Unsolved
This post is more than 5 years old
16 Posts
0
3203
February 15th, 2011 10:00
Bootkit infection - Backing up data and formatting advice please
Dell Inspiron E1705
Windows XP service pack 3
Hello. I want to back up some files and format the hard drive of a Dell Inspiron E1705. I have never seen a computer as badly infected as this one and I'm not sure how to proceed. I have two questions:
1. What is the best way to get some files off this computer without transferring any infections?
2. What is the best way to do a complete format of the hard drive and reinstall? I have all the disks that came with the computer. There are 3 partitions: c, e, and f. I think e and f were created when someone before me tried to repair it. I would like to get rid of them as well.
Currently I am getting clean scans using Malwarebytes, Super Antispyware, Avast, Kapersky, and ESET online. I installed all the Windows updates. I ran TDSS Killer and it found nothing. I ran ComboFix and it found Rootkit tdl3 and the log says it repaired and found Bootkit TDL4. However a second ComboFix scan finds the same rootkit so it is not removing it. I cleaned up the registry best as I could and ran fixmbr too but something is still on here. I think the best course of action is to backup the files I need and reformat.
This computer belonged to my father who died 2 years ago. After that my brother took the computer and loaded up all kinds of stupid things and that's how it got infected. I was able to stabilize it and remove most of the bad stuff except for this bootkit. I found mulitple trojans and hacks including backdoor.bot and as I said it is scanning clean now but who knows what nasty stuff is left behind. My mom wants to get some pictures and things off the hard drive which is the only reason I am bothering with this dinosaur. I don't know what most of the junk on this notebook is for and If it's possible I would like to do the format and get it in usable condition and give it to my mom. It would mean a lot to her.
Thank you for reading!
dalem29
2 Intern
•
2.2K Posts
0
February 15th, 2011 10:00
So Combofix is the only thing showing the infection? Probably your best bet at this point is to go to the Malware Removal Forum and post a HJT log, and others that the analyst might ask for...to see what kind of shape you computer is really in...after the registry tweaks and using Combox fix and TDSS Killer.
http://en.community.dell.com/support-forums/virus-spyware/f/3521.aspx
dellydell
16 Posts
0
February 15th, 2011 11:00
Okay I will start a new post over there. I wasn't sure what the correct forum was. I probably have the smallest HJT log in existence because I removed almost everything. Thanks for your reply.
Bugbatter
4 Apprentice
•
20.5K Posts
0
February 15th, 2011 12:00
As specified in the "Please Read This Before Posting..." at the top of this forum:
Please note that Combofix should NEVER be run unless requested
As you run ComboFix the Disclaimer is displayed:
It states that Combofix should not be run in an unsupervised environment. That means that someone trained in its use needs to be working with you. Otherwise, you should not have run the tool to begin with.
ComboFix is constantly being changed. If you are not working with a helper who has a way of communicating with the developer, you will have no way to report the issue and recover if there is a problem. In addition ComboFix leaves files on the system that need to be removed in a prescribed manner.
Please do not use any of the tools mentioned above until you have had someone on the Malware Removal Forum diagnose your problem. Removing "almost everything" isn't always so good -- especially if it's something you cannot identify for sure. Many times malware is written to break the system if it is removed, so we are careful in what sequence we run our fixes.
We will continue on the other forum. :emotion-1: