Unable to remove 'hidden' virus/trojan/worn after wipeing drive

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by videobruce, Feb 16, 2008.

Thread Status:
Not open for further replies.
  1. videobruce

    videobruce Private E-2

    Can a virus/trojan/malware/worm etc. reside;

    1. In a motherboards Bios,
    2. In a hard drive after one wipes the drive with zeros'?

    I have 'something' that is creating a duplicate Windows file and putting in the Windows\Systen32\Wins folder called "DLLHOST.EXE" and possibly "SVCHOST.EXE" (in all caps) that starts up by itself and starts sending data over by DSL connection.

    I use a program called DU Meter and I see this upload activity. I then check Task Manager and this "DLLHOST.EXE" shows (again, in all caps) which I notice right off the bat. I can't stop the process unless I boot into Safe Mode.

    My Virus program (NOD32) see that file, but it can't find what is producing it.

    I have wiped the drive using the manufactures 'write zeros to the drive', reformatted and reloaded the O/S (orginally XP, now 2k), but this is still here.

    Any ideas as this never happened to me before that I couldn't get rid of the 'problem'.
     
    videobruce, Feb 16, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Yes but this rarely occurs.

    Yes. The FBI and CIA recover files all the time from systems where people think they have erased; however it is very unlikely that you have become reinfected from a drive that you have done this to. Did you delete your Windows partition before formatting and reinstalling. Are you reconnecting this PC to a network with other PCs? They could be the cause of your reinfection or you may not have a properly protected PC and you could be getting infected from the internet.

    See this: http://www.symantec.com/security_response/writeup.jsp?docid=2003-081815-2308-99&tabid=2

    Download their removal tool and follow the instructions to run it. Just in case you don't see the link for the tool, I'll give it to you:

    http://www.symantec.com/security_response/writeup.jsp?docid=2003-081819-3333-99
     
    chaslang, Feb 17, 2008
    #2
  3. videobruce

    videobruce Private E-2

    First, I have to get use to this 'reverse post order' in this forum. :confused
    I think writting zeros pretty much takes car of that.

    Someone else pointed me to that worm, but that deleted itself in 2004.
    How about something called a Rootkit?? Someone else suggested using this;
    http://www.gmer.net/index.php

    It detected a 'hidden module' on the computer that didn't have the problem. It now appears that this is affecting the other PC (with the known problem). I then installed Trend Micros' AntiVirus and it found 7 'trojans' that NOD32 didn't. I re-ran GMER and that 'hidden module' was gone, at least as of now.
     
    videobruce, Feb 17, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You can change the order in your user control panel to how you want it.

    It is not really a rootkit. The Symantec links explained the worm.

    If everything is okay now, that is all that matters. However you do need to investigate how you were getting immediately reinfected after a format and reinstall. It would appear that whatever you were reinstalling from is infected, or that you did not have proper protection in place before connecting to the internet and became infected as soon as you connected.

    By the way this thread is closed as I see you are wasting a lot of valuable resources on the internet cross posting the same thing to about 10 different forums.
     
    chaslang, Feb 17, 2008
    #4
Thread Status:
Not open for further replies.

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds