Results 1 to 15 of 15
  1. #1
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Arkansas
    Posts
    952
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Clean viruses by reformatting

    I helped a friend who had several viruses and/or trojan horses. We reformatted the hard drive (full format, not the quick format) and then reloaded Windows XP and his other programs. The computer was fine for 2 days and now he has several viruses and trojan horses again. Is it possible that the reformatting did not "clean" the viruses off? He has Norton Antivirus 2005 and it never alerted him to the viruses. Housecall's online scan however indicates he has two trojan infections.

    I have the computer back and am planning to reformat again but want to know if there is any way the viruses or trojans could "stick" through the formatting process.

  2. #2
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Clean viruses by reformatting

    I don't think so,trebor! <img src=/S/nope.gif border=0 alt=nope width=15 height=15>
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  3. #3
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Arkansas
    Posts
    952
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Clean viruses by reformatting

    So if I reformat again, it should be clean. That is the way I always understood it to be.

  4. #4
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Clean viruses by reformatting

    It should be, as long as you don't try to restore any apps from anywhere but the original CDs.

    AND of course, reload the anti-virus prog and a firewall ( all updated ) right away. Don't let anything slip under the wire.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  5. #5
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Clean viruses by reformatting

    I have no recent experience with Norton Antivirus, but I can't help but wonder how he could have gotten infected again, so quickly. Is it possible that one or more of what you're seeing could be false alarms? Do you care to share with us the name(s) of one or more of what he seems to have? Maybe someone here could comment before you go to all the trouble of formatting and reloading again.

  6. #6
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Arkansas
    Posts
    952
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Clean viruses by reformatting

    Hi Big Al, trust me - this is so gobblegooked with spyware, it practically is not working. None of the programs other than IE or OE will load. HouseCall identified two trojans which my friend wrote down - DLOADER and STARTPGEFL. The system is extremely slow to start. When starting, there is an error message - something about 16 bit MS DOS subsystem - the NTVDM CPU has encountered an illegal instruction. When the system does finally start, there are 5 large icons on the desktop - one for medicine, another for insurance, another for "pretty girls", another for software - put the pointer over them and they open a submenu for searches for the related subject. When I do get Internet Explorer to open, and try to go to a link, ADCLICK comes on. There are processes named A22, A23, A24,A25 running from temp files. This is no false alarm.

  7. #7
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Arkansas
    Posts
    952
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Clean viruses by reformatting

    Hi again Big Al

    I just noted that my friend has SHOPPING WIZARD, HOME SEARCH ASSISTANT and SEARCH EXTENDER on his system. As I said, it seems to be loaded with spyware.

  8. #8
    3 Star Lounger
    Join Date
    Jun 2001
    Location
    Lewiston, Maine, USA
    Posts
    293
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Clean viruses by reformatting

    Hi Trebor,
    I suspect that the backup you used to re-install the OS and programs may have been infected - therefore any attempt to use those would cause a re-infected system - Yes?
    Wandering minds abound..
    Bob (the other one)

  9. #9
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Clean viruses by reformatting

    If he has THOSE things on his system, a 99.9% odds are what he has, comes from those sites.
    I recently cleaned up a friends system who had those same identical pieces of malware and virus loaded sources and the cleanup was practically impossible.
    A format and reinstall of XP was the answer. WITHOUT any of those junk generators, it ran fine.

    DON"T reinstall them.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  10. #10
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Clean viruses by reformatting

    I was hoping that you would point out something that another Lounger could help with, but I'm not so sure now.
    <hr>...computer was fine for 2 days and now he has several viruses and trojan horses again... <hr>
    I guess if you do have to format and start over, one of the first things you should do, aside from counselling your friend about his "possible" surfing habits, would be to install something like Spyware Blaster to try to prevent recurrences. This situation seems very extreme, from my experiences.

  11. #11
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Clean viruses by reformatting

    Well, I suppose one could get infected in less than one hour if not using a firewall and anti-virus, and then connecting to the wrong sites. Or waiting for something to come by a non-patched computer.

    As always questions are: how, when, where, what etc.

    Are the virus found in data files? (Are they restored from a backup), what did the user do prior to second infection?

    If one uses the Win XP CD to format the HD, then there can not be any virus left. But what was installed and how, and what did the user do with the computer? These are questions one must ask oneself to find the cause. If it was a Windows original (no slipstream) CD, there should be no virus after format.

    DLOADER seems to be a backdoor, if I am not mistaken by another AV program naming it something.

  12. #12
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Clean viruses by reformatting

    Here's what you've got....
    [i]Description: Home Search Assistant is an Internet Explorer browser helper object; research is currently under way to further identify its risks.

    This spyware BHO, utilizes random file names located in the windowssystem folders all using random DLL CLSIDs trying to evade simple filename based antispyware applications.

    Usually infection will involve dozens or more files and settings.

    Usually a BHO: 4-5 charcters ending in 32.dll
    Startup Registry Autorun settings: files named with 4-5 characters usually ending in 32.exe

    Believed to be a CoolWebSearch Variant.

    "Search Extender "
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  13. #13
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Arkansas
    Posts
    952
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Clean viruses by reformatting

    Hi Big Al,

    Thanks for the research - I have already done the reformat and reload of OS and programs. I scanned the "backup files' with Norton, House Call, Spybot and Adaware and they all came up clean. My friend picked up his system yesterday and I have not heard anything BAD from him so I assume all is well. He did not have a firewall so I installed the free Zone Alarm for him. Otherwise, he did have NAV and ADAWARE, SPYBOT and Spyware Blaster. He could not explain what he did that caused the massive infections for a second time. I preached loud and clear to him about safe surfing practices,etc.

    Thanks again for your help.

  14. #14
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Clean viruses by reformatting

    trebor,
    ------------------------------------------
    not explain what he did that caused the massive infections for a second time.
    -----------------------------------------
    How about NO firewall?
    Also AdAware and Spybot do not prevent Spyware and malware. They can detect them AFTER the fact when it has already infected the machine.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  15. #15
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Re: Clean viruses by reformatting

    > He could not explain what he did that caused the massive infections for a second time.
    Maybe he just visited the same web site that infected him in the first place.

    StuartR

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •