Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Hard Drive Virus
New Posts  All Forums:Forum Nav:

Hard Drive Virus

post #1 of 10
Thread Starter 
So my sister got a virus on my parent's computer. It first gave a fake warning message saying my HDD was dying and hid all the files in folders. I couldn't get rid of it. I used avira, malwarebytes, super-anti-spyware, spy-bot, combo fix.

So I just reformatted the windows partition. The files stopped getting hidden, but the warning still came back. Also SMART HDD got disabled, and I started to have to press F1 at boot to get into windows, despite whatever the bios settings were.

Now a few days later, the computer is stuck in a infinite system repair loop and I can't reinstall windows either since it says the hard drive is failing.

I think it'd be too coincidental for the hard drive to be actually dying. What can I do to fix it? I'll probably do a complete reformat this time too. But I need to back up the files on first. Since it was able to affect my hard drive, bios, and survive a reformat, I'm worried the virus can hop onto another drive if I plug in the HDD to my computer. Anything I can do to prevent that or am I screwed?
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 750 GA-P55M-UD2 Asus 5850 4 GB Corsair 
Hard DriveOSPower
Samsung Spin point F3 Windows 7 620w S12II Seasonic 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 750 GA-P55M-UD2 Asus 5850 4 GB Corsair 
Hard DriveOSPower
Samsung Spin point F3 Windows 7 620w S12II Seasonic 
  hide details  
Reply
post #2 of 10
Try booting something like Ubuntu off of a flash drive, copy all your files to an external drive, use something like DBAN (Darik's Boot And Nuke) and wipe that sucker clean, then reinstall Windows, make sure your AV is up to date, and plug your external drive into it, scan it, then copy the files.

Ill try to post links later, good luck!
The Lie v2
(18 items)
 
  
CPUMotherboardGraphicsRAM
i5 4690k ASRock z97 Extreme 4 EVGA GTX 1070 Crucial 
Hard DriveHard DriveHard DriveCooling
Crucial MX300 WD Caviar Blue 500 Gb Crucial MX300 Corsair H100i 
OSOSMonitorKeyboard
Manjaro Win10 lg29um58 Ducky One TKL RGB 
PowerCaseMouseMouse Pad
OCZ Modxtreme 600w INWin 303 Logitech G602 Rubber 
AudioOther
HD598 Lots of fans 
  hide details  
Reply
The Lie v2
(18 items)
 
  
CPUMotherboardGraphicsRAM
i5 4690k ASRock z97 Extreme 4 EVGA GTX 1070 Crucial 
Hard DriveHard DriveHard DriveCooling
Crucial MX300 WD Caviar Blue 500 Gb Crucial MX300 Corsair H100i 
OSOSMonitorKeyboard
Manjaro Win10 lg29um58 Ducky One TKL RGB 
PowerCaseMouseMouse Pad
OCZ Modxtreme 600w INWin 303 Logitech G602 Rubber 
AudioOther
HD598 Lots of fans 
  hide details  
Reply
post #3 of 10
Thread Starter 
Hey thanks for the response.

I don't have an external hard drive, so i'm planning stick into that HDD as a slave into a desktop. I might just get a new ssd for them, and back up everything onto there. Then I'll DBAN that sucker to oblivion. Hopefully the HDD will be usable again.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 750 GA-P55M-UD2 Asus 5850 4 GB Corsair 
Hard DriveOSPower
Samsung Spin point F3 Windows 7 620w S12II Seasonic 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 750 GA-P55M-UD2 Asus 5850 4 GB Corsair 
Hard DriveOSPower
Samsung Spin point F3 Windows 7 620w S12II Seasonic 
  hide details  
Reply
post #4 of 10
It may be possible that the virus found a way of installing itself on the recovery partition of the HDD, as many OEM's (Dell, HP, Sony, Acer, etc) create a small partiontion on the HDD to house the OS recovery files.

If the virus had found some way of getting itself onto this partion it would have been unaffected when you reinstalled windows, therefore giving you the same error message. You could try formatting this partition and see if the virus comes back. Provided that you havent tried this already, or if the PC even has a recovery partition.

Also, I wouldn't risk putting this HDD in another computer, I'm sure your don't want the virus to spread to another computer aswell. wink.gif
 
POS
(13 items)
 
Dell Vostro 3300
(13 items)
 
