My old system's hard drive had a virus I wasn't able to remove. The boot drive was windows XP and I connected the drive via USB to my Windows 7 system. I did a reboot with it connected to the USB but I was booting into Win 7. There was a security alert that there was a virus detected, and I assumed it was removed. I started a scan of the USB connected hard drive to double check, but I'm not sure if it found this during the scan or on boot up.
It is a Win32/sinowal, so am I safe to assume that was from my XP drive and not my Win 7 64 drive? The "Items" listed below say this;
Items:
boot:\Device\Harddisk2\DR2
boot:\Device\Harddisk2\DR2\(MBR)
I have a SSD, a HD and the hard disk that I believe the virus was on connected via USB. What does the harddisk2\DR2 refer to?
http://www.microsoft.com/security/porta ... 2147631740" onclick="window.open(this.href);return false;
Here's what was found....
Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.
Items:
boot:\Device\Harddisk2\DR2
boot:\Device\Harddisk2\DR2\(MBR)
Get more information about this item online.
virus
-
- Forum User
- Posts: 1257
- Joined: Thu Aug 24, 2006 3:29 am
virus
You've got to ask yourself a question: Do I feel lucky? Well, do ya, punk?
- [JiF]phantomx
- Forum User
- Posts: 313
- Joined: Fri Mar 26, 2010 1:00 am
- Location: Ontario, Canada
Re: virus
mbr means master boot record. which essentially the virus is there on boot. very nasty and hard to get ride of. your 64 bit does not mean it is safe. windows 7 will run both 32 and 64 bit. go to Symantec site and look for this virus. they will sometimes give instructions on removal.
- [JiF]Sgt Shellshocked
- Forum User
- Posts: 1132
- Joined: Fri Feb 13, 2009 1:41 am
- Location: UK
Re: virus
You can also download the Microsoft malicious software removal tool from here (download link near bottom of page)
http://support.microsoft.com/kb/890830
http://support.microsoft.com/kb/890830
- [JiF]zougathefist
- Forum User
- Posts: 2216
- Joined: Fri Jan 11, 2008 11:20 pm
- Location: Plymouth / Swindon, UK
Re: virus
generic advice here but make sure you are disconnected from the internet when removing a virus - especially a boot virus as they often have the capacity to download and reinstall themselves behind the clean-up process and this is often well hidden from the machine itself.
like a cheeky elf dropping dirt from your back pocket as you sweep the floor clean
I had a nasty spyware and adware infection and every time I 'cleaned' my PC and rebooted it was back on restart, despite my AV claiming it was gone.
I follow this process
- Update AV files (manually to ensure you have the very latest definitions)
- Ensure you have CCleaner installed
- Disconnect from 'net
- Use CC to clear cache totally and clean up registry
- Run full scan
- Remove malicious software - either with your AV or the MS malicious software removal tool
- Reboot (if prompted)
- Run full scan again
- Run CC again
- Reconnect to net
- Reboot
- Run full scan
Breathe
like a cheeky elf dropping dirt from your back pocket as you sweep the floor clean
I had a nasty spyware and adware infection and every time I 'cleaned' my PC and rebooted it was back on restart, despite my AV claiming it was gone.
I follow this process
- Update AV files (manually to ensure you have the very latest definitions)
- Ensure you have CCleaner installed
- Disconnect from 'net
- Use CC to clear cache totally and clean up registry
- Run full scan
- Remove malicious software - either with your AV or the MS malicious software removal tool
- Reboot (if prompted)
- Run full scan again
- Run CC again
- Reconnect to net
- Reboot
- Run full scan
Breathe
-
- Forum User
- Posts: 1257
- Joined: Thu Aug 24, 2006 3:29 am
Re: virus
thanks for the tips guys. So far the virus isn't showing up on my new system and was a left over from the hd I was trying to get data off of. My plan is to reformat the old hard drive, so should be good to go!
You've got to ask yourself a question: Do I feel lucky? Well, do ya, punk?