Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › got a virus. need to completely wipe my hard drive.
New Posts  All Forums:Forum Nav:

got a virus. need to completely wipe my hard drive.

post #1 of 28
Thread Starter 
So I got a virus a few weeks and finally got around to reinstalling Windows 7 (been running Ubuntu). Een after clean install, MSE came up with the Alureon.E. I thought my external hard drive infected the new install, but i did another clean install without ever connecting my external drive, installed MSE, and still got Alureon.E. So can I delete all the partitions includig the recovery one since i don't have the OEM CD any more? Also installed the same Windows 7 on my netbook and it has no virus so it is either the internal hard drive or external drive.

TL;DR-How do i completely wipe and clean my hard drive?
post #2 of 28
Boot into safe mode, plug in your external (which also may be infected), and scan all drives with Malwarebytes and Super-Anti spyware. It's literally that easy. Just use ninite.com to install them and have at it.
I have Ryzen!
(13 items)
 
  
CPUMotherboardGraphicsRAM
Ryzen 5 1600 3.7GHz 1.3v MSI B350M Mortar Arctic Asus Strix RX470 4GB Corsair Vengance LPX 3200 16GB 
Hard DriveHard DriveCoolingOS
Intel 520 240GB Transcend 480GB Wraith Spire Windows 10 Pro x64 
MonitorKeyboardPowerCase
Dell UltraSharp U2412M CM Quick Fire (Brown Switches) Rosewill Valens 500W Gold Corsiar Carbide Air 240 
Mouse
Zowie 
  hide details  
Reply
I have Ryzen!
(13 items)
 
  
CPUMotherboardGraphicsRAM
Ryzen 5 1600 3.7GHz 1.3v MSI B350M Mortar Arctic Asus Strix RX470 4GB Corsair Vengance LPX 3200 16GB 
Hard DriveHard DriveCoolingOS
Intel 520 240GB Transcend 480GB Wraith Spire Windows 10 Pro x64 
MonitorKeyboardPowerCase
Dell UltraSharp U2412M CM Quick Fire (Brown Switches) Rosewill Valens 500W Gold Corsiar Carbide Air 240 
Mouse
Zowie 
  hide details  
Reply
post #3 of 28
Thread Starter 
Done that in Vista. Will it be any diferent on Windows 7?o
post #4 of 28
Toilet paper, 2-ply, front to back, never back to front. Now, on a serious note I'd use Darik's Boot and Nuke (DBAN). But have you maybe considered it may be your choice of anti-virus that could be infected, and not the hdd or whatever? Just something else to consider.
Assimilator
(16 items)
 
Backup
(12 items)
 
s939
(11 items)
 
CPUMotherboardGraphicsRAM
Intel i7 4770k Gigabyte z97x-soc force XFX R7 260X Crucial Ballistix Sport LP  
Hard DriveHard DriveCoolingCooling
Crucial M500 Seagate  EK-KIT L120 Swiftech MCR-H220 
OSMonitorKeyboardPower
Arch Linux x86-64 HP E201 Cooler Master Rapid-i mx red/green led EVGA SuperNOVA 850B2 
CaseMouseMouse PadAudio
Corsair C70 Perixx MX-1800R Something from Radio Shack Altec Lansing 2.1 
CPUMotherboardGraphicsRAM
i5 4690k Gigabyte Z97x-ud3h-bk MSI r7770 Crucial 
Hard DriveHard DriveCoolingOS
Crucial m4 240GB Seagate Corsair H60 Arch Linux 
MonitorKeyboardPowerCase
HP 2009m Noppoo Lolita 87 Corsair HX650 Cooler Master Haf 912 
CPUMotherboardGraphicsRAM
AMD Opteron 185 DFI LANPARTY UT nF4 SLI-DR Expert EVGA 8800 GTS Corsair XMS-4000PT DDR500 
Hard DriveOptical DriveCoolingOS
Seagate Asus Thermalright XP-90  XP Pro 
PowerCaseAudio
Ultra XFinity Chrome ULT-XF500  Ultra Wizard ALC850 
  hide details  
Reply
Assimilator
(16 items)
 
Backup
(12 items)
 
s939
(11 items)
 
CPUMotherboardGraphicsRAM
Intel i7 4770k Gigabyte z97x-soc force XFX R7 260X Crucial Ballistix Sport LP  
Hard DriveHard DriveCoolingCooling
Crucial M500 Seagate  EK-KIT L120 Swiftech MCR-H220 
OSMonitorKeyboardPower
Arch Linux x86-64 HP E201 Cooler Master Rapid-i mx red/green led EVGA SuperNOVA 850B2 
CaseMouseMouse PadAudio
Corsair C70 Perixx MX-1800R Something from Radio Shack Altec Lansing 2.1 
CPUMotherboardGraphicsRAM
i5 4690k Gigabyte Z97x-ud3h-bk MSI r7770 Crucial 
Hard DriveHard DriveCoolingOS
Crucial m4 240GB Seagate Corsair H60 Arch Linux 
MonitorKeyboardPowerCase
HP 2009m Noppoo Lolita 87 Corsair HX650 Cooler Master Haf 912 
CPUMotherboardGraphicsRAM
AMD Opteron 185 DFI LANPARTY UT nF4 SLI-DR Expert EVGA 8800 GTS Corsair XMS-4000PT DDR500 
Hard DriveOptical DriveCoolingOS
Seagate Asus Thermalright XP-90  XP Pro 
PowerCaseAudio
Ultra XFinity Chrome ULT-XF500  Ultra Wizard ALC850 
  hide details  
Reply
post #5 of 28
save your most prized programs and files on external hdd....

