• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Nasty malware deletes all files on hard drive, comes back af

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms

View previous topic :: View next topic  
Author Message
drmavis
Just Arrived
Just Arrived


Joined: 14 May 2009
Posts: 0


Offline

PostPosted: Thu May 14, 2009 12:50 am    Post subject: Nasty malware deletes all files on hard drive, comes back af Reply with quote

Hi, I generally consider myself an advanced computer user, but I am completely stumped so wanted to ask the experts for advice. Have any of you heard of such a virus or know of a solution?

My situation is that I have some sort of infection which the first symptom was lagging computer, hourglass, unresponsiveness, and it took a long time to pull up the task manager and I would end tasks for Explorer, etc, and when I finally could interact with the OS again, large amounts of my files were deleted (media files, configuration files, etc - most of the hard drive).

I tried, several times, many different methods to figure out what is going on - boot CD antivirus programs (Avira, Trinity, DrWeb, etc), online scans, etc and found and removed a small number of Trojans (that may have been false positives), then reinstalled the OS, and everything would be fine and I'd be reinstalling software I use (clean versions of freeware/shareware from web sites, things like Winamp, Firefox, Adobe Reader, etc), and the same probably woulud happen again - computer lagging/freezing up, and the majority of the files on my hard drive being deleted.

I tried installing multiple antivirus softwares, firewalls, etc and cannot figure out what is causing this. I ran CHKDSK on all drives to make sure hard drives were OK and they were fine.

I even reformatted my hard drive and completely reinstalled fresh clean licensed Vista and the same problem happened again - how is this possible? Has anyone heard of malware like this? Know of any solutions? I'm at my wits end and have spent the majority of the last 5 days trying to fix this with no success.

Mike
Back to top
View user's profile Send private message
RoboGeek
SF Mod
SF Mod


Joined: 13 Jun 2003
Posts: 16777166
Location: LeRoy, IL

Offline

PostPosted: Thu May 14, 2009 2:16 am    Post subject: Reply with quote

what OS?

I'm dealing with a huge amount of rootkits this week, from conficker to bagle to gromizon and others. Everything seemed to wake up at once...


The vista infections have 'appeared' to delete files, but they have just corrupted the registry and a search shows the files intact

If you have a MBR virus (getting more common) then a simple format isn't enough. Use a low level formatter like maxllf (not sure where to find it - try majorgeeks)

You can also try MBR repair tools that go after the rootkits that use that, but they tend to be unreliable and many only look in the defined MBR areas. Most infections add a few sectors and point to there. Winhex and any other disk level editors are what you need


Did you copy any old data over to the new formatted machine? If so, thats where your new infection came from
Back to top
View user's profile Send private message Visit poster's website
drmavis
Just Arrived
Just Arrived


Joined: 14 May 2009
Posts: 0


Offline

PostPosted: Thu May 14, 2009 2:53 am    Post subject: Reply with quote

The OS is Vista. I'm pretty sure they deleted the files because the amount of space free on the HD is increased and I can only get the files back by using Undelete software (Recuva). So if I do a low level format, does it have to be the entire hard drive or can it be just the partition that I want the OS to be on? What MBR repair tool would you recommend to look for rootkits? I did copy old data back to the new formatted machine, but no executables - only important media (important documents, photos, etc). And I didn't run or open up any of the media. So can just having a file on the hard drive infect it without running it? And wouldn't an antivirus program then pick it up? Do my symptoms sound like a rootkit or anything you have heard of?
Back to top
View user's profile Send private message
jhonas
Forum Fanatic
Forum Fanatic


Joined: 11 Oct 2010
Posts: 16777215


Offline

PostPosted: Tue Dec 07, 2010 12:04 pm    Post subject: Reply with quote

You can also try MBR repair tools that go after the rootkits.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register