Never Gone – Grdead back in action

Friends , Romans and countrymen …. i am back… i know it has been a long time since i last posted an article … I was stuck with some family obligation …. had to relocate and start a new life alltogether .. neways … its good to be back… n guess what i got the idea of getting back because something weird happened … a VIRUS BOMB struck my system and hell broke loose …. i am gonna use this post as a daily tracker so that you guys know wat am i going through …

Allright , it all started after a wellwisher visited our house and inserted his pen drive into my systems USB port. Guess what … that stick was carrying a deadly trojan horse .. I as always , prefer to stay away from antivirus. I think they slow down your system… not my cuppa tea .. hence :(… u can guess

i was in office performing my boring chores when wife called up informing that the system had stopped boting up in windows … As usual , i gave that good old chuckle ..”Relax honey its ok .. have you tried this , have you tried that?” .. well my wife tried everything .. she has good knowledge about the OS than me. I came back home to find that my baby was infected by a boot sector virus!. (Read this ) I still managed to show my wife that i am cool ..”Don’t worry , just a virus .. well , a format and installation will fix it .” I was doubtful about  the idea because :

1.) We did not have an external HDD

2) We had our work stuff on the system

3) I had my priceless 2GB collection of music and around 4GB collection of software.

Inserted the good old trusted friend , windows xp cdrom and booted the system , just when it finished loading the drivers and was about to check for widnows installation … it crashed with a blue screen saying “unknown hard error” followed by a weird error code which i don wanna see again. I said to my wife ” You know wat , we need to arrange for another windows xp cd.. this one is trash.”  “Are you sure?” , asked my wife (She loves her hubby just toooo much!). (Again that usual chuckle , breath of confidence) Sure , its gonna fix this.

So next morning we got a windows xp installation cd from a friend. I now decided to move the above data from c:\my documents to the D: ( we had this partition on the HDD). This was the worst thing i did even when i knew that boot sector virus is a nasty little b****. Anyways , after that i formatted the C: and loaded windows . All went well. Installed drivers , then came Mcafee 2010. After 5 minutes i got a popup from mcafee that it has detected some trojans … it removed those … i installed printer … and left for office.

19th march ,2010 (05:41 am)

came back from office .. had a hard day.. will talk about that later though .. started the system to install the rest of the software. SURPRISE… SURPRISE….. BIG BLACK screen after i get the BIOS splash .. HDD light looking at me with constant orange . Well , this was what i did not want…. tried to push the windows cd back again to check the scene …Jesus !!!! i get the same blue unknown hard error after the driver load. Now i am lost , battered and bruised … took me some time to recollect myself ..

Ran windows in safe mode … got stuck at a point while loading a certain system file under drivers … made a note of the file .. now my friends my life saver came in the form of “BART LIVE CD” … i had this live cd … understood its importance for the first time in my life .. perhaps that was the best thing i did so far ( if you are reading it from the top). booted system with the live cd and got access to file explorer .. went all the way to the creepy c:\windows\system32\drivers and took off the file where safe mode got stuck. restarted the system …. AHA … things looked a bit ok , error : coudl nto load that specific driver and windows asked me to repair the OS.

With a half hearted approach tried booting the system once again from OSCD .. this time it worked !!! … formatted the C: once again.. you might be guessing why ??… well , because i still had our stuff back in the enemy territory!!!… installed windows on c:. i had a little 20 GB internal HDD. plugged that in and started recovering as much as data possible..

March 19. Around 8 PM IST:
———————————–

I am now in office. Feeling pretty numb … could not get proper sleep for the past 2-3 days. Still not pretty sure as whether i am heading towards teh right direction to remove the virus . We managed to grab an external 320 GB HDD and today connected that to the system and dumping all the files.  Once it is done ,  tomorrow i shall break the partitions on the HDD and reformat the HDD . I shall make 2 partitions and install widnwos xp on the primary partition. Then the first thing i will do would be to install MCafee 2010 and running a complete scan on the system. Once that is carried out i shall connect the external HDD… however there is a catch. My external HDD by then would be a homecomer coming back from the warfront… preety much like “John Rambo” from Vietnam ( Stallone was my idol during my school days) or like that astronaut who came back from outer space( Movie: Alien) or pretty much like Pierce Brosnon from the bond movie which i can not remember now.

😦 I can not trust my external HDD. It might be carrying foreign goods ready to get me back to square one. Here is what i have planned :

I shall boot system from BART PE LIVE CD. Then …..

1.) I shall disconnect the LAN cable

2.) Use the “A43 File Management Utility” plugin from Bart PE to access explorer. I was not sure as whether this can help me to access my external HDD or not. Lemme check .. hold on. Yes , it does . Thanks to the scholar at http://optimisingpc.com/miscellaneous/manual_bartpe.html
So this is what we shall do.

3) Now we need to get the hidden files visible and then remove any suspecious files from the External HDD. Well , i think i also need to format the 20 GB HDD.. remember .. ok lets talk about that later. First let us understand what shall we remove from the external HDD and how to do that…. (to be continued)…

19th March around11:32 pm
————————————-

STUB from google …

“In the Command Window, type in your flash drive’s drive letter (if your pen drive is detected as G, then type G: and so on). Once you have gone in to your pen drive, now type dir/w/o/a/p and hit Enter. You will then see a list of files. Search whether any of these files appear or exist:
1. Autorun.inf
2. New Folder.exe
3. Bha.vbs
4. Iexplore.vbs
5. Info.exe
6. New_Folder.exe
7. Ravmon.exe
8. RVHost.exe or any other files with “.exe” extension.

type and run the command attrib -h -r -s -a *.*

delete files using del filename. “……….

——————————————————————————

Ok , here we are back again. Now just came to know that if we follow the above procedure we would be able to delete those files from the external HDD.  Something very interesting striked my mind…what if i still can not see the files.. some more research yeilded this stub :

————————————————————————————————————————————————————–
Click “run” at the start menu, type regedit

the Registry editor will open.

Go to HKEY_CurrentUser\Software\Microsoft\Windows\Explorer\Advanced

on the left side look for the key ShowSuperHidden and set it to 0 (ZERO).
——————————————————————————————–

March 22nd , Monday
—————————–

As i type this out i thank heaven almighty that my issue has been resolved successfully. As type this out my system is fully loaded and ready to deliver what it does best. But yes , i goofed up with few things. While i was in Bart PE LIve CD mode i had deleted the “System Volume Information” folder along with “Recycler” and then my External HDD became completely useless , unreadable by windows.  My lifesaver was a data recovery software ( i will not give you the name , its a secret) that helped me to restore every single file from the RAW partition of my external HDD.

CHAPTER CLOSED.

One again please read the disclaimer statement before you try out any of this steps . I was able to get my data , you might not. So please seek professional guidance if you do not know what you are doing.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s