Today I visited a friend and helped her with her computer. She also had an external hard drive that was infected with a worm and the computerpeople who had restored her computer about a year ago had put a notice on it and said the worm couldn't be removed.

I took a look today and it is a USB external harddrive of 250 GB, but it shows up as a CD drive of 14 MB and it is read only. Norton indicated it was Trojan.dropper and that Norton needed manual aid to remove the virus, because the file was read only.

I could not access the drive, because it is seen as a CD drive and hence deleting files is not possible.
Is there a way to save this drive? It has only been used for about two months and has been lying around for about a year disconnected for fear of the virus. It's a real shame:(

Thanks!
Sarah.

SarahJames,

Send me the name of the HD and will try searching for you.

Any other delails might be helpful.

Regards,
Rick P.

you should not need to find anyone who already has Linux, you can just get a LIVE CD and boot off that without the need to actually install linux.

@ raphoenix - Let's see what I can find out about it. It's even in the original box ... LOL
Toshiba, 250 GB external USB hard drive, highspeed 7200 rpm, cache 8 MB, USB 2.0
There is software with it for easy backup, Regen for PushButton Backup.
And there is an option for password protection.
I don't know what (if any) software is installed.

@ wallaceb - Where can I find me the LIVE CD?
Or can I use the VistaPE BootCD I made? And in either case don't I risk infecting my own pc? Would be rather inconvenient ... LOL!

i would use a knoppix disro
and do a live boot from a cd

But anyway - when I boot from a Linux type bootCD, where do I find the commands to get to the external drive and what do I need to do to format the thing?
And would it be possible to safe any data from it? I'm told there were photo's on it she'd like to get back.

SarahJames,

Ask your friend if she remembers "Signing" the drive ??

Edit: I think? the way that works is that encrypts the drive table.
Edit: This is why Norton would see the HD as infected and also why the HD does not report correct size and media format.
Regards,
Rick P.

i think that you should be able to see the external drive when you boot into knoppix and i that is why i suggested that one because it is easy to see hard drives with out having to install the os or use commands i'm not sure about external drives though but i think that you should be able to see them. i will test it later if you haven't already by that time because i have to goto school now so see you later tonight maybe :)

i hope all goes well

Just a short reply - out househunting today:)

Scott - I plugged it in at my friends PC and could see it in explorer. I ran Norton and selected the drive to be cleaned, but norton can't remove anything, because the drive 'acts' like a cd.
So I tried to delete files manually, but wasn't able to either.
It's not partitioned - or well, just one partition.
Norton made sure the virus didn't spread, but I don't know how much I can do without it triggering to become active ....
Maybe whs' suggestion of sandboxie could help???

Gotta run!
Sarah.

LOL - just promoted to moderator, but I'm asking you guys how to fix things - not the other way round!

Because I still have trouble when my PC boots - have to press F10 (and if I'm not fast enough, ctrl+alt+ delete till I get it right) and then choose my C Drive to boot from. I don't see any options to choose this for default, so I have to do it every time and I can't get into my bootmenu either.
How do I get this put back to normal???

Sarah.