Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can some virus survive a repartition and format?


  • Please log in to reply
6 replies to this topic

#1 rnt4f

rnt4f

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 28 October 2010 - 09:20 PM

Hello All,
My PC recently had a graphic card problem; it died, I think, I get no monitor signal on reboot yet I see the CMOS test counter going on my mother board. So, I went out and got a new graphic card and replace it. That works fine for one evening of intensive gaming; I was eager to test out everything that the new graphic card can do. The next evening, when I booted up my PC, I get the blue screen of death. I then cold booted the PC and choose the start normal route when it prompt me that I had a crash and select my start options, etc. Everything came up fine after that.

However, the blue screen had me worried. I either installed the new graphic card wrong; software or hardware wise; or I may have something on my PC that it's desirable. Anyway, I decided to run a full scan of the PC using Norton's security suite, and it found nothing. I figured since Norton being a big name in Antiviral software, some virus may be coded specifically to be under its radar. So, I decided to do a little research on what I can get that could give me a second opinion. I found the review on CNET about how great Stopzilla is at catching things that Norton and McCafe misses, I decided to give it a shot. I downloaded the free version, installed it, reboot, and did a full scan. It found 10 trojans and a ton load of other cookies and stuffs. To remove these virus and stuffs that it found, I had to pay for the registered version of Stopzilla; so I paid up and let it does what need to do to clean my machine.

It turns out, the cure was worse than the disease. After the cleaning, I rebooted my computer and got a blue screen. I tried cold booting out of the blue screen a few times just to get back to the same exact blue screen again. Finally, I tried rebotting with F8 and chose the start with last good known boot option, and I was able to get back to the desktop; however, I noticed that during the OS loading, I now no longer have the thermal bar; in its place is an ugly blueish back ground, then it went to black, then the desktop; not the same graphics you'd see when Windows Vista boot up. Also, my PC now takes at least twice as long to boot up than it was before. Once I get to the desktop, it took what seems like forever to do anything. By now, I am annoyed and decided to uninstall Stopzilla. This is yet another mistake, because Stopzilla will not be uninstalled. I tried downloading RKILL, hoping I could maybe kill whatever process is running and manually delete the files; and clean the registry entries manually after but, the moment RKILL.COM, RKILL.EXE, IXPLORER.EXE gets on my computer, it automatically got removed (not just deleted, it disappeared!). The only one I have a little luck with was the EXPLORER.EXE, which sticked around long enough for me to double clicked on it, then it too disappeared.

Needless to say, by now I'm pretty much fed up and decided to start with a blank plate. I found my Windows Vista CD and booted from DVD drive. I deleted the hard drive's partition, formatted it, then deleted the partion and formatted again for good measure. I reinstalled Vista, updated my hardware drivers and then I believe I made another mistake. I decided that may be all the troubles was actually due to the cleaning of viruses that may have affected critical files, so I give Stopzilla another try. I reinstalled Stopzilla and ran a full scan again; thinking once the scan is done, I would have a good image to back-up incase this ever happens again. Well, unexpectedly, Stopzilla founded a "gen downloader.1 Trojan" virus on my PC, among a few other minor cookies and such. Now, I'm not a computer security expert but, I work for a software company and I've never heard of a computer virus capable of surviving a hard drive format. So, with that said, is it at all possible for a virus to survive a partional deletion and hard drive format? If so, how was that done and how can I remove it from the PC? It can't possibly wrote itself into the BIOS.

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:26 PM

Posted 28 October 2010 - 09:37 PM

Can you demand a refund?

http://www.amazon.com/Stopzilla-Stop-Spyware-Pop-ups-Theft/product-reviews/B000CQNJIM
Chewy

No. Try not. Do... or do not. There is no try.

#3 rnt4f

rnt4f
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 28 October 2010 - 10:29 PM

Can you demand a refund?

http://www.amazon.com/Stopzilla-Stop-Spyware-Pop-ups-Theft/product-reviews/B000CQNJIM


That's actually secondary to my concerns, but I did called them and asked for a refund and they promised to credit my credit card in 3 days. My primary concern is that whether or not I still have a virus on my computer, or is it that Stopzilla actually is creating a problem where there is none.

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:26 PM

Posted 28 October 2010 - 10:34 PM

that Stopzilla actually is creating a problem where there is none.


That would be my guess, but then if you saved any drivers or infected installers from before the reload, then it's possible you reinfected the computer?
Chewy

No. Try not. Do... or do not. There is no try.

#5 rnt4f

rnt4f
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 28 October 2010 - 10:47 PM

that Stopzilla actually is creating a problem where there is none.


That would be my guess, but then if you saved any drivers or infected installers from before the reload, then it's possible you reinfected the computer?


I should have clarified that. No the drivers were not saved and reloaded. There were 3 drivers updates (1) Logitech G15 key board, (2) Razor gaming mouse, and (3) Nvidia Gforce 465 graphic card; all of which was downloaded straight from vendors' support sites.

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:08:26 PM

Posted 29 October 2010 - 12:59 PM

There are plenty of free scanners that can give you a more reliable result, but any antimalware/virus program will have it's false positives.



A false positive is another way of saying ‘mistake’. As applied to the field of anti-virus programs, a false positive occurs when the program mistakenly flags an innocent file as being infected. This may seem harmless enough, but false positives can be a real nuisance.


http://www.securelist.com/en/glossary?glossid=153654932
Chewy

No. Try not. Do... or do not. There is no try.

#7 rnt4f

rnt4f
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:26 PM

Posted 01 November 2010 - 07:01 PM

I believe I've figured out the answer to my question. Simple answer is, no, I'm not infected; after the reformat. Details has to do with Stopzilla's virus identification capability. Basically, I spent all weekend testing and reformatting, and reinstalling softwares onto my computer. It seems that Stopzilla will identify any download manager/background downloaders as a Trojan, regardless of maker or whether or not the file is in fact infected with a real virus. Example being are: Norton security suite's download manager will be identified as a Trojan (Gen Downloader.1) by Stopzilla. Also, World of Warcraft's patcher/background download is also flagged as a Trojan. The reason I know this is because I reinstalled these 2 softwares from CDs, after a fresh format of the harddrive and a brand new install of Windows Vista, and ran Stopzilla's the full scan after the install; which then identified both as Trojan.

With that said, I should have saved the original full scan's log file so I can go over to see if I did in fact had any virus on my PC initially. Unfortunately, that was not done and I will never know. What I do know is that after Stopzilla "cleaned" my PC of all the virus that it found (after the first scan), my PC became unstable and was worse than what it was prior to Stopzilla. It seems that this software identifies viruses based on operation pattern only and make no exception to that pattern. If you have other softwares on you computer that has a file or 2 fitting a virus pattern, even though those files are infected, Stopzilla will identify them as viruses. And God forbit if you take Stopzilla at its word; I made that mistake. It is a dumb malware program and if you are going to use it, you have better take its advise with a grain of salt.

BTW, Stopzilla did refund my purchase.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users