PLEASE HAVE PATIENCE, I DONT THINK YOU'VE HEARD OF SUCH A VARIED PROBLEM, PLEASE DONT BE SCARED BY THE LENGTH OF MY POST, JUST KNOW THAT WHAT IM SAYING IS TRUE AND I DESPERATELY SEEK YOUR HELP!
(this is just back ground info u can skip it...im just saying it from the beginning) 3 weeks i bought a brand new pc
. I installed windows xp sp2
. and everything was fine. One day, i couldnt update my avira AND superantispyware and could not visit ANY anti virus websites. I didn't know what to do. Bt somehow i got rid of the problem as superantispyware detected a backdoor Trojan and cleaned it. Then i could access everything again, I also used TrendMicro housecall to find another worm downloader from my windows partition. Thats that. I could browse and use my PC safely again. no problems at all were seen.
(THE REAL HEADACHE) THen after a few days...yesterday to be exact, i put in what i thought was a clean DVD (data DVD) in my drive and before i even tried to open it
, the chain of events started, (btw.....im pretty damn sure the DVD is infected) - 1.
My windows explorer shut down with the usual termination massage it normally gives when you shut it down from he processes window (explorer.exe has encountered a problem and needs to close)
and the icons disappeared from my desktop along with the startbar! After a few seconds, it all came back. But i knew something was wrong. I immediately turned on SuperAntiSpyware and ran a scan of the DVD nd my C: (windows drive). ALMOST MORE THAN 11 WORMS AND TROJANS WERE DETECTED of different names and before i could clean them by clicking the button, my pc restarted with a blue screen with some white error (which was there for just a little while so i couldnt read).
some names of the detected worms (as far as i can remember): Nimda, backdoor, gen(something like that) and many more!2.
When i turned it on again, i could not access any .exe files, my dialer was gone from Network Connections so i couldnt access the net and i couldn't update any security software. I tried avira, MalwareBytes AntiMalware, AVG etc. Luckily...only SuperAntiSpyware ran and once again found those viruses. Before it could even finish half of its search, the same blue screen splashed again with the PC rebooting. I panicked and immediately reinstalled my OS from a bootable XP sp2 DVD. Took me 45 minutes. I thought this would take care of the problem.3.
As I had reformatted the C: drive during my installation so i thot the virus was gone for good. But when I entered my the desktop for the first time, this error came on - - - (runouce.exe has encountered a problem and needs to close
). I checked the background processes.....along with this runouce.exe...there were a thousand other net1.exe and net.exe
processes! I couldnt access the net (as no browser would open and there was no dialer!) nor use ANY .exe files so i couldn't install ANY antivirus or antispyware soft! And i searched for .eml files
and there were a LOT OF THEM(i knew Nimda did this during infection). I almost deleted all of them. But still....nothing improved. I deleted the riched30.dll from the PC as i had read somewhere that it was connected to nimda.4.
Luckily I had a spare SATA HDD where i reinstalled the same OS from the same DVD nd evrything is working fine in that HDD as i write. I disconnected the newer and totally infected HDD (Im writing this post frm the spare CLEAN MAXTOR HDD). Anyway, i downloaded stinger.exe
and i scanned the maxtor HDD with it, i downloaded AVG 9 free and superantispyware and ran scans with both in the maxtor HDD. This spare HDD was totally clean fortunately! 5.
I found some instructions in this website to remove the nimda virus. I put stinger.exe, combofix.exe, hijackthis.exe and the ms-dos version of the SuperAntiSpyware online scanner program and put them in a formatted, fresh pen drive. I disconnected the clean HDD and attached the infected one (samsung), and then inserted the pendrive.6.
I logged on to the infected OS in safe mode. THen clicked on the stinger icon. Then the following error was displayed - Stinger has been infected and needs to close
. None of the .exe files (as i mentioned before) were working! As a last reosort, I put combofix.exe into the desktop and clicked it. First it did not open. After a delay of 10 secs......a BIG ERROR WAS SHOWN - - "combofix can not run as riched30.dll is missing, reinstalling the application may fix the problem"
. But then...somehow....Combofix began loading. Then the first menu came and i clicked to proceed. THEN Combofix said "Your computer is infected by the file patching virus virut, combofix has been infected
(or something like that)"
. Then the combofix icon just disappeared from the desktop!7.
So as none of the .exe files in the pendrive would work, I turned on that online ms-dos format SuperAntiSpyware. I couldnt update it as it said something about a firewall blocking it(definitely one of the viruses did this) but still i ran a scan. It found two worm.runouce.exe in the C: Drive
....i cleaned them and SuperAntiSpyware told me to reboot the pc to complete the removal. I rebooted the PC....but when i scanned again as a precaution with the same superantispyware, they were found AGAIN! nd this time there were 3! I removed and rebooted again. Then scanned again. The three were still there.
8. i just gave up! NO exe files were working, no dialer in the network connections so no internet, combofix said there was a virut virus, stinger was infected itself, there were infected .eml files all over C drive and there were numerous net1.exe and net.exe running as background processes! I just disconnected the infected hard drive and now im safely (i hope!) using my 80GB maxtor for the time being.
NOW MY PROPOSED SOLUTION would be to put the infected HDD as a slave with the clean one and then completely format it. Every partition. But problem is i have a huge amount of audio and video in the infected HDD (not in the C but in the E and D partitions)! Would transferring the music and movie files in the clean HDD cause a problem (mind you theres no txt files or html files involved....simply mp3, pdf, avi and flv files)
???? Or should i format the whole infected hard drive? I really need those files and i dont think they're infected.
I would instantly format the infected drive as soon as i finish transferring those media files. So tell me, if I do this will there be much problem????PLEASE....i know this site is full of people who actually know about these stuff. Give me some advice. Im really in a pickle here. I have never been infected with so many viruses! and defintely never by ones with so much destructive potential!
P.S. From the next time I'll always use another hard disk to test out foreign objects and external media before i connect it with my main hard drive. Or are there better ways to test if external media (pen drives, CDs, DVDs, Portable HDDs) are infected??????? Should I use my spare HDD to do this in the future or is there a better and safer way to test these kinds of media. I hadn't even opened the aforementioned DVD and the viruses came flooding in! Please give me some useful methods!!!
P.S.S. very very STUPID QUESTION......if a HDD remains disconnected from the net and from the computer,,,,do the viruses still multiply during that time??