Helping people with computers... one answer at a time.

A virus attacks the software installed on your machine. Fixing it may take work, but hardware should not need to be replaced due to malware.

My wife opened a file that appeared to come from UPS and that was the end of my computer. It tried to install files called Antivirus XP, then it tried to install an XP Security Center and wanted me to register to rid my computer of the virus and give them my credit card#. My McAfee is disabled on every boot and Spybot won't run. It also wants to change a registry value and run buritos.exe. It has also changed my wallpaper with "Warning!" message that can not be changed. A diagnostic through one of the geek services says my hard drive is damaged. Is there any way to get rid of this virus without having to pay a fortune in a new hard drive plus all the other geek service charges? Or should I just get a new computer?

Your hard disk is not physically damaged. I'm hoping that the technical service company didn't really mean that. (If they did ... well, I'd use a different service next time.)

But you do have some work ahead of you nonetheless.

Bottom line: a virus is not going to physically harm your hard disk in such a way that you would need to replace it. And certainly nothing that would require a entirely new computer.

Viruses impact only the software installed on your machine and software can be fixed.

It just might be a painful fix.

It sounds like you got a double-shot of virus activity. The UPS (and Fedex, and USPS and other) phishing attempts showed up a few months ago, and I have to say that as a business owner who also ships UPS, they almost got me too. As usual, there were many signs that the email was a phishing attempt, but I had to look closely to make sure I wasn't about to delete an important issue relating to an actual customer shipment.

"... a virus is not going to physically harm your hard disk in such a way that you would need to replace it."

In addition, AntiVirus XP is another particularly nasty virus making the rounds right now. The major anti-virus programs are only just now catching up and detecting and removing it.

The real question boils down to this: if your machine is heavily infected by malware, what can you do to clean it up?

As I've mentioned before, there are two schools of thought:

  • try to clean it up

  • reinstall everything from scratch

The common attempts to clean it up boil down to running anti-malware software, possibly several different packages, repeatedly until the system comes up "clean". You might have to reboot into safe mode in order to do so.

And, because the alternative is so conceptually costly, "try to clean it up" is the option that most people attempt.

Sometimes it works. We think.

As I've also said before, though, once your computer has been infected by anything, it's not your computer any more. There's no guarantee that any amount of clean up will actually eradicate whatever was placed on your machine.

The only alternative is to start over.

And sometimes your machine is in such a bad state that you can't run any anti-malware programs.

The only alternative is to start over.

And starting over is simply this:

  • Back up

  • Reformat your hard disk, erasing everything on it (typically as part of the next step)

  • Reinstall Windows from scratch using your Windows installation CD or DVD

  • Reinstall all your applications from scratch.

  • Restore data (only) from your backup.

It's a huge pain.

But you know what? It's often less pain than all the failed cleanup attempts. And you know what you'll end up with when you're done.

But replacing hardware, be it a hard disk or an entire computer, is not part of the solution.

If you choose to replace something at this time, it's only because this is a convenient time to do so. If you're reinstalling everything, it's a fine time to upgrade your hard disk - or even your computer - for example.

But it's not required.

Article C3553 - November 2, 2008 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

38 Comments
Mary
November 2, 2008 2:06 PM

I had a similar problem a couple of months ago and Leo did an article.

http://ask-leo.com/how_can_an_infection_like_antivirus_xp_2008_happen.html

Maybe I was just lucky and caught the problem quickly enough, but the instructions at bleepingcomputer.com coupled with the free removal tool from Malwarebytes' Anti-Malware worked well.

Grover
November 3, 2008 2:43 AM

I've used UBCD4Win to clean up malware. I've also been the computer repair guy and had to explain these same choices to a customer: I can clean your system, but it will take me at least 6 hours at $30/hr, or can reinstall at the same rate for 2 hours. Most choose option 2, but, fortunately for the bank balance some choose option 1...

I would guess that those who choose the more expensive option have data that hasn't been backed up that they can't afford to lose.
- Leo
03-Nov-2008

AG Wright
November 4, 2008 8:41 AM

In order to remove Antivirus XP from a computer I first boot the computer into Safe Mode then run a program called Smitfraud fix from the link below.
http://siri.geekstogo.com/SmitfraudFix.php
Now reboot.
Next I scan with whatever updated anti virus the customer has. If they have none, the usual situation, I install either AVG Free or Clam Win, depending on the speed of the computer and the amount or RAM. Slower computers get Clam.
Next I install and run Spybot Search and Destroy.
If this doesn't finish the problems I run HijackThis. If one is not experienced with this program I'd suggest that a trip to one of the many forums where they interpret HijackThis logs.

AG

Roger
November 4, 2008 10:41 AM

I was hit with Antivirus XP 2008 last month (AVG didn't catch it) but, like Mary above, Malwarebytes cleaned it up. It's a good download with step-by-step instructions. Thanks to Leo for the article and link.

Marc
November 4, 2008 11:08 AM

Believe it or not, the HP agent in my country refused to honor the warentee on a work Laptop drive, as they stated that a virus had physically damaged the drive, and so was not covered! We had to purchase a new drive. Unbelievable. As Leo and others state, a virus can NOT physically damage your drive. Thanks Leo.

Gwyn
November 4, 2008 11:33 AM

Re the five "starting over" steps mentioned in this article, if you "back up" then at the end "restore...from your backup", will you not be transferring the virus to your backup external hard disk (or whatever ) and then transferring it back on to your cleaned pc? Also, re "reformat your hard disk", is this the same thing as "rolling back to the factory settings", which is a description I have read somewhere I'm sure?(Layman's language please in any explanation. Thanks)

Remember, the restore step says "data only" - only your documents, pictures and such. These are all less likely to carry a virus. If anything I should have included a separate step to scan your backup for viruses before restoring anything.

"Reformat your hard disk" is not the same as "Restore to factory settings". A reformat erases everything on the disk, leaving it empty. Hence the additional steps to reinstall everything.
- Leo
05-Nov-2008

Jeff Bowman
November 4, 2008 1:48 PM

To go back to the original comment, I am not as confident as you, Leo. I used to have a BBC Micro (Acorn Computers) in the days before PCs or Macs existed. There was a program floating round school that caused the stepper motor of the 80 track 5 Floppy disk to try to access track 81. These drives were pretty simple affairs and would make a horrendous buzzing noise when this happened. We never broke a drive but it certainly did no good!
These days, computers are far more complex, could a virus disable the heat monitor and overclock a CPU to destruction or perhaps wrap a hard disk head around the spindle?

I certainly considered the old "bash a floppy drive" scenario, but in addition to becoming more complex, most of the logic for that kind of control has moved onto the devices themselves - i.e. you just don't have that kind of control in Windows-accessible software any more. It goes through a layer of device drivers or on-board firmware that notices you're trying to do the impossible (or the unsafe).
- Leo
05-Nov-2008

Dennis Jackson
November 4, 2008 2:21 PM

Leo - the two options that you mention in the article (either find an effective malware remover or reformat your hard drive and reinstall everything) are NOT your only choices! I've found that reverting your machine to an earlier state via a Restore Point is often an effective way to rid yourself of malware that the anti-malware package that you have installed does not detect (they ALL have their particular weaknesses). Another option, admittedly more exotic, is to set up and use a virtual machine as your primary means of defense. Virtual machine get infected? Blow it away (and the malware with it)! I suspect that this last option will become more popular as zero-day attacks become more frequent and virtualization software becomes easier for us mere mortals to use...

I have very little faith in restore points. I know that they can help in some cases, but remember: they don't restore data. If you want to go this route it's much better to have a regular backup instead.

The problem with VM's is in its complexity for the average user, and this concept of "just blow it away" - you'd be blowing away all the customizations made within that VM, and potentially any data you saved within the VM. It needs to be very well understood what's in and what's out of the VM for it to be used effectively.
- Leo
05-Nov-2008

Syd Appleton
November 4, 2008 5:27 PM

Following a devastating malware attack I was left with a machine which would no longer boot up in Windows XP. I had to reinstall to factory default settings XP SP1 using the manufacturers rescue disk, losing all data and programs in the process. Fortunately I had some data on a backup disk (more than a month out of date) but it was a long and painful process restoring all lost programs. I still can't identify the Trojan responsible as it effectively suicided in the crash. I have a 320Gb USB backup drive which I am certain is infected. How can I access/clean/recover data on this drive without reinfecting my PC again - not something I would risk lightly!

As long as you don't run any software that's on that drive, you're probably OK to plug it in and run a virus scan on it. The problem is auto-run - it may automatically run software as soon as you plug it in. You could turn it off system-wide before plugging in the drive.

An alternative would be to boot into a Linux Live CD (Ubuntu, Knoppix, others...) and use that to copy only the files you want off of the external drive.
- Leo
05-Nov-2008

Robin
November 5, 2008 12:53 AM

I think your 5 steps would be much clearer if you changed it to 6 steps and included a step before the step to reinstall all your applications to first install all your protection ie antirus, firewall, anti maleware software and windows updates.

Jan
November 5, 2008 3:10 AM

Just thought this might be worth trying. My friend's PC was infected by Malwarrior. It prevented her anti-virus programmes from working and prevented her from downloading any others. I suggested that she try downloading SuperAntiSpyware, which is available free from FileHippo.com. The programme downloaded successfully and destroyed the viruses. At another time, her brother's PC became infected with several viruses, only these viruses would not allow him to access the Internet for more than a few seconds before closing it down. He therefore could not download this anti-virus programme. I copied the programme onto a data disc-pen and he was able to run straight it from there. Again, it got rid of all the viruses. Hope this comment is useful.

Ralph Kuhn
November 7, 2008 11:04 AM

Leo, on some of the comments the last part of these comments are not readable. They are covered up. Am I doing something wrong?

Covered up by what? I'm sure you're not doing anything wrong, but this is the first I've heard of anything like this.
- Leo
08-Nov-2008

Mike Parsley
November 8, 2008 9:26 PM

Since XP hit the market I've managed to attract a virus on twelve or fifteen occasions. It's a price I pay for traveling to the dark side of the net. Over the years I've found that the virus's have become more complex and downright malicious,so please allow me to offer some points to consider in making your computer healthy again. With the exception of a couple of times I've found the only way to get rid of a virus is to reformat as indicated in the article. If you suspect that you have a virus DO NOT shut down your computer. I've had several infections that would't allow a reboot in safe mode and several that wouldn't allow a reboot at all. The boot process would go into a continious cycle of trying to boot. If you can still navigate in your machine attempt to backup any pictures,music,or documents to CD or DVD. It may be the last chance you get. If you use an external hardrive for backup DO NOT attempt to backup anything to it. If you're lucky the virus might not be on that drive. I never backup to my external drive until I have disconnect from the IP and run a full system scan. If you use a external drive for backup some of the software programs for conducting the process have a catalog file that tells your computer where everthing goes when you do a recovery or you may have created a recovery disk as part of the program. If you know where this file is burn it to it's own CD. Once you've gotten to this point you can try some of the methods mentioned in the article and the comments section. If a reformat is the only way out then load you installation disk. As it goes through the process of loading windows you'll have the option to format the hardrive. There are actually two format options with one being identified as a fast format. Do yourselve a favor and use the slow format. It takes a lot longer but I used the fast format option once and it didn't get rid of the virus. Your engaged in a operation you don't need to repeat immediately. After you reload the OS you can get your updates. The Windows firewall should offer enought protection to complete that task. If you have a full system backup it's time to load and run the program to recover your data and all will be right with the world. If you have a full backup you'll need to install the updates or the recovery program is going to have a problem. If you don't have a full backup its one program at a time starting with security. One more point on external hardrives for backup. If for some reason you can't use the program to restore the data, like maybe someone stole your catalog file. Don't panic! All your files are still there. Turn on the hardrive and go to my computer, Windows should reconize it. Your backed up files will most likely be a set. You can download the whole thing to your documents and use exployer to open the set and pick out the individual files (pictures,music,documents)and move them where they need to be. Twelve Gig,76000 files,five evenings,piece of cake! Hope this helps.

