External harddrive infected

Discussion in 'malware problems & news' started by wex, Dec 8, 2008.

Thread Status:
Not open for further replies.
  1. wex

    wex Registered Member

    Dec 8, 2008
    Hey guys, my desktop was infected by many viruses and is no longer in use. I transferred all of my important files to my external hard drive and along with it came a few viruses including Win32/Genetik trojan and Win32/Trojan downloader.small.bke. I scanned online with kaspersky which only found win32/trojan downloader.small.bke and did an online scan with nod32 which found win32/genetik. Both could not delete either of the viruses, do i need to turn off system restore? When i scanned with nod32 it told me "error while cleaning-operation unavailable for this type of object. Error while deleting ect... I tried deleting manually also but it still says i cannot delete. Can anyone help me out with steps on how to remove these trojans? Thanks!
  2. JRViejo

    JRViejo Global Moderator

    Jul 9, 2008
    wex, first, welcome to Wilders!
    Follow this post Attacked/Hijacked/Infected... and if that fails, then follow this advice by visiting any of the sites listed there to seek help. Good luck!
  3. Cerxes

    Cerxes Registered Member

    Sep 6, 2005
    Northern Europe
    Yes, turn off system restore since that will only reset the infected snapshot. If you know which files on your external HDD that contains the trojans then try one of the following alternatives:

    1. Boot into safe mode and delete

    2. Use e.g. BartPE to access the HDD and delete

    3. Connect the HDD to a *nix system that can read/write NTSF and delete.

    Search for the deleted filenames in the registry as well in your current systemdisk that you use and delete the keys/values. Use some scanner afterwards to check if everything seems o.k.

    Personally I would format and do a fresh install of the OS since you can´t be 100 percent sure that the system is really clean.

  4. ThunderZ

    ThunderZ Registered Member

    May 1, 2006
    North central Ohio, U.S.A.
    Ok, I`m a little confused.

    If they are on an external drive = non-OS. Then the probable reason for not being able to manually delete them is an ownership\permissions problem. In the state they are in (should be dormant) removal is not usually a problem. Knowing the full path to them would help.

    As mentioned above, if they are located in the System restore area of your primary hard drive then turning it off should take care of them. Windows protects this area from deletion and I do not know of any anti-malware program that can clean it.

    Though I`m not sure why\how your Sys. restore point got backed-up.
Thread Status:
Not open for further replies.