then simply format your main drive...http://pcsupport.about.com/od/windows7/ht/format-hard-drive-windows-7.htm

keep in mind some of the files you transfer to your external hdd might be corrupted as well as your OS files. I would personally start over from scratch, but thats just me.
Black Silence
(15 items)
 
  
CPUMotherboardRAMHard Drive
i5 3570k @ 4.5 GHz Asus P8Z77-M Pro Kingston HyperX Genesis 8 GB - 1600 MHz Seagate Barracuda 250 GB 
Optical DriveCoolingOSMonitor
Samsung WriteMaster Noctua NH-D14 Windows 10 ASUS VS24AH-P 
KeyboardPowerCaseMouse
Logitech Navigator Enermax Infiniti 650W Fractal R3 Black Pearl Razer Death Adder 
Mouse PadAudio
SteelSeries QcK Mass Altec Lansing FX4021 
  hide details  
Reply
Black Silence
(15 items)
 
  
CPUMotherboardRAMHard Drive
i5 3570k @ 4.5 GHz Asus P8Z77-M Pro Kingston HyperX Genesis 8 GB - 1600 MHz Seagate Barracuda 250 GB 
Optical DriveCoolingOSMonitor
Samsung WriteMaster Noctua NH-D14 Windows 10 ASUS VS24AH-P 
KeyboardPowerCaseMouse
Logitech Navigator Enermax Infiniti 650W Fractal R3 Black Pearl Razer Death Adder 
Mouse PadAudio
SteelSeries QcK Mass Altec Lansing FX4021 
  hide details  
Reply
post #6 of 28
Thread Starter 
What do you mean the anti virus is infected? MSE shows Alureon.E and Malwarebytes on quick scan shows nothing.

Will check out DBAN later.
post #7 of 28
Quote:
Originally Posted by surfbumb View Post

save your most prized programs and files on external hdd....
then simply format your main drive...http://pcsupport.about.com/od/windows7/ht/format-hard-drive-windows-7.htm
keep in mind some of the files you transfer to your external hdd might be corrupted as well as your OS files. I would personally start over from scratch, but thats just me.

Might be rare but formatting that way won't get rid of viruses hiding in the boot sector.

2nd dban or just fix the MBR in w7 recovery cosole (than reformat).

How recently did you use the W7 from your recovery partition? It is possible it got infected after you tried it on your netbook.

If your netbook is clean why not run it in safe mode/sandbox it and try scanning the external. We need to eliminate possible hiding locations of the virus.

Edit: Looked up the virus. Seems it messes with the VBR. If you willing to lose data, just repair the MBR and it shouldn't be able to replicate after reformat.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Trojan%3ADOS%2FAlureon.E
Edited by evilferret - 3/21/12 at 3:56pm
Main Rig
(17 items)
 
*Not so* Main Rig
(13 items)
 
 
CPUMotherboardGraphicsRAM
I7-2600k Asus Maximus Gene-Z Zotac 970 32 gig (4x8gig) Cosair Dominator 1866 CL9 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 830 - 128 gig VelociRaptor 300gig Random Toshiba 3TB Liteon 24x DVD-RW OEM  
CoolingOSMonitorKeyboard
Cosair H100 Windows 7 Pro x64 Xstar 1440p Realforce TKL 
PowerCaseMouseAudio
Seasonic x750 Arc Mini RAT7 Fiio E10 
CPUMotherboardGraphicsRAM
Phenom x4 955 BE Gigabyte 870a-UD3 XFX 6870 4 gig G-skills 1600 mhz CL9 
Hard DriveOptical DriveOSMonitor
64 gig Microcenter SSD / 1TB Samsung F3 Random DVD-RW W7 64 Bit Ultimate Asus VH236H 
KeyboardPowerCase
U9BL Cosair 750 TX CoolerMaster 690 II 
  hide details  
Reply
Main Rig
(17 items)
 
*Not so* Main Rig
(13 items)
 
