Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus keeps coming back after formatting and reinstalling


  • Please log in to reply
4 replies to this topic

#1 Question_Everything

Question_Everything

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 04 April 2014 - 04:16 PM

Hey guys I got a virus that haunts me, I think it is sality going by results from mbam.

I started a topic in the virus section but got redirected here, link below to prev topic

http://www.bleepingcomputer.com/forums/t/528024/sality-is-making-me-violent/

Also if possible I will need advice for Xp, vista as this thing has infected many systems :/

Thanks in advance

Edited by Question_Everything, 04 April 2014 - 04:16 PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:23 PM

Posted 04 April 2014 - 04:44 PM

You have previously been told...several times...that you need to format and do a clean install due to the nature of your system infections.

 

What is there that you cannot do...on any system, for any version of Windows?

 

Not sure why you posted in this forum.

 

Louis



#3 JohnC_21

JohnC_21

  • Members
  • 24,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 PM

Posted 04 April 2014 - 04:54 PM

Personally, on this type of infection, I would zero out the drives with a bootable disk like Partition Wizard, and reset the router. After router reset, change the default password to a very strong one. Do not use the default SSID of the router. Use WPA2 for encryption with a password you can get at grc.com (63 printable ASCII characters hashed down to 256 binary bits)  and set the router to disable remote login. Only allow login on computers connected directly to the router via a ethernet cable.

 

http://www.pcworld.idg.com.au/article/542028/sality_malware_growing_old_takes_new_trick/



#4 Question_Everything

Question_Everything
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 04 April 2014 - 11:04 PM

You have previously been told...several times...that you need to format and do a clean install due to the nature of your system infections.
 
What is there that you cannot do...on any system, for any version of Windows?
 
Not sure why you posted in this forum.
 
Louis


Perhaps I should have been more than specific...... I have tried the previous suggestions that's why I'm still here :/ if you read the link I provided you would have seen I was ushered to this forum!! Apologies if this is the wrong department but I was following instruction.

The router has been reset so it's no longer a threat, as it was infecting any thing that connected to it.

Formatted and reinstalled win 7 several times, tried many methods with the tools on hirens boot cd (all software was burnt at a secure location) to delete partitions etc to no avail... There is definitely a suspicious partition that reappears even after deletion/formatting.

Also I've read a lot of hearsay about this bastard of a things 'abilities', which has got me worried about the ram being laced and/or the bios? Feel free to school me, as it has been many many years since any of my pcs have been infected as I'm very careful about where I browse, what I download and in general cautious. This virus and it's charms are a bit new to me so give this lobotomite a chance to catch up :)

Thanks again



Personally, on this type of infection, I would zero out the drives with a bootable disk like Partition Wizard, and reset the router. After router reset, change the default password to a very strong one. Do not use the default SSID of the router. Use WPA2 for encryption with a password you can get at grc.com (63 printable ASCII characters hashed down to 256 binary bits)  and set the router to disable remote login. Only allow login on computers connected directly to the router via a ethernet cable.

 
http://www.pcworld.idg.com.au/article/542028/sality_malware_growing_old_takes_new_trick/


Thanks john, you must speak Dutch as well! XD ima do what you suggested and report back.

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:23 PM

Posted 05 April 2014 - 10:47 AM

If...you are saying that you formatted the hard drive...and then are unable to install Windows...I would suggest that you run a hard drive diagnostic, since what you describe as a recurring "virus"...may merely be an indication of a troubled hard drive.  Formatting or otherwise wiping the drive...rules the partition structure out as suspect.

 

<<There is definitely a suspicious partition that reappears even after deletion/formatting.>>

 

If you are using the Win 7 DVD for formatting/install purposes...the hard drive (after successful install of Windows) should reflect 2 partitions...a very small one which is automatically created as part of formatting which is titled System Reserve...and whatever O/S partition that you have created.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users