On Mon, 11 Aug 2008, Joe User wrote:
Hello,Have a guy that brought in his Wal-Mart sold HP/Crapaq laptop. He tells me he was surfing pr0n and got a message that his system was infected and he just shut down his system and called me. I asked him if this was possibly a pop up ad and he doesn't think it was. However, he doesn't know if the AV was working or even current. The system is around 6 - 7 months old. It has Vista Home Premium OEM on the COA. I took the drive out and tried to access it and as soon as Windows explorer tries to access it asks me to format it. I am using Win2K Pro to do this but last I knew Vista had WinFS left out so I assume it uses NTFS or at least FAT32. So I should be able to read it. I can only assume the drive got wiped out. The problem now is he didn't get any discs with it and since the drive is wiped out the recovery partition is also gone. I would try to recover the file system but I am thinking maybe it would be better to start from scratch. I had never seen this kind of damage from a infection though but he denies any other issues with the unit, no grinding noises to make me suspect HDD issues. Since I only have a copy of Vista Business upgrade (ala MAPS) I guess all I can do is ask for a recovery disc from HP/Crapaq?
First, he most likely has been infected through the flash exploit with antivirus 2008. Second: The drive is likely marked dynamic and not being found properly. if you can boot into linux and use linux fdisk to change the partition type from HTFS (Or whatever it is) to just NTFS it should allow you access. Third: Getting rid of the Antivirus 2008 isn't fun. You'll need to scan with multiple things. I've had good luck with putting the drive into a machine and scanning with Avast, then AVG, then trendmicro's housecall, then Malwarebytes Antimalware, then finally using regedit and loading the system hive and removing the extra crap from the RUN key, then renaming the profile for the user in the documents and settings folder to something else so they get a new profile when you log in. Get SDFix and put it on the root of the drive you're scanning. Put that drive back into the original system and boot into safe mode. Run the runthis.bat and let sdfix do it's magic. Miss any of those steps and it will reinstall itself. Christopher Fisk -- Leela: Hey, you know what might be a hoot? Professor: No. Why would I know that? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
