SEARCH

The How-To Geek Forums Have Migrated to Discourse

How-To Geek Forums / Windows Vista

external hard drive infected with Trojan.dropper and it can't be removed

(45 posts)
  • Started 5 years ago by SarahJames
  • Latest reply from SarahJames
  • Topic Viewed 14583 times

SarahJames
SarahJames
Posts: 6581

Today I visited a friend and helped her with her computer. She also had an external hard drive that was infected with a worm and the computerpeople who had restored her computer about a year ago had put a notice on it and said the worm couldn't be removed.

I took a look today and it is a USB external harddrive of 250 GB, but it shows up as a CD drive of 14 MB and it is read only. Norton indicated it was Trojan.dropper and that Norton needed manual aid to remove the virus, because the file was read only.

I could not access the drive, because it is seen as a CD drive and hence deleting files is not possible.
Is there a way to save this drive? It has only been used for about two months and has been lying around for about a year disconnected for fear of the virus. It's a real shame:(

Thanks!
Sarah.

Posted 5 years ago
Top
 
wallaceb
wallaceb
Posts: 214

i wonder if you try booting into Ubunu or Knoppix

since those are a fully different operating system, the virus might not function, and so you may regain access to the drive

Posted 5 years ago
Top
 
raphoenix
raphoenix
Posts: 14920

SarahJames,

Send me the name of the HD and will try searching for you.

Any other delails might be helpful.

Regards,
Rick P.

Posted 5 years ago
Top
 
jonhill987
jonhill987
Posts: 161

I'm with wallaceb. Find someone who is running Linux and plug the drive in their computer. A .exe file will not run in Linux so their PC will be safe. You will just be able to delete the virus from the disk. I did this when my USB sticks all became infected.

Posted 5 years ago
Top
 
wallaceb
wallaceb
Posts: 214

you should not need to find anyone who already has Linux, you can just get a LIVE CD and boot off that without the need to actually install linux.

Posted 5 years ago
Top
 
whs
whs
Posts: 17584

WuBi would be another alternative. http://www.download.com/Wubi/3.....01841.html

Posted 5 years ago
Top
 
SarahJames
SarahJames
Posts: 6581

@ raphoenix - Let's see what I can find out about it. It's even in the original box ... LOL
Toshiba, 250 GB external USB hard drive, highspeed 7200 rpm, cache 8 MB, USB 2.0
There is software with it for easy backup, Regen for PushButton Backup.
And there is an option for password protection.
I don't know what (if any) software is installed.

@ wallaceb - Where can I find me the LIVE CD?
Or can I use the VistaPE BootCD I made? And in either case don't I risk infecting my own pc? Would be rather inconvenient ... LOL!

Posted 5 years ago
Top
 
SarahJames
SarahJames
Posts: 6581

Found this : https://help.ubuntu.com/community/LiveCD
So I'm downloading the iso right now.

@ whs - LOL you posted while I was writing.

Posted 5 years ago
Top
 
jack7h3r1pp3r
jack7h3r1pp3r
Posts: 2815

i would use a knoppix disro
and do a live boot from a cd

Posted 5 years ago
Top
 
SarahJames
SarahJames
Posts: 6581

@ jack7h3r1pp3r - what is the difference with the ubuntu?
Or maybe I'd better say, what's knoppix disro?

(I'm glad I know what Linux and Ubuntu are, even though I haven't got a clue as to how to work with them ...)

Edit: forget I asked - found this:
http://www.knoppix.net/

Posted 5 years ago
Top
 
SarahJames
SarahJames
Posts: 6581

But anyway - when I boot from a Linux type bootCD, where do I find the commands to get to the external drive and what do I need to do to format the thing?
And would it be possible to safe any data from it? I'm told there were photo's on it she'd like to get back.

Posted 5 years ago
Top
 
SarahJames
SarahJames
Posts: 6581

@ whs - read what it said about WuBi, but I'm not all that interested in Linux. Or should I say, I'm not interested in Linux at all:) Just need it to get this external drive clean, so I think a bootcd is the better option. Just requires a restart. Nothing is added to my system and that's the way I like it, because I won't be using it for anything else.

