Will a format and reinstall get rid of a virus?

Toggle sidebar Toggle sidebar
M

mafadecay

Distinguished
Mar 30, 2008
130
0
18,680
I have keep getting the same virus over and over. It seems to slip through Mcafee, Norton, AVG, and other antivirus software undetected even though they are kept upto date. It then proceeds to shut down any antivirus software I have and lets more viruses in. I have formatted a few times in the past and reinstalled XP then my Antivirus software, SP2 and all security updates. My kids could be letting it in with a download but it keeps coming back. I run a strict home network with parental controls.

I intend to format again soon but how can I tell if its not infected my BIOS or RAM? How can I clear them to make sure? What antivirus software shoul di steer clear of and which ones are good. I have a legit licence for McAfee 2008 and even though very memory hungry I like it better than Norton.
 
Flakes

Flakes

Distinguished
Dec 30, 2005
1,868
0
19,790
USB stick, weve had lots of problems, with a virus that resides in a Autorun within a usb stick recently where i work, check your usb sticks for a autorun.inf file its hidden so you will need to show hidden files and folders.... this is a new virus and isnt detected by most virus software yet, the only thing ive found to remove it is called:

trojan remover portable. found here: http://softwareportables.blogspot.com/2008/03/portable-trojan-remover-668-build-2518.html

this will also pick up anything else on there, but i also recommend spybot search and destroy: http://www.safer-networking.org/en/index.html
 
M

mafadecay

Distinguished
Mar 30, 2008
130
0
18,680
I have taken all mass storage devices off and formatted new HDD with just XP, SP2, security updates and my broadband installed. Straight away I downloaded NOD32 trial and updated. I havn't even restored any data yet just basic OS and the same thing is happening with this to what was happening previously with other HD. No matter what Antivirus software I install after a while it shuts off Auto protect. NOD32 has only been on for one night and I get message antivirus protection is disabled. When I check it says its working but I can't update either same as all the others. I can't possibly have a virus how could I? If I have it must be in my BIOS or my RAM. Why does no AV software run? Please anybody got any ideas?
 
surrealdeal

surrealdeal

Distinguished
Oct 3, 2007
322
0
18,780
... AV only lets you know about 'old' viruses. Don't expect much. It's possible that if you arent completely shutting off the power of the computer after formatting / fdisking the virus can still be in ram and copy itself over again. Also, viruses can infect your bios. You may have to flash it, then cold reboot. Viruses also infect some printers. This is true, just in case you were skeptic. Maybe someone has it out for you. lol about the flashdrive thing.
 
M

mafadecay

Distinguished
Mar 30, 2008
130
0
18,680
I can't find any updates to flash my board. Spent ages identifying it but when I did no joy on the net with updates. Also I would have to flash from CD as no floppy drive.

When I format I use the one on the XP CD that formats itself as part of the install. I never manually type format c: etc any more I do format to NTFS and a full format not quick. This time the HD was blank before I formatted so I had to fully power down to swap HD's over. Things like MS office store things in RAM that need 2 reboots to clear them.

So either the RAM isn't clearing or it is my BIOS. Surely not my printer but not connected this yet anyway. I also took all my sticks out and used compressed air in slots when I swapped HD to get rid of dust so thinking about it they should be clear as they had no power to them what so ever.

 
M

mafadecay

Distinguished
Mar 30, 2008
130
0
18,680
I knew I had a virus. I got a trial of The Shield Deluxe and it found I had Win32.backdoor.agent It said it sorted it by deleting. Im not convinced. I have read mor eon this virus and there is a lot of info on the svchost.exe file. Now my PC often hits 100% processor and hangs until I shut down with taskmanager.

I have no less than 5 seperate svchost.exe files running in processes all taking up RAM. Anybody know if this is abnormal. I think I should only have 1 or 2 (1 for system and 1 for user). Does anybody know how many svchost files should appear?
 
M

mafadecay

Distinguished
Mar 30, 2008
130
0
18,680
Ok thanks Grumpy I thought I was abnormal for a moment or perhaps I still am. I know about Process Explorer but what I do not know is what to do with the processes after I see them. Some are system generated and some are by my username.
 
4Ryan6

4Ryan6

Champion
Apr 14, 2002
20,610
6
52,915
Some virus programs write themselves to ram and when you shutdown your computer the ram dumps and writes whats in it to your HDD, when you restart the machine its common to restore the last window you had open, and the virus is retrieved from the HDD and the virus replicates sometimes to new locations.

Theres numerous routes you can take to eliminate these kind of threats sometimes involving quite some time to do but if you're considering a scratch reinstall anyway, heres in my opinion the best way to do it.

First get a HDD diagnostic disk for the brand HDD [WD, Maxtor, Seagate, Hitachi, whatever you have, make sure this diagnostic disk has the capability of doing whats acceptably called a Low Level Format [IE. LLF], or Disk Wipe, or Zero Fill, ETC, all different names for the tool, that writes usually zeros to the entire HDD, including the boot record[which can be a virus hiding place], which wipes out all previous data including virus's.

When you're ready to do the LLF its usually done with a floppy diagnostic disk, do not shutdown the computer normally, just pull the power cord from the machine, any virus resident in RAM will be wiped out, your RAM has to have power to maintain its data and there will be no time for it to write to the page file.[Drastic measures but no more harmful than a power outage]

Then put the floppy diagnostic disk in the floppy drive, power up the computer enter setup, by holding down the Delete key or F1 to enter setup, set the first boot device to the floppy drive, 2nd boot CDROM [for reinstalling XP after the LLF], 3rd boot HDD.[Save and exit setup and the machine will automatically boot with the floppy disk already in the drive]

When the machine boots the floppy diagnostic disk will run automatically, look for the zero fill, or disk wipe, or LLF option, then if it gives you options of the quick write, don't select that go with the full disk wipe, it effectively takes about 35min for each 20g, so if you have a huge HDD, do something else while the LLF is going on it will take a while to complete.[There is usually a progress bar to show you what its doing]

Afterwards install WinXP as you normally would, giving it the OK to do so WinXP installation will Partition and [High Level] Format the HDD and your virus will be gone.

Try to figure out how you got this thing so you don't get it again, hope this helps you out. Ryan


Edit; Sorry you can download your HDD diagnostic disk creator from the HDD manufacturers website, if you do not have a Floppy Drive you can download a bootable CD ISO image and create a bootable CD, but in my experience the Floppy works the best. Good Luck and if you have any problems feel free to PM me.
 
M

mafadecay

Distinguished
Mar 30, 2008
130
0
18,680
Cheers Ryan that should really help.

Another possible cause could be when I created my backup XP CD the virus may have imbedded in the ISO file. Not sure but cd scans clean. Otherwise
it must be the kids geting the virus. I work form home and basically ban them from using my computer as they always get viruses and I end up formatting every few months. Inevitable they come up with the excuse I need to go online for my homework and before I know it they have downloaded limewire, MSN etc and filled my PC with 100's of trojans and spyware. Lavasofts adaware always picks up atleast 40 items after they have been on. This particular virus is giving me a headache as I have formatted no end and even before I get my internet connection it appears back on my HD.

I have McAfee installed and although very memory hungry I think it is actually quite useful even though everybody else doesn't. I have been faithful to McAfee since the Dr Solomons days and then the Network Associates merger. I have recently discovered the shield deluxe anti virus which isn't so hungry and seems by all accounts to be the best on the market. I am considering switching to this full program when my McAfee licence expires. It also has something called self defence. Where if you go against its popups and still manage to get infected, it will not let you infect itself. In the last few months I have tried every single big contender in the AV market and none appart form this product have this feature.

I have tried many parental controls to stop the little buggers visiting dodgy sites but when Im out at work my missus leaves the PC unlocked and they go on my account with full free roam of the net.
 
gomerpile

gomerpile

Distinguished
Feb 21, 2005
2,292
0
19,810
That statement is so familiar and since using a host file we have not had an infection of anykind since, its been almost a year. I can say the host file has been the most trusted prevention I've had. I have 4 computers on this network and it has been a real treat this past year not having the kids saying dad my computer not working.
http://www.abelhadigital.com/ could be the last thing you'll ever need or use
 
4Ryan6

4Ryan6

Champion
Apr 14, 2002
20,610
6
52,915
@mafadecay

After you get rid of your virus's and you know you have a clean machine try adding this program to aid your AV.

www.threatfire.com

It will work with any AV software, and looks for suspicious activity, that could be inherent to trojan activity that your AV software may not even have a definition for yet.

Low resource use and free for personal use.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom