Hardware Canucks

Hardware Canucks (http://www.hardwarecanucks.com/forum/)
-   Storage (http://www.hardwarecanucks.com/forum/storage/)
-   -   infected hard drive (http://www.hardwarecanucks.com/forum/storage/52892-infected-hard-drive.html)

dukesdad March 30, 2012 09:16 PM

infected hard drive
 
Hello,
My friend has a Dell with windows vista. He picked up a nasty virus of some sort.When booting up, as soon as I entered his password, hit enter, the screen would go black. I could still hear the drive going, but stayed black. If I hit alt-ctrl-del the task manager screen would come up.
Safe mode same thing, with "safe mode" in the 4 corners.
Switched hard drives and installed windows 7, and all works well. So I think the motherboard is okay.
Now the problem.
It seems his backup habits are the sameas his surfing habits. pretty bad. non existent .
Hooked up the old hard drive again as a second hdd. and it shows about 100gb out of 150gb used, but clicking open only showed 1 file. Something or other .BAK
So I tried running scan disk on it, but it froze. Then the Antivirus popped up showing a trojan, someting DOS, click to clean. OK. Click to restart OK
Win 7 boots okay on the new drive, but windows says the old drive not accessable.
There are a lot ofpics on the old drive.
Any ideas how to get them off?

taimoorali007 March 30, 2012 10:54 PM

Did you try to access it from other computer...i mean....booting with other HDD and from there connect your HDD and check from partition?

SugarJ March 30, 2012 11:15 PM

That's what he did. Read the original post.

You probably just need to assign a drive letter in disk management. Link on how to open it: Disk Management Windows 7 - How To Access Disk Management in Windows 7

Do not add or delete partitions or you will lose your data.

Once you can see the drive, run every antivirus and anti malware you have on it, including MS Malicious Removal Tool. Oh, and make sure you are able to see hidden files/folders, they are probably still there but the trojan hides them.

Shadowmeph March 31, 2012 10:27 AM

Quote:

Originally Posted by SugarJ (Post 616489)
That's what he did. Read the original post.

You probably just need to assign a drive letter in disk management. Link on how to open it: Disk Management Windows 7 - How To Access Disk Management in Windows 7

Do not add or delete partitions or you will lose your data.

Once you can see the drive, run every antivirus and anti malware you have on it, including MS Malicious Removal Tool. Oh, and make sure you are able to see hidden files/folders, they are probably still there but the trojan hides them.

Yes but the first thing you "Have to do" is turn off system restore because the virus or what ever can hide itself inside there.
Also disconnect from the internet and try to boot into safe mode. there are disks that are free in which you can boot into the disk and then choose what you want to do like scan for virus's it takes quite a while to do this. I don't do it like that though what I do is grab a pen drive use a different cp and download some portable virus scanner and update it, then I boot the infected pc into safe mode and scan. there is also the combowfix which usually works
A guide and tutorial on using ComboFix

Adzsask March 31, 2012 11:03 AM

Easy way, format drive, hard, but still works version, see above post^


All times are GMT -7. The time now is 08:08 PM.