Cant remove virus

[chr0540]

Hello,
I have been trying g to remove a virus for about a week with no luck. Tried formatting and everything but this virus is still there. If it is in the boot partition, how can I format everything off hard drive and start from scratch. I have tried everything.g I know of with no luck.
Any advice is appreciated.
Thanks,
Chris

 

[hellwig]

Chris, have you been deleting the old partitions when you format? Try this: Download an Ubuntu install disk. Using the Ubuntu installation manager, delete ALL partitions on the drive. You could even create and format new partitions if you wanted (and probably even install Ubuntu). Then, reinstall Windows over Ubuntu (I assume you want to run Windows). During the Windows installation, again delete all partitions, then create and format a new partition. Hopefully, installing Ubuntu (or another Linux/BSD if you got it) will eradicate everything on the drive, leaving it clean when you re-install windows.

If the whole Linux-then-Windows installation doesn't fix things (or isn't possible), you could try downloading a utility from the maker of the harddrive, is it a Seagate, Western Digital, Toshiba? They often have recovery/cleaning/formatting utilities that might fix the issue as well.

However, I'm not sure the virus is hiding-out in your boot sector. Do you have external harddrives, USB thumbdrives, another computer on the same network? I assume you backed-up your data first, and its possible this back-up is also infected. Do you see the effects of the virus after a clean install of Windows, or only after you have connected it to a network or copied files to it from a thumb-drive or other source? Are you re-installing any applications that might be suspect (i.e. files from Bittorrent or unknown companies)?

 

[Shadow703793]

^ You can just run Dban and be done with it.... much faster than having to install Linux over it.

 

[chr0540]

Chris, have you been deleting the old partitions when you format? Try this: Download an Ubuntu install disk. Using the Ubuntu installation manager, delete ALL partitions on the drive. You could even create and format new partitions if you wanted (and probably even install Ubuntu). Then, reinstall Windows over Ubuntu (I assume you want to run Windows). During the Windows installation, again delete all partitions, then create and format a new partition. Hopefully, installing Ubuntu (or another Linux/BSD if you got it) will eradicate everything on the drive, leaving it clean when you re-install windows.

If the whole Linux-then-Windows installation doesn't fix things (or isn't possible), you could try downloading a utility from the maker of the harddrive, is it a Seagate, Western Digital, Toshiba? They often have recovery/cleaning/formatting utilities that might fix the issue as well.

However, I'm not sure the virus is hiding-out in your boot sector. Do you have external harddrives, USB thumbdrives, another computer on the same network? I assume you backed-up your data first, and its possible this back-up is also infected. Do you see the effects of the virus after a clean install of Windows, or only after you have connected it to a network or copied files to it from a thumb-drive or other source? Are you re-installing any applications that might be suspect (i.e. files from Bittorrent or unknown companies)?

I have done complete format, removing all partitions. I will try Ubuntu and see if that will work.

I orignally did a clean install and then connected my external hard drive (that to was fully formatted) and had a file that installed itself on there within minutes of being open. I then formatted everything again, and installed fresh. I did not connect the hard drive this time and installed my AV and it came up with the same virus. That is what is leading me to believe that it is in the boot partition. I did not install anything else on the computer before the AV and full system scan. I have not tried to put any old file on the computer due to the fact that I do not know what else this has infected.

I will try all the things you mentioned and go from there. Will update after trying these.

Thank you.

Chris

 

[dokk2]

Back in the "old Dos days",, you could go online with your browser and just type, scan,and lo and behold your system would be scanned, dunno if it's the same today, in any event the methodology that always seems to work for me,, is to boot from a Dos floppy and fdisk /mbr and then create an extended partition using all the hdd in question, then reboot a couple of times to the boot floppy, the reason for using a floppy is because it can be locked manually thus you are sure that nothing is being written to it, then go ahead and use the hdd as wanted..

 

[MrLinux]

What AV system are you using, What is the Virus identified as, and where is the infested file located?

 

[Hard Line]

also when formatting do a full format not quick.. the quick only deletes the entries in the mbr whereas a full format although lengthy, is more secure as it writes zeros to every sector

 

[chr0540]

I have done full format 3 times. No luck. I was using norton but it got by that. I tried CA and that is what finds it. AVG could not be installed because it seems to block AV programs from running.
I enden up buying a new HDD but I don't know if I should try to use the other as a slave or if it will transfer to the new one like it did to the external after it was formatted.

 

[Hard Line]

here is the thing that makes me wonder.... a virus is incapable of doing anythign after a format.. may I suggest that something else is infected and reinfecting your pc after every reformat.....

 

[hellwig]

I have done full format 3 times. No luck. I was using norton but it got by that. I tried CA and that is what finds it. AVG could not be installed because it seems to block AV programs from running.
I enden up buying a new HDD but I don't know if I should try to use the other as a slave or if it will transfer to the new one like it did to the external after it was formatted.

