Help with removal of hidden backdoor(s) left by Trojans is needed.

[JJMAC]

This post is a follow up to a previous topic entitled "Rogue Program Internet Security.ink has been removed but has my personal data been compromised" which I started on 19 April 2012 in "Resolved Highjack this Logs" and in particular to Maurice Nagger's response thereto on 7 May 2012 which described in great detail the steps I need to take to ensure the integrity of my computer.  These steps included the reformat of the hard drive.  I have put that task on the back burner with the computer meanwhile disconnected from the internet. I am now preparing to grasp the nettle and reformat the hard disk.   The hard disk in my Dell Dimension E520 computer has two partitions, Drive C and Drive D.

Drive D is labelled "Recovery" and contains a utility labelled "DELL FACTORY IMAGE RESTORE"  with a description "This utility will restore your system to the state it was in when it left the factory.  In order to return the system to the factory state all personal files will be overwritten"

I sought help from a Dell Community Forum.  I asked the community for information on the availability of the software or other items I will require to restore the computer to its factory condition after reformatting the hard disk, being items in addition to the Dell Restoration DVD for Windows Vista Home Premium 32 bit which was bundled with the computer when new.

I received the following reply from one member of the forum.

"If you boot up from live media (such as Windows 7 DVD) and use the repair options to open a command prompt, nyou can run the BOOTREX/FIXMBR and BOOTREC/FIXBOOT commands that will overwrite the Master Boot Record where the Trojans might be activated.  Once that's done booting from the hard drive won't activate the Trojans and any rootkit-type cloaking they might use.  Afterwards, reinstall Windows and the Trojans should be deactivated.  There's nothing magic about Trojans" 

In my reply I pointed out that his advice differed from that which I had received which that I should reformat the hard disk to remove all hidden back doors left by Trojans.

 

I could be attracted to the following Modus Operandi

1 Boot from Dell reinstallation Disk for Windows Vista Premium 32 bit

2 Run BOOTREX/FIXMBR & BOOTREC/FIXBOOT

3 Reboot from Hard Drive

4 Run a PC Cleaner

5 Reformat the hard drive and reinstall Vista operating system.

The problem here is that if drive D is formatted I could  not restore it including the recovery utility unless I can download the required files from Dell's web Site.

Please advise on above steps including their sequence. I added step 4 after seeing a statement in the promotional literature for a PC Cleaning program claiming that reformatting the HD will not remove hidden files.  I don't know if that claim has any substance.  Please advise.

Other queries

1I have assumed that reformatting the hard drive will include Drive D as well as Drive C.  Am I correct?

 

 

[JJMAC]

Hallo

I had not quite finished my post when it took off and was sent prematurely

 

Other queries

If the recovery utility installed in drive D restores the computer to its factory condition would that not be equivalent to reformatting  the disk. There was no virus on the computer when it left the factory.

Would I be correct in thinking that the recovery utility will overwrite all third party programs installed after purchase in addition to personal files and restore only the programs which were preinstalled when new?

It would be great if that was the case,  Of course if drive D is reformatted the utility will be wiped out.

JJMAC

 

[Maurice Naggar]

Hello JJ,

It's a long long time.

You have to sort out if a) you have the CD/DVD to fully install fresh Windows

or

b) if you do not have that CD/DVD and the Dell factory only has the hidden factory restore partition on the hard drive.

By the way you dont need a "pc cleaner" like in your list above.

By the way, IF the D drive is the Dell factory restore partition, then you had somehow "unhidden it" ---- thus explaining why you are "seeing it".

I think you need to double-verify with DELL factory support IF the ""Dell Restoration DVD for Windows Vista Home Premium 32 bit "" is the real thing to restore Windows from,

OR

if you have to rely on the Dell Factory Restore partition on the hard drive ?? !!

Be sure to do that.

In my limited past experience, the Dell o.s. CD should be labeled like "Operating System" on the printed CD label.

If one has the Windows operating system CD/DVD, I typically would advise one to set the pc BIOS to boot first from CD, put CD in and restart the system.

