I'm posting on behalf of my gf, she was recently infected by some sort of virus on her laptop. It's a Sony Vaio model VGN-AR71E running Vista home premium.
She's using F-secure anti-virus and is usually up to date and without issues. A scan confirmed the presence of "Trojan.generic.KD" which was removed. Upon re-install everything seems normal, although I wanted to check as I am not a user of vista myself normally, nor have I come across this virus before (not that I am an expert by any means).
Behaviour prior to f-secure scan:
Upon log-in you get a security message (multiple) with the following "alerts":
"Critical error: Damaged hard drive clusters detected. Private data is at risk". (odd looking circular shield - virus?)
"Critical error: Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can't find hard disk space. Hard driver error" (normal looking windows alert shield).
Clicking on the latter menu brings another menu with the following text:
"The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system"
Clicking this starts the "windows recovery", which finds 11 errors, inlcuding several hard disk problems:
- Read time of hard drive clusters less than 500ms - critical error(failed)
- 35% of HDD space is unreadable (failed)
- A problem detected while reading boot operating system files(fixed)
- Bad sectors on hard drive or damaged file allocation table(failed)
- Drive C initialising error (fixed)
- 1532mb to be removed for computer performance optimization (fixed)
- RAM memory defragmentation is required. Only 20% of RAM Memory is free to use (fixed)
- RAM memory temperature is 83C. Optimization is required for normal RAM functioning(fixed)
- Boot sector of the hard disk is damaged (failed)
- Hard drive doesn't respond to system commands (failed)
Of interest is that it states you need the "advanced module" to fix the critical errors, and you can "buy advanced module - takes about 30 seconds". That gives the game away a bit, lol.
Looking at the process list, this "windows recovery" seems to appear as "42458888.exe". If you kill this process, the "windows recovery" closes (it wont close otherwise).
Upon restart things seem OK - I just wanted to ask how I can check that the virus is truly gone and that nothing is going to pop up the minute I give her back the laptop?
Any help or suggestions would be appreciated. I'm hoping it was an easy fix and I've killed it with a simple virus definition update and re-scan...