virus

[[JiF]KellysHero]

My old system's hard drive had a virus I wasn't able to remove. The boot drive was windows XP and I connected the drive via USB to my Windows 7 system. I did a reboot with it connected to the USB but I was booting into Win 7. There was a security alert that there was a virus detected, and I assumed it was removed. I started a scan of the USB connected hard drive to double check, but I'm not sure if it found this during the scan or on boot up.

It is a Win32/sinowal, so am I safe to assume that was from my XP drive and not my Win 7 64 drive? The "Items" listed below say this;
Items:
boot:\Device\Harddisk2\DR2
boot:\Device\Harddisk2\DR2\(MBR)

I have a SSD, a HD and the hard disk that I believe the virus was on connected via USB. What does the harddisk2\DR2 refer to?


http://www.microsoft.com/security/porta ... 2147631740" onclick="window.open(this.href);return false;
Here's what was found....
Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
boot:\Device\Harddisk2\DR2
boot:\Device\Harddisk2\DR2\(MBR)

Get more information about this item online.

[[JiF]phantomx]

mbr means master boot record. which essentially the virus is there on boot. very nasty and hard to get ride of. your 64 bit does not mean it is safe. windows 7 will run both 32 and 64 bit. go to Symantec site and look for this virus. they will sometimes give instructions on removal.

[[JiF]Sgt Shellshocked]

You can also download the Microsoft malicious software removal tool from here (download link near bottom of page)


http://support.microsoft.com/kb/890830

[[JiF]zougathefist]

generic advice here but make sure you are disconnected from the internet when removing a virus - especially a boot virus as they often have the capacity to download and reinstall themselves behind the clean-up process and this is often well hidden from the machine itself.

like a cheeky elf dropping dirt from your back pocket as you sweep the floor clean

I had a nasty spyware and adware infection and every time I 'cleaned' my PC and rebooted it was back on restart, despite my AV claiming it was gone.

I follow this process
- Update AV files (manually to ensure you have the very latest definitions)
- Ensure you have CCleaner installed
- Disconnect from 'net
- Use CC to clear cache totally and clean up registry
- Run full scan
- Remove malicious software - either with your AV or the MS malicious software removal tool
- Reboot (if prompted)
- Run full scan again
- Run CC again
- Reconnect to net
- Reboot
- Run full scan

Breathe

[[JiF]KellysHero]

thanks for the tips guys. So far the virus isn't showing up on my new system and was a left over from the hd I was trying to get data off of. My plan is to reformat the old hard drive, so should be good to go!