Summary: A virus attacks the software installed on your machine. Fixing it may take work, but hardware should not need to be replaced due to malware.
My wife opened a file that appeared to come from UPS and that was the end of my computer. It tried to install files called Antivirus XP, then it tried to install an XP Security Center and wanted me to register to rid my computer of the virus and give them my credit card#. My McAfee is disabled on every boot and Spybot won't run. It also wants to change a registry value and run buritos.exe. It has also changed my wallpaper with "Warning!" message that can not be changed. A diagnostic through one of the geek services says my hard drive is damaged. Is there any way to get rid of this virus without having to pay a fortune in a new hard drive plus all the other geek service charges? Or should I just get a new computer?
•
Your hard disk is not physically damaged. I'm hoping that the technical service company didn't really mean that. (If they did ... well, I'd use a different service next time.)
But you do have some work ahead of you nonetheless.
•
Bottom line: a virus is not going to physically harm your hard disk in such a way that you would need to replace it. And certainly nothing that would require a entirely new computer.
Viruses impact only the software installed on your machine and software can be fixed.
It just might be a painful fix.
It sounds like you got a double-shot of virus activity. The UPS (and Fedex, and USPS and other) phishing attempts showed up a few months ago, and I have to say that as a business owner who also ships UPS, they almost got me too. As usual, there were many signs that the email was a phishing attempt, but I had to look closely to make sure I wasn't about to delete an important issue relating to an actual customer shipment.
In addition, AntiVirus XP is another particularly nasty virus making the rounds right now. The major anti-virus programs are only just now catching up and detecting and removing it.
The real question boils down to this: if your machine is heavily infected by malware, what can you do to clean it up?
As I've mentioned before, there are two schools of thought:
-
try to clean it up
-
reinstall everything from scratch
The common attempts to clean it up boil down to running anti-malware software, possibly several different packages, repeatedly until the system comes up "clean". You might have to reboot into safe mode in order to do so.
And, because the alternative is so conceptually costly, "try to clean it up" is the option that most people attempt.
Sometimes it works. We think.
As I've also said before, though, once your computer has been infected by anything, it's not your computer any more. There's no guarantee that any amount of clean up will actually eradicate whatever was placed on your machine.
The only alternative is to start over.
And sometimes your machine is in such a bad state that you can't run any anti-malware programs.
The only alternative is to start over.
And starting over is simply this:
-
Back up
-
Reformat your hard disk, erasing everything on it (typically as part of the next step)
-
Reinstall Windows from scratch using your Windows installation CD or DVD
-
Reinstall all your applications from scratch.
-
Restore data (only) from your backup.
It's a huge pain.
But you know what? It's often less pain than all the failed cleanup attempts. And you know what you'll end up with when you're done.
But replacing hardware, be it a hard disk or an entire computer, is not part of the solution.
If you choose to replace something at this time, it's only because this is a convenient time to do so. If you're reinstalling everything, it's a fine time to upgrade your hard disk - or even your computer - for example.
But it's not required.
Article C3553 - November 2, 2008
Leo, on some of the comments the last part of these comments are not readable. They are covered up. Am I doing something wrong?
08-Nov-2008
Since XP hit the market I've managed to attract a virus on twelve or fifteen occasions. It's a price I pay for traveling to the dark side of the net. Over the years I've found that the virus's have become more complex and downright malicious,so please allow me to offer some points to consider in making your computer healthy again. With the exception of a couple of times I've found the only way to get rid of a virus is to reformat as indicated in the article. If you suspect that you have a virus DO NOT shut down your computer. I've had several infections that would't allow a reboot in safe mode and several that wouldn't allow a reboot at all. The boot process would go into a continious cycle of trying to boot. If you can still navigate in your machine attempt to backup any pictures,music,or documents to CD or DVD. It may be the last chance you get. If you use an external hardrive for backup DO NOT attempt to backup anything to it. If you're lucky the virus might not be on that drive. I never backup to my external drive until I have disconnect from the IP and run a full system scan. If you use a external drive for backup some of the software programs for conducting the process have a catalog file that tells your computer where everthing goes when you do a recovery or you may have created a recovery disk as part of the program. If you know where this file is burn it to it's own CD. Once you've gotten to this point you can try some of the methods mentioned in the article and the comments section. If a reformat is the only way out then load you installation disk. As it goes through the process of loading windows you'll have the option to format the hardrive. There are actually two format options with one being identified as a fast format. Do yourselve a favor and use the slow format. It takes a lot longer but I used the fast format option once and it didn't get rid of the virus. Your engaged in a operation you don't need to repeat immediately. After you reload the OS you can get your updates. The Windows firewall should offer enought protection to complete that task. If you have a full system backup it's time to load and run the program to recover your data and all will be right with the world. If you have a full backup you'll need to install the updates or the recovery program is going to have a problem. If you don't have a full backup its one program at a time starting with security. One more point on external hardrives for backup. If for some reason you can't use the program to restore the data, like maybe someone stole your catalog file. Don't panic! All your files are still there. Turn on the hardrive and go to my computer, Windows should reconize it. Your backed up files will most likely be a set. You can download the whole thing to your documents and use exployer to open the set and pick out the individual files (pictures,music,documents)and move them where they need to be. Twelve Gig,76000 files,five evenings,piece of cake! Hope this helps.
