none
How to delete the X (Boot) partition?

    Pregunta

  • Sir or Ma'am: Please excuse my lack of in-depth knowledge regarding computers & Windows, but I was not born with one 6 foot up my wah-zoo. I have expertise in many areas, but that field is not one of them.

    I have much experience operating computers and software, but it seems the more I know about Windows, the less I understand. Not only with Windows......but some of MS's positions and practices.

    I was a radar repairman in the armed forces, so I possess a fair knowledge of electronics. As far as computers, I started out using IBM mainframes in the mid 70's, then MS DOS desktops in the early 80's, then on to the first series of Apple desktops in the late 80's. My experience with Windows started in the late 90's when I purchased my first desktop for home use. I got broke in with Mellinum, then Vista, and now Windows 7.

    Generally speaking, I have had a very satisfactory level of experience with Windows. I had no big issues or problems that my level of experience did not enable  me to cope with ......that is, until last May: Then Windows became a living (and expensive)  HELL for me.

    That is when a Trojan horse (which MS calls Win32/Popureb.E) became my nemesis, along with (as it turned out) some low-life hackers that used that malware to manipulate and monitor my computer(s) for months now......not to mention ending up physically wreaking a couple eventually.......along with a cell phone.

    This is a very long and involved story, and as you know, hindsight is everything. I will very briefly outline the start of this mess and what I know of this attack.

    As you may know, that particular very nasty and destructive malware is undetectable by any normal scans. If I am not wrong, it is considered a 'persistent rootkit' variety of data collectors.

    Anyway, since protection software would not detect it, let alone defeat it, I set about trying to weaken or destroy it one file at at time. mainly I would try this (with my limited knowledge, please understand) by attacking malicious executables and Dll's, registry editing, and Process killing.......then hitting it with software.

    All of that was a TREMENDOUS waste of time and took quite a toll on me (being that my health is not the best anyway). Three tours in Iraq has also very much weakened my body, mind, & finances.........but I would had PAID to have been over there, and would be only too happy to get back to the sandbox. If ANYBODY out there can help me get over there as a civilian contractor, I would be eternally grateful. Now, back to the business at hand. Thank you for your indulgence.

    -------------It's just that I took this thing personal, and became somewhat obsessed in that there had to be SOME way I could defeat this malware/hacker attack. N O P E.

    I am not used to being defeated by any external force, device, or person. I am the only one that can do that to myself. So......I was flat-out determined to stomp on this cockroach myself.

    Little did I know at the time the real barrier to my making significant headway was the the hackers had set up a 'GPRS' modem (via Bluetooth) connecting to my computer (via wireless card) without my knowledge. Of course, I had previously disconnected my DSL wired input at the beginning of this battle, but I stood not a chance with those SOB's doing their dirty work without my knowledge.........unknown to me coming in a wide-open back door.

    Things just went downhill and downhill from May until now (almost October). There is MUCH MUCH more to this sordid tale, but I must leave it be for now and get to my questions.

    #1. Can you tell me HOW EXACTLY to delete/erase a corrupted and P R O T E C T E D  X (Boot) partition from my hardrives?? That partition, which is less that 1000MB, is thoroughly corrupted by the malware and continuously reinfects my fresh installs of Windows......and even corrupts Linux (sorry, I know that is a cuss word in your parts). Of course, I have tried all the conventional methods, commands, workarounds, tricks, and hardware I have available for my use. I suspect the best single piece of hardware I have on hand is a device that enables me to take a hard drive out and hook it to a USB port using an adapter or hardware interface......making it an external harddrive. I have also tried the UBCD and UBCD4Win installs/disc......still no worky.

    As you may know, that malware is VERY strong and unconventional in that it infects the MBR, the boot tables, and the malware embeds itself in something called the hardrive controller port interface, changing the I/O of that devices drivers code, right? Or something to that effect?? And it also buries itself up in some base voltage circuit to the USB hardware physical devices too, right?

    #2. May I ask WHY on God's green earth does Microsoft PUBLISH for all the world (particularly hackers and virus producers) to see ........HOW to employ and produce that VERY insidious and effective malware spawning device!!!???  WHY, WHY would you good people DETAIL how such potentially very destructive malware can be employed!!?? That is, the physical description as to HOW (practically speaking) to insert such malicious and overiding, consuming controlling self-replicating code into that driver!!?? Is this not almost a quantum leap in malware effectiveness and employment technique???

    I am referring to a webpage on one of MS's more technical websites. It practically outlines to a low-life hacker how to construct such a utterly useless and evil device (IMO).

    Of course, I know MS is not in the malware production business......but must you HELP them low-life’s so much (apparently anyway)?? I also know MS probably did not dream up how to perform this technical trick in the first place......but it did produce the product that enabled it......and THEN  apparently publishes on the web how to devise this dastardly corrupted device!! For WHAT purposes......to WHAT end!!??

    MAYBE I am completely off-base here in my accusations & assertions......owing and due to my limited knowledge. So, if you would please explain this situation to me and how I may be misunderstanding what is going on here.

    And, please let me know how to eviserate the X partition

    In my humble opinion, being that I paid for the computer, paid the asking price for the Windows OS, and paid for the electricity to run the dang things.......it is almost CRIMINAL that MS makes such a partition easily so easily accessible and controllable by the bottom-feeding malware producers......while the consumer cannot touch it.......and in factthat partition  is used as a weapon AGAINST  the consumer; the person footing the bill here.

    And that brings up another point.........I wish to thank Bill Gates & MS for not having the Group Policy Editor even VIEWABLE--------let-alone able to be controlled by the consumer in Windows 7 Home Premium.......what a deal! I am SURE you good people full well know the GP Editor is being very widely used as a SLEDGEHAMMER against us by the evil-doers in their hacker attacks. You gave them the freakin' keys to the house with that little maneuver!!

    YES.......I know a person can get GP editor with buying an upgraded version of Windows........but that is like having to pay Chevrolet money to NOT give some copies of your car keys and your address to the car thieves!!!

    In all sincerity, thank you for your time and consideration regarding my issues. Do excuse me if my assertions are off-base due to my misunderstanding or lack of knowledge. But, please do explain to me how I may be looking at things wrong........and how to slay a forted-up X partition.

    Regards and Thanks,

    SLINGLADE'S DAD


    • Editado Slingblades Dad martes, 27 de septiembre de 2011 7:12 grammer correction
    martes, 27 de septiembre de 2011 7:02

Respuestas

  • I also am having the same situation with my computer and my last computer as well. My apple was devistated by this virus. People do say Apples do not get infected, but it is not true. It corrupted it to the point of no avail. I just saw on the news about this new virus likely the same one we are expirencing. I have done alot with computers, the most of my life, I helped my dad fix computers, currently I am typing on one I fixed a long while ago. From my expirences from this file, is that its more annoying than destructive, But as any crimminal factor, it causes stress on people. I have found that DoD the drive and replacing all the firmware, does help, and note that now I am on a PC :) it does have more of an effect on it. Note to people is for them to start completely fresh from scratch and noting, during the trasnition to new comp change your service provider, dont use any media that could be written, also set new new accounts for everything, online connected to you. This thing skips and hops around everywhere. It should be on the news tonight about how wrong this file has been. But to go as far back as you can to reseting everything possible that could be written, halts it for its moment to become successful. Yes, I also was infected by Bluetooth, and not mentioning names Because of the not knowing any truth behind it. I noticed it happening just because the bluetooth was acting stranely enough to cause suspicion. Just to the person who writes this code, and to the people who distrubute it, that with each line and symbol, even though you allow me to see it, noting I will menton this, it is an act upon yourself and your contious, though I have better words for it, each person has reached thier knowing that, It is the very reason why it did happen, and it still is, every moment you are in existance, that what you DO matters, and always will. WILL But its all good one day this person will get thier own. I am just going to though the proccesses of the crap it does, and stay with the same old routine, Wipe the drive and start fresh every 30-60 days, if it melts replace it, ect ect, until it forms into a form of some sort, and is able, I wont be worried, FOR myself.

    :)

    martes, 5 de junio de 2012 2:07

Todas las respuestas

  • Hello Slingblades Dad,

    We are here to help you, and I'm sure together we will we able to solve your problem. However, please only ask questions and post objective information, since I guess the size of your post discourages the readers of this forum to read it and post a reply. To summarize your question, I think your problem is that you have a virus called Win32/Popureb.E which prevents you from removing the X: drive?

    Could you please confirm this?


    With kind regards,
    Laurenz

    martes, 27 de septiembre de 2011 9:02
  • It is not often we get such a long letter. This forum is nomaly used for a quick question. However I know your pain about malware. It take 1-2 seconds to get infected and 1-4 hours of cleaning. In simple words. I hate low-life hackers and script kiddies. I would like them to spend equal time in jail the sum of all infected machines it takes to clean.

    From a MSDN blog I found this text.

    If your system does get infected with Trojan:Win32/Popureb.E, we advise you to:

    • Fix the MBR
    • Use a recovery CD to restore your system to a pre-infected state (as sometimes restoring a system may not restore the MBR).

    To fix the MBR, we advise that you use the System Recovery Console, which supports a command called "fixmbr".

    martes, 27 de septiembre de 2011 11:54
  • Hello again Slingblades Dad,

    In addition to Michael Klinteberg's answer, I recommend completely cleaning your hard disk by deleting all data on it (including the virus!) using a data deletion program followed by a clean install of Windows 7. I recommend using DBAN (Darik's Boot and Nuke). This can be downloaded from http://www.dban.org/download. Doing this will also completely remove the X:-drive, with which you struggle so much.

    Attention! This option will completely remove all of the data on your computer, and should therefor be used as a last resort if Michael Klinteberg's solution doesn't appear to work for you!

    I hope this information helped you make a decision.


    With kind regards,
    Laurenz

    martes, 27 de septiembre de 2011 13:33
  • Thank you for your kind offer to help. Yes.......I went on a bit too long with the post, huh? You will have to excuse me as this was my first post and I really do not know the customs here. I also had some venting to do regarding the overall situation too.

    I also am starving to death and desperate to find work, so I beg everyones indulgence here regarding my seeking work.

    Yes, your estimation of my problem is correct. No matter what I do (HD erasures using various methods software, and equipment) partitioning, new HD installs, complete re-installs of Windows, system reimaging, low-level formats of the HD's, erasing the disk and using Linux OS's.........I cannot get rid of that X boot partition from Windows 7.

    Thank you very much!

    jueves, 29 de septiembre de 2011 17:39
  • Yes, thank you Michael. Please see my previous post.

    YES......that technique you recommend was one of the very first things I tried.......all to no effect. I suppose I have run through that routine about a thousand times all-toll........I also employ the commands 'FixBoot', and 'RebuildBcd'.......all no worky.

    Appreciate it!!

    jueves, 29 de septiembre de 2011 17:42
  • Yes.......I have used that program about 20 times on the various HD's......along with the 'Disk Eraser' bootable disk app..........no worky.

    I have tried MANY MANY types and forms of apps and hardware.  The malware is burying itself up in some kind of Motherboard interface and even a new HD will aquire the virus upon fresh install.

    I would hate to guess the number of clean installs and system re-images I have done.

    Thanks!

    jueves, 29 de septiembre de 2011 17:46
  • If you replace the disk, will the X: drive still be there?

    -- edit ---

    Oh, I did not see that you already have tried that.

    If you have replaced the disk and the X: drive is still there. I've never heard of this before but flashing the BIOS might help.

    What else is connected to the moderboard? (Memory card reader, DVD, second HDD).

    I don't remember, have you tried a diffrent install DVD?

    Are you connected to the network during install? If yes, remove network cable.

    Are you installing any other applications?

    Try small steps first. Remove any suspicious things and add them one by one later on.


