Infected recovery partition

Hi first post here.
I have a problem.
ERD SSS managed to remove the infection from the local disk, four trojans can't remember the names, but MBAM confirmed the partition was clean.
Only trouble was, the system was still unresponsive. So I removed the HDD from the system, installed it as a slave and run another MSE scan which picked up Trojan Dropper: Win32/Dunik!rts, within the recovery partition.
Quarantine just isn't doing the anything. If I remove the infection completely, will the recovery partition still be usable, or is the entire hdd going to need formating???

I'm tired, this is the second serious infection, (two different machines) I have had to deal with this week, and as you can imagine, I haven't slept much. the first one took me three days, this one I started Saturday night.

Hello and welcome.. We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.

Let me know if that went well.

Thanks for the quick reply. Got a BSOD while running GMER didn't get time to read it, no error in system log other than unexpected shutdown, ran check disk no errors.
Going to try and replicate...
OK caught it this time, BSOD page fault in non page area, I have looked back through the system log and it looks like it's been going on for a while. With all the malware problems and the BSOD it might be about time to reinstall the operating system. These are going back to 1/Sep/2009.

Edited by Clever Trevor, 06 September 2010 - 12:55 AM.

Your decision as to what action to take should be made by reading and asking yourself the questions presented in "When Should I Format, How Should I Reinstall?" In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

Thank's.
I backed up all the data on the hdd before I even started running a malware scan, I know how badly these things can destroy the OS. Best not to take any chances eh....
The malware programmers need lining up against a wall.........

That is so true.

{credit quietman7}
If you're not sure how to reformat or need help with reformatting, please review:

• How to partition and format a hard disk in Windows XP
• Prepping for a Clean Install Windows XP.

These links include step-by-step instructions with screenshots:

• XP Clean Install Interactive Setup
• How to reformat your computer in case of a severe malware infection
• Reformat & Clean Install Windows XP

Vista users can refer to these instructions:

• Windows Vista Clean Install
• How to Do a Clean Install and Setup with a Full Version of Vista
• How to Do a Clean Install with a Upgrade Version of Vista

Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead..

If you need additional assistance with reformatting or partitioning, you can start a new topic in the Windows XP Home and Professional forum.

Edited by boopme, 06 September 2010 - 09:02 PM.