Reformatted/Reinstalled Windows Malware still present?

Discussion in 'Malware Help (A Specialist Will Reply)' started by AndreaSmith, Jun 20, 2008.

  1. AndreaSmith

    AndreaSmith Private E-2

    I was infected last week with Virtumonde. After days of searching the forums and completing the necessary steps that were listed at the top of the forum, I just decided to reformat and reinstall Windows XP.


    I have just done so. I deleted all partitions and formatted the largest one and reinstalled windows from the original disk that came with the laptop.

    I have not install any drivers, updates, conected to the internet or anything.

    I was looking for some help, I think the malware survived the reformat and want to take the right steps in clearing this thing up for good.

    Please let me know what I need to do to move forward, any help would be greatly appreciated.

    Thank You
    Andrea
     
    AndreaSmith, Jun 20, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Virtumonde will not survive repartition and format. So if you truly did exactly what you said, you could not be infected with Vundo. The only way that it would be back is if you reinstalled something from infected media or backups or reconnected to the internet and became reinfected.

    What are the exact problems/symptoms you are having?


    If you want to check to see if you have any malware, please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

    READ & RUN ME FIRST. Malware Removal Guide
     
    chaslang, Jun 20, 2008
    #2
  3. AndreaSmith

    AndreaSmith Private E-2

    I apologize, I didn't explain clearly what my concern was.

    I was afraid to plug in any USB device or connect to the internet on the laptop that I suscpect is infected.

    After I reformatted and installed windows, I immediately took a look at the processes through the task manager and stopped.

    I didn't install any drivers for my wireless connection or anything. The only reason I was suspicious is because at start up I was already running a svchost.exe at 22-23 kb and I was still running the spoolsv.exe and had problems with both of these before reformat.

    I could be virus free and I am just worrying for nothing. I have just never had one this bad and read so many horror stories about it still being there no matter if you reformatted or reinstalled.

    I did forget to mention that I reinstalled windows (NFTS Quick) several days ago only for it to come back.

    Again my apologies for assuming, and I do appreaciate all the help that you might be able to give me.

    Logs are attatched, hopefully they are clean.

    BTW Could not run Spybot (no internet connection) currently do not have access on that computer. In the area I am in. Also, no analyze.exe in the MGtools. Please advise if I can go get HJT and post that log.

    Other logs will be posted on next reply, thanks again.
     

    Attached Files:

    AndreaSmith, Jun 20, 2008
    #3
  4. AndreaSmith

    AndreaSmith Private E-2

    More Logs
     

    Attached Files:

    AndreaSmith, Jun 20, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I doubt you have your numbers correct. You probably meant 22-23 Mb which is not a problem. You will always see multiple svchost.exe process running at startup and at least one of the will be on the large size (i.e, 20+ Mb) and the others may be in the 1.5 Mb to 4.5 Mb range (this is typical it is not exact).

    spoolsv.exe is your Windows print spooler which is required to do any printing. It always runs at startup.

    You did not need to format to fix Vundo. All you needed to do was finish what was requested in the READ & RUN ME and attach the logs so we could finish manual cleaning which is required to remove the remaining components of Vundo. We fix dozens of these every week.


    What is NFTS Quick? Do you mean you did NTFS quick format? And what came back?

    Note: Formatting is not the same as repartitioning. Are you sure that you really deleted your partition and then recreated the partition, and then formatted?


    You need to download and use the current tools. Download them to a flash drive or CD and copy them to this PC. The tools you use are too out of date to be useful. If you were able to get the current version of Malwarebytes you can get the current version of the other tools.

    I doubt you have any malware issues. You should just make sure you install your antivirus, firewall, and a realtime spyware blocker and connect to the internet then downloading tools and posting logs will be easier.
     
    Last edited: Jun 21, 2008
    chaslang, Jun 21, 2008
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds