Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected 2nd Hard Drive


  • Please log in to reply
6 replies to this topic

#1 benny269

benny269

  • Members
  • 158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slough
  • Local time:02:55 AM

Posted 30 April 2007 - 12:58 PM

If posted incorrectly please move as appropriate.

I have installed an old Quantum Fireball 20.4GB AT ICT20 hard drive from a busted old pc into my current Compaq Presario (spec at the link). Quantum hard drive's seem to have been taken over by Maxtor which was taken over by Seagate and so I can't find any support or documentation for my drive (links fr this would be appreciated).

I have now installed it into my system as a slave drive, however it is quite heavily infected with adware/spyware and possibly viruses too. Upon booting up, numerous problems were flagged by the AVG Free Anti-Virus I have on my main hard drive so I proceeded to use Ad-Aware and AVG scans on the installed hard drive and removed all problems found. The PC is not connected to the internet at the moment for fear of further infection.

I would like to know what would happen if I did connect it to the internet. Is it possible for one drive to become infected and then infect the other drive? I would also like your advice on how to set up the system. My intention is to use the second drive to store media files and documents (moveis, songs, word files etc.). Do I need to configure it in any special way? Should I use additional anti-spyware/adware/virus software for the second drive?

Also I need to transfer some old files stored on the infected drive to my main one. Is it safe to do so while infected? Once done I will also need to format the drive too, how should I do this - any special software?

Thanks in advance.

BC AdBot (Login to Remove)

 


m

#2 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:03:55 AM

Posted 01 May 2007 - 04:05 AM

Looking at this this would mean a challenge ( to the say the very least) to the HiJackThis team. My suggestion would be to take it out of your computer and to put it into a case and connect it via USB or Firewire to your computer.

Unfortunally since you allready put it into your computer the chances that your computer is now also infected are very much there.

I would say do a scan with AVG Anti Virus/AVG Anti Spyware and SuperantiSpyware as well as Adaware and Spybot (links in my sig) to clear out the largest problems and post the findings here

Download and scan with SUPERAntiSpyware Free for Home Users

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Udates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* When done, select "Scan for Harmful Software".
* There are three scanning options. Choose "Perform Complete Scan" and click "Next".
* When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
* Make sure they all have a checkmark next to them and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* Click Preferences and then click the statistics/logs tab.
* Click the dated log and press View log. A text file will appear so you can see the results.
* Select close to exit the program.
* Scan in SAFE MODE


After that, download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in SAFE MODE using the F8 method.

Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Download and install AVG Anti-Spyware v7.5.
  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them unaccessible for doing a scan. If this is the case, then you may have to run your scan in normal mode and advise your helper afterwards.)

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
  • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can can continue to use as an on-demand scanner or you may purchase a license to use the full version.

Post back all the reports you have

Edited by fozzie, 01 May 2007 - 04:05 AM.


#3 benny269

benny269
  • Topic Starter

  • Members
  • 158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slough
  • Local time:02:55 AM

Posted 01 May 2007 - 05:50 AM

I see. Before I follow all the instructions you have suggested I wanted to clarify something with you.

Which drive am I disinfecting here? Each individually, or both at the same time?
Should I now disconnect the additional hard drive to stop further infection?
Is the PC safe while it remains disconnected from the Internet?

N.B. My eventual goal is to reformat my PC (i.e. both drives) and have media files and home documents on the older smaller hard drive and the OS and all other applications on the larger main drive. I intended to move the remaining files I needed from the old Quantum drive to the main drive, format the Quantum, move ALL needed files to the Quantum, format and reinstall Windows on my main drive and start over.

Is this a viable and easier path to go than to try and remove all the infections?
Will either drive be at risk of becoming reinfected AFTER they are respectively formatted?

Thanks in advance.

#4 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:03:55 AM

Posted 01 May 2007 - 06:18 AM

I would say that connecting an infected drive wouldn't do you any good.The scans here will scan both drives.

How much is that you want to moe from the infected drive?What kind of files are we talking about?

If it ls like music- and picture- and movie files I would suggest you burn them on a DVD, and format the HD and than you can safely attach it
Programs I would stay away from.

#5 benny269

benny269
  • Topic Starter

  • Members
  • 158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slough
  • Local time:02:55 AM

Posted 01 May 2007 - 02:24 PM

I want to move maybe 5-6Gb of data - movies, music, word documents etc - no programs/applications as such. My problem is that in order to burn a CD of the data and to then format the drive I would need to have the drive connected to my PC throughout the procedure. Is this not a bad idea anyway?

What would you suggest to be the best option: go with the formatting option or try the disinfection?

#6 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:03:55 AM

Posted 02 May 2007 - 06:33 AM

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Make sure you only scan the files you want to move by puting them all into 1 folder and have Bitdefender only scan that folder

As long as don't open anything you should be safe here. Can't you burn DVD's?

Edited by fozzie, 02 May 2007 - 06:33 AM.


#7 benny269

benny269
  • Topic Starter

  • Members
  • 158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slough
  • Local time:02:55 AM

Posted 05 May 2007 - 06:19 PM

Sorry for the delay. I managed to format the secondary drive and disinfect the primary with good results. Thanks for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users