I just cleaned my brother's computer out of the windrv0.exe (http://forums.techguy.org/malware-removal-hijackthis-logs/573616-pls-help-some-virus-attacked.html) Trojan, or whatever it is (information is sketchy at best from google).

I tried to run hijackthis and other things but felt that it was either taking too long or just inefficient. The efficient thing I usually do is rip the hard drive out of the boxen and then (I don't know if this is safe but I usually don't care at this point) plug it into another boxen as a slave, then delete all of the offending files, run a virus scan, and viola clean file.

I did it a few years ago with my aunt's hard drive because the pagefile.sys file was infected and I couldn't clean it (duh).

Anyway, the problem is that I couldn't remove the drive. Because *I* didn't build the computer there were screws in the back side of the computer. Basically I considered the notion of removing the motherboard and everything just to remove a hard drive. That thought drove me to furious anger and I tried to unscrew it manually. Nope.

Eventually, and after possibly breaking one of my hard drives because by now I was careless and angry, I realised that I could install remote admin, log out (ie close all processes) and then have fun deleting files from the safety of another pc via the file transfer / telnet sessions.

Yay it worked! I'm currently doing some file scans just to be safe, but I don't see a dozen windrv0.exe processes and ms-1.exe up to ms-538.exe running any more.

But the problem remains that I can't remove the drive without tearing the pc in half. I really don't want to. Am I doomed?

How about back-upping private data and formatting the entire drive down, the reinstalling the OS. Kills everything and makes the system run a whole lot faster.

How about back-upping private data and formatting the entire drive down, the reinstalling the OS. Kills everything and makes the system run a whole lot faster.

I do a piss poor job of doing something as trivial as rebuilding a person's windows profile -- I don't trust myself to be able to get a person's system back to scratch.

My brother's windows profile is simple, I'll admit that, but that's too much trouble for a virus (often my method works).

Incidentally, I do want to be able to back up and reinstall *my* windoze C drive. Usually the image is too big to fit on a dvd rom, but if I can make it fit, is there an application to do that? An easy one? I've tried a few and was more confused by the UI than by the process.

id back up to a blue ray as soon as i can afford a writer for them

First, let me say I have a very small amount of experience imaging drives, so I probably don't know what I'm talking about. :p

There is quite a lot of imaging software available for Windows, the most well known being Norton Ghost. It's been several years since I used it, but I seem to recall that it is capable of taking an image and applying it remotely or from a second drive.

What I'd do is use dd on Linux to create an image file and compress it using p7zip or something:

$ dd if=/dev/sda1 of=~/image.img
$ 7z a ~/image.7z ~/image.imgThen to restore:
$ 7z x ~/image.7z
$ dd if=~/image.img of=/dev/sda1
I've used dd to reimage a flash drive and to restore the first sector of a flash drive before, and there were no problems. :p

I had a Gateway years ago that was pretty much impossible to get any component out of. I had to bend the case to take out the hard drive. :p