Hard Drives Hijacked!

Discussion in 'malware problems & news' started by lezazouz, Aug 6, 2011.

Thread Status:
Not open for further replies.
  1. lezazouz
    Offline

    lezazouz Registered Member

    Hello,
    First I would like to say that this is an amazing place and I have found answers to a lot of my questions by just reading the posts yet I am having some issues which I need help with.
    This has been going on for about three weeks and I will try to keep it short so if more details are needed please let me know.
    Both my notebooks are infected by an amazing Trojan which keeps morphing and has been practically impossible to remove.I came to the decision to wipe and format which I did using a live Linux CD.I reinstalled Vista (the other is 7 Ultimate) and going through the event viewer I realized that I am still infected because it mentioned that the update "wuclient-selfupdate-Aux Package pt-pt- mini LP" was successfully installed and also warned me that the update was not for this version of Windows! Searching on line I believe that it is connected to the "rowindal.d Trojan" which by the way I was not originally infected with.
    I wiped and tried to install Vista again but got the BSOD! I then tried to install Ubuntu which also failed.Thinking it is a hardware error I got the test CD image from the manufacture and ran all the tests which the drive passed.Taking a closer look at the drive info I noticed the drive is labeled as "Frozen" which I found out means write protected.This is the case for both hard drives.
    I myself never assigned any kind of write protection to any of the hard drives which brings me to my question.
    Can an attacker access the bios and stop the hard drives from being erased?
    I have tried numerous times to zero out these drives and it either fails with a warning about the drives being protected or nothing happens.Also both drives show as empty without an OS.
    Another thing worth mentioning is that one of the notebooks has its bios shadowed now.During boot a message appears stating that Video bios are shadowed as well.
    One of the notebooks is less than three months old and the other just got new memory and hard drive.I just cannot go out and get a new computer nor do I want to! This is the first time in nine years that I have been infected by anything and even though I am very careful about security I have no guarantees that this will not happen again so I would like to find out what is going on.
    Is there away to unlock these drives? Do I now have malware in my bios? Would flushing the bios remove the encryption?
    I have searched on line looking for a way to deal with this and I am now more confused than ever so any kind of input is greatly appreciated.
    I thought about hiring one of the major anti virus companies to take care of this but since there is no operating system installed I can't think of a way they could really help.Also all my bank accounts are in limbo so buying two new drives is not possible right now so please help me if you can.

    Thanks for your help and time,

    Lezazouz
  2. JRViejo
    Online

    JRViejo Global Moderator

    lezazouz, perhaps a review of If you are currently infected and seeking dedicated assistance in any of the sites listed there could be your best bet.

    Wilders does not provide one-on-one malware cleaning services as per Policy. This thread is closed.
Thread Status:
Not open for further replies.