    -- edit 2 --

    Are you installing from a OEM DVD?

    viernes, 30 de septiembre de 2011 7:19
  • Slingblade I know EXACTLY how you feel... I got the same Trojan!! It's undestructable and very aggresive and persistant! I have formatted don't even know how many times, new hard drives, finally new computers (4 computers total) and you ask how'd the new computers get infected?? Well at the time I had cle@r wire wireless and after over twenty phone calls to them and even talked with one of the "comp. Engineers" who supposedly helped with the write protecting of there REUSED flash drives to download the drivers 100% guaranteed, absolutely impossible, never has happened and will never happen ... That his product could transfer or hold a "virus"!! So I kept using it until I wised up and uploaded the setup.exe (asked what setup.exe file...) file to virus total which confirmed my assumption! Now I can't get an answer or reply about there reused flash drives AND the engineers and Reps. GUARANTEES! This Trojan is the superman of all Trojans which uses fax,telephoney, dialers ETC.....! When you change permissions on files and registry the hacker has no shame ..... Like playing chess with the scumbags! It's like as if they actually think it's there computers and they are doing me a favor by letting me use them! Kaspersky, Emsisoft, malwarebytes, spyware doctor, combofix just aggravates it! Best buys geek squad, and 5 other comp. Shops are still scratching there @$$es in amazement!! These computers are possesed if you will lmao! Now Ima scratch my head and figure out what Ima do with cle@rwir3 : ). ! Have you resolved your issues and if so HOW? Love, happy and very SATISFIED cl3@rwire wireless customer!! Clear wire stands behind there profits and there numerous 100% guarantees......yeah right!!!
    jueves, 8 de marzo de 2012 18:17
  • I also am having the same situation with my computer and my last computer as well. My apple was devistated by this virus. People do say Apples do not get infected, but it is not true. It corrupted it to the point of no avail. I just saw on the news about this new virus likely the same one we are expirencing. I have done alot with computers, the most of my life, I helped my dad fix computers, currently I am typing on one I fixed a long while ago. From my expirences from this file, is that its more annoying than destructive, But as any crimminal factor, it causes stress on people. I have found that DoD the drive and replacing all the firmware, does help, and note that now I am on a PC :) it does have more of an effect on it. Note to people is for them to start completely fresh from scratch and noting, during the trasnition to new comp change your service provider, dont use any media that could be written, also set new new accounts for everything, online connected to you. This thing skips and hops around everywhere. It should be on the news tonight about how wrong this file has been. But to go as far back as you can to reseting everything possible that could be written, halts it for its moment to become successful. Yes, I also was infected by Bluetooth, and not mentioning names Because of the not knowing any truth behind it. I noticed it happening just because the bluetooth was acting stranely enough to cause suspicion. Just to the person who writes this code, and to the people who distrubute it, that with each line and symbol, even though you allow me to see it, noting I will menton this, it is an act upon yourself and your contious, though I have better words for it, each person has reached thier knowing that, It is the very reason why it did happen, and it still is, every moment you are in existance, that what you DO matters, and always will. WILL But its all good one day this person will get thier own. I am just going to though the proccesses of the crap it does, and stay with the same old routine, Wipe the drive and start fresh every 30-60 days, if it melts replace it, ect ect, until it forms into a form of some sort, and is able, I wont be worried, FOR myself.

    :)

    martes, 5 de junio de 2012 2:07
  • As i write this i am shaking with desire. dont worry its not perverse, not in a sexual way anyhow. Its with the desire todo some hacking of my own. hacking of fingers and toes, ears and lips, and on to the more sensitive regions of the pieces of trash who stole from me not only my sanity and privacy, not only my right to coexist as these little pukes do without restraints enjoying freedom, but the memories of my childrens lifetimes i kept in digital format and will never be able to replace. im offeriq

