04-28-2011 09:52 AM
Recently I have bee experiencing a series of blue screen errors. Norton AntiVirus and other well known softwares simply crash. The virus definition update files are reported to be corrupt. luckily, I used this SPYWARE DOCTOR which founf an infected file by the name of HACKIT.ROOTKIT in the SYSTEM VOLUME INFORMATION folder, which is hidden from the usual WINXP interface.
Please suggest methods on how to DELETE the infected file on this hidden folder?
IF I MAKE THE HIDDEN PARTITION VISIBLE THROUGH THE IBM R&R, WILL IT HAVE ANY AFFECT ON THE CURRENT DATA ON THE DRIVE? ALSO, AFTER DELETING THE INFECTED FILE USING THIS METHOD, IF I SWITCH IT BACK TO HIDDEN, WILL IS HAVE ANY AFFECT ON THE CURRENT HARD DRIVE CONTENTS?
pleas suggest any alternate methods to get rid of this infection.
Solved! Go to Solution.
04-28-2011 11:00 AM - edited 04-28-2011 11:06 AM
there is some good info in here http://forums.lenovo.com/t5/Security-Malware/bd-p/Security_Malware please don't repost this there as a Mod. may move it to this borad & if you have a recovery partition you can restore to factory it should take care of it Note: doing this will delete your data & Apps unless you have a good backup & any backups that were done after the malware should not be used
04-28-2011 08:09 PM
SYSTEM VOLUME INFORMATION is your System Restore.As an alternative to doing a factory restore, try flushing System Restore so you can start fresh. This procedure will not delete your saved data and apps as restoring to factory condition would.
To flush the XP System Restore Points:
(Using XP, you must be logged in as Administrator to do this.)
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn Off System Restore.
Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.
If you still have problems, that would mean that you have active malware running, or that you at one time ran a scanner that was falsely flagged as that file, so please post back. Often our malware removal tools are picked up by general scanners as "Hacktools".
04-29-2011 09:16 AM
Thank you so much for the prompt reply.
I have flushed the system restore points as sugested. But running the same SPYWARE DOCTOR program to scan the computer is appearing to be a tedious task! I have recieved blue screen errors for three consecutive times mid-way during the full system scans. The latest one being, "driver caused error in memory pool destined for disk use", exactly which I could not read, the system restarted immediately.
history of the machine:
norton anitvirus 2005 crashed during an update around the 20th march,2011. the live update said that the virus definitions were corrupted. I used norton removal tool. I downloaded the Norton antivirus2011 from its website. Initially it worked well but later it also crashed. Looking in the hardware section for a faulty driver, it highlighted two such drivers:
BHDrvx86 and Symantec iron Driver. After removing Symantec products completely , these drivers vanished!
I have tried MS essentials and ENod32 by d/l the trial version from their websites. however, the same result.
Using the PC Doctor tool through the service partition showed error in the memory and the dvdwriter. However, the drive reads the HP printer s/w but does not read the original music CDs!!
I had also updated my Service partition by d/l the R&R new version in january. The computer did not behave as erratically before doing this. Is it possible that a virus was introduced into the service partition and hence the memory is giving me errors?
please help me out.!
04-29-2011 09:48 AM
04-29-2011 02:30 PM - edited 04-30-2011 04:40 AM
I cannot tell if you have active malware on there unless I run some diagnostic tools. This forum is not set up for log posts and review. I would suggest posting your issue on one of the forums listed at the links in the recommended sites section on this page:
They will require you to follow their step-by-step troubleshooting instructions and not run extra tools unless your helper requests you to do so.
04-30-2011 12:02 AM
But Sir, once I had tried to restore my computer to the factory settings via the service partition using the IBM R & R.
The computer gave a blue screen error there also.
What can be the possible reason for this?
-virus in the service partition
04-30-2011 07:34 AM
05-01-2011 07:56 AM
Regarding your hardware question, I specialize in malware removal, so perhaps someone else will come along to assist you with the hardware issue. If not, try posting on one of the Lenovo hardware forums that would apply to your system. Sorry that I cannot be more helpful.