Overclock.net › Forums › Software, Programming and Coding › Networking & Security › How can I get rid of this nasty virus?
New Posts  All Forums:Forum Nav:

How can I get rid of this nasty virus? - Page 7

post #61 of 85
I have yet to run into a virus that works that way, like I said in all my years of working on infected computers I have yet run into one that infected the HDD that way. The only virus that I know of that infected an HDD in a software/hardware standpoint was the one from the early 2000's that clacked the disks together in the HDD.
    
CPUMotherboardGraphicsRAM
Core i7 3930k @ 4.75GHz (1.32v) ASUS Rampage IV Extreme EVGA 980 GTX 4x8Gb Corsair Vengeance DDR3-2133 
Hard DriveHard DriveCoolingOS
Kingston HyperX 3K, OCZ Vertex 3 120Gb Barracuda 2tb, 2x WD Black 4Tb Corsair H105 2x SP120 QE | 3x SP140 QE  Windows 10 Home 64-bit 
MonitorKeyboardPowerCase
Dual 27" BenQ IPS 1440p Corsair K70  Corsair AX860i Corsair Carbide Air 540 
MouseMouse PadAudio
Logitech G502 Razer Vespula Creative Sound Blaster Z 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Core i7 3930k @ 4.75GHz (1.32v) ASUS Rampage IV Extreme EVGA 980 GTX 4x8Gb Corsair Vengeance DDR3-2133 
Hard DriveHard DriveCoolingOS
Kingston HyperX 3K, OCZ Vertex 3 120Gb Barracuda 2tb, 2x WD Black 4Tb Corsair H105 2x SP120 QE | 3x SP140 QE  Windows 10 Home 64-bit 
MonitorKeyboardPowerCase
Dual 27" BenQ IPS 1440p Corsair K70  Corsair AX860i Corsair Carbide Air 540 
MouseMouse PadAudio
Logitech G502 Razer Vespula Creative Sound Blaster Z 
  hide details  
Reply
post #62 of 85
I've gone through 5 pages, and not one of you have recommended
GMER

it should find and fix any rootkit issues you have.
     
CPUMotherboardGraphicsRAM
i7 6800k Evga Micro2 Evga GTX 1080 FTW Hybrid Corsair Dominator 32GB 3200mhz (one of the stup... 
Hard DriveHard DriveOptical DriveCooling
Intel 750 800gb Samsung 950 Pro 256gb with AngelWing PX1 PCIE h... Lol Corsair H80i v2 
OSOSMonitorMonitor
Windows 10 Home 64bit CentOS 7 (in VM) Dell u2311h Dell u2311h 
KeyboardPowerCaseMouse
Leopold FC660C Silverstone 700 sfx-l Platinum thing Silverstone FT03B Logitech MX Master 
AudioAudioAudioOther
Oppo HA2 Sony XBA Z5 Blue Yeti Microphone Asus USB-AC68 
CPUMotherboardGraphicsRAM
i7 860 asus p7p55d-e pro EVGA gtx 460 Gskill ripjaws CL9 4gb 
Hard DriveCoolingOSMonitor
Western Digital Caviar Black Zalman CNPS10x Performa Windows 7 Ultimate OEM Samsung 223BW 
KeyboardPowerCaseMouse
Microsoft ergonomics 7000 Corsair 750tx AZZA Solano 1000 Some thing 
Mouse PadAudio
some generic thing Creative Sound Blaster Arena 
  hide details  
Reply
     