CPUMotherboardGraphicsRAM
Intel i5 2500k @ 4.8GHz 1.28v 24/7 MSI P67A-GD55 PowerColor Radeon 7870 PCS+ 1350/1550MHz 24/7 Crucial 12GB 8-8-8-22 
Hard DriveOptical DriveCoolingOS
WD Scorpio Black 2.5" RAID 0 (1000GB) LG DVD-RW DL Dwood Windows 7 Professional 64-Bit 
MonitorKeyboardPowerCase
Samsung S23A700D 120Hz Microsoft Sidewinder X4 OCZ ModXStreamPro 700 Watt Corsiar 400R 
MouseMouse PadAudio
RAT 3 Wooden Desk On-board 7.1 Surround 
CPUMotherboardGraphicsRAM
Pentium 4 1.9Ghz Trigem Cupertino Geforce 2 MX400 @ 185MHZ 512MB DDR @ 133MHz 
Hard DriveOptical DriveOSMonitor
40Gb @ 17Mb/s 2x DVD Burner Windows XP Home Edition x86 16" CRT 
KeyboardPowerCaseMouse
OEM 300 Watt OEM OEM 
CPUMotherboardGraphicsRAM
520m 2.4GHz Dell 05JR09 310m (GT218m) 4Gb DDR3 
Hard DriveOSMonitorPower
500Gb Win7 Prof 64BIT 13.3" 90Watt Power adapter. 4 Cell Battery 
  hide details  
Reply
 
POS
(13 items)
 
Dell Vostro 3300
(13 items)
 
CPUMotherboardGraphicsRAM
Intel i5 2500k @ 4.8GHz 1.28v 24/7 MSI P67A-GD55 PowerColor Radeon 7870 PCS+ 1350/1550MHz 24/7 Crucial 12GB 8-8-8-22 
Hard DriveOptical DriveCoolingOS
WD Scorpio Black 2.5" RAID 0 (1000GB) LG DVD-RW DL Dwood Windows 7 Professional 64-Bit 
MonitorKeyboardPowerCase
Samsung S23A700D 120Hz Microsoft Sidewinder X4 OCZ ModXStreamPro 700 Watt Corsiar 400R 
MouseMouse PadAudio
RAT 3 Wooden Desk On-board 7.1 Surround 
CPUMotherboardGraphicsRAM
Pentium 4 1.9Ghz Trigem Cupertino Geforce 2 MX400 @ 185MHZ 512MB DDR @ 133MHz 
Hard DriveOptical DriveOSMonitor
40Gb @ 17Mb/s 2x DVD Burner Windows XP Home Edition x86 16" CRT 
KeyboardPowerCaseMouse
OEM 300 Watt OEM OEM 
CPUMotherboardGraphicsRAM
520m 2.4GHz Dell 05JR09 310m (GT218m) 4Gb DDR3 
Hard DriveOSMonitorPower
500Gb Win7 Prof 64BIT 13.3" 90Watt Power adapter. 4 Cell Battery 
  hide details  
Reply
post #5 of 10
Thread Starter 
Quote:
Originally Posted by Warweo View Post

Also, I wouldn't risk putting this HDD in another computer, I'm sure your don't want the virus to spread to another computer aswell. wink.gif

Ya, I am worried about this as well, but was thinking maybe I'm paranoid. How could I work around that? If I use an external HDD, seems like that could get infected too. Maybe running off Ubuntu and burn some DVDs? Maybe I'd accidentally copy the virus too.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 750 GA-P55M-UD2 Asus 5850 4 GB Corsair 
Hard DriveOSPower
Samsung Spin point F3 Windows 7 620w S12II Seasonic 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 750 GA-P55M-UD2 Asus 5850 4 GB Corsair 
Hard DriveOSPower
Samsung Spin point F3 Windows 7 620w S12II Seasonic 
  hide details  
Reply
post #6 of 10
before u put the files on the fresh instal of windows use like comodo firewall and avast set comodo to paranoid mode ive always used it and its pretty good about telling me if something is goin to install itself hell installing anything new i gotta click its ok to install it a million time before im done ive had really good luck with that combo of avast and comodo firewall and there FREE...
Hazard
(10 items)
 
G750JX
(10 items)
 
 
MotherboardGraphicsRAMHard Drive
G750JX GTX 770m samsung liteonnit 
Hard DriveOptical DriveCoolingOS
hgst slimtype Dual cooling for CPU and GPU windows 8.1 
MonitorMouse
full 1080p razer ouroboros 
  hide details  
Reply
Hazard
(10 items)
 
G750JX
(10 items)
 
 
MotherboardGraphicsRAMHard Drive
G750JX GTX 770m samsung liteonnit 
Hard DriveOptical DriveCoolingOS
hgst slimtype Dual cooling for CPU and GPU windows 8.1 
MonitorMouse
full 1080p razer ouroboros 
  hide details  
Reply
post #7 of 10
also u can burn ubuntu to a disk and boot ubuntu from the disk for transferring files or i preffer to use hirens boot cd it has both a linux OS and mini windows xp you can boot for transfering file and all kinds of antivirus software with it...
Hazard
(10 items)
 
G750JX
(10 items)
 
 
MotherboardGraphicsRAMHard Drive
G750JX GTX 770m samsung liteonnit 
Hard DriveOptical DriveCoolingOS
hgst slimtype Dual cooling for CPU and GPU windows 8.1 
MonitorMouse
full 1080p razer ouroboros 
  hide details  
Reply
Hazard
(10 items)
 
G750JX
(10 items)
 
 
MotherboardGraphicsRAMHard Drive
G750JX GTX 770m samsung liteonnit 
Hard DriveOptical DriveCoolingOS
hgst slimtype Dual cooling for CPU and GPU windows 8.1 
MonitorMouse
full 1080p razer ouroboros 
  hide details  
Reply
post #8 of 10
download gparted and burn to a disk.
boot, wait for the live disk to load up.
make sure there isn't a ~1 to 5 mb partition that is hidden. if there is then delete it.

if you can boot after that get into windows and run tdsskiller from Kaspersky.

