Peegee
08-22-2007, 02:03 AM
I just cleaned my brother's computer out of the windrv0.exe (http://forums.techguy.org/malware-removal-hijackthis-logs/573616-pls-help-some-virus-attacked.html) Trojan, or whatever it is (information is sketchy at best from google).
I tried to run hijackthis and other things but felt that it was either taking too long or just inefficient. The efficient thing I usually do is rip the hard drive out of the boxen and then (I don't know if this is safe but I usually don't care at this point) plug it into another boxen as a slave, then delete all of the offending files, run a virus scan, and viola clean file.
I did it a few years ago with my aunt's hard drive because the pagefile.sys file was infected and I couldn't clean it (duh).
Anyway, the problem is that I couldn't remove the drive. Because *I* didn't build the computer there were screws in the back side of the computer. Basically I considered the notion of removing the motherboard and everything just to remove a hard drive. That thought drove me to furious anger and I tried to unscrew it manually. Nope.
Eventually, and after possibly breaking one of my hard drives because by now I was careless and angry, I realised that I could install remote admin, log out (ie close all processes) and then have fun deleting files from the safety of another pc via the file transfer / telnet sessions.
Yay it worked! I'm currently doing some file scans just to be safe, but I don't see a dozen windrv0.exe processes and ms-1.exe up to ms-538.exe running any more.
But the problem remains that I can't remove the drive without tearing the pc in half. I really don't want to. Am I doomed?
I tried to run hijackthis and other things but felt that it was either taking too long or just inefficient. The efficient thing I usually do is rip the hard drive out of the boxen and then (I don't know if this is safe but I usually don't care at this point) plug it into another boxen as a slave, then delete all of the offending files, run a virus scan, and viola clean file.
I did it a few years ago with my aunt's hard drive because the pagefile.sys file was infected and I couldn't clean it (duh).
Anyway, the problem is that I couldn't remove the drive. Because *I* didn't build the computer there were screws in the back side of the computer. Basically I considered the notion of removing the motherboard and everything just to remove a hard drive. That thought drove me to furious anger and I tried to unscrew it manually. Nope.
Eventually, and after possibly breaking one of my hard drives because by now I was careless and angry, I realised that I could install remote admin, log out (ie close all processes) and then have fun deleting files from the safety of another pc via the file transfer / telnet sessions.
Yay it worked! I'm currently doing some file scans just to be safe, but I don't see a dozen windrv0.exe processes and ms-1.exe up to ms-538.exe running any more.
But the problem remains that I can't remove the drive without tearing the pc in half. I really don't want to. Am I doomed?