First of all I apologise if this is the incorrect forum or has been addressed in a previous topic post. A search of this forum did not indicate any topics titled with 'Windows Diagnostic'.
The scenario runs like this:
A 6 month HP laptop (model unsure at time) allows to login into the administrator account and then proceeds to 'run' Windows Diagnostic which proceeds to inform of the following issues: Read time of hard drive clusters less than 500 ms , 32% of HDD space is unreadable , Bad sectors on hard drive or damaged file allocation table. Then I will receive the fake alert 'RAM memory usage is critically high. RAM memory failure' repeatedly. A search on the computer shows no program files.
I then used another computer and found the 'Remove Windows Diagnostic (Uninstall Guide)[http://www.bleepingcomputer.com/virus-removal/remove-windows-diagnostic] and proceeded to follow the steps. I don't get beyond step 3 - Before we can do anything we must first end the processes that belong to Windows Diagnostic so that it does not interfere with the cleaning procedure. To do this, please download RKill to your desktop from the following link.
It suggests to download the different renamed versions of RKill to get past the virus and no success. Each time I am stopped at 95% where it tells me 'the internet connection has been reset'. There are a few words infront of that I do not recall.
Next I would download the program onto my working computer then onto a usb to transfer over as suggested - "It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.". Again it is stopped and the virus hides the file on my usb so I cannot access it.
The next idea I had read here was that it was possible the Guest Account would be able to bypass the virus and allow me to download RKill however it did not work.
I decided perhaps to then try the program MalwareBytes even though I was not able to work RKill. The program has downloaded and is currently scanning though I am concerned it will give false results and miss infections due to the remaining virus. Or even worse remove something useful to me (anti-virus programs etc.)
* My Windows XP firewall is activated
* The problem only started yesterday
* Supposed gradual deteriation (this is my mothers computer and this is what she recalls) So at first it kept screensaver, now it doesnt.
If requiring any additional information, please ask and I hope we can figure this out :]
I also would be interested to know how this virus can be picked up.
Edited by hamluis, 22 March 2011 - 09:57 AM.
Moved from XP to Am I Infected.