Posted by: Mike Parsley at November 8, 2008 9:26 PMBackup, Backup, Backup!!!
Once a month, after Microsoft updates on Tuesday, I use Acronis TrueImage to make a full image backup of my disk drive to an external disk drive. Weekly I make a backup to an external disk drive of my "MY Documents" folder. And during the week if I make any updates to documents I copy them to a USB pen drive. I keep several months of Acronis TrueImage backups so if necessary I can go back farther than the past backup if somehow some virus slipped through my anti-virus scans.
Reformating and reinstalling everything is like torture, and to be avoided at all costs. Acronis TrueImage is simple, easy, fast, and has saved me a couple of times.
PS: The virus I got seem to have come from geek sites I went to researching some problem.
Posted by: Kenneth Crook at November 8, 2008 10:06 PMMany thanks for answering my query re your article a few days ago. A latte should be with you by now.
Posted by: Gwyn at November 11, 2008 6:56 AMI had the same thing happen with the cryptic 'warning' message and the inability to access or upgrade my Norton anti-virus software.
I had a virtual Symantec technician look at it and they thoroughly destroyed my system to the point where it was virtually inoperable... after that, I took it to a local shop and they are unable to wipe the HD and get rid of the virus so I do need a new drive. Before doing this, I had a computer person at my office try to fix it.
Vicious, ugly virus! Now if only people put their time and effort into the common good instead of hurting unsuspecting people the world would be much better off...
25-Feb-2009
My laptop is a windows vista. I was working normally on subtitle workshop when suddenly it said the the program had a problem and had to shut down. When I restarted the program, I had a black screen and I was unable to boot my computer. Now it would not even want to reinstall Vista and I get a message saying that my hard disk is dammaged. I don't understand what happened.
Posted by: omadham at March 29, 2009 10:11 AM"ATTENTION" "EARTHLINGS" "NEVER,NEVER,NEVER USE RESTORE ON YOUR COMPUTER,TURN IT OFF"If your computer gets even a smell of a virus it is saved on this section of drive and when you restore you also restore virus or malware!
Posted by: bill at May 14, 2009 11:40 AMi scanned my computer and it says its infected but it can't get rid of it what do i do? it says its in archives
Posted by: stephanie lovell at September 5, 2009 12:53 PMHi, DEALING WITH INFECTIONS PART ONE
Posted by: Alex Young at October 9, 2009 1:06 AMI think I have come up with a reasonable strategy for dealing with PC infections. In my opinion it is not worth the trouble of trying to clean them off both time wise and also you can never be completely sure that they have been totally eradicated.
So instead invest in an external hard drive, they are really affordable now and can serve more than one purpose [storing films or a music library for instance]
Next download a Disk Imaging programme.There are great free ones available. I use Macrium Reflect Free version which is very easy to use and reliable.
Make a disk image on to the external as a fall back. This will include everything on your PC.
Then make a backup on your documents and music etcetera although you have already got this in your full disk image.This documents back up is done by copying to your external and not via the Disk Image programme.
Now you have the fall back use your rescue CD or Windows disk to reinstall your system to when you bought it. Depending on your disk you may have to reinstall drivers as well so make sure you have that sorted.
Now comes the painful bit.You will need to reinstall all your programmes from the web or any disks you may have. You will also need to visit the Microsoft Updates site to bring all software up to date. This can entail several visits and a lot of time depending how old your PC is.
Next replace your documents from the external to your PC.
At this stage I usually run CCleaner to get rid of rubbish but that is just my preferance.
DEALING WITH INFECTIONS PART TWO
Posted by: Alex Young at October 9, 2009 1:33 AMNow we have a clean up to date system so before you do anything else,ie before you visit the web,make a Disk image using your chosen programme. We can date this and it is your day one image. It is better than your manufacturers CD because it is up to date and contains your present programmes. You can delete the initial Disk image if you wish as that is of your old system.
Now you can use your PC and if you get an infection just restore from your external.
In order to keep up to date I make a note of any changes I make to my system and a keep this on a notepad document in My Documents.After say a month I will put the previous Disk Image on after moving that note pad document to the external along with any other updated files. When the month old disk image is in place I will apply all the changes I made in that month[with the help of the word pad ] update my security products and then take another disk image for use a month down the line. This way I believe I minimise software rot and I always have a recent clean disk image to fall back on.
Yes, it does entail some work but it gives great peace of mind. Never again will you be left with vital System 32 files in quarantine and wondering what to do ! Regards Alex {If I can do it anyone can