Kenneth Crook
November 8, 2008 10:06 PM

Backup, Backup, Backup!!!

Once a month, after Microsoft updates on Tuesday, I use Acronis TrueImage to make a full image backup of my disk drive to an external disk drive. Weekly I make a backup to an external disk drive of my "MY Documents" folder. And during the week if I make any updates to documents I copy them to a USB pen drive. I keep several months of Acronis TrueImage backups so if necessary I can go back farther than the past backup if somehow some virus slipped through my anti-virus scans.

Reformating and reinstalling everything is like torture, and to be avoided at all costs. Acronis TrueImage is simple, easy, fast, and has saved me a couple of times.

PS: The virus I got seem to have come from geek sites I went to researching some problem.

Gwyn
November 11, 2008 6:56 AM

Many thanks for answering my query re your article a few days ago. A latte should be with you by now.

Lauren
February 24, 2009 1:18 PM

I had the same thing happen with the cryptic 'warning' message and the inability to access or upgrade my Norton anti-virus software.
I had a virtual Symantec technician look at it and they thoroughly destroyed my system to the point where it was virtually inoperable... after that, I took it to a local shop and they are unable to wipe the HD and get rid of the virus so I do need a new drive. Before doing this, I had a computer person at my office try to fix it.
Vicious, ugly virus! Now if only people put their time and effort into the common good instead of hurting unsuspecting people the world would be much better off...

If "they are unable to wipe the HD", then I'd look for a different technician/shop. A virus should never do something to a hard drive that would render it un-wipable.
- Leo
25-Feb-2009

omadham
March 29, 2009 10:11 AM

My laptop is a windows vista. I was working normally on subtitle workshop when suddenly it said the the program had a problem and had to shut down. When I restarted the program, I had a black screen and I was unable to boot my computer. Now it would not even want to reinstall Vista and I get a message saying that my hard disk is dammaged. I don't understand what happened.

bill
May 14, 2009 11:40 AM

"ATTENTION" "EARTHLINGS" "NEVER,NEVER,NEVER USE RESTORE ON YOUR COMPUTER,TURN IT OFF"If your computer gets even a smell of a virus it is saved on this section of drive and when you restore you also restore virus or malware!

stephanie lovell
September 5, 2009 12:53 PM

i scanned my computer and it says its infected but it can't get rid of it what do i do? it says its in archives

Alex Young
October 9, 2009 1:06 AM

Hi, DEALING WITH INFECTIONS PART ONE
I think I have come up with a reasonable strategy for dealing with PC infections. In my opinion it is not worth the trouble of trying to clean them off both time wise and also you can never be completely sure that they have been totally eradicated.
So instead invest in an external hard drive, they are really affordable now and can serve more than one purpose [storing films or a music library for instance]
Next download a Disk Imaging programme.There are great free ones available. I use Macrium Reflect Free version which is very easy to use and reliable.
Make a disk image on to the external as a fall back. This will include everything on your PC.
Then make a backup on your documents and music etcetera although you have already got this in your full disk image.This documents back up is done by copying to your external and not via the Disk Image programme.
Now you have the fall back use your rescue CD or Windows disk to reinstall your system to when you bought it. Depending on your disk you may have to reinstall drivers as well so make sure you have that sorted.
Now comes the painful bit.You will need to reinstall all your programmes from the web or any disks you may have. You will also need to visit the Microsoft Updates site to bring all software up to date. This can entail several visits and a lot of time depending how old your PC is.
Next replace your documents from the external to your PC.
At this stage I usually run CCleaner to get rid of rubbish but that is just my preferance.

