cancel
Showing results for 
Search instead for 
Did you mean: 

Conflicker Survived NTFS Format?!?

I am fighting an infestation of Conflicker on our network, and had to take down one machine completely because it was devastated. I took a new XP Pro SP3 disk, F12, "booted from CD," deleted both partitions (one Fat32, one NTFS), made one single NEW partition, Regular NTFS Format (not quick format), windows did it's thing with setup files etc ...

The first boot instance into XP, there was the red circle with the X in the middle of it, next to the firewall icon, telling me I had security problems. ?!?!?!?!?! DID this Virus survive a format? Is that possible? If so How?!? and WHAT DO I DO NEXT??? ugh.

Thanks for any thoughts.
4 Replies
Grif
Level 10
Report Inappropriate Content
Message 2 of 5

RE: Conflicker Survived NTFS Format?!?

Conflicker does not survive a reformat as LONG AS you've disconnected the computer from the network when doing the reinstall. Next, just in case you haven't seen this at a new reinstall, you may have received the standard Windows security warning because the firewall isn't enabled.. Try opening the Control Panel, then double click on the "Windows Firewall" icon, then turn it on.. While still in the Control Panel, click on the "Security Center" icon.. While there, click on the "Change the way Security Center alerts me" on the left side of the screen. At the next window, UNCHECK all the options there. You won't see the nagging security shield warning in the lower right corner any more.

Hope this helps.

Grif
Highlighted

Network Disabled

Grif,

Thanks for the response. I would be interested in your further thoughts?

When the OS was formated the NIC drivers were lost, so when windows booted for the first time there was no way for the computer to communicate with the network.

Also, at this first boot, I did see the windows firewall warning as you described ... but the icon next to it was a red circle ... kinda like the mad face >>> :mad:, with a white X through it. Resembling one of the Anti-Spyware 2009 Trojan/money grab icons. It was only there for about 30 seconds, then disappeared.

Years ago I did black box testing for a computer company and did (what I thought was everything) to ensure that the disk was wiped clean ... everything except FDisk MBR. Yet we still saw a manifestation of the virus.

After seeing the little icon, we installed AVG Free & Spybot, then the network adapter so we could update them both ... this is where I could see something getting on ... but the virus scan found two Trojan's on the new system. Anyhow, thanks for any additional thoughts or leads for consideration.

win32 heur Virus

Update:

The virus found during initial scan of system was the win32 heur.
Grif
Level 10
Report Inappropriate Content
Message 5 of 5

RE: win32 heur Virus

Well, Anything is possible.. If a virus is memory resident or a boot sector virus, then there is a potential for it to remain to infect a drive that has been only formatted..

When in doubt, perform a full disc wipe using a program such as Dban or Killdisc which eliminates all partitions and overwrites the disc with X's and O's. Then shut down the computer, remove the CMOS battery and the power cord for a set period of time, start 'er up again . You can then be assured the drive is clean and so is the computer.. Ready for a reformat and reinstall.

Hope this helps.

Grif

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community