Uxot

hey guys..well my friend got a virus 2 weeks ago,got it over a pc from network(yes it infected all the Win7 PC's) bcz the one that shares the house clicked on a facebook ad(-_-) and got a deadly virus it seems...he managed to clear the main infected PC,but when hes cleared his own PC it wouldnt get uninfected,AVG found nothing etc

he said that "win 7 anti-spyware" pop-up or w/e to probably try to steal his cc info...now it seems the BIOS is infected,ATI overdrive hacked or w/e,explorer infected,cant install stuff gives error,at least 25 formats, he did was able to install games but runs like crap..is hes PC screwd? its like 1 year new..(warranty is done) even compshop said they never saw a virus like this

tried alot of stuff yet and nothing changed,manual BIOS reset etc....

also he changed evry part one by one to test and it fixed nothing...

__________________
i5 750::HD6870::2x2 Patriot::P7P55D

Takaharu

Unless he has a system restore to fall back on, he'll need Windows to be reinstalled in all likelihood. Some virii and spyware entrench themselves so well that when they go down, they take a critical component or two with them.
I'd recommend backing up all essential files (usually just the personal folder and sub-folders) then re-installing Windows.

You may be able to salvage Windows using some performance tools and maybe a registry clean (eg: CCleaner) but without knowing which systems were affected, re-installation may be your only viable option.

__________________

blibbax

All I can say is that viruses don't effect hardware.

If he's reformatted and allowed it to come into contact with no infected media in the process (e..g USB sticks, infected networks) then he's broken something unrelated.

__________________

Uxot

he as no backup hes doing 3D/Websites = no space for backup,he lost so much already.. im sure hardware is affected cause formatted,BIOS reset,etc stuff to clean

after he format explorer is still infected.. so i guess the virus infected the BIOS badly taking down some hardware while... idk but its weird and seems to be a very rare virus or w/e

__________________
i5 750::HD6870::2x2 Patriot::P7P55D

blibbax

Viruses cannot infect the bios or take down hardware. A genuine clean format will always rid the computer of any problems caused by any virus.

Either he is accidentally re-infecting it every time or the PC was broken by something other than the virus, in which case the problem needs to be diagnosed in a different way.

__________________

Uxot

He have no external HDD,USB connected on his main PC NEVER,he use a server for his stuff with like few external HDDs,but this one wasnt infected still on XP with a uber modified firewall that blocked it...(that i miss too..)

So what you think he should do...?

__________________
i5 750::HD6870::2x2 Patriot::P7P55D

Takaharu

You say he can't backup as he's got website & 3D work on his drives. Does that mean that there is a secondary (or more) internal hard drive? Have you tried unplugging it/them?

You may also want to try resetting the BIOS to its default settings and testing each individual component of the PC to ensure it's not just bad timing. Run a memtest (memtest86), GPU stress test (Furmark) and a CPU stress test (SuperPI). There's plenty of free tools to choose from.

__________________

Tipstaff

Actually, blibbax, bios viruses have been around for years, just not widely seen or common (most are written for specific hardware or specific bioses). Most times it's a virus that installs code into the bios that will block booting to hard drives, or any sort of bootable device, block access to the MBR/partition table of the hard drive, so a re-install of the OS isn't possible, block ACPI queries (meaning the OS can't detect what devices you have, so they don't work), or even corrupt the bios (go look up the CIH virus), but there are ones that can run from within the bios too (I saw a demonstration once at a securities conference that showed it could be done).

Believe me, these things do exist. Just Google "bios virus", and you'll see for yourself.

__________________

blibbax

My apologies to the OP. I had no idea this was possible.

Thanks for the heads up Tipstaff.

__________________

Takaharu

I was going to mention that but decided against scaring the OP

__________________

Judas

actually

some viruses that download winflash or other flashing programs that will attempt to write itself into the bios is possible.. and has been done.

I've only had one machine in my life that i've seen a windows based virus managed to flash itself into the bios and would automatically write itself back onto the machine.

I couldn't do anything short of ripping the bios chip out and replacing it with another..... because i couldn't even "rewrite" or flash the bios on it ever again..

I thought that was one hell of a nasty bug.... and further evidence of it being the case is much of the functionality of the bios was simply "missing" in terms of configuration settings and such.. it looked like it would wipe out a specific portion of the bios that wouldn't effect it's ability to post and boot... but things were just "wonky"... some graphics corruption on the post and boot... and no it wasn't ram or video card related....

terrible performance.... other nasty buggers..

So i wouldn't rule it out altogether... specially if they want to do damage like overclock and force rediculious clocks on your graphics card (even flash it potentially)..

most viruses want to just hold your computer ransom.... few want to actually destroy it.

I would definitely go the way of grabing the Hard Disk Drive manufacturers utility that you can boot from.. and do a low level format on the drive..

then disconnect the internet and install windows fresh... don't attach ANY USB flash drives or stick in any form of media beyond that of known good sources that you just did on a known uninfected machien to bring it up to speed.

and make sure UAC is set to max as well.

__________________

Jac

Is this virus you talk of the one that masquerades as a Windows Repair application. Telling you that your disk is screwed and you need to buy the full app etc etc.

An insidious piece of crap that I got a couple of weeks ago. Prevented me from running programs and hiding all my files on the c:\ drive. Bah, if I could find the c u next tuesday that coded that I would polish my boots with his testicles.

I used MalwareBytes Anti-Malware to clear it and it appears to have removed it. I ran another anti-virus program before using it and that showed no infection. My system appears clean now.

Matth

The stock answer for most things is:
Boot to safe mode
Get hold of "RKILL" and run it (terminates many potential virus/malware processes), then go for Malwarebytes (and have an offline update downloaded, in case the malware is able to block update).
RKill - What it does and What it Doesn't - A brief introduction to the program - Rkill takes down, temporarily, certain malware, and attempt to remove any malware blocking of AV tools.

But yes, if you can full wipe the system disk - manufacturer tools or DBAN, and re-install from clean (if you don't have to repartition, then it didn't cut deep enough), then that only leaves the uncommon hiding place such as BIOS

__________________
Mary had a little lamb,
Her father shot it dead
Now Mary takes her lamb to school,
Between two crusts of bread

Uxot

Woah first thanks for all the answer,his PC is pretty needed,yea he lost evry work he did and games etc.. he doesnt have any HHD,FLASH,USB or w/e plugged on his main PC...so if its really a virus that infected the BIOS and that after a format it infected the explorer evrytime.. hope theres a way to clean all that shit...

__________________
i5 750::HD6870::2x2 Patriot::P7P55D