PC infected - virus or trojan horse

  Happy37 20:58 01 Oct 2010

Hello everyone...

I was in the middle of using my PC an hour ago when Avast flashed up a warning about a virus or Trojan horse.

I immediately stopped what I was doing and shut down my PC.

On rebooting, I now find that the Primary HDD is no longer recognised and the PC no longer boots into Windows.

I get the message that NTLDR is missing.

I have now removed the HDD to see if I can get hold of all of the contents of there and reformat and reinstall Windows.

I have put the HDD in an external HDD case and have connected to my 2nd PC.

It is not recognised in Windows - so, what can I do to get the information of my HDD before I reformat and reinstall Windows?

Will a XP repair install do the trick and get Windows back up and running - but obviously I don't want to lose any of the info on the HDD by doing this.

Does anyone have any ideas as to how I can do this please?

Many thanks - all responses gratefully received.



  Fruit Bat /\0/\ 21:38 01 Oct 2010

NTLDR Missing click here

If you have FAT32 partitions, it is much simpler than with NTFS. Just boot with a Win98 floppy and copy the NTLDR or NTDETECT.COM files from the i386 directory to the root of the C:\ drive.

Insert and boot from your Windows XP CD. At the first R=Repair option, press the R key Press the number that corresponds to the correct location for the installation of Windows you want to repair. Typically this will be #1 Enter in the administrator password when requested Enter in the following commands (X: is replaced by the actual drive letter that is assigned to the CD ROM drive) COPY X:\i386\NTLDR C\: COPY X:\i386\NTDETECT.COM C:\ Take out the CD ROM and type exit

  rdave13 21:41 01 Oct 2010

Try to get all your needed data off the external drive using a 'live' ubuntu disc. click here
Have a read how to burn a live unbuntu disc and how to boot from it. NOTE, don't install just use the TRY UBUNTU without installing.... choice.
You should be able to get your data and transfer to another drive,disc or usb drive.
When your AV warns of impending doom do not switch off your PC either by logging off or pressing the start/off button. Let the AV deal with it either by deleting or putting the malware in quarantine.

  Happy37 22:00 01 Oct 2010

Fruit Bat /\0/\ and rdave13

Many thanks for your suggestions.

I have since disconnected the HDD from my external case and put in back into the first PC.

Lo and behold, I checked to see if it was connected securely and the PC booted up fine.

I am now running full Malwarebytes, Avast Antivirus and Spybot and Superantispyware scans in turn to see what is picked up.

I have also managed to save my data off onto a USB key (thank God) - my next burning question is the fact that do you think that all things should or will be OK from now, or could the PC still boot up OK on one day, and not the next?

Do you both think that I should still format and reinstall Windows at my next available opportunity?

All comments welcome - as well as anything else that you may both think will be useful.

Thanks once again - much appreciated.



  rdave13 22:16 01 Oct 2010

I think you're ok if running these scans and you remove all, including cookies after a reboot. It will take time.

Download sas portable and save to desktop. click here
Reboot in safe mode then run a full scan of sas portable. IF nowt found then you should be OK.

  Happy37 22:29 01 Oct 2010

Hi rdave13

Thanks for your reply - I will do as you've suggested here and will rport back.

But why do you think the PC failed to report the HDD as showing up OK in the bootup sequence, as well as saying NTLDR missing?

Is it as the link given by Fruit Bat /\0/\ suggests?


  rdave13 23:29 01 Oct 2010

It was most probably a bad connection to the HDD. Hence no bootable source I would imagine.

  wiz-king 07:32 02 Oct 2010

"I have also managed to save my data off onto a USB key" Don't forget to scan it before using it! If it has an infected file you could be bach to square one.

  robin_x 09:15 02 Oct 2010

Sounds like you have been 'lucky' but are not really geared uo for disaster recovery.

An easy way is to use an Image/Backup program to image your HDD and make a boot CD/DVD.

Acronis, Seagate Disc Wizard, EASEUS Todo, Paragon and others will do this easily and quickly. 20-40 mins typically.

Better than a factory restore since it keeps all your current OS, settings and data.

I wouldn't bother doing a fresh install now unless your XP is cluttered and sluggish.
But next time you do, make an image then with a minimal install, browser+bookmarks, Internet connection working and basic settings (wallpaper, screensaver etc etc)

Probably best to have a separate file after clean install for data.

Keep images and data backup file on ext hdd or 2nd PC hdd.

Do the same for 2nd PC to 1st PC, but careful not to make images of images. They are large enough anyway.

If you don't have ext hdd. Make extra partition for the backups of the other PC on each computer.

eg 1st PC = Small System Partition (some PCs only) c, d (Recovery partition), Backup Patition containing SSP c, d of 2nd PC

and vice versa.

This post was meant to be quick. But it is easy to do the above and you will never be more than an hour or two away from a bootable recovered PC

If you have space, maybe after next upgrade of HDD, ext or otherwise. Consider daily/weekly/monthly images and backups.

Probably a 1TB drive will be fine for that.
I get away with 500GB but it's getting tight and I don't back up movies.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5 review

Alice Saey's mesmerising animation for Dutch singer Mark Lotterman

iPad Pro 10.5in (2017) review

Comment booster votre iPhone ?