    ng a bounty on anyone running this software and aiding directly in its propogation. i want addresses and names  photos and proof they are end users. i do not want the authorities called outright. let me handle it. Perhaps after being tied to a tree in remote mountains for weeks on end while i work on them slowly will give my thirst for revenge a quenching. To you so called hackers using the sneaky x boot and the microsoft managment console to supplicate a life for yourselves i say to you slingbladesdad is correct. your day is coming and the judge is already made a ruling. im grsteful to the above folks thst spoke up and offered what help they could but it seems only destruction of property and memories is of interest to trash like this. i thought i was reading my own story and know exactly what you went through  phones hacked, cameras and passwords hacked. every device do

    wn to our childtens school comluter ruined for what? And yes gates is responsible for putting this out there on a silver platter. should a classa tion come abkut, i believe ill be near the front for it. what a pountless lossto suffer for some amorle jokers amusement. After over a month i finally have a name and a an to reverse engineer your own toy against you. keep on using it fellas  . soon your eggs will be in the grinder and my hand on the crsnk  You are pointless human trash good onky for feterlizer so please do your duty, fufill yoir total potential and kill yoirselves posthaste so the rest of us can live happy knowing scum like you only rot in the ground and nowhere else  

    sábado, 26 de enero de 2013 11:28
  • This is almost the exact story that I have. This happened last November, and I have also worked with Microsoft products my entire life. It turns out that I am making progress on this, but still do not know how they got in in the first place. I believe it has something to do with HD audio and video signals that our cell phones transmit directly to the computer as well as bluetooth. They are using the hacks that are listed on several sights that use a virtual machine are stored in Windows XP Ramdisks they installed, as well as FreeDOS with the Dos Grub tools, and the Linux operating system. It is called something like Win9x? I have been learning everything I can about Linux to try to combat it, but it is frustrating and my health and mental well being are also suffering to a point that I want to give up most of the time these days. I managed to do some damage last week and got rid of the X partition, but before I could reboot to wipe the drive, it was back. They get in through the PCI buses and also turn the USB ports and the CD drives into a virtual transport with windows images using something like WinPE pre installation environments stored in the RAM?! My software is not even getting into the computer, it is THEIR images that get delivered through the Cd and USB ports. I keep getting to a point that I can wipe the Linux, Windows and Dos drives but while installing my factory installation cd's they are taking it over by the second cd and I do not know how to stop them. They have installed thousands of drivers including things like Fresco Logic xHCI (USB3) Hub Device Drivers, Jraid-f, magasas drivers, K 8 processor platform, HID UPS battery, Bowser MRxSMB10 and MRxSmb 20 NSI, Hid Keyboard, Alien Satellite Drivers, WinSAT drivers, Video imaging Drivers, Sata Link controller, Qlogic Fibre Channel Mini Port, and Soft Raid Controllers. Every single Computer tech I have seen takes my computer(s) (every single one in the house and all of our phones) and they are so arrogant that they think it is simply just a virus and wipe the drive, say the drivers are normal installations and within 5 minutes it is taken over once again and they look at me like I AM THE CRAZY ONE! The hackers are using some sort of management program as I have read some of their correspondence with tools found on hacking sights and they say things like the management Que is full whenever I am able to damage some of their hold on my system. It is a management type of program that controls everything and takes ownership of the system and the software installed on the computer isn't really installed, it is being managed online and we as users are only allowed to use what they want us to use. I really need help, this is literally taking away my future. I am a college student at age 47 and my last chance to make something out of my life and already have $19,000 in student debt and they made me fail 2 classes last semester. My GPA went from a 3.56 to a 2.6 and if I drop out, I have to start paying on the loans without the income from the kind of job a college degree would allow me to get. SOMEBODY PLEASE HELP!!@
    sábado, 19 de julio de 2014 15:52
  • The same thing is going on with my cp..word for word and when I called Microsoft virus help desk they wanted 99$$$ I have tried everything took it to data doctors that was a waste,  I can't get this thing off my cp its cost me thousands and thousands of dollars... It your fault Microsoft nice scam let hackers have access and the only way to kill it is to pay you....CLASS ACTION LAW SUITE BOYS.....I HAVE BEEN TRYING TO KILL THIS THING FOR 2YEARS AND OUT OF THAT 2YEARS I HAVE BEEN DENIED SERIVCE MORE THAN HALF OF THAT THIS IS BULL S$%# THANKS LOVE PERRY RIVENBURGH


