Broadband Tech > Security > Security Cleanup > [Trojan] Windows can't remove this virus

[Trojan] Windows can't remove this virus

You can try Microsoft System Sweeper:
»connect.microsoft.com/systemsweeper

Your best best is to reformat and install clean. If he has a boot sector virus there is no telling how bad off the hdd is.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

reply to robman50
If it was my laptop I would have just used fixmbr, fixboot and diskpart' with the 'clean' command and do a fresh partition, format and install since the factory recovery partition might be infected also.

reply to robman50
Could a really bad virus cause chkdsk to find tons of corrupted files?

reply to robman50
While anything is possible, I have not heard of an infected chkdsk reporting corrupted files.

Is the drive itself readable?

reply to robman50
I used the Kaspersky Rescue Disk 10 CD and most of the viruses it found where Java based from the temp folders. It also did find 'Rootkit Boot.SST.b' in '/dev/sda'.

reply to robman50
A couple of things.

First, please do not PM LilHurricane with info. Post all comments in this thread.

Again, is the hard drive readable? Did you try System Sweeper, or just the Kaspersky disk.

On occasion the rootkit will create a separate partition. You need to check all the partitions.

Again, due to the type and extent of infections found so far, the only recommendation I will make is to do a low level reformat and re-install.

Even if you clean the detectable exploits, you have no way of knowing if the OS has been compromised and to what extent.

The main goal of malware removal is to return a safe, stable computer. When the stability is questionable the only sane recourse is to reformat and re-install.

see: »technet.microsoft.com/en-us/libr···587.aspx

LilHurricane PMed me with some info on the Kaspersky Rescue disk.

Yes the hard drive is readable. I haven't tried System Sweeper yet, only scans I did where Kaspersky Scan from the CD ,Malewarebytes Anti-Malware, and the ESET Online scan.
It seems that I have removed all the threats from the system but I need to reinstall anyway because the viruses kind of destroyed Windows.

reply to robman50
Sadly, that happens a lot. The more invasive the exploit, the greater the chance that the OS has been corrupted.

Don't forget to check the partitions. If the OS is Win 7, there will also be a 100mb system partition.

Do a full reformat, not the quickee.

Good luck!
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

Well it is an Acer laptop that came preloaded with Vista and it has been upgraded to Win 7 with the Acer Upgrade disk.It has an 16GB PQSERVICE (recovery partition) and the rest is the O/S named C: Acer.
No sign of the 100MB System partition.
Could that PQSERVICE partition get infected also?

reply to robman50
It can, but unlikely. Once you get the computer operational you can scan it.

The 100mb partition will be created by the Windows 7 installer.