Format HD after Torjan

[daftpunkit]

I just finished cleaning up my PC after a nasty spyware, a Trojan/Rootkit - uacinit.dll, planted itself in my system32 folder. After removing it and several scans later I have no longer detected it in my PC, for now. From what I googled this type of Trojan/Rootkit fully compromises the security of the PC for good until a full wipe of the hard drive. I suppose its known to bury itself deep into the registry and can resurface later down the road.

Seeing that the infected PC is my main computer that I use for Banking and online purchases I am extremely cautious with it. Since detecting it I have disconnected it from the internet and am teetering on the full wipe. The PC has hundreds of GB of media and games and I was wondering if it is safe to transfer media onto an external hard drive without risk of transfering the Trojan/Rootkit.

Should I just be safe and wipe it all? or is it possible to transfer media files without risk of the Trojan/Rootkit? I am guessing it is ok to transfer media files since they are no real connection to the registry files.

 

[RebateMonger]

Copying media and other data files isn't normally a problem. It's quite easy for anti-virus scanning programs to scan such files and locate any known infections. As you found, locating and removing rootkits and other malware in your operating system is tougher.

The main thing to watch out for is that when you connect an external hard drive, some malware can sense that and infect the drive so that when it's attached to ANOTHER computer, it can infect the other computer. You don't want to go to all the trouble of reformatting and then get re-infected.

The key is to make have your "new" computer updated to the latest Windows security updates, which allow disabling the "Autorun" function of newly attached external hard drives. I suggest you review the following MS KB article and verify that all AutoRun features have been disabled:
How to disable the Autorun functionality in Windows.

I'd:
1) Make sure you have Windows drivers for your PC's devices
2) Copy all your important data files to the external drive. Be sure you get your email and "Favorites".
3) Re-install Windows. Allow the Install process to re-partition and re-format the hard drive.
4) Install AntiVirus software and update it to the latest definitions.
5) Fully update Windows and any applications.
6) Attach the external hard drive and scan it for malware.
7) Copy your important data files to your new PC.

 

[tzdk]

You can remove almost everything. Whatever you had will be documented on AV sites. Removing infections is mostly a question of information level. Where did you look it up? Did a page on AV site say system is compromised forever or was it from someone who could not get AVG to remove more? There is much info on Google Did you doublecheck with online scanner from Kaspersky, ESET? Aviras or Dr. Webs rescue-cd? Cds probably good for this one. You can scan until you puke - besides risking false positive the more you scan the better.

Did you go through something like this http://forums.whatthetech.com/...cinit_dll_t103575.html which seems to go for the record in use of tools or is it just your one and only favorite scanner which says computer is clean? More human links or more straightforward removal http://nyctechtips.com/2009/05...virus-and-uacinit-dll/ http://beer234.blogspot.com/20...emoved-uacinitdll.html Not that difficult then, but must be done right. And as the first link shows there could be more infections!

So you can be safe - or you just think you are.

If any doubt still then run a rescue-cd http://freedrweb.com/livecd/?lng=en or http://www.free-av.com/en/tool...vir_rescue_system.html They are set up to not remove anything out of the box, just report. Which is what you want. Good time to be paranoid so I would scan with at least one of those. Look out for false positives... Dont think there is an option of qurrantine so be careful what you remove, dont let them clean/repair until certain.

 

[tzdk]

http://www.bleepingcomputer.co...=1269209&#entry1269209 not to scare you but if whatever it is went for your passwords you should change those regardless of infection being gone.