Then follow the procedure to Delete the partitions on the HDD

Then right after start the Windows new install.

It would go something like this: This assumes that VISTA is the Windows version --- but the principle is the same.

All data and all partitions on the hard disk are permanently removed. We strongly recommend that you back up the files on the hard disk before you clean the disk.

To use the Diskpart.exe utility to clean the hard disk, follow these steps:

Put the Windows Vista installation disc in the disc drive, and then restart the computer.

Install Windows Vista. During the installation process, in the Where do you want to install Windows screen, press SHIFT+F10 to open a command prompt.

Click Start, click Run, type

diskpart

and then click OK.

At the command prompt, type

list disk

and then press ENTER. A list of available hard disks is displayed.

At the command prompt, type

sel disk number

and then press ENTER. The hard disk is now selected.

Note number is the number of the hard disk that you want to clean.

At the command prompt, type

det disk

and then press ENTER.

A list of partitions on the hard disk is displayed. Use this information to verify that the correct disk is selected.

Make sure that the disk does not contain required data, type clean all at the command prompt, and then press ENTER to clean the disk. All the data and all the partitions on the disk are permanently removed.

Type

exit

and then press ENTER.

Run Windows Vista Setup to perform a clean installation of Windows Vista.

http://support.microsoft.com/kb/933171

[JJMAC]

I have a financial portfolio in an Excel file stored in a USB memory stick which I update weekly on my Laptop. Two days ago I opened my portfolio on my Laptop, and as I normally do, updated the portfolio and then in the usual way tried to save it in the memory stick thus overwriting the (portfolio) file therein, but that did not happen. Instead I got a message to say that the file could not be saved in drive F (the memory stick) but instead it had been saved in a temporary file with an eight character alpha numerical file name. I then opened Drive F where I found the temporary file but the original portfolio file had disappeared. I became concerned that the disappearance of the portfolio file might be caused by a virus so I scanned the computer with the MalwareBytes program. A log of the scan,which detected 103 objects, is appended hereto. I decided not to delete these objects until after I have your advice as to the nature of them and in particular whether they indicate that my portfolio may have been hacked during the short period I had it opened on my laptop. The reason I had my Portfolio stored on a memory stick was to avoid storing sensitive files on my laptop as a safeguard against it being stolen.

Thank you

JJMAC

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.09.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
John :: JOHN-TOSH [administrator]

10/12/2013 15:20:37
MBAM-log-2013-12-10 (16-00-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238722
Time elapsed: 14 minute(s), 30 second(s)

Memory Processes Detected: 3
C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr.A) -> 2756 -> No action taken.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe (PUP.Optional.MindSpark) -> 2772 -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\2.bin\39brmon.exe (PUP.Optional.MindSpark) -> 2944 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 35
HKCR\CLSID\{33119133-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> No action taken.
HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> No action taken.
HKCR\MapsGalaxy_39.SkinLauncher.1 (PUP.Optional.FunWebProducts.A) -> No action taken.
HKCR\MapsGalaxy_39.SkinLauncher (PUP.Optional.FunWebProducts.A) -> No action taken.
HKCR\TypeLib\{03119103-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> No action taken.
HKCR\Interface\{23119123-0854-469D-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> No action taken.
HKCR\MapsGalaxy_39.SkinLauncherSettings.1 (PUP.Optional.FunWebProducts.A) -> No action taken.
HKCR\MapsGalaxy_39.SkinLauncherSettings (PUP.Optional.FunWebProducts.A) -> No action taken.
HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.
HKCR\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15} (PUP.Optional.Bandoo.A) -> No action taken.
HKCR\BrowserConnection.Loader.1 (PUP.Optional.Bandoo.A) -> No action taken.
HKCR\BrowserConnection.Loader (PUP.Optional.Bandoo.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.
HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} (PUP.Optional.Datamngr.A) -> No action taken.
HKCR\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} (PUP.Optional.Datamngr.A) -> No action taken.
HKCR\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} (PUP.Optional.Datamngr.A) -> No action taken.
HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} (PUP.Optional.Datamngr.A) -> No action taken.
HKCR\SearchQUIEHelper.DNSGuard (PUP.Optional.SearchQu) -> No action taken.
HKCR\SearchQUIEHelper.DNSGuard.1 (PUP.Optional.SearchQu) -> No action taken.
HKCU\SOFTWARE\24x7HELP (PUP.Optional.24x7) -> No action taken.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken.
HKLM\SOFTWARE\24x7HELP (PUP.Optional.24x7) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar (PUP.Optional.Searchqu) -> No action taken.
HKCR\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} (PUP.Optional.Searchqu) -> No action taken.
HKCR\TypeLib\{841D5A49-E48D-413c-9C28-EB3D9081D705} (PUP.Optional.Searchqu) -> No action taken.
HKCR\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792} (PUP.Optional.Searchqu) -> No action taken.
HKCR\DnsBHO.BHO.1 (PUP.Optional.Searchqu) -> No action taken.
HKCR\DnsBHO.BHO (PUP.Optional.Searchqu) -> No action taken.

Registry Values Detected: 7
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Data: Searchqu Toolbar -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Data:  -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DATAMNGR (PUP.Optional.Datamngr.A) -> Data: C:\PROGRA~2\SRTOOL~1\Datamngr\DATAMN~1.EXE -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Utility Chest Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\UTILIT~2\bar\1.bin\49srchmn.exe" /m=2 /w /h -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UtilityChest_49 Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\UTILIT~2\bar\1.bin\49brmon.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\MAPSGA~2\bar\2.bin\39srchmn.exe" /m=2 /w /h -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy_39 Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\MAPSGA~2\bar\2.bin\39brmon.exe -> No action taken.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Datamngr.A) -> Bad: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) Good: () -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Datamngr.A) -> Bad: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) Good: () -> No action taken.

Folders Detected: 6
C:\Program Files (x86)\Searchqu Toolbar (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64 (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\24x7Help (PUP.Optional.24x7.A) -> No action taken.

Files Detected: 50
C:\Program Files (x86)\MapsGalaxy_39\bar\2.bin\39sknlcr.dll (PUP.Optional.FunWebProducts.A) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (PUP.Optional.Bandoo.A) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (PUP.Optional.Datamngr.A) -> No action taken.
C:\Users\John\Downloads\MapsSetup (1).exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\John\Downloads\MapsSetup (2).exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\John\Downloads\MapsSetup (3).exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\John\Downloads\MapsSetup (4).exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\John\Downloads\MapsSetup (5).exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\John\Downloads\MapsSetup (6).exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\John\Downloads\MapsSetup (7).exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\John\Downloads\MapsSetup (8).exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\John\Downloads\MapsSetup (9).exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\John\Downloads\MapsSetup.exe (PUP.Optional.Inbox) -> No action taken.
C:\ProgramData\Wincert\win32cert.dll (PUP.Optional.Datamngr.A) -> No action taken.
C:\ProgramData\Wincert\win64cert.dll (PUP.Optional.Datamngr.A) -> No action taken.
C:\ProgramData\Wincert\win32prop.dll (PUP.Optional.Datamngr.A) -> No action taken.
C:\ProgramData\Wincert\win64prop.dll (PUP.Optional.Datamngr.A) -> No action taken.
C:\Program Files (x86)\SR Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr.A) -> No action taken.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrchMn.exe (PUP.Optional.MindSpark) -> No action taken.
C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe (PUP.Optional.MindSpark) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\2.bin\39SrchMn.exe (PUP.Optional.MindSpark) -> No action taken.
C:\Program Files (x86)\MapsGalaxy_39\bar\2.bin\39brmon.exe (PUP.Optional.MindSpark) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\sysid.ini (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\uninstall.exe (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\installhelper.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\analytics.js (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\constant.js (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\default-config.js (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\jquery.js (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\localStorage.js (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\new-tab.js (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ChromeExtension\lib\preferences.js (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngrUI.exe (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\DnsBHO.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (PUP.Optional.Searchqu) -> No action taken.
C:\Program Files (x86)\24x7Help\24x7desk.64.dll (PUP.Optional.24x7.A) -> No action taken.
C:\Program Files (x86)\24x7Help\24x7desk.dll (PUP.Optional.24x7.A) -> No action taken.
C:\Program Files (x86)\24x7Help\App24x7Help.exe (PUP.Optional.24x7.A) -> No action taken.
C:\Program Files (x86)\24x7Help\App24x7Help.old.exe (PUP.Optional.24x7.A) -> No action taken.
C:\Program Files (x86)\24x7Help\App24x7Hook.dll (PUP.Optional.24x7.A) -> No action taken.
C:\Program Files (x86)\24x7Help\App24x7Hook.exe (PUP.Optional.24x7.A) -> No action taken.
C:\Program Files (x86)\24x7Help\App24x7Hook64.dll (PUP.Optional.24x7.A) -> No action taken.
C:\Program Files (x86)\24x7Help\App24x7Hook64.exe (PUP.Optional.24x7.A) -> No action taken.
C:\Program Files (x86)\24x7Help\App24x7Svc.exe (PUP.Optional.24x7.A) -> No action taken.
C:\Program Files (x86)\24x7Help\unins000.exe (PUP.Optional.24x7.A) -> No action taken.

(end)

 

[Maurice Naggar]

Hello,

There is just no way to tell if "your portfolio" documnent was "hacked".

What MBAM shows here in this report is a sheer ton ( figuratively ) of PUP items, including at least 2 search hijackers.

You should tag all these items to be removed. You will need to go out of your way to do that.

You will need to redo a new run AND select ALL items to be removed.

PUP detections are Potentially Unwanted Programs. These are programs our researchers have found are sometimes added to a system without the user's knowledge or approval.

The default action for PUP detections is 'Show in results list and do not check for removal."

If you want Malwarebytes Anti-Malware to remove PUP detections, each item must be checked.

>>> ***** To do so quickly, you can highlight one of the detections by left clicking on it. Then, right click on the highlighted detection, and select 'Check all items'. Next, click Remove Selected.

That should address the PUP entries.

[JJMAC]

Maurice I do apologise.  I had intended the issue with my Laptop to be sent as a new topic. I don't know how it got tagged on to my previous topic "Help with removal of hidden backdoor(s} left by Trojans is needed to which you replied on 11 December to which  the following is my reply thereto. [to dispose of the Laptop issue I can confirm that I have removed all the PUP detections and a new scan confirmed that they were gone]

 

Reply to Maurice Naggar's post dated 11 Dec. 2012

 

Many thanks Maurice for your reply. Very helpful as always.

I have already tried to get information from Dell support without success. I sent an email to dell_direct_support@dell.com on 28 Nov.in which I said that I have the Dell Reinstallation DVD for windows vista home premium and asked "should I have or will I require a Dell DVD which would automatically reformat the hard disk, reinstall drivers and preinstalled programs so as to restore the computer to its original condition when new". I also pointed out that drive D would be wiped when reformatted and asked where could I obtain the files required to restore drive D. I got no reply.

When I go on line, select Dell Product Support and enter my Service Tag (CFBRT2J) my Computer is correctly identified including the date it was shipped and the date on which the warranty expired but when I try to log onto Technical Support my Service Tag is not recognised. I did, however, manage to get through to technical support on the telephone. I was asked for my Service Tag, my name, address, telephone number etc. before I was put through to a Technician. I am 84 years of age and my hearing, particularly on the phone, is not good. The technician was a foreign national and I had extreme difficulty following what he was saying and he obviously did not follow what I was asking. I did however gather that he wanted permission to remotely access my computer in order to fix my issue.

I repeatedly asked if he would intend to reformat the hard disk and I understood him to say that would not be necessary. After ¾ hour I terminated the call without getting the information I was looking for..

