Hybrid drive virus

[robothunter]

My buddy has a Momentus XT hybrid drive in his laptop. Kaspersky detected a worm but was unable to remove it or quarantine it. He made a bootable Kaspersky CD to try and remove the worm but it was unable to detect it. He formatted the drive and re-installed Windows, put Kaspersky on and it detected the worm off a fresh clean install.

The hybrid drive automatically manages the SSD portion of the drive. I am worried that the virus is on the SSD portion of the drive. Is there a program like OCZ's "Sanitary erase" that he could use on his Seagate drive?

 

[dandragonrage]

If the drive is formatted then the data is practically gone, period, except perhaps to drive recovery software. Also, Kaspersky isn't that good. Good AVs:

-Microsoft Security Essentials (free)
-Avira AntiVir (free, but you have to remove execute permission from avnotify.exe or it's nag-ware)
-Eset NOD32 (not free, and IMO getting a bit more resource intensive than it used to be)

 

[sweloop64]

Very interesting issue... The question is how to force flush/erase what is on the ssd-part...
As I understand the ssd-part work like a cache, which doesn't necessary mean that it has to be erased if the mechanical-part was formatted... Even if it were to work, do this every time fishy files enter the system? Dell/HP/Acer etc better never put these kinds of drives in their systems in that case, lol =)

 

[drescherjm]

I doubt that the drive has a virus on it after a new format. The cache should not come into play because if it would be returning data that is not on the hard drive all sorts of weird corruption would occur. My guess is either the antivirus is mis diagnosing the problem or the system got reinfected by being connected to the internet again.

 

[nitrobass24]

Are you using a pirated copy of windows?

 

[gimp]

what's the name of the file it's detecting as a virus?

is it wininit.exe?
If so, it's a false-positive.
see here: http://hardforum.com/showthread.php?t=1543657

 

[robothunter]

It's a legit copy of Windows.
The virus is wininit.exe
Thanks for everybody's help.

 

[LiQuiD[EViL]]

Did you try combofix? I had it detect a virus (whistler bootkit) in a drives mbr. Only way I was able to fix it was going to system repair and running bootsec /fixmbr.

 

[MrGuvernment]

If the drive is formatted then the data is practically gone, period, except perhaps to drive recovery software. Also, Kaspersky isn't that good.

Since when has Kapersky not been good....it has an Advance + rating on av-comparatives rated %59 vs Avira %53 ProActive detection.

http://www.av-comparatives.org/images/stories/test/ondret/avc_report26.pdf

So before you go around bashing an AV.. make sure you know how it performs.

 

[Chimel]

what's the name of the file it's detecting as a virus?
is it wininit.exe? If so, it's a false-positive.
see here: http://hardforum.com/showthread.php?t=1543657

Any reason why I don't have permission to view that standard information link?

vBulletin Message

Chimel, you do not have permission to access this page. This could be due to one of several reasons:

1. Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
2. If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

 

[nitrobass24]

its for paid subscription section
http://hardforum.com/announcement.php?f=3&a=50

 

[Old Hippie]

its for paid subscription section
http://hardforum.com/announcement.php?f=3&a=50

Looks like I'll never read that thread.

 

[nitrobass24]

you dont know what your missing.

If you Fold, you can get it for free

 

[Old Hippie]

If you Fold, you can get it for free

Does laundry count?