I have a stupid question.
I have the Sirefef virus on my computer since 1 year. I and a specialised anti-virus removal technician on this very forum have helped me and tried during several months with all the known scanning and malware-virus removal tools to remove it and it failed.
I then investigated the idea of re-installing Windows XP Pro via a USB key (as my internal disk reader was already dead Before the virus episode happened, but to make things more complicated, my computer is a refurbished and bought from a 3rd party and came with NO Windows disk or CD and uses a Service Pack 3 version of WIndows), and i found out that Windows XP Pro SP3 is almost impossible to reinstall via the USB key method because apparently you NEED XP SP2 to reinstall it... and to make matters even worse, there are a lot of different methods and associated softwares and sub-softwares and tools (often all bundled together but not always) to do this and more softwares to prepare a USB key to make it bootable and its very hard to find out which one really works and which do not (to make it even worse i found out that some of these softwares to make a USB key into a bootable Windows OS incorporate a virus... I collected many of the tools and methods to do this and kept them into a file on a 2nd un-infected computer i am using right now before deciding which one i would use.
Last week i ran a new series of scans with a fresh copy of Combofix as well as a new copy of Avast and with your new tool, RKill. I am sorry to say that RKill failed on my infected computer, i have a series of files that keep reappearing in the TEMP file and which Cannot be deleted. They are extremely cleverly dissimulated into one or more of the running processes or softwares of my computer, each time i try to delete them various tools the softwares tell me this cannot be done because they are being used by another running processs. So i ran RKill and... the damn things regenerated themselves like they have done hundreds of times before right before my eyes. So scratch that new method... it Cannot get rid of Sirefef and or some of its last sub-components (because i already got several of the Sirefef components deleted last year, with Malwarebyte and other tools like Combofix (files starting by @ and so on). Obviously these did NOT get rid of all the components since they have remained Very active since 1 year and still block most of my commercial softwares including my main work tool for 3D CAD, as well they block my internet access, they stop me from moving any file and to drag and drop files or to open photos and webpages (can only open webpages with a USB key specially formatted to use a mini-Linux OS).
Oh, and i 'nuked' my XP machine with D7 (i changed the permissions) last year. It did not work, but on the smaller computer of my wife (which also got infected last year by Sirefef) it worked, because it runs on Win 7.
Right now i also think the small computer of my wife which i am using right now have probably become infected a few weeks ago via the web, as i now Cannot save any page and any photos on webpages i visit online when i use Firefox. I can still do it with Explorer though, but it is more slow and a bit more complicated to go in the menu to do so and it saves pages more slowly than Firefox. I ran scans with a new Combofix and before that a scan at bootup time with a new Avast. Avast did find some virus, but turns out what it found were not virus but PUP that it said had a low risk and were in fact components of some other softwares that we signed for or from some of the video downloading softwares we use to communicate with the makers of the softwares in question, or whatever, in any case, not viruses. The other stuff were things that had already been caught earlier and were in the quarantine since months already. Oh, and one of the scans i did to remove viruses from the 2nd computer (the one not affected by Sirefef) "neatly" deleted my copies of DDS from it... (it recorded it as "high risk virus"...). (UPDATE: from a few minutes ago: i wasn't even able to copy and paste the text of this message that i wrote on wordpad into the forum while navigating on Firefox, i had to go to Explorer to be able to do this...).
Oh, and i also went the "Dell expired warranty customer service" route and to change the ownership of my computer so i could reinstall Windows via a USB key, i tried it 3 times via their website and waited for more than 3 weeks each time and it never worked. I had also called them prior to this (i talked to 12 customer reps the first time during 1 hour and a half to finally find a guy who said, (after MUCH insistence from me and nearly threatening to sue them because they are not respecting Canadian laws when it comes to providing things that are needed for their computers to operate, and which by law they are supposed to sell for up to 10 YEARS after the computer was made (such as battery packs, and OS) and he finally came back to tell me he had "found" one last copy of a disk with the SP3 OS in his office, but he had to wait for me to go online and follow the instructions to change the ownership of the computer and wait for 3 weeks and then come back to call customer service once the ownership change was done. I did and i royally waisted my time, the change never appeared in their system. I had to do this again, went on the phone after 4 weeks, could never reach the guy i had initially talked to, went through some 10 more reps, arguing with almost every single one of them to convince them to let me talk to the guy in question (i had his employee number and name), just to be bounced to more departments. Till i got one guy who knew him but could not let me talk to him and told me it is not true, that they do not have one last copy of SP3 OS available there, that i had wrongly understood the guy i spoke to earlier (all this makes me wonder why they made me do all that for nothing since they don't have XP Pro SP3 disks anymore and STILL made me redo the whole change of ownership online....? And yes, i did it 2 more times, and now i am fed up...).
So my question, to make this short, i don't want to run anymore scans, malware removal scans and log scans, i did this for far too long and they all failed to remove the virus last active components during 1 year. So i want to know:
If i simply manually REMOVE the HARD DISK from my infected computer and REPLACE IT with a brand new one and then reinstall Windows XP Pro after formatting the new disk, will this get RID of the Sirefef virus components once and for all and i can reinstall my Windows XP Pro SP3 via an external CD reader ?
(I bought an external reader last winter, but i did not use it until now by fear of getting it infected virus).
Please let me know if replacing the Hard Disk will FIX the Sirefef virus problem, because i am about ready to throw this computer (even though it cost me lots of money) and get a 2nd used one (same model) to replace it (and run the risk that i might be getting an infected machine or one that have some problemS, as a lot of these being sold used right now might actually be refurbished machines that were never truly repaired by Dell (seen this so many times online on Dell user forums that use these specialised CAD certified machines), but i have about used up all my options and i can't afford to buy one of these high end machines new.
Thank you in advance for your help and thank you for reading this, and this to let you know again that the new RKill software did NOT succeed at stopping the processes that run the last active components of Sirefef (nor did new versions of Combofix, Avast and Malwarebyte)(nor older copies of D7 and SuperAntiSpyware). I also tried running Combofix at the same time RKill was running to try to defeat the active virus components but it did not remove them.
Edited by Explore100, 21 July 2013 - 11:16 PM.