As has been suggested a reformat of the drive may be sufficient to overwrite
the virus, I don't know; however, I would feel confident that using a
utility to write zeroes to the drive will give you a clean slate to work
with. My first choice would be to see if the manufacturer of your drive has
a diagnostic disk available that includes this capacity to zero out the
drive. If by chance they don't, my second choice would be a program for
erasing hard drives more generally, such as Derek's Boot and Nuke. While
this program includes some rather sophisticated routines for making multiple
passes of writing random data to your drive, all you need is a single pass
of some simple routine (such as writing zero to every sector). A word of
caution, if you have more than one drive installed and you don't want to
lose data on one of these drives, disconnect the one that you are not going
to erase. This way you don't need to worry about erasing the wrong the
drive.
With regard to your question about whether your secondary drive might also
be infected, I would think that the same programs that successfully detected
the infection on your main drive would also be capable of finding a similar
infection on your secondary drive.
I assume that this second drive is not a bootable drive; so, I would think
it unlikely that it also has a boot sector virus.
For what it may be worth (since people have already mentioned many different
antivirus scanners to use) I'll add one more antivirus scanner, Hitman Pro
3.5. This is an online scanner that bills itself as a second opinion
scanner. It doesn't do a complete scan of your data, but it selectively
submits what it thinks might be likely candidates to multiple virus
scanners. It impressed me, when it picked up on a root kit that was
repeatedly re-installing malware that other scanners had attempted to
remove. I don't think that I used Hitman Pro to remove the rootkit. I
think I just used it to identify the culprit and did somesort of manual
removal of it. Sorry, it's been long enough ago that I don't recall those
details.
John Sproule
-------- Synopsis of the Original Message Below ---------
Date: Tue, 3 Aug 2010 15:02:07 -0400
From: Donald DeWitt <[log in to unmask]>
Subject: Re: Computer infection
You discovered that your hard drive was infected with the Whistler Bootkit,
but were unsuccessful removing it using MBRCheck.exe. You asked if it was
possible to remove this virus from the hard drive, short of tossing it and
replacing it with a new hard drive. You wondered whether your secondary
drive might be infected, as well.
Visit our website regularly for FAQs,
articles, how-to's, tech tips and much more
http://freepctech.com
|