He sent me an email offering to fix my issue (without saying what my issue was) but as my computer was out of warranty there would be a charge of £69 for a single incident. . He has telephoned me twice since then seeking my approval of his offer. There is no way I will agree to any proposal that will not leave me confident that my computer is clean. This is ridiculous. All I am asking for is information on the availability of any software/files required for the clean restoration of the operating system being items in addition to the reinstallation DVD for Windows Vista home premium 32bit which I already have. I am not seeking Dell Technical Support per se. I intend to pursue this further with Dell.

Incidentally I think that the Dell reinstallation DVD will probably fully install fresh Windows without needing any files in Recovery Disk D or from an external source. The writing on the label on the disk is shown below:

 

                                                                  OPERATING SYSTEM

                                            ALREADY INSTALLED ON YOUR COMPUTER

                                                                      Reinstallation DVD

                                                           Windows Vista Home Premium 32BIT

The software is already

Installed on your computer                                                                                        Support for these products

Only use this DVD to reinstall                                                                                    is provided by Dell

The operating system on a DELL PC

                                                                                                                                    For Distribution Only

This DVD is not for reinstallation of                                                                            With a New Dell PC.

Programs or drivers.

　

                                                                                DELL

                                                           www.dell.com !! support.dell.com

 

                                                                        @2007 Dell inc

                                                         Portions@ 2007 Microsoft Corporation

                                                                     All rights reserved

                                                                            P/N HY484

 

There is a Help File on the DVD entitled INSTALLATION INSTRUCTIONS

These instructions are for

1. Upgrading Windows when you already have a version of Windows on your Computer and you want to keep your File Settings & Program
2. 1. Installing a new version of Windows when you want to replace your current Operating System

2. 2. You have an operating System installed on your Computer and you want to install Windows on

an available Separate Partition of your Hard Disk

3. You have a Computer with no Operating System installed.

It may be possible that the above instructions applied to the original Microsoft Windows Operating System before it was modified by DELL. In which case I will still seek conformation from Dell that their reinstallation DVD will fully install fresh Windows.

The DELL FACTORY IMAGE RESTORE UTILITY is in RecoveryD/Tools/PCRestore . I don’t think it was ever hidden.

It might be possible to create a restore disk from the factory created partition on the hard drive but I would not attempt to do so if there was any risk of Drive D being infected.

If there is no risk or only a very remote risk of Drive D being infected would it be feasible to reformat Drive C only and leave the drive D partition as is.?

Will the Diskpart.exe utility be found on the Dell reinstallation DVD. ?

I have backed up Document files and Photos. That’s all I intend to Backup and intend to restore only a few if any of these.

Do I read your instructions correctly

Set the bios to boot from the DVD first. Insert the DVD. Start the computer and let it boot to a command prompt. Install Windows Vista and when asked Where do you want to install Windows screen press SHIFT+F10 to open a command prompt. Click start, click run and type diskpart. Follow instructions to clean the disk and permanently remove all the data and all the partitions.

Does this clean up program also reformat the hard disk.?

At what stage is the hard disk repartitioned ?

Maurice I am afraid I will now have to put this issue once more on the back burner until after Christmas as I am caught up with other things.

May I wish you a happy Christmas and thank you for all your help.

Regards

JJMAC

[Maurice Naggar]

Hello,

It appears that the DELL Operating system DVD is all you need for doing a clean ( new install ) of Windows.

{ Obviously, one should not resort to paying a remote tech for helping you out & surely not for Windows reinstall}.

In instead of calling or emailing DELL I had in mind for you to get onto their public ssupport forum. It works pretty much like our forum.

Now, I would suggest you get a free membership ( its always free ) at SpywareHammer forum and ask for the guidance of their DELL support experts. They have a few of those on their support forum.

Link is http://spywarehammer.com

Tell them I sent you there. The support & admin staff are fine folks. They do more than malware help; they have diverse sections for operating systems, for example, as well as other computer interests.

I suggest them as I know they have at minimum two Dell experts on staff.

You need to register ( free ) first & then make a new post explaining your issue on this board

http://spywarehammer.com/simplemachinesforum/index.php/board,57.0.html

I wish you a Merry Christmas.

Cheers.