I have a 1 SSD with Win7 on it which is my main system and 1 HD for backup which is not usually connected to the motherboard (except when I'm backing up data) with another Win7 install.
I had a problem with my antivirus software (NOD32) which wouldn't launch on Windows startup (although it was listed and checked in the msconfig startup list). I couldn't even start the antivirus manually. It seemed that on of its components was running in the background (esetgui.exe or something like that) but I couldn't terminate it through the task manager. I always got a Windows error saying the task couldn't be terminated. (I'm in full admin mode).
This problem occured right after installing the latest PACE drivers for my Ilok dongle. http://www.paceap.com/dldrvr.html It need to restart the computer to finish the driver installation.
I thought it could be a virus so I connected my backup drive, did a boot override to boot on it and run antivirus scans. But on Windows boot up, a CHKDSK scan automatically started on I-don't-know-what-drive as no drive letter was specified (or I had no time to read) and it found 3 tons of disk errors.
1/ How can I know if the CHKDSK was for the SSD or the HD?
Then CHKDSK didn't give me the choice but to repair everything without asking.
2/Can a CHKDSK repair damage a SSD?
Now the virus thing.
So I was able to boot on my Win7 backup system. I scanned with NOD32 my SSD and it didn't find anything suspicious. Then I scanned with Panda antivirus and Trend Micro HouseCall and only HouseCall found 2 suspicious files:
- one was from an old (2004) freeware VST plugin (that's an audio plugin for my digital audio workstation, Cubase). It's called X-Cita and it's been around for some years so if it was a real threat I guess they would have removed the plugin from downloading. http://www.uv.es/ruizcan/p_vst.htm
- the other file was from my Google Chrome cache. Chrome uses filenames like f_002abc so the name won't be of any help. But I scanned the detected file with virustotal and only Trendmicro is returning "positive" results http://www.virustotal.com/file-scan/report.html?id=72d3...
3/ How can I know if I'm really infected?
This morning I forgot to do the boot override to boot on my backup system and booted on my SSD instead. I got a computer freeze while it was loading startup software on windows desktop (explorer, NOD32...)
If a virus (or malware) has is responsible it can be very difficult to fix, so a Windows re-install may be in order. One approach I have used successfully in the past is to boot into safe mode and use msconfig to disable all things you don't recognise from your startup - this may then enable you to get into Windows itself to do more digging around. If this doesn't help then you may have to do the re-install.
The file from the Chrome cache is dated at the time I had problems, so this could be a lead. But how come only 1 antivirus out of 40 would detect this file as a threat??
I forgot to mention I ran a Malwarebytes scan too and it didn't detect anything. I only did a quick scan so I'll try the deep one.
I hope I won't have to do a full reinstall since I have like hundreds of softwares/plugins to install and configure. It always takes me 100% of my free time on 2 to 3 days to go through the whole install process. So I'd like to try everything possible before going through this.