I have a 1 SSD with Win7 on it which is my main system and 1 HD for backup which is not usually connected to the motherboard (except when I'm backing up data) with another Win7 install.
I had a problem with my antivirus software (NOD32) which wouldn't launch on Windows startup (although it was listed and checked in the msconfig startup list). I couldn't even start the antivirus manually. It seemed that on of its components was running in the background (esetgui.exe or something like that) but I couldn't terminate it through the task manager. I always got a Windows error saying the task couldn't be terminated. (I'm in full admin mode).
This problem occured right after installing the latest PACE drivers for my Ilok dongle. http://www.paceap.com/dldrvr.html It need to restart the computer to finish the driver installation.
I thought it could be a virus so I connected my backup drive, did a boot override to boot on it and run antivirus scans. But on Windows boot up, a CHKDSK scan automatically started on I-don't-know-what-drive as no drive letter was specified (or I had no time to read) and it found 3 tons of disk errors.
1/ How can I know if the CHKDSK was for the SSD or the HD?
Then CHKDSK didn't give me the choice but to repair everything without asking.
2/Can a CHKDSK repair damage a SSD?
Now the virus thing.
So I was able to boot on my Win7 backup system. I scanned with NOD32 my SSD and it didn't find anything suspicious. Then I scanned with Malwarebytes, Panda antivirus and Trend Micro HouseCall and only HouseCall found 2 suspicious files:
- one was from an old (2004) freeware VST plugin (that's an audio plugin for my digital audio workstation, Cubase). It's called X-Cita and it's been around for some years so if it was a real threat I guess they would have removed the plugin from downloading. http://www.uv.es/ruizcan/p_vst.htm
- the other file was from my Google Chrome cache. Chrome uses filenames like f_002abc so the name won't be of any help. But I scanned the detected file with virustotal and only Trendmicro is returning "positive" results http://www.virustotal.com/file-scan/report.html?id=72d319746a313342c8f4bec582414e1c37d50d5941243029129896759d85d4cc-1303080841
3/ How can I know if I'm really infected?
This morning I forgot to do the boot override to boot on my backup system and booted on my SSD instead. I got a computer freeze while it was loading startup software on windows desktop (explorer, NOD32...)
Thanks in advance.
Edited by PODxt, 18 April 2011 - 07:24 AM.