Alex Young
October 9, 2009 1:33 AM

DEALING WITH INFECTIONS PART TWO
Now we have a clean up to date system so before you do anything else,ie before you visit the web,make a Disk image using your chosen programme. We can date this and it is your day one image. It is better than your manufacturers CD because it is up to date and contains your present programmes. You can delete the initial Disk image if you wish as that is of your old system.
Now you can use your PC and if you get an infection just restore from your external.
In order to keep up to date I make a note of any changes I make to my system and a keep this on a notepad document in My Documents.After say a month I will put the previous Disk Image on after moving that note pad document to the external along with any other updated files. When the month old disk image is in place I will apply all the changes I made in that month[with the help of the word pad ] update my security products and then take another disk image for use a month down the line. This way I believe I minimise software rot and I always have a recent clean disk image to fall back on.
Yes, it does entail some work but it gives great peace of mind. Never again will you be left with vital System 32 files in quarantine and wondering what to do ! Regards Alex {If I can do it anyone can

mc
November 29, 2009 12:11 AM

my laptop was destroyed by virus. the screeen was dead.. teh connector of the screen to the body was a bit damged .. waht was the cause? can i use my lenovo laptop computer now?

Viruses don't harm hardware, and certainly not screen connectors, so I'm certain that this damage has nothing to do with a virus. Have a technician look at the hardware damange and see if it can be repaired.
Leo
29-Nov-2009

~THE POLLOCK~
June 4, 2010 11:47 AM

Actually, if you have an old computer with a certain type of hard drive, i forgot what kind, a virus can force a very dangerous "memeroy check" that can cause the pin on the hard drive to spin erratically and cause it to shatter the drive.

Shawn
August 23, 2010 6:53 PM

I have a Sony Viao with Windows xp prof, and a few months ago my wife downloaded a update, so she thought, for Adobe Flashplayer 10.47!! Well I have lost all my configurations, accounts and I couldnt even run a scan. I tried to fix it by repairing and the computer will function like its supposed to for 3-4min afterward, then it blinks and all my configurations and functions are gone again. Do I need to start all over? I have my recovery disk for windows but do not have one for the drivers. Also if I can back anything up can the virus hide in anything I do and reappear? Thankyou for any help you can give me, this has been a real pain!!!!! THANKS!!!!

Kevvy
May 31, 2011 12:44 PM

I had a virus on my computer similar to the one mentioned. It told me my disc was damaged and the usual give us your Card details and we will fix it! The screen was black and very little worked it seemed all was lost. Then I remembered the computer was split into family names I went on my sons name and Started Ad aware and Windows Defender they both found malaware and deleted it a restart was required. On restarting I went for a systems restore to a previous week. It worked wonders the Virus has now gone and all things on my own name are working. Lucky I had two users on the machine or it would have been hard work knowing what to do.

Sue
September 13, 2011 6:45 PM

I received an E mail from a known sender which contained a link to what I thought was a website to look a wedding pictures. Well, that was the end of my computer's hard drive. I have access to internet explorer,but I lost all of other programs and my hard drive is damaged. The computer is about 6 years old. Can a hard drive be fixed or is some damage beyound repair? How did this happen? How did I get a fake e mail? I had no idea it was not from the known sender

Michael Wilson
November 3, 2011 7:14 AM

Recently I made the same mistake with the UPS Virus (file) I was in a hurry and was waiting for a UPS tracking number, OUCH.

I spen several hours working with Dell Tech fixing the problem,

Nelson
November 3, 2011 2:04 PM

I keep getting the UPS/Fedex emails all the time. However Yahoo filters them into the spam folder where I can look at them without opening them. From there I can see the From: url which tells me if it is actually from UPS or Fedex. If the url dosen't look right I just delete te email. Better safe than sorry. Also I don't download anything I don't know for sure will come back to Haunt me. Only download from trusted sources and even then scan it with a good virus scanner. I use Norton Insight!

