[adamjedgar]

Hi guys,

I was recommended this site after posting my problem on Nortons forums. Please find a copy of my original post on that forum and some of the replies here.

 

I am about to attempt to troubleshoot what I believe is malicious activity on the HDD in question using another computer on my home network.

 

Firstly, my only way back from this once the system I enable the infected HDD on becomes infected itself, is a windows rollback (very least), reflash BIOS (most likely fix I have had to use before when it first infected this system I am using right now which has a new HDD in it)

 

Considering how nasty I believe this one to be...should I only attempt to run these scans on the drive/system from a different user account on my other computer system? (whilst my network is not controlled by a network server OS as such, I have a similarly named and passworded windows account on both computers)

 

kind regards,

Adam

[Advertisements]

Hi this looks like an intriguing problem. No guarantees but I will see if I can find anything. Any problems downloading these then let me know and I will offer alternative locations

Initially I will look at the system running normally

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select both shortcut and additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach all 3 logs generated.

THEN

Download aswMBR.exe ( 4.9mb ) to your desktop.
Double click the aswMBR.exe to run it
Allow virtualisation if offered
Click the "Scan" button to start scan
If Avast is not your AV it will ask to download virus definitions, allow this




On completion of the scan click save log, save it to your desktop and post in your next reply

[Essexboy]

Hi this looks like an intriguing problem. No guarantees but I will see if I can find anything. Any problems downloading these then let me know and I will offer alternative locations

Initially I will look at the system running normally

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select both shortcut and additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach all 3 logs generated.

THEN

Download aswMBR.exe ( 4.9mb ) to your desktop.
Double click the aswMBR.exe to run it
Allow virtualisation if offered
Click the "Scan" button to start scan
If Avast is not your AV it will ask to download virus definitions, allow this




On completion of the scan click save log, save it to your desktop and post in your next reply

[adamjedgar]

Hi Esseboy,

ok I will give that a go and get back to you when done.

The system that I am going to run the scan on is Window 7 x64.

It is not the original system that the OS was installed on, so if I am correct, the drive will still be 'slaved' (ie I will be booting up off the existing OS).

My question is...what happens if the virus gets into the boot up OS drive?

 

Is it possible to get a malware or virus scanner that is run completely from dos...without me having to boot into a good system hdd before running the scan on the suspect slave drive?

[adamjedgar]

man am i having problems downloading the aswMBR scanner.

I think the virus on my system realises what i am doing...its causing google chrome to crash all the time.

[Essexboy]

OK skip Aswmbr for now and copy FRST64 to a USB drive

We can use FRST from the recovery console command prompt.

Start the windows 7 from the cd

When you reboot you will see this.
Click repair my computer


Select your operating system


Select Command prompt


At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe or e:\frst.exe dependant on system
and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.

Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.