Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › I have a horrible virus - no clue what to do
New Posts  All Forums:Forum Nav:

I have a horrible virus - no clue what to do - Page 4

post #31 of 67
It's either in the Master Boot Record-- this is possbile, but EXTREMELY rare; I personally have never experienced this, only read or heard about it.
I'm more leaning towards a hard drive or RAM failure.
BleedinRaged
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 4790K ASRock Fatal1ty MSI GTX 970 G.SKILL Sniper Series 16GB (2 x 8GB) 
Hard DriveCoolingOSMonitor
SAMSUNG 850 EVO 2.5" 500GB SSD TRUE Windows 7 Pro 22" Acer Ferrari F-22 
KeyboardPowerCaseMouse
yes ;0 CORSAIR RM Series RM750 750W Lian Li PC-V1200B Logitech G5 
  hide details  
Reply
BleedinRaged
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 4790K ASRock Fatal1ty MSI GTX 970 G.SKILL Sniper Series 16GB (2 x 8GB) 
Hard DriveCoolingOSMonitor
SAMSUNG 850 EVO 2.5" 500GB SSD TRUE Windows 7 Pro 22" Acer Ferrari F-22 
KeyboardPowerCaseMouse
yes ;0 CORSAIR RM Series RM750 750W Lian Li PC-V1200B Logitech G5 
  hide details  
Reply
post #32 of 67
Thread Starter 
I've been considering the possibility of hard drive failure, especially considering this is a brand new drive and all of this trouble started when I reformatted to this drive.
But, how would that explain all of the random processes that pop up?
I'll get 20+ random processes that are named things like fdhske.exe, hfhfjd.exe, ydtsgs.exe, etc.
Just random letters.
Then all processes will crash, PC will reboot, OS will be toast.

Also, I haven't tested my RAM yet, but will do so overnight.
Edited by EmeraldICE - 6/17/11 at 9:29pm
NEW BUILD!!!!
(19 items)
 
  
CPUMotherboardGraphicsHard Drive
i7 2600k / 4.5ghz @ 1.32v Asus P8Z68-V PRO/GEN3 EVGA GTX 560 Ti Crucial m4 
Hard DriveHard DriveOptical DriveCooling
WD Black WD Black LG Bluray Reader Corsair H60 
OSMonitorKeyboardPower
W7 Pro x64 Acer H233H G15 Corsair HX750 
CaseMouseAudioOther
HAF X - Blue Edition G500 X-Fi Elite Pro nMediaPC LCD 
Other
Rosewill 74-in-1 card reader 
  hide details  
Reply
NEW BUILD!!!!
(19 items)
 
  
CPUMotherboardGraphicsHard Drive
i7 2600k / 4.5ghz @ 1.32v Asus P8Z68-V PRO/GEN3 EVGA GTX 560 Ti Crucial m4 
Hard DriveHard DriveOptical DriveCooling
WD Black WD Black LG Bluray Reader Corsair H60 
OSMonitorKeyboardPower
W7 Pro x64 Acer H233H G15 Corsair HX750 
CaseMouseAudioOther
HAF X - Blue Edition G500 X-Fi Elite Pro nMediaPC LCD 
Other
Rosewill 74-in-1 card reader 
  hide details  
Reply
post #33 of 67
This is rather odd. I cannot wait until you fix this so then we can all learn how to solve it.

Sent from my SCH-I500 using Tapatalk
post #34 of 67
I went nuts once trying to clean a friends PC of a virus... it was an e-machine.

They left the BIOS unlocked.
After reloading the OS and it still being there...
I figured out it was in the BIOS through a process of elimination.
Only saw that once!

In short...
I tried removing the RAM to eliminate it being resident, no help after several attempts.

In the end, pulled the power to PS
Toggled the PS on/off
Removed RAM (again like before that did not work)
Pulled the battery
Reset CMOS
Reset jumper
Reinstall battery, 110v power source
Reloaded OS
By By virus
Edited by The Duke - 6/17/11 at 9:58pm
    
CPUMotherboardGraphicsRAM
X4 965 ASUS M4A79 Deluxe 9800GTx2 2x2G OCZ Reapers 
Hard DriveOptical DriveOSMonitor
500G WD Black LiteOn CD/DVD R/W Win7 64 22'' ws Acer AL2223W 
KeyboardPowerMouse
MS KU462 Natural SS DA750 MS 5 button 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
X4 965 ASUS M4A79 Deluxe 9800GTx2 2x2G OCZ Reapers 
Hard DriveOptical DriveOSMonitor
500G WD Black LiteOn CD/DVD R/W Win7 64 22'' ws Acer AL2223W 
KeyboardPowerMouse
MS KU462 Natural SS DA750 MS 5 button 
  hide details  
Reply
post #35 of 67
Thread Starter 
Quote:
Originally Posted by Lostcase View Post
This is rather odd. I cannot wait until you fix this so then we can all learn how to solve it.
It's extremely odd. I've spent nearly 3 days trying to get rid of this thing!
I'll definitely post the fix if I ever manage to get that far.

Maybe my computer is trying to get back at me for browsing newegg for components for a new build... it must know that I can't afford a new computer right now. Trying to teach me a lesson.


Duke, I've mentioned the possibility of a BIOS virus a few times in this thread but you're the only one who has brought it up. I've been googling information on this all day and have found that these are quite rare, but can be devastating once contracted and one of the big signs is the fact that a reformat doesn't help.
As you suggested, I've cleared CMOS and have even flashed the BIOS.
I've run multiple tools today (MBRCheck, killdisk, malwarebytes, kaspersky, kaspersky rescue, and tdsskiller) and everything has come back clean.
I'm not familiar with locking the BIOS... I didn't even realize this was necessary until today after reading all about those BIOS viruses. I'll have to look into it and see if it can be done on my board.

I think I'm going to go ahead and start installing some basic programs (probably only firefox, xfire, and VLC) and reconnect the computer to the internet and see what happens. I'll post back with the results.

Also, memtest is going to be running overnight.
Edited by EmeraldICE - 6/17/11 at 10:19pm
NEW BUILD!!!!
(19 items)
 
  
CPUMotherboardGraphicsHard Drive
i7 2600k / 4.5ghz @ 1.32v Asus P8Z68-V PRO/GEN3 EVGA GTX 560 Ti Crucial m4 
Hard DriveHard DriveOptical DriveCooling
WD Black WD Black LG Bluray Reader Corsair H60 
OSMonitorKeyboardPower
W7 Pro x64 Acer H233H G15 Corsair HX750 
CaseMouseAudioOther
HAF X - Blue Edition G500 X-Fi Elite Pro nMediaPC LCD 
Other
Rosewill 74-in-1 card reader 
  hide details  
Reply
NEW BUILD!!!!
(19 items)
 
  
CPUMotherboardGraphicsHard Drive
i7 2600k / 4.5ghz @ 1.32v Asus P8Z68-V PRO/GEN3 EVGA GTX 560 Ti Crucial m4 
Hard DriveHard DriveOptical DriveCooling
WD Black WD Black LG Bluray Reader Corsair H60 
OSMonitorKeyboardPower
W7 Pro x64 Acer H233H G15 Corsair HX750 
CaseMouseAudioOther
HAF X - Blue Edition G500 X-Fi Elite Pro nMediaPC LCD 
Other
Rosewill 74-in-1 card reader 
  hide details  
Reply
post #36 of 67
Quote:
Originally Posted by EmeraldICE View Post
It's extremely odd. I've spent nearly 3 days trying to get rid of this thing!
I'll definitely post the fix if I ever manage to get that far.

Maybe my computer is trying to get back at me for browsing newegg for components for a new build... it must know that I can't afford a new computer right now. Trying to teach me a lesson.


Duke, I've mentioned the possibility of a BIOS virus a few times in this thread but you're the only one who has brought it up. I've been googling information on this all day and have found that these are quite rare, but can be devastating once contracted and one of the big signs is the fact that a reformat doesn't help.
As you suggested, I've cleared CMOS and have even flashed the BIOS.
I've run multiple tools today (MBRCheck, killdisk, malwarebytes, kaspersky, kaspersky rescue, and tdsskiller) and everything has come back clean.
I'm not familiar with locking the BIOS... I didn't even realize this was necessary until today after reading all about those BIOS viruses. I'll have to look into it and see if it can be done on my board.

I think I'm going to go ahead and start installing some basic programs (probably only firefox, xfire, and VLC) and reconnect the computer to the internet and see what happens. I'll post back with the results.