Sounds you might have a ZeroAccess rootkit, which will usually survive reformatting windows (because it boots off of a separate hidden partition)
ShadowForge
(12 items)
 
Defiant
(14 items)
 
CarbonCat
(13 items)
 
CPUMotherboardGraphicsRAM
Phenom II x6 1405T (unlocked Athlon II X4 640T) ASUS M5A99X EVO AM3+ Asus ENGTX470/2DI/1280MD5/V2 16 GB (4x4GB) G.Skill DDR3 1600 CAS9 1.35v 
Hard DriveHard DriveOptical DriveCooling
WD Caviar Blue 250 2.5" Laptop Drive WD Caviar Black 1TB 3.5" Pioneer BDR-203 BluRay Burner Corsair H60 push 
OSOSMonitorPower
Windows 7 Pro x64 Ubuntu 11.10 Samsung 40" 60hz  ANTEC NEO ECO 520W 
CaseMouse
NZXT Gamma Microsoft Bluetooth Notebook Mouse 5000 
CPUMotherboardGraphicsRAM
i7 - 2600k [5.0 1.42v] ASUS P8Z68 Deluxe Sapphire HD6950 2gb Dirt 3 Edition 8GB G.Skill DDR3 2133 CAS11 
Hard DriveOSMonitorKeyboard
60GB G.Skill Sniper + 2x1TB Spinpoint F3 Raid0 Win 7 Pro x64 ASUS VW266H Razer Blackwidow 
PowerCaseMouse
Seasonic X750 Gold Corsair Carbide 500R White G9 
  hide details  
Reply
ShadowForge
(12 items)
 
Defiant
(14 items)
 
CarbonCat
(13 items)
 
CPUMotherboardGraphicsRAM
Phenom II x6 1405T (unlocked Athlon II X4 640T) ASUS M5A99X EVO AM3+ Asus ENGTX470/2DI/1280MD5/V2 16 GB (4x4GB) G.Skill DDR3 1600 CAS9 1.35v 
Hard DriveHard DriveOptical DriveCooling
WD Caviar Blue 250 2.5" Laptop Drive WD Caviar Black 1TB 3.5" Pioneer BDR-203 BluRay Burner Corsair H60 push 
OSOSMonitorPower
Windows 7 Pro x64 Ubuntu 11.10 Samsung 40" 60hz  ANTEC NEO ECO 520W 
CaseMouse
NZXT Gamma Microsoft Bluetooth Notebook Mouse 5000 
CPUMotherboardGraphicsRAM
i7 - 2600k [5.0 1.42v] ASUS P8Z68 Deluxe Sapphire HD6950 2gb Dirt 3 Edition 8GB G.Skill DDR3 2133 CAS11 
Hard DriveOSMonitorKeyboard
60GB G.Skill Sniper + 2x1TB Spinpoint F3 Raid0 Win 7 Pro x64 ASUS VW266H Razer Blackwidow 
PowerCaseMouse
Seasonic X750 Gold Corsair Carbide 500R White G9 
  hide details  
Reply
post #9 of 10
The virus could have found its way into a recovery partition as stated above, it also could have found its way into a boot sector...there's a bunch of options as to why it came back. I would just download and burn Hiren's boot disc, boot from Hiren's and wipe the entire hard drive with one of its built in tools. This should be sufficient enough and you don't have to worry about plugging it into another machine.
post #10 of 10
Thread Starter 
I booted up through Ubuntu and tried to back up files by burning DVDs, but kept saying HDD was dying and interrupting the burn. So I installed a new windows on a new SSD, disabled autoplay, installed avast, malware bytes, and comodo on paranoid mode and just transferred it directly to the new SSD I DBANned the HDD, and set SMART to enable instead of auto on BIOS, but HDD is still consider failing. So I guess HDD really is dying, but still it's very coincidental to the time I got the virus. HDD is quiet and transfer rates were normal too. Everything is great on the new SSD, so no point in worrying anymore. Thanks again for all the help.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 750 GA-P55M-UD2 Asus 5850 4 GB Corsair 
Hard DriveOSPower
Samsung Spin point F3 Windows 7 620w S12II Seasonic 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 750 GA-P55M-UD2 Asus 5850 4 GB Corsair 
Hard DriveOSPower
Samsung Spin point F3 Windows 7 620w S12II Seasonic 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Hard Drive Virus