CPUMotherboardGraphicsRAM
i7 6800k Evga Micro2 Evga GTX 1080 FTW Hybrid Corsair Dominator 32GB 3200mhz (one of the stup... 
Hard DriveHard DriveOptical DriveCooling
Intel 750 800gb Samsung 950 Pro 256gb with AngelWing PX1 PCIE h... Lol Corsair H80i v2 
OSOSMonitorMonitor
Windows 10 Home 64bit CentOS 7 (in VM) Dell u2311h Dell u2311h 
KeyboardPowerCaseMouse
Leopold FC660C Silverstone 700 sfx-l Platinum thing Silverstone FT03B Logitech MX Master 
AudioAudioAudioOther
Oppo HA2 Sony XBA Z5 Blue Yeti Microphone Asus USB-AC68 
CPUMotherboardGraphicsRAM
i7 860 asus p7p55d-e pro EVGA gtx 460 Gskill ripjaws CL9 4gb 
Hard DriveCoolingOSMonitor
Western Digital Caviar Black Zalman CNPS10x Performa Windows 7 Ultimate OEM Samsung 223BW 
KeyboardPowerCaseMouse
Microsoft ergonomics 7000 Corsair 750tx AZZA Solano 1000 Some thing 
Mouse PadAudio
some generic thing Creative Sound Blaster Arena 
  hide details  
Reply
post #63 of 85
Quote:
Originally Posted by Bigo1087 View Post
Interesting.....Care to elaborate....?

Also BTW....

at work I normally run TDSS in Physical Enviorment (PE mode) mode outside of windows...
I would like to but not in a public forum. You may want to do some searching on the latest security research. Also may want to visit some "less reputable websites/forums."
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
post #64 of 85
Quote:
Originally Posted by Spykerv View Post
I've gone through 5 pages, and not one of you have recommended
GMER

it should find and fix any rootkit issues you have.
Yup, except if the rootkit is firmware based.
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
post #65 of 85
Quote:
Originally Posted by Shoulin View Post
I have yet to run into a virus that works that way, like I said in all my years of working on infected computers I have yet run into one that infected the HDD that way. The only virus that I know of that infected an HDD in a software/hardware standpoint was the one from the early 2000's that clacked the disks together in the HDD.
We are not talking about viruses - A rootkit is different from a virus. It has some features of a virus, some attributes of a trojan program and can have some attributes of an O/S and device driver.

Interesting discussions but I need to go to sleep. A little security awareness is a good thing
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Reply
post #66 of 85
I'm sure the OP only has a simple virus/malware running on the HDD. Like I said earlier, simply remove the drive and scan it from another PC running AV software or MIcrosoft Security Essentials at should be fine. I use my USB to SATA/IDE adapter for this all the time and it works. The worse that can happen is the OS is RO corrupted to restore it. Most people want their files or pics back, and this method allows you to recover them, web if you have to reformat the HDD, simple as that.
     
CPUMotherboardGraphicsRAM
Intel I7 860  Asus P7P55D-E Pro MSI ATI 6990 8gb G.Skill 1600 DDR3 (4x2Gb) 
RAMHard DriveHard DriveOptical Drive
G. Skill 1600 DDR3 OCZ Agility 2 120Gb  Seagate SATA Barracuda 160GB TSH663B DVD burner 
CoolingCoolingCoolingCooling
EK Supreme HF XSPC RC360 XSPC DDC Reservoir EK-FC6990 - EN (Nickel) 
OSMonitorKeyboardPower
Windows 10 64bit Pro Gateway FHX2300 Microsoft Wireless Multimedia V2 PC Power & Cooling Silencer 750 Quad 
CaseMouseAudio
Cooler Master HAF 932 Microsoft Wireless Optical Creative 5.1 
  hide details  
Reply
     
CPUMotherboardGraphicsRAM
Intel I7 860  Asus P7P55D-E Pro MSI ATI 6990 8gb G.Skill 1600 DDR3 (4x2Gb) 
RAMHard DriveHard DriveOptical Drive
G. Skill 1600 DDR3 OCZ Agility 2 120Gb  Seagate SATA Barracuda 160GB TSH663B DVD burner 
CoolingCoolingCoolingCooling
EK Supreme HF XSPC RC360 XSPC DDC Reservoir EK-FC6990 - EN (Nickel) 
OSMonitorKeyboardPower
Windows 10 64bit Pro Gateway FHX2300 Microsoft Wireless Multimedia V2 PC Power & Cooling Silencer 750 Quad 
CaseMouseAudio
Cooler Master HAF 932 Microsoft Wireless Optical Creative 5.1 
  hide details  
Reply
post #67 of 85
New OS install would be the best option to get rid of viruses. Who knows what other nasty things are still hidden in that laptop?
Alpha dawg
(11 items)
 
  
CPUMotherboardGraphicsRAM
i3 2100 Gigabyte z68ma-d2h-b3 GTX 460 Hawk 8GB DDR3 1600 
Hard DriveOptical DriveCoolingOS
WD Scorpio Blue  Asus  H60 Windows 7 64x 
MonitorPowerCase
Asus 24"  Antec neo eco 620W  Corsair 650D  
  hide details  
Reply
Alpha dawg
(11 items)
 
  
CPUMotherboardGraphicsRAM
i3 2100 Gigabyte z68ma-d2h-b3 GTX 460 Hawk 8GB DDR3 1600 
Hard DriveOptical DriveCoolingOS
WD Scorpio Blue  Asus  H60 Windows 7 64x 
MonitorPowerCase
Asus 24"  Antec neo eco 620W  Corsair 650D  
  hide details  
Reply
post #68 of 85
Quote:
Originally Posted by mbudden View Post
My mothers laptop has XP, no matter what I did. Her browsing habits would some how another get some kind of virus on the computer. I just through Linux on it and called it a day. If she somehow gets a virus now, I will be shocked.
Mothers, daughters, GFs always seem to find those really unique malware files don't they?
     
CPUMotherboardGraphicsRAM
Intel I7 860  Asus P7P55D-E Pro MSI ATI 6990 8gb G.Skill 1600 DDR3 (4x2Gb) 
RAMHard DriveHard DriveOptical Drive
G. Skill 1600 DDR3 OCZ Agility 2 120Gb  Seagate SATA Barracuda 160GB TSH663B DVD burner 
CoolingCoolingCoolingCooling
EK Supreme HF XSPC RC360 XSPC DDC Reservoir EK-FC6990 - EN (Nickel) 
OSMonitorKeyboardPower
Windows 10 64bit Pro Gateway FHX2300 Microsoft Wireless Multimedia V2 PC Power & Cooling Silencer 750 Quad 
CaseMouseAudio
Cooler Master HAF 932 Microsoft Wireless Optical Creative 5.1 
  hide details  
Reply
     
CPUMotherboardGraphicsRAM
Intel I7 860  Asus P7P55D-E Pro MSI ATI 6990 8gb G.Skill 1600 DDR3 (4x2Gb) 
RAMHard DriveHard DriveOptical Drive
G. Skill 1600 DDR3 OCZ Agility 2 120Gb  Seagate SATA Barracuda 160GB TSH663B DVD burner 
CoolingCoolingCoolingCooling
EK Supreme HF XSPC RC360 XSPC DDC Reservoir EK-FC6990 - EN (Nickel) 
OSMonitorKeyboardPower
Windows 10 64bit Pro Gateway FHX2300 Microsoft Wireless Multimedia V2 PC Power & Cooling Silencer 750 Quad 
CaseMouseAudio
Cooler Master HAF 932 Microsoft Wireless Optical Creative 5.1 
  hide details  
Reply
post #69 of 85
Quote:
Originally Posted by Spykerv View Post
I've gone through 5 pages, and not one of you have recommended
GMER

it should find and fix any rootkit issues you have.
Gmner is in Combofix. Thats the reason
post #70 of 85
Quote:
Originally Posted by Kmon View Post
I dont know the specific one he has. There is one that is sold fairly regularly by some shady characters it is called zeus. There are multiple versions of it. It is rumored to being superseed by a better rootkit.

See attached link
http://www.prevx.com/blog/112/ZEUS-s...iness-PCs.html

This is one I think he may have. It is fairly common.
Zeus is a bot.
Ive got the Zeus source code. You can get it for free now

Quote:
Originally Posted by ezveedub View Post
I have never been infected by adding a HHD to be scanned this way in years. Maybe if you start launching stuff from it or boot up with it connected, maybe, but I always connect them once the working/scanning PC is ready to scan the drive.
Malware use vulnerabilities to bypass securities. A lnk or autorun file on the disk means it will be run. Never scan such a infected drive from a normal windows boot. Rather use another system and make use of a boot cd. Flash drives malware can copy itself over.
Edited by Spooony - 8/5/11 at 10:47pm
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › How can I get rid of this nasty virus?