The partitions that are causing problems are hidden. The normal Win7
DVD will not see it, the malware designed it this way.
A normal Dell machine has a Hidden (EISA) partition for recovery
purposes. You never see it unless you boot to the Dell recovery
Disk. It runs the recovery operation off of this recovery portion.
What this malware has done is install another partition (hidden)
which happened when he rebooted the machine. It looked like it was
doing its normal but the subroutine wrote another partition that will
take over anything installed. (every time he has installed since it
is on the shown partition which gets taken over immediately upon boot up.)
I have seen it before and even did it to myself when I did a real
stupid thing, so I know what is happening.
If he boots to a DOS type of disk, and runs an Fdisk program he will
see a few other partitions. it may be too late to save the Dell
recovery partition, but if he had CDs/DVDs come with the machine he
should be fine.
Wipe them all out as any one of them could reinfect your machine by
taking over any partition you create, because it will never be the
main partition, but an extended partition on a logical disk running
under this infected malware created partition.
I am not sure if Win 7 even includes an Fdisk routine on it. The
last ones to do this was I think WinME (which I am not sure even did.)
Stewart
At 12:03 PM 12/23/2009, you wrote:
Please elaborate. Is there a defect in the Win7 install routine? Linkage?
On Wed, Dec 23, 2009 at 12:46 PM, Stewart Marshall
<[email protected]> wrote:
> A simple format and reinstall will not solve it.
>
> Yes it is malware, but he will never be able to wipe it out unless he
> totally resets the HD.
>
> The old utility Fdisk would really come in handy here. He has to wipe out
> all partitions, seen and unseen (that is why Fdisk) to get rid of this
> monster.
>
> Stewart
>
>
> At 11:37 AM 12/23/2009, you wrote:
>>
>> There's no need to send it back; it's not a hardware problem. Now I
>> forget - has he tried formatting the disk and reinstalling the OS?
>> What disks, if any, did he get with the machine (or make himself)?
>>
>> It really doesn't sound like any virus I'm familiar with. I mean,
>> creating partitions and changing users? That right away puts a user on
>> notice that there's a problem - just what today's viruses try to
>> avoid.
>>
>> >makes tons of network connections using Media Player
>>
>> This may be the giveaway that it's not a virus per se, but rather
>> malware that was invited in at some point. Which leads back to the bcd
>> search results. Anyway, a format and OS reinstall is the thing to do.
>> He may need to order disks from Dell if he doesn't have any.
>
>
> *************************************************************************
> ** List info, subscription management, list rules, archives, privacy **
> ** policy, calmness, a member map, and more at http://www.cguys.org/ **
> *************************************************************************
>
*************************************************************************
** List info, subscription management, list rules, archives, privacy **
** policy, calmness, a member map, and more at http://www.cguys.org/ **
*************************************************************************
*************************************************************************
** List info, subscription management, list rules, archives, privacy **
** policy, calmness, a member map, and more at http://www.cguys.org/ **
*************************************************************************