Also, memtest is going to be running overnight.
can you please upload the log of tdskiller.
Do not run a rootkit detector in safe mode it wont detect rootkits that dont start. Click on my sig run all those apps so I can have a look at your logs. If you do have any malware in your quarentine folders you can rar them up with a password infected and sent them to me so i can disect it with IDA Pro
post #37 of 67
Thread Starter 
Spoony, tdsskiller always comes up clean. Although, I've noticed something odd with MBRCheck. Yesterday I ran MBR check and my external drive had an unknown MBR, so I fixed it and changed it to Windows 7 MBR. Now this evening I just ran it again and the external drive said: "MBR Code Faked". I just fixed the MBR code another time and it lists itself as Windows 7 now. Does this point to signs of something malicious hiding on my external? I've ran multiple scans with malwarebytes and kaspersky and they both come up clean. Kinda makes me a bit nervous though. I have a lot of stuff stored on that drive and definitely wouldn't be happy if my data could be infected.

So far the computer has been running okay, but usually the virus will hit after about 24 hours, so we'll see tomorrow.

Also, Memtest, Seatools DOS, and WD Diagnostics all passed.

EDIT - Did some googling and it looks like that MBR error has been known to pop up on the particular external drive I have.

EDIT #2 - Ran MBRcheck again and the external drive says "MBR Code Faked" again. It seems like this may be a common error for externals, though. Any idea if this is something I should worry about or can I safely ignore it?
Edited by EmeraldICE - 6/18/11 at 11:07pm
NEW BUILD!!!!
(19 items)
 
  
CPUMotherboardGraphicsHard Drive
i7 2600k / 4.5ghz @ 1.32v Asus P8Z68-V PRO/GEN3 EVGA GTX 560 Ti Crucial m4 
Hard DriveHard DriveOptical DriveCooling
WD Black WD Black LG Bluray Reader Corsair H60 
OSMonitorKeyboardPower
W7 Pro x64 Acer H233H G15 Corsair HX750 
CaseMouseAudioOther
HAF X - Blue Edition G500 X-Fi Elite Pro nMediaPC LCD 
Other
Rosewill 74-in-1 card reader 
  hide details  
Reply
NEW BUILD!!!!
(19 items)
 
  
CPUMotherboardGraphicsHard Drive
i7 2600k / 4.5ghz @ 1.32v Asus P8Z68-V PRO/GEN3 EVGA GTX 560 Ti Crucial m4 
Hard DriveHard DriveOptical DriveCooling
WD Black WD Black LG Bluray Reader Corsair H60 
OSMonitorKeyboardPower
W7 Pro x64 Acer H233H G15 Corsair HX750 
CaseMouseAudioOther
HAF X - Blue Edition G500 X-Fi Elite Pro nMediaPC LCD 
Other
Rosewill 74-in-1 card reader 
  hide details  
Reply
post #38 of 67
Quote:
Originally Posted by EmeraldICE View Post
Spoony, tdsskiller always comes up clean. Although, I've noticed something odd with MBRCheck. Yesterday I ran MBR check and my external drive had an unknown MBR, so I fixed it and changed it to Windows 7 MBR. Now this evening I just ran it again and the external drive said: "MBR Code Faked". I just fixed the MBR code another time and it lists itself as Windows 7 now. Does this point to signs of something malicious hiding on my external? I've ran multiple scans with malwarebytes and kaspersky and they both come up clean. Kinda makes me a bit nervous though. I have a lot of stuff stored on that drive and definitely wouldn't be happy if my data could be infected.

So far the computer has been running okay, but usually the virus will hit after about 24 hours, so we'll see tomorrow.

Also, Memtest, Seatools DOS, and WD Diagnostics all passed.

EDIT - Did some googling and it looks like that MBR error has been known to pop up on the particular external drive I have.

EDIT #2 - Ran MBRcheck again and the external drive says "MBR Code Faked" again. It seems like this may be a common error for externals, though. Any idea if this is something I should worry about or can I safely ignore it?
I cant tell without the logs. even if they find nothing the logs tells you about activity on your pc which can be picked up. Doesnt matter if it found anything or not. They can bypass it but the activity can be picked up in the logs. Those logs are more powerfull than any antimalware product
post #39 of 67
Thread Starter 
Do you need any other logs besides tdsskiller? I'm willing to try ANYTHING at this point.
The virus is STILL there. I booted up my computer this morning and noticed that the startup was extremely slow. I opened up windows task manager and saw that the randomly named processes were starting to pop up. I turned off the computer via the power switch before the virus could do anything, and booted into safe mode. None of the processes are active in safe mode.
Then, I booted up regularly and the viruses started popping up again.
I ended them all and now I'm running the computer fine.
So I think if I just kill them before they have a chance to act, then I'll be okay.
None of these scans pick up anything. I must have some unknown crazy virus on my computer.
Edited by EmeraldICE - 6/19/11 at 8:51am
NEW BUILD!!!!
(19 items)
 
  
CPUMotherboardGraphicsHard Drive
i7 2600k / 4.5ghz @ 1.32v Asus P8Z68-V PRO/GEN3 EVGA GTX 560 Ti Crucial m4 
Hard DriveHard DriveOptical DriveCooling
WD Black WD Black LG Bluray Reader Corsair H60 
OSMonitorKeyboardPower
W7 Pro x64 Acer H233H G15 Corsair HX750 
CaseMouseAudioOther
HAF X - Blue Edition G500 X-Fi Elite Pro nMediaPC LCD 
Other
Rosewill 74-in-1 card reader 
  hide details  
Reply
NEW BUILD!!!!
(19 items)
 
  
CPUMotherboardGraphicsHard Drive
i7 2600k / 4.5ghz @ 1.32v Asus P8Z68-V PRO/GEN3 EVGA GTX 560 Ti Crucial m4 
Hard DriveHard DriveOptical DriveCooling
WD Black WD Black LG Bluray Reader Corsair H60 
OSMonitorKeyboardPower
W7 Pro x64 Acer H233H G15 Corsair HX750 
CaseMouseAudioOther
HAF X - Blue Edition G500 X-Fi Elite Pro nMediaPC LCD 
Other
Rosewill 74-in-1 card reader 
  hide details  
Reply
post #40 of 67
Howabout Avira rescue system? It's a bootable Linux live CD that will nuke any virus on any connected drive in your system.
 
ThinkPad W510
(12 items)
 
The Arkbird
(14 items)
 
CPUGraphicsRAMHard Drive
i7 3840QM Quadro K2000M 4x8gb Intel 525 Series 240gb mSATA 
Optical DriveCoolingOSMonitor
Tray-load DVD Factory Windows 7 Pro 1080P "Ultrasharp" panel 
KeyboardPowerCase
Integrated Big 'ol brick M4700 chassis 
CPUMotherboardGraphicsRAM
i7 820QM 4318-CTO Quadro FX 880M 4x4gb 
Hard DriveOptical DriveCoolingOS
X-25M G2 DVD Stock Arch x64 
MonitorKeyboardPowerMouse
1080P touch screen IPS Clicky Brick Adapter UltraNav 
CPUMotherboardGraphicsRAM
4x Xeon E7440s HP DL580 G3 Motherboard Rev. 1.1 ATi Rage XL Samsung ECC DDR2 
Hard DriveOptical DriveCoolingOS
15K HP Ultra320 SCSI DVD Burner Bare Heatsinks + Chassis Airflow The Ever-Changing Distro... 
MonitorPowerCase
Only For Diagnostics.. 2x1300w (Redundant, Delta OEM) HP 4U Rackmount 
  hide details  
Reply
 
ThinkPad W510
(12 items)
 
The Arkbird
(14 items)
 
CPUGraphicsRAMHard Drive
i7 3840QM Quadro K2000M 4x8gb Intel 525 Series 240gb mSATA 
Optical DriveCoolingOSMonitor
Tray-load DVD Factory Windows 7 Pro 1080P "Ultrasharp" panel 
KeyboardPowerCase
Integrated Big 'ol brick M4700 chassis 
CPUMotherboardGraphicsRAM
i7 820QM 4318-CTO Quadro FX 880M 4x4gb 
Hard DriveOptical DriveCoolingOS
X-25M G2 DVD Stock Arch x64 
MonitorKeyboardPowerMouse
1080P touch screen IPS Clicky Brick Adapter UltraNav 
CPUMotherboardGraphicsRAM
4x Xeon E7440s HP DL580 G3 Motherboard Rev. 1.1 ATi Rage XL Samsung ECC DDR2 
Hard DriveOptical DriveCoolingOS
15K HP Ultra320 SCSI DVD Burner Bare Heatsinks + Chassis Airflow The Ever-Changing Distro... 
MonitorPowerCase
Only For Diagnostics.. 2x1300w (Redundant, Delta OEM) HP 4U Rackmount 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › I have a horrible virus - no clue what to do