007065e. Data of this type is not supported.

Guys I am clueless on how to proceed and want to do so cautiously.

-Please could you guys help me remove these threats without formatting the portable HD
- Is there a chance I could infect my PC (did a scan just now and MSE says my baby is still clean

)
(Running Windows Ultimate 32bit on a Toshiba laptop)

* Ive scanned the external HD with Maleware-Bytes and Ad Aware and they have picked up nothing...

Dinesh · Feb 13, 2010

James78 said:
Hey people.

Last night my girlfriend plugged an external/portable hard drive into her Mac OSX and message came up saying there is a virus on the HD. So she unplugged the drive in fear of being infected and shut down the Mac before I could have a look what was said in the message.

So I ran a scan from my laptop with MSE and got the following viruses :
-Trojan:Win32/Orsam!rts
-VirTool:Win32/Obfuscator.C
-Virus:Win32/Virut.BM
-Trojan:Unix/Rootkit.C
(she brings home a lot of media from a network hub at work)

So here is my problemo...

-Trojan:Unix/Rootkit.C - was removed

-Trojan:Win32/Orsam!rts - was quarantined but showed up on 2nd scan

-Virus:Win32/Virut.BM - and - VirTool:Win32/Obfuscator.C - I get this error message from MSE on both scans :
Microsoft Security Essentials encountered the following error: Error code 0x8007065e. Data of this type is not supported.

Guys I am clueless on how to proceed and want to do so cautiously.

-Please could you guys help me remove these threats without formatting the portable HD
- Is there a chance I could infect my PC (did a scan just now and MSE says my baby is still clean)
(Running Windows Ultimate 32bit on a Toshiba laptop)

* Ive scanned the external HD with Maleware-Bytes and Ad Aware and they have picked up nothing...

Scan your PC with Avast and Hitman Pro.

James78 · Feb 13, 2010

Sweet, Will download Avast and run the scan on the portable HD and then PC.
Will my PC be at risk if I plug in the hard drive ?

Dinesh · Feb 13, 2010

James78 said:
Sweet, Will download Avast and run the scan on the portable HD and then PC.
Will my PC be at risk if I plug in the hard drive ?

Yes it might be. But install the anti virus on the main PC so that it can prevent any infection.

Jacee · Feb 13, 2010

Read about Virus:Win32/Virut.BM
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus:Win32/Virut.BM

You're not only dealing with Virut but you are also dealing with a lot of other malware as well.
What I suggest in your case is to format and reinstall the OS. This is because, Virut is a file infector which infects every .exe present on your system. The problem with Virut is, this is a buggy file infector and that's why scanners cannot disinfect them properly either > result > files are corrupted, won't work anymore.
And as I already explained, Virut infects every .exe. This means that you may not delete these files, but they should be disinfected. And since it's a buggy virus, the files cannot be properly disinfected.
This unfortunately means that this is a game over situation and there's nothing much you can do besides formatting and reinstalling Windows.
Don't backup your files either, because when you backup .exe files, they are also infected. You can however backup pictures and documents.

steve-pressman · Feb 13, 2010

That sounds like a nasty son of a bitch he has there

James78 · Feb 13, 2010

Hi Denesh and Jacee. Many thanks for the help so far.

I might not have explained myself well in my first post, sorry. The external hard drive doesn't have an OS, its just used to store pictures, videos, games, etc.
Im not sure if that makes a difference? Can the virus still infect other exe. files on the drive. "Virut is a file infector which infects every .exe present on your system".

In other words, would I treat the infected hard drive/media device(with no OS) the same way I would my Computer?
So far Ive scanned the previously infected folders that MSE said were infected and Avast came up with the following, which it deleted,

win32:Vitro (3 of these)
win32:Trojan-gen
win32:junkpoly[Cryp]
error:the file is a decompression bomb(42110) (many of these msg's)

So now Im running a full scan of the media device (its at 25% and going for 55 minutes )

Thanks
James

Jacee · Feb 13, 2010

win32:Vitro <-- new variation of Virut
PolyMorphic Win32:Vitro Most Viraulent Virus : Tech-Linkblog.com

win32:junkpoly[Cryp] <-- more Virut
A virus that can perform various modifications in Windows system files including logon functions. Win32:JunkPoly [Cryp] can also disable Windows registry editor, Task Manager and kill various running programs on the compromised computer.

win32:Trojan-gen <-- Backdoor Trojan

I sure wouldn't want to save anything on that external hard drive if it was mine!!

James78 · Feb 14, 2010

Damn!!! That is not what I wanted to hear... Guess I'll have to format....

Just out of interest
- the scan took 8 hours...
- 800 Gigs of media :cry:

- 6 additional infections were found

I know you said you wouldn't advise to save anything, but is there no way I could safely keep some of the stuff. I dont mind deleting all exe. files etc, there are soo many photos and video's I would really love to keep. In fact the pics are irreplaceable, I just cant bring myself to del them.(and some of the home vids)

Is it ok to navigate through the external hard drive without infecting my PC, and save some of the pics etc to a flash drive? (PC is virus free)

Sorry about all the question

Thanks a lot for all the help

Jacee · Feb 14, 2010

You can save your personal pictures and documents. Look at my posts above.

James78 · Feb 14, 2010

Will do, many many thanx.

erichg1000 · Oct 23, 2010

I think I had that same virus on my old desktop and laptop. All .exe were messed up and I couldn't access task manager. I had an external drive hooked up to the desktop and it has only movies, pics, and music on it. I don't think there are any .exe files on the hard drive. So, I want to access the files in the hard drive, but am scared to hook the hard drive up to my new computer for fear of it spreading. In the previous post someone mentions you can copy files safely - so is it safe to just plug in the external drive and copy files? I need to make folders so I can use the HD for my PS3.

Virus on external hard drive

James78

New member

My Computer

Dinesh

Wonder Man

My Computer

James78

New member

My Computer

Dinesh

Wonder Man

My Computer

Jacee

Consumer Security

My Computer

steve-pressman

New member

My Computer

James78

New member

My Computer

Jacee

Consumer Security

My Computer

James78

New member

Attachments

My Computer

Jacee

Consumer Security

My Computer

James78

New member

My Computer

erichg1000

New member

My Computer

Similar threads