[Dyno]

My granddaughter brought some of her school work home on a flash drive and it had a virus in it.

Well it got in my HP desktop computer and messed things up and AVG did not help. So I had the idea to just let the HP do what it calls a destructive reload of the os. When everything was finished with the newly installed os I used IE to go to major geeks for the AVG free and Malwarebytes so things would get started off on the right foot. Well guess what ??? After the new os reload IE would not let me go to major geeks and redirected itself to another website. I finally got avg and malwarebytes installed by going to Google websight and installing Chrome and then getting AVG and Malwarebytes before it could take over Chrome.

How do I clear a virus from a flash drive ?

How did that virus survive the os destructive reload and what should I do next ?

Thanks in advance , Dyno

[HerrGlock]

What virus? Yes it makes a difference.

Some viruses attach to the boot sector which may or may not get cleaned by a reinstall. Some of the newer ones actually attach to the area of the drive where the OS reinstall image is stored so you cannot get rid of it.

[Dyno]

[QUOTE=HerrGlock;16846686]What virus? Yes it makes a difference.

Ok , If you tell me how to find out what virus it is I will be glad to post it.

Thanks , Dyno

[gemeinschaft]

Quote:

Originally Posted by HerrGlock

What virus? Yes it makes a difference.

Some viruses attach to the boot sector which may or may not get cleaned by a reinstall. Some of the newer ones actually attach to the area of the drive where the OS reinstall image is stored so you cannot get rid of it.

This is exactly why I don't like the Recovery Partitions that HP likes to setup.

Dyno, do you have physical discs that you can reinstall Windows from?

[HerrGlock]

Quote:

Originally Posted by Dyno

Quote:

Ok , If you tell me how to find out what virus it is I will be glad to post it.

Thanks , Dyno

http://housecall.trendmicro.com/

[JimmyN]

Did the recovery delete all your documents and installed software? If it didn't then you did a system recovery rather than a destructive recovery. System recovery just replaces system files, destructive recovery re-formats the drive then installs the OS.

You can use Malwarebytes to scan the flash drive. Start Malwarebytes and select "Perform Full Scan" to get a drive list. Remove the check from C drive and put a check in whatever drive letter the flash drive is using.

[Dyno]

gemeinschaft ,
No physical discs with this HP box.

HerrGlock ,
Thanks for the Trend link , I'll post results today.

JimmyN ,
I will do that this afternoon.

Dyno

[Pierre!]

Hey Dyno,

Don't forget to press <F8> while the system boots. Then select SAFE MODE W/ NETWORKING

Then do your scans. It will work much more effectively, most likely on the first try...

HTH

[Dyno]

Pierre ,
Thanks for the tip on the f8 and scan in safe mode. I did not get to do this yesterday so today is the day. I will post findings.

Dyno

[gemeinschaft]

I would also suggest that after you start in Safe Mode, you can go to

RUN --> MSCONFIG and look at the "Startup" tab.

There, you will find a list of the all of the processes that are scheduled to start up when you boot your system normally.

Many times, you can see the virus that is running in the background from this screen and simply remove it from the Startup tab. Of course, this is just a bandaid that is to be applied until you find how to remove the virus, but it can lead you to where the virus is hiding.

[C.Lee]

For future reference. By default AVG does not scan removable drives, you have to turn it on yourself, at least that is how it works for me.


Open AVG, Tools, Advanced settings, scroll down to and expand "scans", Put a check mark in the box next to "Enable Removable device scan"
also put a check in "use heuristics", "enable thorough scan" and select "all file types" and put a check in "scan files without extensions" and anything else you wish.

Click on "apply".

AVG should now scan every removable drive when it is first plugged in.
You may also want to turn off auto-play on any drives other than your DVD drives, I think windows had a patch that stops auto-play on all non DVD drives.

[hamster]

Try the free and excellent Microsoft Security Essentials. It is fairly good at clearing up infections.

[Linux3]

Quote:

Originally Posted by hamster

Try the free and excellent Microsoft Security Essentials. It is fairly good at clearing up infections.

