It's been a few years since I had to go through a full system restore. I seem to recall performing a low level hard drive format step before attempting to use a restore disk. The restore disk may also offer an option to do a 'quick' restore which most likely omits the format step. I also vaguely recall a 'switch' in the format command which would include the MBR, otherwise that 'area' would not be reformatted, and could be causing your problem with a virus reappearing. You might want to do a little web searching regarding reformatting or checking with your hard disk manufacturer about complete reformatting. They may offer a free program to do the task. See: http://support.microsoft.com/kb/69013 for a little info on the MBR formatting.
A new drive would certainly be clean, and I recently purchased a 1TB sata drive for $80 at Staples. It depends on your finances and the time you have to work on it which route you want to take. Be sure to get the correct drive - SATA and PATA/IDE have different connectors, if you should choose to replace the drive.
Paul Hachmeyer
-----Original Message-----
From: Personal Computer Hardware discussion List [mailto:[log in to unmask]] On Behalf Of Donald DeWitt
Sent: Tuesday, August 03, 2010 3:02 PM
To: [log in to unmask]
Subject: Re: [PCBUILD] Computer infection
Do to the rapid decline of the computer I decided to go ahead and clean off
the entire hard drive and do a fresh install while I still had the chance
because the computer was slowly dying.
After completing a fresh new install using the original CD that came with
the computer, (Windows XP Media Center Edition 2005) and reinstalling the
drivers, several things seemed to be uncharacteristic of a new install.
(e.g. no sound, changes in boot-up procedures, and many other things as
well). As time went on things got much worse. Constant pop-up adds, Firefox
web page replaced with "MyFreeze". Clicking on a bookmark resulting in a
blank page, downloading a program results in weird new short cuts placed on
the Desktop and many other things that are too numerous to mention. The
computer is almost dead in the water now.
As I was downloading and running all the recommended anti-virus programs in
safe mode and with system restore off, one of them (I cant remember which
one now) noted; MBR infected with Whistler Bootkit !! How can that be? I
thought doing a fresh new install completely deleted everything on the hard
drive. I guess that is not always true?
Searching Whistler Bootkit on the web for a solution I saw that a program
called MBRCheck.exe could remove it and replace it with the original file. I
ran this program through several times without any success either because of
the viruses resistance to it or the lack of my knowledge of how to use the
program properly. It appears that the author of this nasty virus has
out-smarted all the best anti-virus programs.
With my limited computer skills, do you think there is a chance I can remove
this thing or do I have to install a new hard drive? Would a new hard drive
solve the problem? Do you think it has infected my slave drive also? Is the
is computer beyond repair?
Many thanks for your input regarding this perplexing problem of mine,
Don
On Mon, Jul 26, 2010 at 7:51 AM, don penlington <[log in to unmask]> wrote:
> Don wrote:
>
>> I have tried everything that was recommended by everyone>>
>
> This has probably already been covered, but just in case it hasn't:
>
> Did you disable System Restore? Many viruses hide themselves here and will
> reconstitute themselves unless you disable System Restore before scanning.
> Disabling System Restore effectively deletes all its contents, and you will
> need to re-enable it later.
>
> Don Penlington
>
PCBUILD's List Owners:
Bob Wright<[log in to unmask]>
Mark Rode<[log in to unmask]>
|
