IE Hijack virus survived a full hard drive reformat



Cassius
07-10-2005, 01:14 AM
I spent the best part of the weekend trying to fix my PC after Internet
Explorer was hijacked whilst I tried to download some DVD ripping
software - be careful guys. Having tried loads of antivirus / spyware
removal software to no avail, and having noticed that this evil virus
had badly messed with the registry of my PC, I decided that the only
thing to do was to reformat the hard drive.

First I found that the instructions for reformatting my XP hard drive
would not work. I think the virus was preventing me from formatting it!
I got down to the "Press Y to format" bit, pressed Y and got a circular
prompt.

I eventually found a way to do it, having tweeked BIOS and booting XP
from CD instrad of hard drive. I managed to fully reformat the hard
drive - all files gone. The first thing I installed was my internet
connection. I had been connected for about five seconds before a pop-up
appeared, telling me that my computer was infected. I had not even
opened Internet Explorer yet.

Has anyone ever seen this before? A virus surviving a hard drive
formatting?? Has this thing messed with the magnetic polarity of the
particles of my physical hard drive??! Is there any way I will ever be
able to shift this? It is pure evil....any ideas would be much
appreciated. Thanks in avcance.


--
CassiusPosted from http://www.pcreview.co.uk/ newsgroup access

DL
07-10-2005, 01:14 AM
An 'unprotected PC' connected to the internet can be infected within a
matter of minutes.
The virus didnt survive your formating, you just got reinfected.
BTW you cannot format your sys drive within win. You 'have' to use the cd.
Run an online scan via www.kaspersky.com or www.symantec.com
Once up and running, ensure win is updated, buy a decent AV app and install
a Firewall App
If you had these in the first place it is unlikely you would have been
infected, unless by user stupidity!
If you want any specific help on the virus you will have to give us a clue -
its name?!

"Cassius" <Cassius.1pw8hm@> wrote in message
news:UdGdnf8NjfvI1QHfRVn_vg@giganews.com...
>
> I spent the best part of the weekend trying to fix my PC after Internet
> Explorer was hijacked whilst I tried to download some DVD ripping
> software - be careful guys. Having tried loads of antivirus / spyware
> removal software to no avail, and having noticed that this evil virus
> had badly messed with the registry of my PC, I decided that the only
> thing to do was to reformat the hard drive.
>
> First I found that the instructions for reformatting my XP hard drive
> would not work. I think the virus was preventing me from formatting it!
> I got down to the "Press Y to format" bit, pressed Y and got a circular
> prompt.
>
> I eventually found a way to do it, having tweeked BIOS and booting XP
> from CD instrad of hard drive. I managed to fully reformat the hard
> drive - all files gone. The first thing I installed was my internet
> connection. I had been connected for about five seconds before a pop-up
> appeared, telling me that my computer was infected. I had not even
> opened Internet Explorer yet.
>
> Has anyone ever seen this before? A virus surviving a hard drive
> formatting?? Has this thing messed with the magnetic polarity of the
> particles of my physical hard drive??! Is there any way I will ever be
> able to shift this? It is pure evil....any ideas would be much
> appreciated. Thanks in avcance.
>
>
> --
> CassiusPosted from http://www.pcreview.co.uk/ newsgroup access
>

NoNoBadDog!
07-10-2005, 01:14 AM
You answered your own question....

You connected to the internet without first having a firewall and antivirus
software loaded and running.

Yes, you can get infected within 5 seconds...

In your case, it was probably just a spam Messenger file, still caused by
the fact that you had no firewall and antivirus running (and I do not mean
the worthless firewall that comes with Windows SP2).

Unless you had a boot sector virus, there is no way that it could have
survived a destruct format.

Bobby



"Cassius" <Cassius.1pw8hm@> wrote in message
news:UdGdnf8NjfvI1QHfRVn_vg@giganews.com...
>
> I spent the best part of the weekend trying to fix my PC after Internet
> Explorer was hijacked whilst I tried to download some DVD ripping
> software - be careful guys. Having tried loads of antivirus / spyware
> removal software to no avail, and having noticed that this evil virus
> had badly messed with the registry of my PC, I decided that the only
> thing to do was to reformat the hard drive.
>
> First I found that the instructions for reformatting my XP hard drive
> would not work. I think the virus was preventing me from formatting it!
> I got down to the "Press Y to format" bit, pressed Y and got a circular
> prompt.
>
> I eventually found a way to do it, having tweeked BIOS and booting XP
> from CD instrad of hard drive. I managed to fully reformat the hard
> drive - all files gone. The first thing I installed was my internet
> connection. I had been connected for about five seconds before a pop-up
> appeared, telling me that my computer was infected. I had not even
> opened Internet Explorer yet.
>
> Has anyone ever seen this before? A virus surviving a hard drive
> formatting?? Has this thing messed with the magnetic polarity of the
> particles of my physical hard drive??! Is there any way I will ever be
> able to shift this? It is pure evil....any ideas would be much
> appreciated. Thanks in avcance.
>
>
> --
> CassiusPosted from http://www.pcreview.co.uk/ newsgroup access
>

Cassius
07-10-2005, 01:14 AM
This does look like what you suggest, a "Messenger" file (it says
something like it's being sent from Messenger System? I can't isolate
this as it does not seem to run as a process when I check on Task
Manager). But this is the same thing that I got before I formatted the
hard drive - how and why would I end up with the same infection within
seconds unless there was something making my system particularly
susceptible to this? Surely there are loads of these viruses around,
how come the exact same thing??

Is there any way of getting rid of the messenger file without another
reformat?? Sorry, I'm a bit crap with computers....thanks!


--
CassiusPosted from http://www.pcreview.co.uk/ newsgroup access

Mike Hall \(MS-MVP\)
07-10-2005, 01:14 AM
Cassius

Set the XP firewall to run, or install a third party firewall..

For the majority of problems that can be encountered, one does NOT have to
re-install the operating system.. ask here or any decent forum for problem
solutions first..


--
Mike Hall
MVP - Windows Shell/User
http://dts-l.org/goodpost.htm





"Cassius" <Cassius.1pwh3n@> wrote in message
news:oq2dnWF5hfy-6QHfRVn_vg@giganews.com...
>
> This does look like what you suggest, a "Messenger" file (it says
> something like it's being sent from Messenger System? I can't isolate
> this as it does not seem to run as a process when I check on Task
> Manager). But this is the same thing that I got before I formatted the
> hard drive - how and why would I end up with the same infection within
> seconds unless there was something making my system particularly
> susceptible to this? Surely there are loads of these viruses around,
> how come the exact same thing??
>
> Is there any way of getting rid of the messenger file without another
> reformat?? Sorry, I'm a bit crap with computers....thanks!
>
>
> --
> CassiusPosted from http://www.pcreview.co.uk/ newsgroup access
>

Kerry Brown
07-10-2005, 01:14 AM
"Cassius" <Cassius.1pwh3n@> wrote in message
news:oq2dnWF5hfy-6QHfRVn_vg@giganews.com...
>
> This does look like what you suggest, a "Messenger" file (it says
> something like it's being sent from Messenger System? I can't isolate
> this as it does not seem to run as a process when I check on Task
> Manager). But this is the same thing that I got before I formatted the
> hard drive - how and why would I end up with the same infection within
> seconds unless there was something making my system particularly
> susceptible to this? Surely there are loads of these viruses around,
> how come the exact same thing??
>
> Is there any way of getting rid of the messenger file without another
> reformat?? Sorry, I'm a bit crap with computers....thanks!
>
>
> --
> CassiusPosted from http://www.pcreview.co.uk/ newsgroup access
>

Install SP2. It turns off the messenger service and turns on the firewall by
default. At this point it is too late. You are probably already infected
with one or more worms. As you have just done a clean install it may be
quicker and easier to just do it again. Before you do it download a firewall
program and burn it to CD or purchase a firewall program. After doing the
clean install do not connect to the internet until the firewall is
installed. Do not connect for any reason including activations, downloading
updates etc. Once you have a functioning firewall running then connect and
proceed with the rest of the install. The alternative is try and clean any
malware that is already installed. Here's some links to get you started down
that path:

http://rgharper.mvps.org/cleanit.htm

http://www.aumha.org/secure.htm

Kerry

Jack
07-10-2005, 01:14 AM
Recent test proove that an unprotected XP Computer (no filewall, no
anti-virus, no spyware protection) will result in Virus infection, spyware
infestation in 4 seconds during certain time of the day and in less than 1
minute other times.

"Cassius" <Cassius.1pw8hm@> wrote in message
news:UdGdnf8NjfvI1QHfRVn_vg@giganews.com...
>
> I spent the best part of the weekend trying to fix my PC after Internet
> Explorer was hijacked whilst I tried to download some DVD ripping
> software - be careful guys. Having tried loads of antivirus / spyware
> removal software to no avail, and having noticed that this evil virus
> had badly messed with the registry of my PC, I decided that the only
> thing to do was to reformat the hard drive.
>
> First I found that the instructions for reformatting my XP hard drive
> would not work. I think the virus was preventing me from formatting it!
> I got down to the "Press Y to format" bit, pressed Y and got a circular
> prompt.
>
> I eventually found a way to do it, having tweeked BIOS and booting XP
> from CD instrad of hard drive. I managed to fully reformat the hard
> drive - all files gone. The first thing I installed was my internet
> connection. I had been connected for about five seconds before a pop-up
> appeared, telling me that my computer was infected. I had not even
> opened Internet Explorer yet.
>
> Has anyone ever seen this before? A virus surviving a hard drive
> formatting?? Has this thing messed with the magnetic polarity of the
> particles of my physical hard drive??! Is there any way I will ever be
> able to shift this? It is pure evil....any ideas would be much
> appreciated. Thanks in avcance.
>
>
> --
> CassiusPosted from http://www.pcreview.co.uk/ newsgroup access
>

flannelmeister
07-10-2005, 01:14 AM
Cassius Wrote:
> The first thing I installed was my internet
> connection. I had been connected for about five seconds before a
> pop-up
> appeared, telling me that my computer was infected. I had not even
> opened Internet Explorer yet.
>
>
>
>
> --
> CassiusPosted from http://www.pcreview.co.uk/ newsgroup access

If that was the first thing you did, can I infer that you hadn't yet
installed anti-virus, adaware, spybot search and destroy, spyware
blaster and the microsoft free anti spyware software? (all these I find
essential to keep your PC free from nasties)

If you haven't got anti-virus, there are very good free ones available
from Grisoft (AVG Free) and Avast!.

It could simply be that connecting to the net unprotected you were
quickly re-infected, this can literally happen in seconds if you
haven't got anti-virus and something like the "tea timer" resident
protection found in spybot search and destroy or microsoft's
anti-spyware program.


--
flannelmeister


IE Hijack virus survived a full hard drive reformat