The last time I 'Ran' a MS OS was Windows 98. Well, actually 98SE. When I found that 98SE was nothing but a bug fix for 98 AND I had to pay for it I moved to Solaris for x86.

I gotta ask, why is Microsoft Security Essentials 'fairly good'?
I mean, MS releases an OS that is insecure and open to viruses, worms, trojan horses and tigers; Oh my.
Then they have the OPTION of installing Security Essentials. Why not just make it part of the basic OS install?
It's not for ethical reasons. MS has no problem changing the DRM or WGA or IE plugins without permission. Why not just secure the OS and install their Security package by default?

Lots of companies have made major bucks selling third party stuff in an effort to secure Microsoft's mistakes. Is MS getting a cut of the action?

If Security Essentials is indeed essential why is installing it an option?

To me and many people I know the whole thing is actually kind of funny but I don't think Microsoft is doing this just for my amusement.

[Pierre!]

And my final comment for this thread...

Schools are the *worst* place for virus and malware. Children haven't learned enough about computers to protect their thumb drives, or learn all the nuances of security and what to be concerned about.

Teens - These are some really malicious kind of 'students'. They actively work to exploit any flaws in the district IT plans and architecture. It's a game for many of them - the goal? Free Grades, Attendance Records 'updates'... You name it, they go after it!

So - When that USB drive or the CD-Rom disk comes home from the school with work to be transferred to the main computer... The *first* thing you should do is scan the media for virus and malware infection. Catch it before it gets a chance to latch on to your system.

It would also make sense to make sure you have a recent backup updated as well! Sure does make recovery a joy when there is very little pressure due to a recent data backup.

Better yet, use the built in Windows 7 'Drive Image' backup to ready your system for a complete restore... After the initial 'Drive Image' is created, the next backups go VERY quickly!

Hope that helps you out!

[IndyGunFreak]

Quote:

Originally Posted by Pierre!

Hey Dyno,

Don't forget to press <F8> while the system boots. Then select SAFE MODE W/ NETWORKING

Then do your scans. It will work much more effectively, most likely on the first try...

HTH

I've found scanning w/ Networking under Safe Mode, to be problematic with some viruses. I've scanned "w/ Networking" rebooted, and still had the virus despite it previously showing "cleared". I'm assuming the virus determines it has been removed, and uses the network connection to reinstall itself...

What I've usually done...

1. Boot safe mode, update antivirus/malware software.
2. Reboot to safe mode w/o networking
3. Run scans.
4. Back to normal OS...

IGF

[Pierre!]

Quote:

Originally Posted by IndyGunFreak

I've found scanning w/ Networking under Safe Mode, to be problematic with some viruses. I've scanned "w/ Networking" rebooted, and still had the virus despite it previously showing "cleared". I'm assuming the virus determines it has been removed, and uses the network connection to reinstall itself...

What I've usually done...

1. Boot safe mode, update antivirus/malware software.
2. Reboot to safe mode w/o networking
3. Run scans.
4. Back to normal OS...

IGF

Agreed. Just depends on whether the infection will provide a clean update while in standard operating mode... or if it will load AV/AM at all.

It does allow the user to upgrade the sig file, which could be considered important for a first scan cleanup...

Really a case by case process! and, the user needs to know to update sig files in the first place

HTH

[sbhaven]

Some kinds of infections will disable some parts of AV or malware programs so even when they're run they miss the virus/malware. One of my machines recently got hit with a google redirect virus/malware that was particulary nasty and difficult to get rid of. The infected machine is scanned weekly with McCafee Security Center and Malwarebyes yet both missed the infection and wouldn't clean it. It took several hours of running Combofix (from BleepingComputers) to remove the infection (appeared to be a rootkit). Combofix is a last resort type of fix though, its better to try other fixes before resorting to it.

DSLReports has some good suggestions for cleaning malware/virus off one's computer and they also have a remove rootkit page for dealing with those too.