 
CPUMotherboardGraphicsRAM
I7-2600k Asus Maximus Gene-Z Zotac 970 32 gig (4x8gig) Cosair Dominator 1866 CL9 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 830 - 128 gig VelociRaptor 300gig Random Toshiba 3TB Liteon 24x DVD-RW OEM  
CoolingOSMonitorKeyboard
Cosair H100 Windows 7 Pro x64 Xstar 1440p Realforce TKL 
PowerCaseMouseAudio
Seasonic x750 Arc Mini RAT7 Fiio E10 
CPUMotherboardGraphicsRAM
Phenom x4 955 BE Gigabyte 870a-UD3 XFX 6870 4 gig G-skills 1600 mhz CL9 
Hard DriveOptical DriveOSMonitor
64 gig Microcenter SSD / 1TB Samsung F3 Random DVD-RW W7 64 Bit Ultimate Asus VH236H 
KeyboardPowerCase
U9BL Cosair 750 TX CoolerMaster 690 II 
  hide details  
Reply
post #8 of 28
Thread Starter 
Quote:
Originally Posted by evilferret View Post

Might be rare but formatting that way won't get rid of viruses hiding in the boot sector.
2nd dban or just fix the MBR in w7 recovery cosole (than reformat).
How recently did you use the W7 from your recovery partition? It is possible it got infected after you tried it on your netbook.
If your netbook is clean why not run it in safe mode/sandbox it and try scanning the external. We need to eliminate possible hiding locations of the virus.

Looks like DBAN is the best method.

I should probably clarify. The virus is on my desktop that came with OEM Vista. It got the virus and I got Windows 7 and tried a clean install. Virus was still there there so I tried it on my netbook to see if there were any corrupted files on the disc somehow since it Was a backup from my dad. The recovery partition has never been used since I lost the OEM disc years ago.

Hope that explains my situation a little better.
post #9 of 28
Quote:
Originally Posted by isoDUB View Post

Looks like DBAN is the best method.
I should probably clarify. The virus is on my desktop that came with OEM Vista. It got the virus and I got Windows 7 and tried a clean install. Virus was still there there so I tried it on my netbook to see if there were any corrupted files on the disc somehow since it Was a backup from my dad. The recovery partition has never been used since I lost the OEM disc years ago.
Hope that explains my situation a little better.

Just be careful with dban. I've had friends brick harddrives using it too much.

Good luck.

Oh just for reference, you might want to keep a copy of Gmer or other rootkit detection programs in case this happens again.

Anychance you can run gpart and see if there are any "extra" partitions hiding?
Main Rig
(17 items)
 
*Not so* Main Rig
(13 items)
 
 
CPUMotherboardGraphicsRAM
I7-2600k Asus Maximus Gene-Z Zotac 970 32 gig (4x8gig) Cosair Dominator 1866 CL9 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 830 - 128 gig VelociRaptor 300gig Random Toshiba 3TB Liteon 24x DVD-RW OEM  
CoolingOSMonitorKeyboard
Cosair H100 Windows 7 Pro x64 Xstar 1440p Realforce TKL 
PowerCaseMouseAudio
Seasonic x750 Arc Mini RAT7 Fiio E10 
CPUMotherboardGraphicsRAM
Phenom x4 955 BE Gigabyte 870a-UD3 XFX 6870 4 gig G-skills 1600 mhz CL9 
Hard DriveOptical DriveOSMonitor
64 gig Microcenter SSD / 1TB Samsung F3 Random DVD-RW W7 64 Bit Ultimate Asus VH236H 
KeyboardPowerCase
U9BL Cosair 750 TX CoolerMaster 690 II 
  hide details  
Reply
Main Rig
(17 items)
 
*Not so* Main Rig
(13 items)
 
 
CPUMotherboardGraphicsRAM
I7-2600k Asus Maximus Gene-Z Zotac 970 32 gig (4x8gig) Cosair Dominator 1866 CL9 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 830 - 128 gig VelociRaptor 300gig Random Toshiba 3TB Liteon 24x DVD-RW OEM  
CoolingOSMonitorKeyboard
Cosair H100 Windows 7 Pro x64 Xstar 1440p Realforce TKL 
PowerCaseMouseAudio
Seasonic x750 Arc Mini RAT7 Fiio E10 
CPUMotherboardGraphicsRAM
Phenom x4 955 BE Gigabyte 870a-UD3 XFX 6870 4 gig G-skills 1600 mhz CL9 
Hard DriveOptical DriveOSMonitor
64 gig Microcenter SSD / 1TB Samsung F3 Random DVD-RW W7 64 Bit Ultimate Asus VH236H 
KeyboardPowerCase
U9BL Cosair 750 TX CoolerMaster 690 II 
  hide details  
Reply
post #10 of 28
Thread Starter 
Quote:
Originally Posted by evilferret View Post

Just be careful with dban. I've had friends brick harddrives using it too much.
Good luck.
Oh just for reference, you might want to keep a copy of Gmer or other rootkit detection programs in case this happens again.
Anychance you can run gpart and see if there are any "extra" partitions hiding?

Gparted as in Linux? Got a Ubuntu 11.10 live usb I've been using as a main OS for a few weeks.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › got a virus. need to completely wipe my hard drive.