Dangerous type of Malware

[ajumelet]

In my hurry to post in this category a message containing a very serious infection
about a very dangerous type of malware (I think it is a flash-bios rootkit.) which
has infected my system until now for three weeks ago. I have done everthing to
clean my computer but with no results. I have posted it in the category of
“Computer Help” with the title “Malware cannot be removed from harddisk”
If you think that you can help me please let me know.

Thanks in advance

 

[LiuKangBakinPie]

Go here
http://www.overclock.net/networking-security/1029025-malware-removal-guide.html#links

 

[ajumelet]

Go here
http://www.overclock.net/networking-security/1029025-malware-removal-guide.html#links

Thanks for your reply,

I appreciate your advise, trying to help me.

I have used, GMER, AVAST and COMBOFIX.
Finally, I used the zero-filled methode with no results.
HaHa, Scanning a wiped HD is the same as reading an empty book.
In detail read my procedures and messages.

 

[Harvey]

This will sound like something a computer aware father would say, but welcome to the best of reasons for having a second hard drive the same size as your main drive and "cloning" it at least least once a week AFTER running your AV and anti-spyware/malware programs and before you install any new programs.

"Cloning" your drive is more than backing up your files. You can use a program like Acronis True Image create a fully functional duplicate of your drive. If your main drive dies, just replace it with the cloned drive, boot up and keep stepping.

If, as in your case, your drive is hit by some malware that you can't be sure is fully removed (or just takes to damned long), try to save any files since you last cloned your drive to a flash drive, and clone back to your main drive from the known clean cloned drive, and * < POOF > * no more infection.

Once you're back up and running, you can plug in your flash drive, SCAN IT! to make sure you don't re-infect your system and copy those few files to your clean installation.

If your drives are Seagate or Western Digital, both companies offer free versions of True Image that are limited only in that at least one of the drives in your chain must be from the manufacturer who supplied the program.

Acronis True Image for Seagate drives.

Info

Program

Manual

Acronis True Image for Western Digital drives.

http://support.wdc.com/product/downloaddetail.asp?swid=119&wdc_lang=en

Program

Manual

I mount my backup drive in a mobile rack like this.

When it's not in use, I unplug it from my system. When it's time to clone, I power down, plug it in, and run the program. Then, I power down and unplug it. No virus can jump the air gap to an unplugged drive.

 

[Slugbait]

BIOS rootkits were all the rage a half-decade ago - but way too expensive, so no real-world concern. AFAIK, BIOS rootkits are null today, but to make sure you can run RootkitRevealer. Tho' I highly doubt it will return anything.

My guess is that you have worm on a different device...second hard drive, flash drive, discs you used to rebuild, whatever. You plug it in, shazaam...you're infected again.

In detail read my procedures and messages.

I was unable to decipher this comment...what does it mean?

 

[ajumelet]

Go here
http://www.overclock.net/networking-security/1029025-malware-removal-guide.html#links

Thanks for your reply,

I appreciate your advise.

I have used: GMER, ALVAST and COMBOFIX with no results.
Finally I used the zero-filled method, thinking that any malware cann't
survey. again the same story.
Read my procedures carrefully may be you have another option.
Untill now, your advise is the same as reading an empty book.

 

[ajumelet]

This will sound like something a computer aware father would say, but welcome to the best of reasons for having a second hard drive the same size as your main drive and "cloning" it at least least once a week AFTER running your AV and anti-spyware/malware programs and before you install any new programs.

"Cloning" your drive is more than backing up your files. You can use a program like Acronis True Image create a fully functional duplicate of your drive. If your main drive dies, just replace it with the cloned drive, boot up and keep stepping.

If, as in your case, your drive is hit by some malware that you can't be sure is fully removed (or just takes to damned long), try to save any files since you last cloned your drive to a flash drive, and clone back to your main drive from the known clean cloned drive, and * < POOF > * no more infection.

Once you're back up and running, you can plug in your flash drive, SCAN IT! to make sure you don't re-infect your system and copy those few files to your clean installation.

If your drives are Seagate or Western Digital, both companies offer free versions of True Image that are limited only in that at least one of the drives in your chain must be from the manufacturer who supplied the program.

Acronis True Image for Seagate drives.
When it's time to clone, I power down, plug it in, and run the program. Then, I power down and unplug it. No virus can jump the air gap to an unplugged drive.

Thanks for your reply

I appreciate your help

Whether I try to solve the infection, i keep it very simple.
At the moment I only use one drive (Seagate Barricuda) ; IBM USB
Floppy and CD drive. I used a write protected floppy with seatools.
Before I used that the first what i did was completely power down for 10 min. than I unplugged my HDD, plugged in my floppy drive then computer
turned on.
Changed bootsetting only to floppy after that I plugged in harddisk and
lets seatools detect my drive to excute the full-zero filled.
I also tested the sectors (LBA's) no errors detected.
Any malware are killed in this way.
But no results.

Before that, I used several anti-virus sofware with no results.
So I say again to all, scanning a wiped Harddisk is the same as reading an
emty book.
So suppose bios is clean, wiped HDD, so what do i need more to clean my
computer, its clean an a fresh winxp installation will be succesfull.
I thing buying a new one is the best option.

 

[ajumelet]

BIOS rootkits were all the rage a half-decade ago - but way too expensive, so no real-world concern. AFAIK, BIOS rootkits are null today, but to make sure you can run RootkitRevealer. Tho' I highly doubt it will return anything.

My guess is that you have worm on a different device...second hard drive, flash drive, discs you used to rebuild, whatever. You plug it in, shazaam...you're infected again.I was unable to decipher this comment...what does it mean?

Thanks for reply,

I mean read my procedures carrefully, i have done no mistakes.
Read also my comments to Harvey.

 

[Gamingphreek]

Thanks for your reply

I appreciate your help

Whether I try to solve the infection, i keep it very simple.
At the moment I only use one drive (Seagate Barricuda) ; IBM USB
Floppy and CD drive. I used a write protected floppy with seatools.
Before I used that the first what i did was completely power down for 10 min. than I unplugged my HDD, plugged in my floppy drive then computer
turned on.
Changed bootsetting only to floppy after that I plugged in harddisk and
lets seatools detect my drive to excute the full-zero filled.
I also tested the sectors (LBA's) no errors detected.
Any malware are killed in this way.
But no results.

Before that, I used several anti-virus sofware with no results.
So I say again to all, scanning a wiped Harddisk is the same as reading an
emty book.
So suppose bios is clean, wiped HDD, so what do i need more to clean my
computer, its clean an a fresh winxp installation will be succesfull.
I thing buying a new one is the best option.

I don't understand why you think you are still infected. What tells you that you are infected with some sort of malware?

Try using http://www.dban.org/. That should wipe all protected areas (ie: The HPA or DCO) of the hard drive as well that wouldn't ordinarily be touched by tools.

But honestly, before you try that, why do you think you are still infected with any sort of malware? What program is apparently finding this?

Do you do the install fully offline and then find that you are infected when you plug into the internet?

-GP

 

[Slugbait]

i have done no mistakes.

Smart money says that you have.

 

[LiuKangBakinPie]

What happens when you backup the malware as well with acronis? Backup doesn't remove malware. You have to clean out the infections first before you backup. Format wipe and your on a network and if its a worm wont remove it either you have to clean out the infection first.

You have used Gmner and Combofix?
Eh its the same rootkit scanner. So that's a waste.
Tdskiller and Combofix or Tdskiller and Gmner. That's 2 different rootkit scanners. Combofix got Gmner in it. So what Gmner won't pick up Combofix won't pickup