Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Help: Virus persists even after destructive restart

  • This topic is locked This topic is locked
2 replies to this topic

#1 philosophy1980


  • Members
  • 2 posts
  • Local time:02:55 AM

Posted 15 April 2011 - 01:37 PM


I've been having some trouble with a virus that doesn't seem to go away even AFTER a destructive restart. I'm using an HP Pavilion with XP pro. A couple weeks ago, AVG Antivirus found a virus that it couldn't remove. After further unsuccessful attempts to remove it, I did a destructive reboot from the HP D Drive, to restore Windows to its original factory settings. Everything appeared to be fine for a few days, during which time I limited my online activity to only absolutely safe sites, like the NYTimes. Then a program claiming to be an Antivirus program randomly booted onto my computer, claiming I had a virus. Since I hadn't downloaded this program, and it was running a lot of applications without my permission, I downloaded AVG to remove it, unsuccessfully. Since I had just done a destructive reboot, I wasn't going to lose any data by simply doing it again--so I did, and installed AVG again, and ran a scan immediately. My computer was running fine for about a week after this destructive reboot. Now I have virus that redirects me to Ad-sites via google-analytics when I click on links in Google and news sites. AVG has found nothing. Malwarebytes found one item
PUM.Hijack.Startmenu at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff.

I tried to use Malwarebytes to remove this, and then restarted my computer. Malwarebytes was no longer accessible. AVG again came up with nothing. After I reloaded Malwarebytes and ran it, it found nothing. I then tried to download Ad-aware but that has been "loading" for the last two hours and I can't seem to get the program to even work.

It might sound like I keep getting new viruses, rather than having the same one persist. But I wish to underscore, again, that I have limited myself to visiting only a few absolutely safe sites that I've visited for many years without problems or issues, because I wanted to see if the problem was fully solved. (I usually visit only safe sites of course, but I wanted to stick to absolutely safe ones I had used for years to make sure the problem was gone). This leads me to suspect that the virus is persisting even after destructive reboots. One interesting thing/qualification: Each of the two times it reappeared, it was soon (an hour or less) after downloading a file in Gmail from a trusted source--a PDF file from my Dad, and an MS word file (with a term paper) from one of my students, neither of whom would send me a virus.

Is this virus IN my Gmail? (Is that even possible?) Or it is simply persisting even after destructive reboots? Any help or advice anyone could offer would be very welcome.



BC AdBot (Login to Remove)


#2 philosophy1980

  • Topic Starter

  • Members
  • 2 posts
  • Local time:02:55 AM

Posted 17 April 2011 - 05:04 PM

Please ignore this request and close this post. I did a destructive restart from a XP disk rather than the separate D drive, and this appears to have fixed the problem. Thank you for your time and consideration.

#3 m0le


    Can U Dig It?

  • Malware Response Team
  • 34,527 posts
  • Gender:Male
  • Location:London, UK
  • Local time:07:55 AM

Posted 17 April 2011 - 07:17 PM

Thanks for letting me know :thumbup2:


This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users