Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question about wipe/reformat, possible reinfection from old data


  • Please log in to reply
4 replies to this topic

#1 pbobb

pbobb

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 26 March 2010 - 02:46 PM

Hi, I'm pretty sure my PC is infected with a devious virus that seems to evade most of the normal scans (Malwarebytes, for example, keeps finding something innocuous ever few days, but the browser redirect problems, dodgy performance, etc. don't go away). Hitman Pro is telling me it's got something called atapi.sys, and from what I can find googling that, it's not good. So I'm thinking about just wiping the machine, but I'm concerned about re-infecting it after that with something in the old data (I use the machine for drafting applications, email, plus of course run of the mill Open Office applications). Could somebody point me in the direction of the best way to backup my current data in a way which will preclude reinfection? Thank you.

BC AdBot (Login to Remove)

 


#2 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:06:33 AM

Posted 26 March 2010 - 03:47 PM

You can try burning the data to a CD then scan it as deep as your AV will allow, if it comes up clean "You may" get away with it. I suggest that you go to your HD manufacturers site and down load a wipe program that will write 0's to the drive, it is very easy to drag bad baggage along onto the new install.

Phil

Honesty & Integrity Above All!


#3 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:06:33 AM

Posted 26 March 2010 - 03:48 PM

Also get a friend to down load a boot disc so you can get it fired up, maybe even have them down load the wipe program so you now it is clean.

Honesty & Integrity Above All!


#4 Keithuk

Keithuk

  • Members
  • 960 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:33 AM

Posted 28 March 2010 - 05:43 AM

Hi, I'm pretty sure my PC is infected with a devious virus that seems to evade most of the normal scans (Malwarebytes, for example,

Well you haven't said which OS you are using but Malwarebytes doesn't work on a Win9x/ME system it sounds like your using a WinNT system. The Mods may move this topic to WinXP or Am I infected.

If you are infected with a virus then Malwarebytes won't do much either. Which virus checker are you using? :thumbsup:

Keith

Windows ME (spare computer)
Windows XP 2002 Professional SP3 (desktop computer)
Windows 7 Professional SP1 32bit (laptop computer)

Windows 8 64bit spare drive for laptop computer


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:33 PM

Posted 28 March 2010 - 07:38 AM

Hello, I am moving this to the Am I Infected forum.

Most likely you are being hit by the TDL3 rootkit. This is a rootkit with backdoor capabilities and a reformat is indeed recommended. I also recommend to change all passwords and any banking information you might have been using.

BleepingComputer has a removal guide for this, and if you want to reformat, I'd recommend you follow that first before saving any data.

If you decide to cleanup instead, I recommend to post your logs in the Malware Removal forum in order to make sure everything gets cleaned up properly and no leftovers are there anymore.

Edited by elise025, 28 March 2010 - 07:39 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users