Re: Ongoing HD problem:

On Mar 13, 6:47 pm, "Daave" <dcwashNOS...@xxxxxxxxxxxxxxxxxxxx> wrote:
I am confused, Navyguy. I thought you said you performed a clean
install, which if course would have eradicated that trojan. Or are you
just mentioning it for historical reasons? If the latter, don't worry
about it, it ain't there anymore! If this is recent and it's just a .gif
file, I'm curious as to what it means. Perhaps there is malicious code
embedded in this graphic file... Did you clear your browser cache?

Also, there is no reason to worry that Avira is unable to scan
hiberfil.sys and pagefile.sys. That's normal.

You say you want to avoid formatting your hard drive. But I thought you
said in another post that you did just this! Do you mean you want to
avoid formatting it *again*? Or did you just intend to format it, but
haven't done so yet?


I only mentioned this for historical reasons because I thought the
Trojan Horse was still on the system.

Again a poor choice of words on my part, I didn’t format the HD, I
formatted the partition when I deleted the C: drive and installed XP
using the Reinstallation CD. However from what you say I don’t have to
worry about the Trojan Horse being there any longer.

Still the question of not being able to complete a chkdsk /f and the
MFT being possibly corrupted remains, and I’ve noticed at times that
the computer is slower than usual and others where its fast which is
the norm for this computer.



Robert



"Navyguy" <magine...@xxxxxxxxxxx> wrote in message

news:73d98b88-70fc-4156-bed3-575240e1112e@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
This is the Trojan Horse virus:

Trojan horse Downloader.Generic8.TVN It was under Local Settings\Temp
Internet Files
Content.IE5\PWT3Az83\getfile-081220-aps(1).gif

In addition I updated and scanned with Avira as soon as I installed it
and it still found (2) warnings although there use to be (3). This
troubles me since this is a new install and I did format the
partition. The
warnings are as follows:

Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys    [WARNING]   The file could not be opened!
C:\pagefile.sys    [WARNING]   The file could not be opened!

If I can avoid formatting my HD I would certainly prefer not to but
I'm unable to complete a chkdsk /f. So if there's way to remove this
virus I'd like to know how?

Thanks,

Robert

On Mar 13, 12:12 pm, "Ron Badour" <So...@xxxxxxxxxxxxxxxxxx> wrote:



You have not provided any information showing that a drive format is
required. In fact, a format is seldom required to get rid of an
infection.
As I write this I am cleaning a PC that so far has 34 infections and
in the
past I have cleaned systems with 200 to 400 infections of every sort
without
formatting.

HEUR/Malware Suspicious code: This is not a definite virus/Trojan--it
is
merely being flagged as being suspicious code. The following was found
here:

http://www.avira.com/en/threats/section/fulldetails/id_vir/2703/heur_...

HEUR/Malware is a heuristic detection routine designed to detect
common
malware characteristics. Avira AntiVir recognizes unknown malware
proactively using its AHeAD technology. To achieve this, Avira
performs
innovative structural analyzing.

On the basis of the composition of a file, the sequence of significant
code
sequences or based on particular behavior patterns, the heuristics can
determine with a high probability whether it is dealing with a harmful
or
virulent file.

HEUR/Malware in particular is reported when a program seems to contain
suspicious functionality.

In the unlikely occurrence of a false positives we would kindly ask
for your
help and send the file to our virus lab using the quarantine
functionality
of AntiVir.
******************************************
I doubt that a Seagate CD is infected. I would either use the
diagnostics
to check the drive or if this makes you nervous, download the
diagnostics
from Seagate.

http://www.seagate.com/www/en-us/support/downloads/seatools/

--
Regards

Ron Badour
MS MVP
Windows Desktop Experience

"Navyguy" <magine...@xxxxxxxxxxx> wrote in message

news:df5aec3b-a221-4ee0-a22d-2367c0419ff5@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I have a Dell Dimension 8200 with XP SP3, 160G hard drive with DSL
connection. I have
Windows Firewall(set to notify), Avira Antivirus, Spybot, Windows
Defender and Hive Cleanup.

I recently had some serious issues with my computer; this started
when
MSN Live Msgr stopped signing on automatically, then my login
procedure was changed via remote assistance; and was told my MFT was
corrupted. I also became infected with a Trojan Horse virus which I
deleted but still resides on its host program.

With all these considerations it was felt that the best course of
action was to reinstall XP. I successfully did this using the
recovery
CD provided by Dell by first deleting the (C:) partition and created
a
new partition, formatted it, and reinstalled XP, then uploaded 30+
updates from Microsoft, including SP2 and SP3, and IE7 and MSN Live
Mail.Then created a System Restore point.

Even though the system has returned to somewhat normal operation I
decided to run a chkdsk to make sure. It found file problems and
suggested running a chkdsk /f which I've done several times but it
doesn't complete and hangs in step 2 of 3 (verifying indexes). I now
realize that I needed to format my HD to remove the Trojan Horse
virus
and then reinstall XP. However there are some considerations.

I have a Seagate Baracuda 3.5 PATA/100 ST3160815A HD and intially I
started to check the HD using the CD from Seagate. I started to
download diagnostics from the CD when Avira caught a malware from
the
CD! It says it contains HEUR/Malware Suspicious code so I cancelled
the process.

So my question is this; if I format my HD do I need this CD to
install
any drivers? If so, then obviously I can't use this CD because of
the
suspicious malware code and will probably require a new HD. If not,
can I install XP using the recovery disk or do I need a stock copy
of
XP? If I need a stock copy is there a way to get it? Another point,
even if I did purchase a new HD I would still need to install XP
somehow.

I would appreciate any advice or suggestions.

Thanks,

Robert- Hide quoted text -

- Show quoted text -- Hide quoted text -

- Show quoted text -

.