Solve : Cannot remove this virus which started with Win32:JunkPoly [Cr

1.	Solve : Cannot remove this virus which started with Win32:JunkPoly [Cryp]?
Answer» Quote from: BC_Programmer on February 19, 2009, 02:00:03 AM Quote from: h4cker on February 18, 2009, 11:23:27 PM Understandable. I have an external drive connected to my PC. What is your suggestion to care of the situation? As I'm sure it has spread to the external, so when I reformat - it may just re-infect the newly installed OS. are their any executables on the external? Yes, 1TB of data. Quote from: BC_Programmer on February 19, 2009, 02:00:03 AM Quote from: h4cker on February 18, 2009, 11:23:27 PM Understandable. I have an external drive connected to my PC. What is your suggestion to care of the situation? As I'm sure it has spread to the external, so when I reformat - it may just re-infect the newly installed OS. are their any executables on the external? IE- programs. (Note zips/rars probably don't count) because if so I would avoid even navigating near them until you are able to reinstall. BC_Programmer I have programs (executables and some of which run directly from the drive), music, iso's and the like. So to answer your question, yes I do. Thanks.In any case I'd go withthe method of reinstallation and then SCAN/clean the drive. Until the Virus is able to load into memory it cannot infect further, so the trick is keeping it from doing that- which is actually as simple as not running any EXE files from the external drive (or, DLLs). But as evilfantasy said the virus is polymorphic, so even in the scope of infecting a single HD it could mutate enough to not be caught by the virus scanner... which will declare it clean, and that program MIGHT be run in the future- back to square 1. the ISO files... and in fact anything that isn't a PE format file should be safe from it (PE=Portable Executable). If I were you, I would myself: Reformat, Reinstall Delete all EXE,DLL, OCX, and SCR files present on the external drive. every last one, regardless of what it was. Then- reinstall those apps whose EXE and DLL files are now missing- all of them that were on the drive, really. This is still far from a total guarantee that the external won't re-infect the new OS, But deleting the Data itself I imagine isn't even a option. Quote from: BC_Programmer on February 19, 2009, 03:36:01 AM But deleting the Data itself I imagine isn't even a option. Not an option at ALL, lol. There is over 7 years of data collected on that drive; THOUSANDS of files. I would literally CRY( ) if that data disappeared. Which then you would ask, "So you have a backup right?" Then I answer, "No, because I'm dumb." I'm running Dr.Web LiveCD to hopefully have it clean some of the files and will TRY ANOTHER Live! CD with multiple scan engines on it to scan and clean the external. I can post back and let everyone know how it went.You do have the external HD disconnected now, right? Quote from: kpac on February 19, 2009, 03:59:28 AM You do have the external HD disconnected now, right? No, it's connected. I'm running the Dr. Web LiveCD http://www.freedrweb.com/livecd/ to remove possible traces of the virus without booting. I'm using my Ubuntu server right now to type all this. Is it possible that the virus can corrupt the BIOS? Does anyone know how long the Dr. Web LiveCD scan takes to complete? Thanks.Not sure how long the scan takes. It will vary from one PC to another. It's unlikely that your BIOS is infected. Good luck!

Solve : Cannot remove this virus which started with Win32:JunkPoly [Cryp]?

Answer»

Quote from: BC_Programmer on February 19, 2009, 02:00:03 AM

Quote from: h4cker on February 18, 2009, 11:23:27 PM
Understandable. I have an external drive connected to my PC. What is your suggestion to care of the situation? As I'm sure it has spread to the external, so when I reformat - it may just re-infect the newly installed OS.

are their any executables on the external?

Yes, 1TB of data. Quote from: BC_Programmer on February 19, 2009, 02:00:03 AM

Quote from: h4cker on February 18, 2009, 11:23:27 PM
Understandable. I have an external drive connected to my PC. What is your suggestion to care of the situation? As I'm sure it has spread to the external, so when I reformat - it may just re-infect the newly installed OS.

are their any executables on the external?

IE- programs. (Note zips/rars probably don't count)

because if so I would avoid even navigating near them until you are able to reinstall. BC_Programmer

I have programs (executables and some of which run directly from the drive), music, iso's and the like. So to answer your question, yes I do.

Thanks.In any case I'd go withthe method of reinstallation and then SCAN/clean the drive. Until the Virus is able to load into memory it cannot infect further, so the trick is keeping it from doing that- which is actually as simple as not running any EXE files from the external drive (or, DLLs).

But as evilfantasy said the virus is polymorphic, so even in the scope of infecting a single HD it could mutate enough to not be caught by the virus scanner... which will declare it clean, and that program MIGHT be run in the future- back to square 1.
the ISO files... and in fact anything that isn't a PE format file should be safe from it (PE=Portable Executable).

If I were you, I would myself:

Reformat, Reinstall
Delete all EXE,DLL, OCX, and SCR files present on the external drive. every last one, regardless of what it was.

Then- reinstall those apps whose EXE and DLL files are now missing- all of them that were on the drive, really.

This is still far from a total guarantee that the external won't re-infect the new OS, But deleting the Data itself I imagine isn't even a option. Quote from: BC_Programmer on February 19, 2009, 03:36:01 AM

But deleting the Data itself I imagine isn't even a option.

Not an option at ALL, lol. There is over 7 years of data collected on that drive; THOUSANDS of files. I would literally CRY( ) if that data disappeared. Which then you would ask, "So you have a backup right?" Then I answer, "No, because I'm dumb."

I'm running Dr.Web LiveCD to hopefully have it clean some of the files and will TRY ANOTHER Live! CD with multiple scan engines on it to scan and clean the external. I can post back and let everyone know how it went.You do have the external HD disconnected now, right? Quote from: kpac on February 19, 2009, 03:59:28 AM

You do have the external HD disconnected now, right?

No, it's connected. I'm running the Dr. Web LiveCD http://www.freedrweb.com/livecd/ to remove possible traces of the virus without booting.

I'm using my Ubuntu server right now to type all this. Is it possible that the virus can corrupt the BIOS?

Does anyone know how long the Dr. Web LiveCD scan takes to complete?
Thanks.Not sure how long the scan takes. It will vary from one PC to another.

It's unlikely that your BIOS is infected.

Good luck!

Solve : Cannot remove this virus which started with Win32:JunkPoly [Cryp]?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment