A client brought me her laptop yesterday, complaining that her files were disappearing, that her sound had gone away, and that she couldn’t open the control panel, or display properties (her resolution had been changed to 800x600). After several hours of scanning with my arsenal of tools…Avast, ComboFix, Malwarebytes, Spybot, Windows Defender…I deemed this a hardware failure.

I connected the drive to another system to run the hard drive diagnostic utility. The drive tested good. However after reboot the new system (brand new XP Pro install with up to date avast pro installed) now has the same symptoms as her laptop. Control Panel hangs explorer, files are disappearing etc… Chkdisk reveals corrupted data every time it is run, to the point that now the system blue screens on boot.

I am convinced this is a virus now, but despite all my efforts cannot figure out which one. Both machines are non critical and will be wiped out, but I would still like to get some information.

Any and all help is appreciated.

Thank you,

Casey

What is most strange is chkdsk for me… Are you sure the HDD does not have bad sectors?

Well it was a brand new system that had just been put together (the one I plugged the laptop drive into). It is possible I suppose, but if that’s it, it’s a heck of a coincidence. The laptop drive does the same thing when you do chkdisk.

Additionally, Avast says the virus database has been destroyed…yet when I try to update it, it says it’s up to date. When I try to uninstall or reinstall it freezes the system. Putting a usb flash drive in says it needs drivers. Trying to run anything off of a CD freezes the system, but will work in Safe Mode. --This is of course all before I got the the BSOD mode I’m in now–

If I can think of anything else I will post it.

Again any and all help is appreciated.

Casey

I suggest an installation from the scratch:

1. Uninstall avast from Control Panel first.
2. Boot.
3. Download the latest version of Avast Uninstall and use it for complete uninstallation.
4. Boot.
5. Install again the latest avast! version.
6. Boot.
7. Check and post the results.

Just a follow up…

The original machine that I believe to be infected is the laptop (Vista Business). I was able to reinstall and rescan (as per your instructions) on this system, and it still says it’s clean. The second machine, the new installation of XP Pro is too far gone to test (BSOD on all bootup…including Safe Mode).

I am going to connect this possibly infected drive to another XP machine and see what happens. At this point I either have some really big coincidences, or perhaps a new and very nasty virus.

If anyone else has any similar experiance please let me know. I will post if with my future results.

Thanks,

Casey