Jump to content

samsat

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Maurice, Thanks for the explanation. So in case a HDD fails or needs reformatting, should the recovery take the following path: Use the 'System Recovery' disk to first bring the system to life. Install all major patches if any for the OS. Get all necessary updates for the OS and compatible applications if any. Install all software being used on the system. Get all updates for them. Use the 'mirror-image' backup to put the system at the last known good configuration. Please correct me if I am wrong above. Thank you again for your expert inputs. Best Sam
  2. Maurice, Had this doubt after I posted above. So creating a set of recovery disk or USB drive and scheduling the mirror-image backup are 2 separate things. One can create the recovery usb/disk before using the system and then set mirror-image backups later on. In case there is a crash or HDD fails and needs to be replaced, which one should be used on the new HDD? Can either be used? Are both of these things bootable? Thanks again for taking time to answer this. Best Sam
  3. Hi Maurice, Thanks for the explanation. It perfectly makes sense. Thanks for the tips and links as well. Appreciate your time. Best Sam
  4. Hi, Recently I had to reformat my Windows Vista machine due to a bad attack. I bought a laptop from HP and had paid extra money to get Vista Ultimate 64 bit for my machine. During reinstallation I saw the recovery DVD was just able to put my hard drive to the factory settings. I was unable to launch 'DISKPART' to do any low level format or remove any format from the recovery DVD. I was lucky I had access to some bootable DVDs and get it all done. Anyways now all is quite at my home front, for a while I guess. I was thinking about buying 'Windows 8 Pro - Upgrade' from Vista/7 as it is available at a good price. Now the query is: What happens if in future, I need to reformat my HDD, get rid of all partitions and reinstall 'Win 8'? As it is a 'upgrade only' version, do I have to reinstall Vista again for the upgrade to Win 8? Or will it let me create some recovery disk after the first installation with no access to the entire OS? I know, it is very early to ask this as Win 8 is relatively new. Does anybody has any experience with these things yet?
  5. Hi Larry, Format done. My DVD drive got fixed by cleaning the lens with some nailpolish remover as a last resort. Seems some dust was there. You may close this thread. Thanks again for your time. Best Sam
  6. Hi Larry, You are correct about the DVD drive. Seems it has bombed somehow. I checked the driver. Uninstalled and let windows install the driver after the boot. Can hear the mechanical failure happenning inside it, like it is attempting multiple times to read the disc but failing. Seems I would need to replace it. I had this lightscribe version from HP and never used it to take advantage of that feature. Anyways I will update once I put in the new drive. Hopefully then my bootdiscs will work. Will keep you posted. Thanks for your expert advise.Have a great Sunday. Best Sam
  7. Hi Larry, I changed my boot sequence to boot from the DVD drive and as fate would have it, my got an '0xc00000e9' type of I/O error saying to take off any USB drives if inserted. The VISTA recovery disks that i created from my OS install won't take me to the fresh install screen. I was intending to drop all partition, including the recovery partition and do a complete new install. The only way I could format my system is via the 'System Restore Option' on hitting F11 during the boot. Installied the operating system from the 'HP recovery' partition. The way 'HP recovery' formatted the C drive, I can say the format did not write zeros, instead may have been a quick format. Now it seems I can not drop the 'HP recovery' partition as my DVD recovery disks are failing. The only other option is if I buy the new Win 8 DVD and try to install the OS from there. With that even am in doubt whether it would boot from the DVD rom. A query: - Is the 'HP recovery' partition prone to virus attack as well? Appreciate any input on this. Thanks Sam
  8. Hi Larry, Thanks for the information. I am preparing towards doing the same. Small query, can the format remove a boot sector virus as well? Thanks for your time. Best Sam
  9. Hi, I have a Vista 64 laptop. I am using 'Kaspersky Pure 2.0' and 'MBAM Pro'. I regularly update the signatures for both of these. A brief background: I was logged in through my admin account when I got infected by a malware. Neither 'Kaspersky AV' nor 'MBAM Pro' found anything in the exe file that i clicked on. Immediately I saw scripts running and rougue processes in the task manager. Since then I got help from 'Malware Removal Hijackthis' forum in getting it cleaned up. The details can be found here. The malware created an user account as 'Test'. As I was logged in through my admin user account at time of infection, the user 'TEST' also has admin rights and is kind of an alias for my administrator user account name. Its desktop has same files as the admin user account I log in through. If I delete anything from 'C:\users\test\desktop', then it gets deleted from my original admin account user's desktop as well. When I go to control panels--> user accounts, I do not find any alias for my original administrator account user name there. How to ensure my laptop is not hosting any zombies. Appreciate your help on this. Thank you very much for your time. Best Sam
  10. Thanks for the suggestions Jeff. Appreciate your expertise. You have been of great help. Best Sam
  11. In addition to the above post, I found 2 folders, 'backup' and 'boot' in my c drive. 'boot' has multiple folders for various languages. Were these created by any of the tools we used. I saw the timestamp for these as last year. just thought to check with you. Thanks Sam
  12. Hi Jeff, Last thing. I found couple of logs of 'TDSKiller' herewith in my C: drive. I ran it just now with the option to scan for the loaded modules. Last time i had not checked that. 'TDSKiller' found some files. But suggested no cures for them. Please do let me know what you think. If everything is clear, please let me know the following before we close: How do I uninstall 'dds.scr'? Should I just delete it? Should I delete the system restore points created after the date of infection? What about the user 'test'? Do you think it is fine just to leave it? It seems my admin user name got changed to 'Test'. I can not find even where is this change done in Vista. Vista shows my username as I had defined it earlier and not as 'Test'. Anyways, please do let me know. Thanks for all the help again. Best Sam TDSSKiller.2.8.15.0_03.11.2012_11.31.23_log.txt TDSSKiller.2.8.15.0_03.11.2012_11.38.24_log.txt
  13. Hi Jeff, The system is running fine after the clean up. Scanners are running clean. So now how do I ensure that there are no rootkits left? What's the sureshot way? A format? Thanks again. Best Sam
  14. Hi Jeffce, Please find the outputs of the DDS attached herewith. I hope am using the latest DDS scanner. Couple of Queries: How do I ensure that there are no more infections left? How do I uninstall DDS and aswMBR? Should I also remove the system checkpoint created after the malware infection on 28th-Oct night? 29th onwards couple of system restores were done by vista while using aswMBR, Combofix etc. I used 'tcpview' by sysinternals to monitor my net connections. It seems svcshost.exe is connecting to many a places including china. I was reading online while searching for 1 of the ip addresses and somebody has advised kaspersky uses online servers for their protection mechanism so that might be the process which connects to various IPs around the world. I don't know whether that is the case or Kaspersky itself got infected . Please do let me know in case of any queries. Thanks and appreciate your inputs on this. best Sam [For your reference our activities timeline in brief: My system got infected on 28-oct-12 with the malware. The payload i received via file transfer on im communication. Scanning the payload 'image.exe' file by kaspersky AV and MBAM Pro did not reveal any susipicions and I clicked on it. I was in 'admin' mode while this happenned. 29-Oct-12 - I created a thread here and you had picked it up. I uploaded my DDS outputs in the first post. Then you instructed me to run aswMBR and post the outputs. After that I ran ComboFix as suggested. After 'ComboFix' the system hogging processes were cleared. Then I pointed out that my admin user have a alias created for it called 'Test' which is not removed. For which you recommended Eset scanner. Eset did not pick up anything. Since then as per our discussion I have uninstalled ComboFix. And then MBAM forum got corrupted.] dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.