Jump to content

Malware cleaned - Malware user account remains on laptop


samsat

Recommended Posts

Hi,

I have a Vista 64 laptop. I am using 'Kaspersky Pure 2.0' and 'MBAM Pro'. I regularly update the signatures for both of these.

A brief background: I was logged in through my admin account when I got infected by a malware. Neither 'Kaspersky AV' nor 'MBAM Pro' found anything in the exe file that i clicked on. Immediately I saw scripts running and rougue processes in the task manager. Since then I got help from 'Malware Removal Hijackthis' forum in getting it cleaned up. The details can be found here.

The malware created an user account as 'Test'. As I was logged in through my admin user account at time of infection, the user 'TEST' also has admin rights and is kind of an alias for my administrator user account name. Its desktop has same files as the admin user account I log in through. If I delete anything from 'C:\users\test\desktop', then it gets deleted from my original admin account user's desktop as well. When I go to control panels--> user accounts, I do not find any alias for my original administrator account user name there.

How to ensure my laptop is not hosting any zombies.

Appreciate your help on this. Thank you very much for your time.

Best

Sam

Link to post
Share on other sites

Hi Larry,

I changed my boot sequence to boot from the DVD drive and as fate would have it, my got an '0xc00000e9' type of I/O error saying to take off any USB drives if inserted. The VISTA recovery disks that i created from my OS install won't take me to the fresh install screen. I was intending to drop all partition, including the recovery partition and do a complete new install.

The only way I could format my system is via the 'System Restore Option' on hitting F11 during the boot. Installied the operating system from the 'HP recovery' partition. The way 'HP recovery' formatted the C drive, I can say the format did not write zeros, instead may have been a quick format.

Now it seems I can not drop the 'HP recovery' partition as my DVD recovery disks are failing. The only other option is if I buy the new Win 8 DVD and try to install the OS from there. With that even am in doubt whether it would boot from the DVD rom.

A query:

- Is the 'HP recovery' partition prone to virus attack as well?

Appreciate any input on this.

Thanks

Sam

Link to post
Share on other sites

- Is the 'HP recovery' partition prone to virus attack as well?

I haven't seen that happen but with a MBR / RootKit, I guess that could happen.

Some of these infections create their own partition to boot from.

This is what I'd do if it were me.

Make sure your CD/DVD drive is working.

Next, make SURE you have all and any drivers you'll need for the pc.You should have a drivers cd for the HP.

You're running Vista now so I think the drivers you have now should work.

I'd buy Windows 7 Pro.

Boot with that, remove all partitions, create a new partition and do a clean install of 7.

Link to post
Share on other sites

If you boot up with the Windows OS cd/dvd and select to format the existing Windows partition, yes it will create a new boot sector along with a new partition.
I need to correct myself. You need to remove the existing partition first then create a new partition, then format the new partition.
Link to post
Share on other sites

Hi Larry,

You are correct about the DVD drive. Seems it has bombed somehow. I checked the driver. Uninstalled and let windows install the driver after the boot. Can hear the mechanical failure happenning inside it, like it is attempting multiple times to read the disc but failing. Seems I would need to replace it. I had this lightscribe version from HP and never used it to take advantage of that feature.

Anyways I will update once I put in the new drive. Hopefully then my bootdiscs will work. Will keep you posted.

Thanks for your expert advise.Have a great Sunday.

Best

Sam

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.