PCA Forums

Where the old farts gather
https://www.pcabusers.org/phpbb3/

New virus?

https://www.pcabusers.org/phpbb3/viewtopic.php?f=8&t=51341

Page 1 of 1

New virus?

Posted: Tue Apr 05, 2011 2:42 pm
by Bear
Hello all...once again I am plagued with a trojan/virus. It is called 'Windows Restore' and it has almost completely co-opted my system. I have run Super Anti Spyware, PC Doctor, AVG, nothing works. I also get a warning:

"Windows-Delayed Write Filed" that says, "Windows was unable to save all the data for the file \\System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware".

Any button I push on this warning, 'Cancel', 'Try Again', or 'Continue', causes a reboot, after which the Windows Restore runs a diagnostic again. I seem to have lost all of my libraries/documents and a bunch of icons off of my desktop.

I ran 'HiJack This', and have a screen shot of 'Windows Restore', but I cannot seem to attach either file to this post, so any help is appreciated. Thanks in advance.

PS, my O/S is Win 7 Professional.....

Posted: Tue Apr 05, 2011 3:24 pm
by normalicy
If it is a virus, your best bet is to save what you can & reinstall if it it has that much control. However, it sounds much more like you have either a hard drive or drive controller issue. Once again, save what you can onto a different drive/disc ASAP. There's a small chance it could be a cable or memory stick, so it doesn't hurt to wiggle them around to be sure. Once done with that, I suggest running the drive scanning utility from whatever manufacturer's hard disc you have.

Posted: Tue Apr 05, 2011 4:13 pm
by FlyingPenguin
I'm impossible to say what's real actually an error and what's fake. The delayed write SOUNDS like a serious hard drive issue, and the crash and reboot seems to confirm that, but since the system is compromised who knows?

I would definitely backup your data while you can. Then run Spinrite level 2 or scandisk FROM OUTSIDE OF WINDOWS (from a BartPE CD for instance) just to check the drive integrity.

Then to try to remove the virus, boot into "Safe Mode with Networking" and run RKill (you might need to download this on another PC): http://www.bleepingcomputer.com/downloa ... irus/rkill
I would use the one named IEXPLORE.EXE as it has the best chance of being allowed to run by the virus.

Then run in this order:

Kaspersky TDSSKiller
http://support.kaspersky.com/faq/?qid=208283363

Trojan Remover
http://www.simplysup.com/

Hitman Pro
http://www.surfright.nl/en

Malwarebytes AntiMalware
http://www.malwarebytes.org/

However I would be prepared for a clean install AND possibly a new hard drive.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited