Help me Obie One; you're my only hope. My wife's desktop was infected with Trojan C-Ransom or something like that, and in safemode I was able to get McAfee to locate and -- I thought -- delete the virus. I then ran MS Malware and the report indicated it had found another virus (Trojan A). I couldn't read the whole virus name because the name was a hyperlink, which I clicked and from that point on Windows has been locked down tight. It behaves as it did with the Trojan C-Ransom virus (screen is just pinstripe like pattern). I ultimately tried downloading the rescue disc that had been suggested in earlier posts on this site and it opened Windows, but could not fix the problem. I told it to use a restore point and went to bed for a few hours while it worked on that. I left it too long, I fear: when I got back to it, it had posted a window saying it could not successfully restore the operating system. Now, not even the rescue cd will operate (even after pressing F12). I am going to create a new rescue cd and try that again, but I would appreciate any guidance that can be offered. Why do people do the things they do?

Recommended Answers

All 4 Replies

Fortunatley, there arent too many people that get a kick out of frusting the rest of us. With situations like this, I would simply recommend that if you have access to the original disks that came with the computer, you use those to wipe the hard drive and start clean and fresh. As experienced, different AV programs will have different results in what they find. The only way you can guarantee that you have removed all malware is to wipe the drive. Hopefully you have a backup of your important data. If not, you could remove the drive and connect it to another computer and copy files off via USB, but you always run the risk of infecting another computer, depending on the malware and what files have actually been comprimised on your PC.

Once you get everything re-installed (OS, Apps, anti-virus, etc.), configured and all updates applied you might want to consider installing a disk imaging program (Macrium Reflect is highly rated and free for personal use). Take a disk image of your system partition and save it somewhere. If you get reinfected you can copy your personal files then restore the image. I typically keep only OS/Apps on my C partition (60 gig) and data on other partitions. Reloading from scratch can take days (to get everything just so). Reloading an image takes under an hour. The imaging program does not image unused sectors so my 60 gig partition compresses down into a 17 gig file (on my system).

Malware that reinstalls itself is almost a sure sign of a rootkit. If you can get Windows to load, then give Sophos Anti-rootkit a try. If that doen't work, try HijackThis. Once HijackThis has run, paste the log into This site will tell you which things HijackThis should delete.

This is why I run Linux on all of my systems, and only run Windows in a virtual machine. I install all the Windows cruft that I want, and then take a snapshot of the virtual system. If I get a virus, I just restore to the snapshot - bingo, no more virus and it takes about 10 seconds to do! Alternatively, if I have to run Windows natively, then I install all the cruft I want/need (with Windows updates installed also), at which point I get a good/big external hard drive, boot with a Linux live CD/DVD, and do a bit copy of the entire system disc to a file on the external drive. If I get a really nasty virus like yours that the normal A/V programs can't handle (there are a lot of them these days), then I boot into the live CD/DVD Linux system again, and copy back the bit image I made to the hard drive. That restores EVERYTHING, including the boot loader and everything on the disc. If I have data on the disc that I cannot live without, then I mount the NTFS partition and copy the files to an external drive, where I can scan them with an A/V program after I have restored Windows. Do that before you restore the bit image, however, otherwise you will lose all of your changes since the image was created. I have to say, that this has saved my bacon on a number of occasions (probably a half-dozen or so), though mostly when the disc died, or something (like a virus) totally fubar'd the drive. In my case, I redo the copy somewhere between once a week and once a month (depending upon how busy/lazy I am).

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.