[Resolved] Trojan Removal Assistance Requested

[Hoov]

I still think that is a bad idea. Do you know when this problem started?

[hytec]

The problem occurred Saturday afternoon during a website download that coincided with an Acrobat Flash Player update download.  The first indication of a problem was with the Flash Player download which stopped in mid-stream, then was noted by Security Essentials as a suspicious file.  SE said it had cleaned the file, but things went downhill when Flash Player started to install.  I can't recall exactly what occured or the sequence, but IE started locking up, then problems started with Windows.  I was able uninstall, then reinstall IE.  Then I had to uninstall and reinstall Security Essentials.  But by this time Windows had been corrupted, which is when Bugbatter, then you became involved.

Now for the "good" news.  The DVD drive has gone belly-up with a firm hardware communication failure, confirmed by both external and internal diagnostics.  Apparently the DVD drive comm circuit had become marginal and was gradually approaching complete failure, which was causing the scf process to not complete, but producing different symptoms each time I retried it.

So...since the Optiplex is five years old, out of warranty, needing at least a replacement DVD drive, and a Windows reinstall, I figure I'll go ahead and replace it.  That way I can transfer the backed up files from the network drive and the e-mail files from the Optiplex HD in the enclosure. 

There are times that you must stop your losses, weigh your costs, and go forward.

Thanks for all your help.  You certainly went out of your way, and I appreciate that.  BTW, I'm very impressed with the AVIRA Rescue System.

Hank

[Hoov]

So you have everything backed up? That is half the battle. There was one more thing I wanted you to try, and if you are replacing the DVD drive you could still do it. Boot to the DVD as you did to run sfc, but this time go to the system restore option and do a system restore to some time before you got infected.

But if you have the time, and because if you have the backups done, a reinstall probably would be a good idea anyway. When you do it I recommend deleting the partitions and letting the windows installer recreate them. If you have something living in the MBR this will deal with it.

[hytec]

Hoov, I've performed more detailed diagnostic analyses and found that the erratic comm problem with the E-drive (DVD-R/W) also exists with the D-drive (CD/DVD-R), and with the same symptoms.  This indicates that probably the SATA interface on the motherboard has developed a hardware problem.  Initially I was hoping the symptoms meant that the laser lens on the E-drive was dirty, but with the D-drive exhibiting the same symptoms....Oh Well.   

This leads me to wonder if the Trojan infection just happened to occur around the same time as a motherboard failure.  Your effort removed the Trojan and other "stuff", but a motherboard glitch may have corrupted the WIN32 file(s).  If so, any further effort on your part would have been hopeless and wasted.  Though I appreciate your help.

Thanks for everything, Hank

BTW, using an enclosure to import data from a failed computer's HD is what I did when the Optiplex replaced a previous computer that failed as a result of a lightning strike.  It actually is a quick and convenient process.

[Hoov]

Even with the hardware failures don't assume that the malware is gone.

Sorry that your problems have gone this route.

There is one more thing I would like to follow up with you if possible. The Geek Squad disc that you used. Can you tell me what is on the disc? Is it trial versions and free versions of commercial software or is it software written by GeekSquad?

[hytec]

I believe it is the current GeekSquad malware diagnosis system.  It is a legitimate copy, but I prefer to say nothing further.  I hope you understand.

Regards the potential of malware, I plan to import only the My Documents, My Pictures, selected e-mail, and selected Download files, and then only after I have thoroughly scanned the disk with a variety of AV systems.

[Hoov]

Do you need any help with the rest of the procedure ?

[hytec]

I don't believe so, thanks.  Though I'll keep this link open just in case.   

[Hoov]

hytec, were you able to get the system repaired.

[hytec]

Yes I was, thank you.  I was loaned an enclosure, transferred the HD to the enclosure, and scanned it with MS Security Essentials using the laptop.  SE found and removed two Trojans.  The HD, when reinstalled in the Optiplex, loaded and executed WIN7 with no problems.

However, there was a downside not associated with the Trojan/Windows problem.  I believe I mentioned that I was having a problem reading DVDs.  I was able to confirm that it was the CD/DVD drive interface circuit/chip on the motherboard.  Long story short, I bought a new computer, and have installed the Optiplex HD and DVD drive in it....they both work fine.  I plan to cannabilize other parts from the Optiplex before it gets permanently recycled.

I guess you can close this Case as Solved, though not in the way we had expected.

Thanks for all your help Hoov.  Best to you, Hank

[Hoov]

You are welcome!