New Virus on my external hdd

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

stef1808

Thread Starter
Joined
Aug 1, 2015
Messages
54
Hello,

I have had suspicions of my external hard drive containing malware. I have, combined with personal data, media/picture files which unfortunately can say have downloaded from not very reliable sources.

Most times im not able to safety remove the usb hdd - I used a free ejector software which said 2 programs I didn't recognize where stopping the eject: microsoft zune app and also nvfbc plugin (should also mention nvfbc plugin also prevents me from shutting down windows occasionally)

Does this sound malware related to you? I would hate to have to nuke the hdd and lose my data but also concerned just deleting the certain files wont cut it. Would I be able to transfer the contents to my main HDD and deep scan everything?

Ive tried the basics such as malwarebytes scan, avast, eset online free scan - all seems clear

Its a western digital hdd (my passport) in ntfs format. Cheers
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,463
Microsoft Zune is a legitimate app and the nvfbc plugin relates to NVIDIA Frame Buffer Capture which also is legitimate.

Are you stopping the volume before ejecting or just ejecting?
 

stef1808

Thread Starter
Joined
Aug 1, 2015
Messages
54
I attempt to use windows "safety remove hard drive and eject media"

No other programs are open (as far as i know) related to the hdd - I have never used zune (only windows media/ VLC player)

Also on another PC I tested the hdd. Certain folders (full off .dll files) requires access permission to open, on mine it doesn't.
Theres a folder I dont recognise (something like 8fghh213h213) which again full of .dll files - this once also requires admin privileges usualy but again not on my PC
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,463
I attempt to use windows "safety remove hard drive and eject media"
Yes but it's a two step process. You have to stop the volume first and then it should eject.

Please give the exact name of the folder and some of the dll files.
 

stef1808

Thread Starter
Joined
Aug 1, 2015
Messages
54
I believe im stopping the volume first

It is "8ac0817b9c73fa774ed330" containing install.res.1041.dll
theres also several more ouside the folder install.res.1028, 1031, 1033, 1036, .... 3082 and msdia80.dll
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,463
Those are related to Visual C++ Redistributable packages and are temporary files that generally get deleted automatically but sometimes they remain.

You can delete the 8ac0817b9c73fa774ed330 folder and all of those numbered install.res files and the msdia80.dll too.

Leave them in the Recycle bin to be sure nothing cries out for them but it should be fine.
 

stef1808

Thread Starter
Joined
Aug 1, 2015
Messages
54
Ok thanks, have deleted.
Can i do anything else other than mentioned to deep scan the media files
 

stef1808

Thread Starter
Joined
Aug 1, 2015
Messages
54
Also forgot to mention fairly new windows install and finding packet captures from rp.gwallet.com, wf.taboola.com and many more
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,463
Are you talking about the external still or is this network activity on the PC?
 

stef1808

Thread Starter
Joined
Aug 1, 2015
Messages
54
Sorry I wasn’t clear, that’s network activity on the PC. I’m still convinced the only compromised data was the external hdd though. ??
 

stef1808

Thread Starter
Joined
Aug 1, 2015
Messages
54
Windows wouldn’t let me eject the volume and there was activity on the hdd even though I wasn’t using it.

I used LockHunter 3.2.3.126
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,463
If you wish I can move this thread over to the Virus & Other Malware Removal forum and have your external drive and PC checked for malware.
 

stef1808

Thread Starter
Joined
Aug 1, 2015
Messages
54
Please do, although I would feel a lot safer wiping the PC and doing scans on the external for hidden code in the media files.
Thanks for your help Cookiegal
 

stef1808

Thread Starter
Joined
Aug 1, 2015
Messages
54
Is there anything else I can do to scan the hdd. I’ve since formatted windows.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top