1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

New Virus on my external hdd

Discussion in 'Virus & Other Malware Removal' started by stef1808, May 14, 2018.

Thread Status:
Not open for further replies.
Advertisement
  1. stef1808

    stef1808 Thread Starter

    Joined:
    Aug 1, 2015
    Messages:
    51
    Hello,

    I have had suspicions of my external hard drive containing malware. I have, combined with personal data, media/picture files which unfortunately can say have downloaded from not very reliable sources.

    Most times im not able to safety remove the usb hdd - I used a free ejector software which said 2 programs I didn't recognize where stopping the eject: microsoft zune app and also nvfbc plugin (should also mention nvfbc plugin also prevents me from shutting down windows occasionally)

    Does this sound malware related to you? I would hate to have to nuke the hdd and lose my data but also concerned just deleting the certain files wont cut it. Would I be able to transfer the contents to my main HDD and deep scan everything?

    Ive tried the basics such as malwarebytes scan, avast, eset online free scan - all seems clear

    Its a western digital hdd (my passport) in ntfs format. Cheers
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,889
    First Name:
    Karen
    Microsoft Zune is a legitimate app and the nvfbc plugin relates to NVIDIA Frame Buffer Capture which also is legitimate.

    Are you stopping the volume before ejecting or just ejecting?
     
  3. stef1808

    stef1808 Thread Starter

    Joined:
    Aug 1, 2015
    Messages:
    51
    I attempt to use windows "safety remove hard drive and eject media"

    No other programs are open (as far as i know) related to the hdd - I have never used zune (only windows media/ VLC player)

    Also on another PC I tested the hdd. Certain folders (full off .dll files) requires access permission to open, on mine it doesn't.
    Theres a folder I dont recognise (something like 8fghh213h213) which again full of .dll files - this once also requires admin privileges usualy but again not on my PC
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,889
    First Name:
    Karen
    Yes but it's a two step process. You have to stop the volume first and then it should eject.

    Please give the exact name of the folder and some of the dll files.
     
  5. stef1808

    stef1808 Thread Starter

    Joined:
    Aug 1, 2015
    Messages:
    51
    I believe im stopping the volume first

    It is "8ac0817b9c73fa774ed330" containing install.res.1041.dll
    theres also several more ouside the folder install.res.1028, 1031, 1033, 1036, .... 3082 and msdia80.dll
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,889
    First Name:
    Karen
    Those are related to Visual C++ Redistributable packages and are temporary files that generally get deleted automatically but sometimes they remain.

    You can delete the 8ac0817b9c73fa774ed330 folder and all of those numbered install.res files and the msdia80.dll too.

    Leave them in the Recycle bin to be sure nothing cries out for them but it should be fine.
     
  7. stef1808

    stef1808 Thread Starter

    Joined:
    Aug 1, 2015
    Messages:
    51
    Ok thanks, have deleted.
    Can i do anything else other than mentioned to deep scan the media files
     
  8. stef1808

    stef1808 Thread Starter

    Joined:
    Aug 1, 2015
    Messages:
    51
    Also forgot to mention fairly new windows install and finding packet captures from rp.gwallet.com, wf.taboola.com and many more
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,889
    First Name:
    Karen
    Are you talking about the external still or is this network activity on the PC?
     
  10. stef1808

    stef1808 Thread Starter

    Joined:
    Aug 1, 2015
    Messages:
    51
    Sorry I wasn’t clear, that’s network activity on the PC. I’m still convinced the only compromised data was the external hdd though. ??
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,889
    First Name:
    Karen
    May I ask why you are using this rather than the built-in hardware removal utility?
     
  12. stef1808

    stef1808 Thread Starter

    Joined:
    Aug 1, 2015
    Messages:
    51
    Windows wouldn’t let me eject the volume and there was activity on the hdd even though I wasn’t using it.

    I used LockHunter 3.2.3.126
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,889
    First Name:
    Karen
    If you wish I can move this thread over to the Virus & Other Malware Removal forum and have your external drive and PC checked for malware.
     
  14. stef1808

    stef1808 Thread Starter

    Joined:
    Aug 1, 2015
    Messages:
    51
    Please do, although I would feel a lot safer wiping the PC and doing scans on the external for hidden code in the media files.
    Thanks for your help Cookiegal
     
  15. stef1808

    stef1808 Thread Starter

    Joined:
    Aug 1, 2015
    Messages:
    51
    Is there anything else I can do to scan the hdd. I’ve since formatted windows.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1210192

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice