[schrtz987]

I had many Trojans on my Sony Vaio VGN-FW139E so I decided just to complete a clean install (not a single virus/spyware program would update before).

Using the recovery wizard I did a complete Restore of the C:drive. Setup windows and my internet and installed Malaware Bytes ; which wouldnt update right off the bat-and yes, I looked at my firewall. Right now Im using Avira(updated) but Spyware Doctore/MalawareBytes/SAS wont update
Certain websites tell me that I have the:
Troj/Rustok-N

Only way to get that off is SpywareDoc ..that wont update.


Why would I be getting this spyware ect... directly after completeing a full restore of the PC?

Any help would be great!

[aka Brett]

recovery to factory image correct?

[schrtz987]

Yes, I burned recovery CD's first-but didnt actually use them.

I went under Vaio Recovery Center and Chose to Restore: C-Drive....

an hour later it was basically the same as I had purchased it...full of Bloatware and all. ......and of course my nasty Trojans.

What could be the problem?

[aka Brett]

were the disk burned before the infection happened? if yes
was this a full factory recovery wiping all user files?

[schrtz987]

Quote:

Originally Posted by brett888

were the disk burned before the infection happened? if yes
was this a full factory recovery wiping all user files?

No the disks were burned right before reformating...but I didnt use the discs to wipe the C drive anyways, Recovery did...

[aka Brett]

look for a windows old folder it may have not did a reformat but a repair.
When it was doing the recovery did it ever say reformatting
go to computer and look for an old windows folder.

[Datababe]

The bad guyz like to stash stuff in the hidden folder off the root, \system volume information. A repair/recovery will do nothing more than dump the junk right back at Ground Zero.

We just a client's laptop come back totally infested in just 2 days after a complete nuke 'n pave (we wiped the HD to 1's and 0s after recovering all the data). What do you know - client has an external USB hard drive used for swapping files between the laptop and the desktop home pc, and unwittingly he was swapping a lot more than .xls and .jpg files. There were a bunch of "recovery" folders on the portable drive and they were utterly *riddled*.

Methinks we will be seeing his desktop machine (again) very soon...

[schrtz987]

Quote:

Originally Posted by brett888

look for a windows old folder it may have not did a reformat but a repair.
When it was doing the recovery did it ever say reformatting
go to computer and look for an old windows folder.

In Computer and Local Drive (C) I do have a windows folder dated 5-10-09....Inside that Windows folder there are numerous sub-folders dated back to 2008...

I dont beleive it ever said 'Reformating'..? maybe just reloading files...I could be wrong?

Should I go back into Recovery Center and do a 'Restore Complete System' instead of 'Restore C-Drive' like I did? (with that though, I think I need to actually use my Recovery CD's which were just burned a few days ago...????

Thanks for the help

[TOGG]

There is a program you could try (assuming the download works) and that is Trojan Remover, which you can read about here; http://www.simplysup.com/tremover/details.html The 30 day trial is supposed to be fully functional and may do the trick.

If you have a firewall running it may object to Trojan Remover because, like the malware it is hunting, it generates random filenames for some of its processes so that it shouldn't be recognised and stopped by the malware.

If it doesn't work you shouldn't have lost anything since you're looking at reformatting everything (are the discs you made before your last restore likely to be infected as well?)

[schrtz987]

Quote:

Originally Posted by TOGG

There is a program you could try (assuming the download works) and that is Trojan Remover, which you can read about here; http://www.simplysup.com/tremover/details.html The 30 day trial is supposed to be fully functional and may do the trick.

If you have a firewall running it may object to Trojan Remover because, like the malware it is hunting, it generates random filenames for some of its processes so that it shouldn't be recognised and stopped by the malware.

If it doesn't work you shouldn't have lost anything since you're looking at reformatting everything (are the discs you made before your last restore likely to be infected as well?)

I just reformated again using my Recovery disks and completing a 'Full System Restore' instead of just a 'Restore C-Drive' where I didn't need to use the CD's on Vaio Recovery.....Again, the same problem.
SuperAntiSpyware/Malaware/Spyware Doc all wont update and i'm still infected.

The program you had me downloaded actually updated perfectly, but it didn't detect anything...

So I take it my Recovery Disks (OS) is junk and just need to buy a new version of Vista? And then go onto Sony.com to get all other files?

[aka Brett]

Quote:

Originally Posted by schrtz987

In Computer and Local Drive (C) I do have a windows folder dated 5-10-09....Inside that Windows folder there are numerous sub-folders dated back to 2008...

I dont beleive it ever said 'Reformating'..? maybe just reloading files...I could be wrong?

Should I go back into Recovery Center and do a 'Restore Complete System' instead of 'Restore C-Drive' like I did? (with that though, I think I need to actually use my Recovery CD's which were just burned a few days ago...????

Thanks for the help

it is common for files within windows folder to have old dates.what we are looking for though is something which is an old windows folders.
what this is is putting a new copy of windows back on,this doesnt reformat the drive,anold windows folder is usually left behind.it can be called old.windows windows old. windows with some numbers accociated with it
It wont be in the windows folder itseft but merely in the same directory{root in this case}
so click on computer then then double click C...see if there is an extra windows folder listed

[schrtz987]

Quote:

Originally Posted by brett888

it is common for files within windows folder to have old dates.what we are looking for though is something which is an old windows folders.
what this is is putting a new copy of windows back on,this doesnt reformat the drive,anold windows folder is usually left behind.it can be called old.windows windows old. windows with some numbers accociated with it
It wont be in the windows folder itseft but merely in the same directory{root in this case}
so click on computer then then double click C...see if there is an extra windows folder listed

Under my C-Drive I have no old.Windows or Windows old files of any sort. Cant find that file name Under the C-Drive in the Windows Folder, Program Files folder, and Users folder (basically all the folders I have in my C-Drive...)

[TOGG]

It may not make any difference to the result but, did you only click on the 'Scan' option in the opening screen of Trojan Remover (which checks some well known trojan activation points), or did you use the 'Options' tab to select a scan of drives and folders which you choose?.

[aka Brett]

it sounds as if your recovery partition has also become infected.
some are well protected as even the user cant access the files while other are wide open.
Will any of the spyware or antivirus scanner scan it?

[Datababe]

An infected recovery partition seems almost a certainty from the description.