5 replies to this topic

[bservi]

My son contracted the Win32/Virut.NBK virus on his PC. I have run absolutelty everything to try and purge this trojan and it cannot be cleaned. I have run ESET NOD32 AV complete scans, I have run MalwareBytes anti-malware complete scans, ComboFix, HJT, and others. The virus lives on. Is there a way to purge this without reformatting my harddrive and reinstalling the OS?

If not, does anyone know if it is safe for me to back up his MP3, movie files, JPGS, Word docs, etc. to an external hard drive and re-install on the "new" system without bringing the virus along for the ride?

Supposedly, it only infects EXE, SCR, and HTML files. But, I'm afraid to go thru all that work and then bring the virus along. But, we don't want to lose all the data files.

ANy ideas appreciated.

[AdvancedSetup]

Sorry, but an FDISK, FORMAT, re-install is the best and probably only solution to fix this and be able to trust the system again.

In general the other files should be able to be saved, BUT make sure you don't allow this computer to connect or be on the same network with other computers as it might be able to infect them as well.

I would copy them to a USB external drive, and then using an UP TO DATE Anti-Virus scan the entire drive from another system.
Make certain that other system is CLEAN and up to date with ALL security updates from Microsoft was well.

[bservi]

Thanks for the info. That is what I am going to do. Here is 1 more slight complication. The PC that is infected came with Windows XP installed as an OEM. So, I have no XP CD or recovery CD. The HP machine has a full "destructive recovery" option that will supposwedly format the hard drive and re-install from a hidden partition on the hard drive. Do you believe it is safe to re-install from this "hidden" partition? Or, should I spend a couple bucks and order fresh recovery CD's from HP? Thanks for the help.

[bservi]

Thanks for the info. That is what I am going to do. Here is 1 more slight complication. The PC that is infected came with Windows XP installed as an OEM. So, I have no XP CD or recovery CD. The HP machine has a full "destructive recovery" option that will supposedly format the hard drive and re-install from a hidden partition on the hard drive. Do you believe it is safe to re-install from this "hidden" partition? Or, should I spend a couple bucks and order fresh recovery CD's from HP? Thanks for the help.

(Sorry, for the double post, here. But, I meant to reply to Advanced's reply and not attach to my original post.)

[AdvancedSetup]

Generally speaking it will probably be safe to run it. But no guarantee. Need to see if you can get to that partition and scan it with an AV tool and see if the files there have Virut as well.

Of course getting Recovery CDs for $20 from HP would be a GREAT idea especially for future use if/when an actual hard drive failure happens.

[DC010]

I work at a computer shop and have had a few bad incidents with this virus. DO NOT plug a USB or external HDD with backups on it from you infected computer in another computer unless it is running NOD32 already. Avast, McAffee, Norton, Trend Micro, nor any other anitivirus I've tested has stopped it other than NOD32. This thing is like a contagious version of cancer for computers. I now have a backup of my work USB so that when it gets infected with this I can format and reload my files. Considering I've had to do this about 9 times now I can vouch that it can transfer over a USB very easily. I'm still doing testing on anything that may be able to fix it, but as of now only in the early stages can it be fixed. All infected files still have to be purged and most of the time leaves the machine unusable. If I find anything else I will post it.