Computer virus that will not DIE!

[gdeck]

Having major major issues here and at my rope's end.

Long story short: Virus attacked (pc peformance and stability anti-virus) and began to systematically attack seemingly everything. Tried using malwarebytes but virus shut it down mid-stream. Re-booted and things got worse from there, files and programs began to disappear, particulary anti-malware programs and so forth... and then it would not let me load windows in safe mode; it then wouldn't let me load OEM system restore disk (just kept looping me back around). I eventually had to disconnect hard drive and reconnect to another machine (via usb external drive) just to reclaim data. I just gave up on reclaiming hard drive. (Eventually the drive wasn't even recognizable even from the new machine as virus made things worse with each passing attempt).

So now I have data from infected hard drive loaded on new hard drive (after scanning with multiple anti-virus and anti-malware programs) and I can SEE the files and click on the files, but they will not open in their respective software (nor will the .jpg files show up as thumbnails). The .pdf and word files say incompatible format or invalid file type when I try to open. (interestingly .bmp files DO open for whatever reason).

The only visible thing I can determine is that the file creation dates have all been changed (to the date and time I copied them from the old hard drive). I simply cannot open these files - even though they look perfectly normal in windows explorer. Is there some sort of 'permission' or access that I can unlock to open these files?

Any help would be MUCH appreciated

[David M]

Welcome to PCMech. Sorry to hear this.

Any indication of the name of the malware? What are your system specs?

It's possible that things are so badly messed up that the safest thing to do is to zero out the drive with something like Darik's Boot and Nuke and reload the OS. This is the only certain way of getting rid of the malware. Others may have an idea before you have to resort to this.

Is your data backed up?

[EzyStvy]

Which operating systems are involved? (old sick pc and the new one)

Have to ask--> Do you have the same version of MS Office installed on the new machine?

[gdeck]

I'm running windows xp (home) on a Gateway GT5228. I had most of the data backed up on an external hard drive; but since the data on my hard drive was the most up to date, I simply moved the data from the infected hard drive to the brand new hard drive via usb external drive enclosure device. (I know probably sounds stupid, but I thought the system and registry portions of the drive held the virus and not the data files).

I still think the data files are 'clean' to some degree - but their attributes have clearly been altered to forbid me from opening.

I literally reinstalled the exact same operating system (from OEM disk) and Office and all other data programs -- exactly as before. The only thing different is a new hard drive

[David M]

Again, what do you have for the name of the malware? If your anti-malware software found it then it will know the name. Having the name allows others to research it to find possible solutions for eradicating it.

[gdeck]

I'm sorry.. I was never able to scan the actual infected drive as it wouldn't let me... I only scanned the external hard drive that I transferred the files to... I think the malware found only misc. small stuff there, unrelated to what I was dealing with. (I will look up the logs though if you think important)

When the virus attacked, the closest thing I could find online to this virus was the 'pc performance and stability analysis report' virus that creates a 'random.exe' file in several areas of the system and registry.

[David M]

This thing is really nasty. Were it me I would wipe the drive and start from scratch. But as I said, others may still have some ideas.

[EzyStvy]

Quote:

Thank you for contacting Microsoft Support. You have been directed here to download and install the beta version of Microsoft Standalone System Sweeper Beta, a recovery tool that can help you start an infected PC and perform an offline scan to help identify and remove rootkits and other advanced malware. In addition, Microsoft Standalone System Sweeper Beta can be used if you cannot install or start an antivirus solution on your PC, or if the installed solution can’t detect or remove malware on your PC. Microsoft Standalone System Sweeper Beta | Microsoft Connect

Note that this app can take TONS of Time to run. My 320 gig drive took 6 or 7 hours....

[gdeck]

I just ran Malwarebytes on my new drive and it came up clean. I'll try the Microsoft system sweeper and see if that works, but I am doubtful as I feel like this is nothing in the conventional sense of a virus. what kind of virus alters every single data file on a hard drive to be recognizable but unreadable?

Some of the other recommendations I've seen involved trying to find and delete the autorun.inf file, which the virus conveniently hides... but I could never find it from safe mode via command prompt screen.

The virus just seemed to have this methodical way of morphing to something more and more invasive - just devastated everything and was always a step ahead.

[jdeb]

Run MS system sweeper. It will find it and clean it but as far as fixing it, that remains to be seen. Burn that disc from a known clean PC.

[glc]

Are you sure you aren't just having a permissions issue? This will deny access to files. If this is what's happening, you need to take ownership of the files in question.

How to take ownership of a file or a folder in Windows XP

[gdeck]

glc -- thanks for your suggestion,

I just know it is a permission-related problem at this point -- I tried Microsoft's instructions but it didn't work... although I have a strong sense that I'm close - that this is the best way to get access to the files.

For some reason I just can't find the right key on the key chain.