    • Propuesto como respuesta doggyg lunes, 3 de agosto de 2015 15:06
    • Editado doggyg lunes, 3 de agosto de 2015 15:08 Spelling
    • Votado como útil doggyg lunes, 3 de agosto de 2015 16:16
    lunes, 3 de agosto de 2015 15:06
  • I'm going to try dban I really really really hope it works I'm on a tablet now and I did the fixmbr so I'm turning on my Asus cm1855 desktop I'll let you know..,...
    lunes, 3 de agosto de 2015 15:44
  • Well now you have heard of it. the same thing is happening to me word for word this thing has my computer ownes it. In command prompt it starts enableing hundreds of ports at the same time and my cp resource max out and now it trying to make my cp a server!!this thing does what it wants it ownes my computer and its killing me in all kinds of ways.....
    lunes, 3 de agosto de 2015 16:04
  • In the same boat as the first few guys 100%, google Rakshasa,I believe thats what we're cursed with. They completely own my Dell desktop HP laptop, 4 iPhones, RCA and Nextbook tablets and I believe my AT&T cable and router for sure. Numerous clean installs and full wipes w refill and wipe again. I believe we're just the ones who questioned odd things and dug a bit deeper. I hope I'm wrong but these asses are so deep the way wifi overlaps they have to be in imma say over 50% of the population. Most rely too heavily on programs that can be spoofed. Linux is like a mad criminal who has all the tools to pwn the world. Using NT/System commonly they're hard to detect bc they spoof all apps leaving a useless shell. All w MS digitally signed programs for the most part. It's sick and has consumed my life for a year plus. I've fought and won small battles just to restart and it's all bk the same. They're utilizing backups, volume shadow copies plus pagefile and hyberfile to restore when needed. Every file I upload to VirusTotal is a packed malware/spyware bomb. These are active hackers who install malware that allows more bad guys to connect at will.......please some of you great minds, we need help! Again, sry for the essay and I have more :'-( -T.A.
    viernes, 21 de agosto de 2015 14:29
  • First, great original post SD. The only solution unfortunately is buy a new computer and NEVER go online. Bottom line is the internet is not secure. Check your network adapter .inf file. Look for the SSID. Youre probably being routed to some bogus network like bald eagle and everything you do on your computer and the internet is a lie...ie: IMPOSTERED.

    Second, 

    This world is full of duchebags that cant get the attention they seek so they lash out like idiots and force themselves on everyone else. Its just the way life is. In the end justice will be served. You can count on it.    Good luck   


    • Editado spendogz martes, 24 de noviembre de 2015 1:00
    martes, 24 de noviembre de 2015 0:56
  • 19K/11B here. All I want is some of their home IP addresses. TrustedInstaller taking over my computer as soon as or even before I finish reinstalling windows. I still have to try a few different things to get rid of it.
    miércoles, 18 de enero de 2017 22:39
  • Have the same problem and also believe they have accessed cable boxes here through the router that supplies the loop and unknown IPv6 network. Also the new frontier I believe has moved to the main power switch to the house. I swear, I was working on removal on the last windows computer we have left and kept reinstalling asap as to get back having loop removed, which I achieved among other road blocks, and sure enough the freakin power started to trip right when I upped a few fresh versions off win 10. So much to say about this crap! They got into the BLUE tooth apple alarm clock and my smart phones that way. I try to warn ppl when they come over to turnoff phone, especially the ones with sensitive jobs, but I just get dismissed as crazy cause they're not aware of my knowledge, typical unfortunately. Reason I wrote in was to bait your hook and let you know bout how I first caught this bug and it started as close as my next door neighbor, younger twenty something black guy with a chip on his shoulder do to the fact I watched Fox News and discussed politics with a relative in news media back then, what four yrs ago. Of course now they want you to think its all overseas where they got the spyware componentized and still have some ties I bet. First I stumbled on this hackers nest by noticing a open wireless connection when I picked up a new laptop and couldn't wait for them to install my own modem. Well they set the open signal really low so they can retain the connection to your computer and get info or install malware to track. Then as you know the hunt begins as they erase your freedom and compromise your very existence. To type cast these idiots look for your typical anonymous hacker group of millennial anarchists all the way to the NOKO's that supply there wares! I'll bet the farm on that, oh yeah already lost it! I have not one suggestion for you, expect the new computer and stay off internet. When you do now you'll want to set up your laptop with total encryption, like you have something to hide just to keep it working. There's a lot more going on out there and it's increasing! Now I caught this little prick, who just like the comment above read, needed a lot more attention from Papa back then haha; putting the final touches on installing root kit for ACPI malware and trojanhorses for pci malware to connect all these computers to their network because he asked to use the desktop to send an email. He broke that first rule of hacking, don't ever hack close to you or with anything that leads back to you! Just wish someone would care,they just blame me since I was fixing things when final wall breaks the plastic so to say!! Spend extra couple hundred dollars and get a spy shop to set up your next computer if having this kind of trouble. And maybe start a emergency food bank when shit hits the fan, that's how bad the hacking is today. What is that network for?

    viernes, 10 de febrero de 2017 22:01
  • I don't speak english as my native language. So please forgive any mistakes.

    I recently got this super virus.

    I know this is an old thread, but this virus is still out there, giving lots of problems to the unfortunate ones like ourselves. I think its not just the Win32.Popureb.e , but it is a mix, with other kinds of bad codes that prevents us from getting control of our computers.

    But here are some good news, I MANAGED TO GET RID OF IT. MY COMPUTER IS CLEAN. It was surelly the most dificult thing I had to learn about computers in my life, as I had to learn Linux stuff.

    So, I am going to try to describe the process that worked for me. I hope it helps.

    I had bios, plus 4 hard drives infected. Luckelly, i disconnected my PC from the internet as soon as I noticed it, so my smartphones and notebook stayed clean.

    1. Disconnect the infected computer from the internet. And also disconnect all hard drives from your computer, and take off any flash drives, usb drives, etc... anything that can store information, take it off. (as described by Shibby84 above, this vírus can easelly jump from one drive to another).

    2. Get a clean pen drive/flash drive, download the firmware for your bios on a clean computer, save to the flash drive and update the bios from the bricked PC. That way i cleared my bios and could use the boot setting normally again.

    3. Download an antivírus rescue disk on a safe PC (i used Bitdefender Rescue Disk, as it was the only one that worked for my broken computer). IMPORTANT: use a writeble DVD/CD to save the ISO of the Rescue Disk. It cannot be RE-writeble, because somehow, the vírus infects rewriteble media.....

    4. Connect the infected hard drive(s) to your pc again, BUT DO NOT let windows start. Config your boot in bios to boot from the CD/DVD, so you will start with the antivírus rescue disk before the vírus could act.

    5. Connect the internet cable, and let the antivirus rescue disk download and update the malware database. Run a full scan on all your files and clean whatever threats you find. (it found lots of junk on my drives....) You can also use a Linux app called GPARTED, that comes with most of the rescue disks, to manage partitions on your drives. So if the infected X boot partition is still there after scan, you can manually delete it. In fact, you should manually delete any suspiscious file you can find. From the rescue disk, no files will have protection. You can delete anything.

    6. Get a Windows ISO (original please, I used Windows 10 pro 64bit), and save it to a DVD. Boot from the Windows DVD and get to the part where you can install Windows. (to get there, i had to select F8 (startup settings) , and then press 9 (ignore startup erros), because the infected MBR/GPT partition of my drives led Windows to believe i had a broken Windows instalation that needed repair, and if you do repair, the vírus gets back again.

    7. When you get to the instalation screen, select the language, keyboard layout etc... Dont install a new Windows, go to the Repair your computer, on the lower left. Select troubleshoot, command prompt.

    8. Windows DVD will probably open the X:\sources or C:\windows\system32 path in the command prompt, and from here we can repair the MBR/GPT partitions of your hard drives. Type:

    -  "diskpart" whithout the quotes (a program to manage disks/hard drives etc)

    - "list disk" (see if it recognizes all of your hard drives)

    - "list vol" (it will show the letters attributted to the drives, fo ex.:  C:  D:  E:   etc... remember the letter of your drives)

    - "exit" to get out of diskpart.

    - Type the letter of the infected drive. Ex.:   C:   and hit enter. (notice that the focus of the command prompt will go to the letter of your drive. So your actions from now on will only affect the drive you choose.

    - Type "Bootrec /fixmbr" . It should say that the process was completed successfully. If not, you got a big problem and should do a hard format on the drive with some boot disk  or ubuntu live disk, that can erase the Mbr/GPT partition. But for me, it worked every time with my 4 hard drives.

    - Repeat the last two steps for every hard drive that you need to repair.

    9. You are almost done... If you still have a working Windows instalation (which I doubt because this virus is so destructive) you can try reparing also the boot section of that drive so maybe you will get the Windows to a clean state again without loosing files (search the internet for "repair boot sector with Windows dvd" or similar), but i recomend cleaning the hard drive you will install Windows with the "CLEAN" command of diskpart. More information about that searching for "use clean command diskpart" on google / bing/ etc.

    10. Close command prompt, turn off your PC. Boot from Windows DVD again and this time install Windows normally. You should be clean now, but beware that you can still have a backdoor or rootkit on the deeps of no one knows (i still had some  o.O  ) . So after you install Windows I recommend downloading all the antivirus tools you can find to remove specific stuff like that.

    I really hope the hackers that created this virus die in prison.

    Anything else I could help, let me know.

    May the bad luck go away, may the good luck be always welcome.

    So... if you are getting crazy like I did, GOOD LUCK, DONT GIVE UP

    greetings from Brazil...






    • Editado T.Jacks lunes, 7 de mayo de 2018 6:09
    • Propuesto como respuesta T.Jacks lunes, 7 de mayo de 2018 16:40
    domingo, 6 de mayo de 2018 19:18
  • I've been having the same problem with both my PCs (Pavillion & OptiPlex towers) but I'll focus on the former as I'm sure a solution would work on both. 

    What happened is that in the last fortnight, the Pavillion suddenly refused to boot (oft 'Grub Rescue' MYOB SVP, MS just got GitHub, they're not gonna ditch Ext# anytime soon) and once was able to get a distro USB to employ GParted to delete what I thought was the trouble and install but crashed back in under a day.  Again with penguin USBs (needed to install GParted onto USB Mint beforehand) but the next install only ran 2 days.  

    Have install and repair disks but refused to install, say 'can't be found'. Also tried DBaN on two drives that were giving the trouble (DOD method on 1st) but nothing came out of it.  Later, avec USB, saw the partitions were still there and used Gparted again to wipe it, allowing to reinstall the 2nd W7 OS as said above, but it seems to be missing Part X as well.  

    Odd thing with that (750GB) drive, the Pavillion ran with it formatted as a single NTFS but when I (re]partitioned into 1) 125 NTFS (for back up), 2,) 100 GB for TimeShift, 3) NTFS (for image) & 4) the remain 4 or so 100 GB exFat as storage and staging between transfer to other OS' or archiving. 

    Hence, until this problem is corrected, need to be vigilant with archiving as, like Damocles, have no idea when the next crash would occur.  I have a feeling that I'm nesting those X-partitions with every successful re-install only to have them crash.

    Last resort, woul I need to get the offending drive degaussed to exorcise these demons?  Have no idea whether it was the virus mentioned in OP but wouldn't there be a chance of it residing in the other 8 drives (nearly 5 TB) jeopardizing my Life's data? 

    viernes, 14 de septiembre de 2018 6:16
  • That sounds very much like what's been happening with me.

    Seems like one of the brand new 3 TB drives got infected, only used for storage, not OSs. 

    Looks like I'm about to suffer your fate.

    viernes, 14 de septiembre de 2018 6:19