trogan win32/anomaly.gen!A

[babylon5guy]

Hi,
I'm cleaning off a laptop with win 7 64 bit, the main culprit seems to be above virus although it had many more. When I first started cleaning this MSSE had not a fix for it, and said use their System Sweeper, which I could never get to update on CD or flash drive, and I checked to see if connect automatically was checked as posted in sticky. I ran malwarebytes several times and it found many things but never that. I also ran Superantispyware, TDSSKiller and ESET. Yesterday MSSE finally had a fix for it and it found it and attempted to clean it, it said on the files it wanted to quaranteen it couldn't because they were too big, so I don't know if it deleted them or not, that's when I ran the other scanners. The last one ESET scanned found things I deleted and when I restarted I got the BSOD. Couldn't boot into safe mode either. I went into command prompt and C: drive was empty, and I said oh no. However I took the hard drive out and opened it on my PC and all the data was on an I: Drive? Did the virus do that or what? How would I get it renamed C: drive and would that work on the laptop? I don't think I can do it on my PC as I already have a C: drive. Any help would be appreciated.
TIA

[rjfvillarosa]

Quote:

Originally Posted by babylon5guy I took the hard drive out and opened it on my PC and all the data was on an I: Drive? Did the virus do that or what?

No, that was just the next drive letter available on your computer, try running all the scans on the infected harddrive via your computer. When you put the harddrive back in the laptop it will be seen as C:

[babylon5guy]

Thanks rjfvillarosa, but it wouldn't boot on the laptop and command prompt showed C: drive empty? It has some strange drive ahead of it, H: which has file boot mgr and folders $recycle.bin, system information and Boot?

[rjfvillarosa]

If you can see the documents via your computer, I would save them to your computer and then reinstall W7 after formatting the harddrive. It sounds like a bit of a nasty infection so I would even consider doing a zero fill of the harddrive.

[babylon5guy]

Thanks rjfvillarosa, I was afraid I was going to have to do that. With all the files in Win 7 being protected what is the best way to move them over? From the Libraries or the the users directory? I'll reinstall the actual programs, she doens't have that many. I have run many scans with many different scanners and I do think the drive is clean now. What if I deleted that H: drive, I notice the same file and folders are on the I: drive and I think when it was in the laptop it was seeing the H: drive first.

[rjfvillarosa]

Seeing the H: drive first doesn't make a lot of sense, but if it has card readers and USB ports I suppose it could happen.
I have found that simple copy and paste works ok for copying W7 documents to other computers. It will tell you that you don't have access but give it a moment for the green bar to travel across the entire header bar and it usually gives you access.

[babylon5guy]

Thanks for all your help rjfvillarosa, I will do a Restore to the laptop, and copy the files over..