Like I mentioned in my original post, I do not think its on the harddrives. Its on something you are hooking-up to the computer each time. This could be another computer on the network, this could be a website you are visiting, this could be a DVD you burned, maybe even your router or modem is infected.

What version of Windows are you installing, and was this a copy you burned to a DVD yourself? It's possible that if you downloaded the Windows7 installer, the installation DVD you burned is infected. Maybe its a copy of Windows XP you modified to bootstrap in some SATA drivers or something? Is this an OEM PC from Everex or Acer or something? It's possible that if you're using a restoration CD, that CD (even if it came with the computer) could be infected (they got a virus on the International Space Station, it can happen anywhere). When you install Windows, do you have to provide any drivers via floppy, CD (that came with the motherboard), or USB thumbdrive? These could all be sources of infection.

If you have retail installation media (i.e. prepackaged by Microsoft), what you need to do is a clean-room install. Wipe the drives clean. Do NOT connect the computer to any network (you can activate Windows later). Burn any applications or drivers you will need to a CD-R or DVD-R from ANOTHER computer (not your infected computer). After installing Windows, install CA (which you said detected the virus). Do NOT install any other drivers or programs (you don't need your network, sound, or even video drivers at this point). Do a system scan and see if it finds anything. If you don't find the virus on your drive, install any drivers you need to get your network interface working. Do another system scan (making sure your network drivers are not the source), and then connect your computer directly to your modem (bypass your router and any network if possible). Perform a Windows Update, see if anything happens or is detected.

If you can install and update windows without detecting the virus, you can hopefully debug where the virus is coming from (scanning anything you insert and after you install something): install any other drivers, connect your router, copy/install other files, etc.

 

[chr0540]

After installing the new HDD, I have not had any problems with the system. I am know wondering if it is a bad idea to try to do perform another full format on the old HDD and use it a slave.
All of the programs that were installed on this drive and the old drive are original HP recovery disks and the OEM copy of XP Media Center that are on the recovery disks. I have not installed any files that were not original trusted disks and only installed the external one time and have not reconnected since the first restore. The 2nd and 3rd time nothing else was connected to the pc.

 

[ricky_critic]

Hello,
I have been trying g to remove a virus for about a week with no luck. Tried formatting and everything but this virus is still there. If it is in the boot partition, how can I format everything off hard drive and start from scratch. I have tried everything.g I know of with no luck.
Any advice is appreciated.
Thanks,
Chris

Gollow the following steps for removing virus from drive.

1. Go to any folder.In that on the top menu go to Tools--> Folder Options, which will be beside File, Edit, View, Favourites.
2. A window pops up after you click on folder options.In that window go to View tab and select the option Show hidden files and folders.Now uncheck the option Hide protected Operating system files.Click Ok
3. Now Open your drives (By right click and select Explore. Don't double click!) Delete autorun.inf and MS32DLL.dll.vbs or MS32DLL.dll (use Shift+Delete as it deletes files forever.) in all drives include Handy Drive and Floppy disk.
4. Open folder C:\WINDOWS to delete MS32DLL.dll.vbs or MS32DLL.dll (Use Shift+Delete )
5. Go to start --> Run --> Regedit and the Registry editor will open
6. Now navigate in the left pane as follows: HKEY_LOCAL_MACHINE --> Software --> Microsoft --> Windows --> Current Version --> Run .Now delete the entry MS32DLL (Use Delete key on keyboard)
7. Go to HKEY_CURRENT_USER --> Software --> Microsoft --> Internet Explorer --> Main and delete the entry Window Title “Hacked by Godzilla”
8. Now open the group policy editor by typing gpedit.msc in Start --> run and pressing enter.
9. Go to User Configuration --> Administrative Templates --> System . Double Click on entry Turn Off Autoplay then Turn Off Autoplay Properties will display.Do as follows:
* Select Enabled
* Select All drives
* Click OK
10. Now go to start --> Run and type msconfig there and press Enter.A system configuration utility dialogue will open.
11. Go to startup tab in it and uncheck MS32DLL .Now click Ok and when the system configuration utility asks for restart ,click on exit without restart.
12. Now go to Tools --> Folder Options on the top menu of some folder again and select the Do not show Hidden files and check Hide operating system files.
13. Go to your recyclable bin and empty it to prevent any possiblity of MS322DLL.dll.vbs lying there.
14. Now restart your PC once and you can now open your hard disk drives by double clicking on them

 

[aford10]

Follow the guide in my signature for removing malware.

 

[chr0540]

Just want to thank everyone who took the time to help me with this issue. I have solved the issue with the hard drive and virus. This forum is great!

 

[patf0211]

Just want to thank everyone who took the time to help me with this issue. I have solved the issue with the hard drive and virus. This forum is great!

how????

 

[aford10]

how????

Run thru the guide in my signature. If you have further questions, please start your own thread, or feel free to PM me.

 

[aford10]

This topic has been closed by Aford10