Nasty malware deletes all files on hard drive, comes back af

Networking/Security Forums -> Viruses // Worms

Author: drmavis PostPosted: Thu May 14, 2009 12:50 am    Post subject: Nasty malware deletes all files on hard drive, comes back af
    ----
Hi, I generally consider myself an advanced computer user, but I am completely stumped so wanted to ask the experts for advice. Have any of you heard of such a virus or know of a solution?

My situation is that I have some sort of infection which the first symptom was lagging computer, hourglass, unresponsiveness, and it took a long time to pull up the task manager and I would end tasks for Explorer, etc, and when I finally could interact with the OS again, large amounts of my files were deleted (media files, configuration files, etc - most of the hard drive).

I tried, several times, many different methods to figure out what is going on - boot CD antivirus programs (Avira, Trinity, DrWeb, etc), online scans, etc and found and removed a small number of Trojans (that may have been false positives), then reinstalled the OS, and everything would be fine and I'd be reinstalling software I use (clean versions of freeware/shareware from web sites, things like Winamp, Firefox, Adobe Reader, etc), and the same probably woulud happen again - computer lagging/freezing up, and the majority of the files on my hard drive being deleted.

I tried installing multiple antivirus softwares, firewalls, etc and cannot figure out what is causing this. I ran CHKDSK on all drives to make sure hard drives were OK and they were fine.

I even reformatted my hard drive and completely reinstalled fresh clean licensed Vista and the same problem happened again - how is this possible? Has anyone heard of malware like this? Know of any solutions? I'm at my wits end and have spent the majority of the last 5 days trying to fix this with no success.

Mike

Author: RoboGeekLocation: LeRoy, IL PostPosted: Thu May 14, 2009 2:16 am    Post subject:
    ----
what OS?

I'm dealing with a huge amount of rootkits this week, from conficker to bagle to gromizon and others. Everything seemed to wake up at once...


The vista infections have 'appeared' to delete files, but they have just corrupted the registry and a search shows the files intact

If you have a MBR virus (getting more common) then a simple format isn't enough. Use a low level formatter like maxllf (not sure where to find it - try majorgeeks)

You can also try MBR repair tools that go after the rootkits that use that, but they tend to be unreliable and many only look in the defined MBR areas. Most infections add a few sectors and point to there. Winhex and any other disk level editors are what you need


Did you copy any old data over to the new formatted machine? If so, thats where your new infection came from

Author: drmavis PostPosted: Thu May 14, 2009 2:53 am    Post subject:
    ----
The OS is Vista. I'm pretty sure they deleted the files because the amount of space free on the HD is increased and I can only get the files back by using Undelete software (Recuva). So if I do a low level format, does it have to be the entire hard drive or can it be just the partition that I want the OS to be on? What MBR repair tool would you recommend to look for rootkits? I did copy old data back to the new formatted machine, but no executables - only important media (important documents, photos, etc). And I didn't run or open up any of the media. So can just having a file on the hard drive infect it without running it? And wouldn't an antivirus program then pick it up? Do my symptoms sound like a rootkit or anything you have heard of?

Author: jhonas PostPosted: Tue Dec 07, 2010 12:04 pm    Post subject:
    ----
You can also try MBR repair tools that go after the rootkits.



Networking/Security Forums -> Viruses // Worms


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group