Virus? Rootkit? What?

T

tgabe213

2[H]4U
Joined
Aug 27, 2007
Messages
3,684
So a friend gave me his laptop (again) to fix for him. He got some kind of virus or something so I wiped it and reinstalled windows. Everything going good, installing software, and couldn't get malwarebytes to launch. It installs but doesn't launch. I could search for them on google, but I'd get a page cannot be displayed. Links to other sites would forward to some yahoo things. Somethings not right. This is on a fresh install.

Help?
 
Run Spybot and CCleaner and try again. Did you just reinstall Windows or did you do a clean format as well? Something is not right if you completely formatted the hard drive prior to install.
 
I formatted the C: partition with the windows disc. I booted from CD, format, create partition, install windows...

I remember now that there were some other partitions that I didn't touch. Could it be in there still?
 
Well I couldn't even click on the C:\ from My Computer. Some error would come up. I could manually go there through windows explorer by typing C:\ though. Disk Management didn't show the C:\, just the D:\ which was the DVD drive.

Booted from Windows disc and found 3 other partitions. 1st was 5gb, 2nd was the Media Direct, and 3rd was like 500mb. The 3rd didn't have a drive letter, but it did have a size and used space.

I ended up wiping the entire drive. I deleted ALL partitions, and it's formatting it now. Hopefully..
 
Good choice. It's best to delete ALL partitions and then do a clean install of Windows. That should solve it.
 
well if u format the main drive, dont open the other drives.

show all hidden files make sure there is no autorun.inf in the other drives.
 
Unfortunately I'm at work right now but it was almost done installing when I left this morning.

Is there a chance that it could have copied itself onto my flash drive (when I went to back his pictures and documents up) then back onto the newly formatted laptop?
 
Great. So how do I get that off of my flash drive without hooking it up to my desktop and infecting my desktop?
 
I believe that Avira Rescue CD that I linked can scan USB flash drives if your USB controller is supported in Linux, so I would try that.

If you want to take the gamble, then at the very least install a good antivirus on the PC, have the resident guard enabled, then disable autoplay for USB, and insert the USB drive and immediately scan it.

It'd be safest to scan it with the rescue CD first, but even if you do that, still install an AV before you mount the flash drive.

You can also make a regular user (not administrator) with restricted access to executable files and plug the flash drive in as that user. Again, AV is more important than this, but combining the two is a good idea.
 
I experienced similar symptoms recently - Windows launched normally, but strange behavior when I tried to launch apps. Scanned the system thoroughly for malware, including rootkit scan. All indications were that nothing was wrong with Windows.

Eventually - I discovered that after Windows loaded, everything worked fine if I simply pressed the Enter Key before I attempted to launch anything.

I opened Notepad and serially pressed every key until I discovered that the Space Key was the problem - it was stuck at depressed. Replacing the keyboard with a known-good keyboard confirmed the problem source.

Hope this helps!
 
You must log in or register to reply here.
Back
Top