Posted 5 years ago
Top
 
raphoenix
raphoenix
Posts: 14920

SarahJames,

Ask your friend if she remembers "Signing" the drive ??

Edit: I think? the way that works is that encrypts the drive table.
Edit: This is why Norton would see the HD as infected and also why the HD does not report correct size and media format.
Regards,
Rick P.

Posted 5 years ago
Top
 
whs
whs
Posts: 17584

Sarah, I am not really a Linux fan either. But in situations like that it comes in handy. That's why I am trying to at least aquire some very basic knowledge. But you are right. No need to bloat the system with it full time.
Just another thought: If you do anything with this thing on your own system, be careful - as you said, catching something would be rather inconvenient. In that case though you might want to consider running the thing in a Sandbox - like Sandboxie.

Posted 5 years ago
Top
 
jack7h3r1pp3r
jack7h3r1pp3r
Posts: 2815

i think that you should be able to see the external drive when you boot into knoppix and i that is why i suggested that one because it is easy to see hard drives with out having to install the os or use commands i'm not sure about external drives though but i think that you should be able to see them. i will test it later if you haven't already by that time because i have to goto school now so see you later tonight maybe :)

i hope all goes well

Posted 5 years ago
Top
 
ScottW
ScottW
Posts: 6609

Sarah, this is an interesting discussion. It seems to me that it shouldn't be so difficult to resolve. When you say the external HD is "seen" as a CD drive, where is it seen this way? In Explorer, in Disk Management, in Device Manager?

I would think that if you boot in Safe Mode, the worm would not be able to launch. Then you could look at the drive and see what's up. Is there an autorun.inf file? Delete that and whatever it points to. You could use Disk Management to look at how it's partitioned and mount the partitions to restore data.

If that didn't work, then Vista PE (or Windows RE) should also let you see the partitions. You would have to use diskpart.exe, though.

Posted 5 years ago
Top
 
SarahJames
SarahJames
Posts: 6581

Just a short reply - out househunting today:)

Scott - I plugged it in at my friends PC and could see it in explorer. I ran Norton and selected the drive to be cleaned, but norton can't remove anything, because the drive 'acts' like a cd.
So I tried to delete files manually, but wasn't able to either.
It's not partitioned - or well, just one partition.
Norton made sure the virus didn't spread, but I don't know how much I can do without it triggering to become active ....
Maybe whs' suggestion of sandboxie could help???

Gotta run!
Sarah.

Posted 5 years ago
Top
 
SarahJames
SarahJames
Posts: 6581

Jack, I burned the iso to CD and ran Knoppix, but I can't find anything with it. I just see the contents of the bootCD, but can't find any drives outside it. That's probably just me - not used to Knoppix:)
But that is also why I already gave it a trial run. Just Knoppix, no virushunting yet. LOL

Edit: couldn't get into Vista anymore after running the bootCD. Had to press F10 (when I had my wits about me to think about that one ....) and then I could select where I wanted to boot from, so I set it back to my C drive. Oh, nice such a lovely black screen LOL!

Posted 5 years ago
Top
 
SarahJames
SarahJames
Posts: 6581

LOL - just promoted to moderator, but I'm asking you guys how to fix things - not the other way round!

Because I still have trouble when my PC boots - have to press F10 (and if I'm not fast enough, ctrl+alt+ delete till I get it right) and then choose my C Drive to boot from. I don't see any options to choose this for default, so I have to do it every time and I can't get into my bootmenu either.
How do I get this put back to normal???

Sarah.

Posted 5 years ago
Top
 
abhs94
abhs94
Posts: 165

Just format the hdd and everything's gonna be ok

Posted 5 years ago
Top
 



Topic Closed

This topic has been closed to new replies.

Enter Your Email Here to Get Access for Free:

Go check your email!