How can I tell where the virus is when Antiviral cannot detect?

Discussion in 'malware problems & news' started by curious d, May 14, 2009.

Thread Status:
Not open for further replies.
  1. curious d

    curious d Registered Member

    Joined:
    May 14, 2009
    Posts:
    7
    Hi. Yesterday, my antiviral program (Antivir free) and firewall program (Comodo) failed to boot up. After several attempts to reinstall failed (claiming corrupt installation with downloaded copy plus fresh copy from another source failing to initiate), I figured I had a virus. A friend suggested that it was a boot sector virus. I tried to get into the safe mode to run the antivirus program, but was booted back into regular mode. I tried an online scanner and was unable to install the files needed. I tried to perform a system restore, but it failed to make a difference. I pulled out the hard drive and placed it in an enclosure and ran a scan with my laptop (using Antivir). The first scan did not reveal any virus. I reset the default values to scan for everything. This new scan is ongoing at this time. However, I'm wondering if this next scan appears to be negative and an attempt at online scanning is negative, how will I find out what had caused the problem? Is it possible that a deleted threat several days ago would cause the problem? It noticed a few days ago, that my copy of Firefox became more unstable and closed on me a few times.

    What worries me is that if I am forced to wipe the drive clean or try to reinstall Windows XP on top of the old copy, how will I know if the data, which I have copied to another hard drive, does not contain the offending agent? I really loathe the idea of reinstalling Windows from a clean wipe given how long that is going to take.

    One more question. If I am unable to find the source of the problem (no virus detected), should I do a total reinstall or repair the master boot section?

    Thanks for the help.

    Windows XP SP3, Antivir, Comodo Firewall, SUPERAntispyware, Spyware Blaster, Advanced System Care 3
     
    Last edited: May 14, 2009
  2. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    What anti-virus have you used thus far?
    Try several offline AV solutions.
    Dr. Web Live CD
    VBA32 Rescue CD
    Bitdefender 2009 Rescue CD
    There are a few more.

    Recall as many symptoms as you can.
    If this doesn't work seek online assistance from forums like Tom Coyote or Geeks to Go.

    Apparently you can be less worried when backing up data files, like .txt. More worried about backing up .exe
     
  3. benton4

    benton4 Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    158
    Location:
    Oregon
    Just my suggestion, but in regards to your concern of the 'agent' being in your backed up data, add a behavior monitor/ HIPS program to stop anything 'odd' from running. I use Prevx 3.0 myself, but there are many others to choose from.
     
  4. curious d

    curious d Registered Member

    Joined:
    May 14, 2009
    Posts:
    7
    I have used Antivir which is installed on my laptop. I have gone through two runs with no viral detection. Do the CD antiviral programs load up before the OS and scans? Would you recommend all three? I am currently undergoing a Kaspersky online scan which is projected to take about 24 hours on a 500GB hard drive. After 28% scan, there are no detections. As for HIPS, I have used that in the past and found that I did not understand most of the messages that I was alerted to. I found myself authorizing most of the messages given.

    If there are no detections, I'm wondering if it would be enough to replace the boot sector by doing a Windows repair or if I need to assume that the offending agent is still in the hard drive and then do a complete reinstallation. Then it raises the question of whether the offending agent is in the data I backed up (I haven't downloaded any new .exe files lately except for security software I have used in the past).
     
  5. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    The CD's listed are boot from CD, they have they're own OS.
    BIOS must support boot from cdrom.
    Either entering setup, f2 or f12, dell f10 I think.
    Make cdrom 1st boot device, insert cd and reboot.
    If you are infected, online scans can be manipulated by malware.

    With such a large drive you might want to think about a 40gb to 60gb primary partition. Then a second and or third partition for data storage. Won't take forever to defrag for one.
    May help scan times because most malware attacks the windows system files.

    If it takes more than 3 or 4 hours to scan I would look for alternatives.
     
  6. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    If you decide to reformat your harddrive, and are concerned about restoring infected data, I suggest you reformat (delete partitions if necessary in case malware is hiding there), reinstall, (and update!) and when you're done, download some programs to scan your data for malware, then connect your external harddrive to scan the data.

    Avira should be good (if you have the latest version, including antispyware protection). You can also try MBAM, SAS, online scans by Kaspersky and other AVs. I'm sure there is more.
     
  7. curious d

    curious d Registered Member

    Joined:
    May 14, 2009
    Posts:
    7
    Thank you for all the replies. After three anti-viral scans, several failed attempts to install Windows onto the hard drive, and a hard drive scan, the problem was revealed to be a RAM issue. I had 2 of 4 bad sticks. Once those sticks were removed, the problem resolved. I just wish I didn't have to reinstall Windows to find out.

    Thanks again for all the replies.
     
Loading...
Thread Status:
Not open for further replies.