Virus remains after formatting

[karlsnooks]

windude,
Certainly another approach.
DiskPart writes zeros, one pass to all bytes.
Sufficient for everyone except for the FBI and CIA.

 

[bigcitycat]

Maybe the router is compromised. If the win7 disk is clean or maybe a usb or external hard drive. Also could be something in an email or online storage account. Possibly another infected computer on your network. I would log into the router and change the password. Then see if you can update the router. Could also be a false positive too.

 

[zapp22]

all good suggestions. however I haven't seen that the victim here has actually secure-wiped yet. if not, then it is entirely possible that a scan would pickup an obfuscated infection ... not that hard to do. whether it is 'live' or not is a different question.
secondly - this is stating the obvious I realize - every cleanup I can imagine involves saving off one's valuables, then restoring those valuables. Obviously you would want to save the valuables, SCAN the valuables, and exterminate any that are compromised before restoring.

 

[karlsnooks]

zapp,
a secure wipe is not needed, but what is needed is a wipe, that is, overwriting each and every byte.

 

[icy00]

Hi Guys
I have also get such a kind of a virus
To wipe it out i filled the bootpartition up to the fat with zeros, there are 62 sectors to overwrite,
i used a utility of Acronis disk partion, thyat boots up the computer with a local windows stored
in this utility.
i
then i put a clean windows without any programs or drivers , installed my virusscanner
deleted the infected files and gone was the virus.

I hope this will help

icy00

 

[karlsnooks]

Icy,
the DISKPART Clean command does this for you and also catches the duplicate copy at the end of the disk.

Win 7 requires NTFS and DiskPart works with NTFS perfectly.

Your virus would have been gone.

 

[F5ing]

Icy,
the DISKPART Clean command does this for you and also catches the duplicate copy at the end of the disk.

Win 7 requires NTFS and DiskPart works with NTFS perfectly.

Your virus would have been gone.

I don't think the DISKPART Clean command cares whether the disk contains NTFS, FAT, FAT32 or any other type of partition that may exist on the disk. For an MBR disk it simply zeroes out the partitioning information and hidden sector information that follows (when using 'Clean', rather than 'Clean All').

The data for each partition remains, including boot records, MFTs, etc. Including any of their mirrors/backups. The data is simply not recognized by the MBR any longer.

 

[icy00]

Hi Guys

DISKPART is an internal command of the opera

 

[karlsnooks]

icy,
Are you having problems of some kind?
You're posts are not making the greatest amount of sense.

 

[icy00]

Hi Guys

DISKPART is an internal command of the operating system , this is not working with bootviruses.
Bootvirusses boot before the opperating system boots and they will intercept all calls &
interupts to the disks.
the only method to clean is to boot before the virus boots, then only will these 61 sectors
be overwritten.

icy

 

[karlsnooks]

icy,
DiskPart run from the System Repair Disc or from the Win 7 installer pgrm does not boot up Win 7.

Both of those have them run a PE (preexecution environment) from ram. There is not boot to be intercepted.

 

[Golden]

DISKPART is an internal command of the operating system , this is not working with bootviruses.

Nonsense - DISKPART and CLEAN/CLEAN ALL can be accessed from any Windows 7 installation ISO and run during bootup from said ISO, prior to the boot manager being loaded.

Regards,
Golden

 

[F5ing]

icy,
DiskPart run from the System Repair Disc or from the Win 7 installer pgrm does not boot up Win 7.

Both of those have them run a PE (preexecution environment) from ram. There is not boot to be intercepted.

DISKPART is an internal command of the operating system , this is not working with bootviruses.

Nonsense - DISKPART and CLEAN/CLEAN ALL can be accessed from any Windows 7 installation ISO and run during bootup from said ISO, prior to the boot manager being loaded.

Regards,
Golden

Ditto on both responses above. The only way there can be interference is if the bootable disc itself is corrupt. But that could conceivably be the case with any bootable disc. Always consider the source.