Claudia
November 18, 2011 11:29 PM

I think I have a bad virus. A few days ago I was at Facebook.com where the hackers are hanging out according to CNN News and suddenly I had problems with my Ethernet. Yesterday my hard drive started failing and it would not allow me to reinstall Win XP and gave a message that it was unable to format my hard drive. I ended up running CHKDSK and formating my hard drive manually. Then I tried reinstalling WIN XP and I still had problems with corrupt files as it was installing. I have two copies of Win XP and neither worked. I finally got a message "SMART Failure Predicted on Hard Disk 0: FUJITSU MHT2060AT PL - (PM). WARNING: Immediately back-up your data and replace your hard disk drive. A failure may be imminent." I've only used that Laptop for a year and I don't think the hard drive failed on its own, I think it had help from a virus and that the hacker got in thru my Ethernet. I have read that I should be using a password on my hard drive and will do that in the future.

Mark J
November 19, 2011 2:17 PM

@Claudia
Once you've reformatted your hard drive, all traces of the virus would have been eliminated. As Leo says, a virus can't physically damage your hard drive. As for your computer being only a year old, I've seen newer hardware fail.

eddie
November 26, 2011 10:20 PM

that's good to know i recently opened a file supposedly containing a free PC booster should've know better no i have a virus and says hard drive is damaged ram is slow yada-yada but i least i know if the tech support where i took my computer at come up with "oh you need to replace the hard drive" or something i am a bit more informed thanks :)

smith
December 13, 2011 1:43 AM

hi,
No. Computer viruses are software code designed to spread to computer files and other computers, delete files, and cause other problems with the data on the computer. So if you're experiencing an issue with a hardware device such as your printer, video card, sound card, etc. it is not due to a virus.
That being said, it is possible that a virus could corrupt data on the computer including the software drivers that are used to allow your hardware devices to communicate with the computer. If this were to occur it may prevent the device from working but would not physically damage the hardware.
If you're experiencing a hardware issue make sure you have the latest drivers installed on the computer. You may also want to try to reinstall the drivers.
{url removed}

Erin
December 18, 2011 9:38 AM

Hi Leo,
I recieved a terrible virus recently and after I used the recovery disc to try to get a complete fresh start with the computer it will only work for a few hours and crash again. I've recovered it with the recovery disc 4 times and it still continues to crash, are you sure the virus can't do permanent damage to the hard drive? Any suggestions? Thanks, Erin

Connie
December 18, 2011 10:21 AM

@Erin
Here's another article with some virus recovery advice:
How do I recover from a bad virus infection?

KAUSHALENDRA SINGH
January 5, 2012 11:37 PM

i have downloaded free pc scan antivirus after 4 days that locked my drives and ask for registration by autorun.
how i can solve this proble
Some antvirus companies do this please tell me right wa
thanking you

This sounds more like malware or scareware than a legitimate antivirus program. This article is a good example: How do I avoid trojans like Win 7 Home Security 2012?
Leo
06-Jan-2012
Sinclaire
March 19, 2012 6:24 AM

Hi, I am just curious but is it possible for viruses to mess with temperature regulation and causes CPUs to overheat and lead to physical damage?

Seems like it would be possible.
Leo
20-Mar-2012
The Canadian
July 27, 2012 11:42 AM

You could always try rebooting your computer into safe mode, then running your AV. My computer got something similar to Antivirus XP (except worse, since it said that literally every program I attempted to use either was a virus or was infested by viruses, and wouldn't let me use it), and that's how I managed to get rid of it.

theresa
December 5, 2012 7:19 PM

Hi,
Won't be able to access my email for a while.
I rebuilt my computer twice this month - 2 major viruses -
last one was in Google Earth file (192 Giga- yes Gigabite). I finally maneuvered this one out after many days of hard work. Retrieving my files from my infected backupdrive (virus took up space of all the 200Gigabite in the backup drive), I am having some kind of hanging problems again. Are data files also infected??? I am a nervous wreck now and feel like throwing all my files out. Each re-install took me several days working several hours a day. Thanks.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.