Fairly New Computer is infected by Win32/PossibleHostfilehijack
2 replies, posted
My fairly new computer was diagnosed by Windows Defender a few hours ago. After running the malicious malware detector and fixer, "Avenger", the virus has totally infected my Hosts file. Windows Defender would find two Trojans, generated by the Hijacker. They were two Orsam Trojans. The viruses survived a system rollback, so I tried something else:
I backed up all I needed on a USB (very few files, some 3D models, and small programs), and reinstalled Windows. Luckily I had done no banking or transactions on the computer. I changed my passwords on a secure laptop since.
Upon completion of the semi-reinstallation (Windows hasn't been activated, the computer was offline since) the reinstallation created a another drive: F:Windows Old or something. Apparently it has no files visible but is pretty full for a 18GB drive, like half way. I can only assume it's backed up files prior to the system reinstallation, mandatory it seemed, even though I chose to start from scratch to be sure. Ever since I had powered down the computer to be sure and think things over.
So I have some questions regarding what I have done:
Will I have to repurchase Windows since it's asking me for an activation code again?
Will the "F:Windows old" re-leak these trojans and hijacker viruses?
Did these viruses survive the OS reinstallation?
This all happened in 2 hours or so, could my hardware be already compromised?
There's a hardware and software section if you need help, but I'll answer your questions.
1, if you have your windows key around then you can use it more than once.
2, no. You would have to go into the old windows partition and manually find and execute the program to infect the new windows installation.
3. As I said in the last question, you would have to go and find the program manually and execute it.
Your hardware is most likely fine, BIOS flashing viruses are pretty damn rare nowadays.
1) If you have a serial code, you can reuse it. If you run into problems, you can just call microsoft or the automated phone activation service and it'll be fixed up.
2) Unlikely.
3) Some rootkits, as far as I know, can.
It [I]should[/I] be fine, unless you also got a rootkit, which, if you don't delete all partitions and remake them, can survive.
I would suggest running ComboFix: [url]http://www.bleepingcomputer.com/download/combofix/[/url]
And before (or after, doesn't really matter), TDDSKiller: [url]https://support.kaspersky.com/viruses/disinfection/5350[/url]
Note that Combofix is extremely agressive and there is a small chance it will wreck the system (though if that happens it's beyond repair anyway).
Of course, if you want to be absolutely sure, like I said, remove all partitions and recreate them.
Sorry, you need to Log In to post a reply to this thread.