Interesting little problem...

jcloud · #1 02-12-2007, 07:54 AM

Ok first I will give my system specs:

AMD Athlon XP 3000+ CPU
ASUS A7N8X mobo
2 x 1GB DDR RAM
250GB Hard Drive (used to be 2 x 40gb when problem started)

Ok here is my issue. I had lost a valuable piece of Adobe software that I had purchased (I think one of the college guys in my dorm took off with it) and was determined to get another copy. Even though I had a valid license, the version I got supposedly needed to be "cracked". I know this was very dumb of me but I visited a crack website and downloaded a crack. Upon clicking on the downloaded file I got a nice surprise as my anti-virus software (AVG free at the time) went nuts. AVG couldn't clean it up so I went and purchased the PC-Tools bundle. Unfortunately this couldn't clean it either. I also tried online scans, Windows Malicious Software Removal Tool, Avira anti-virus free, F-Prot boot disk looking for boot sector viruses... all no good. Nothing would detect the virus after that first 15 minutes or so.

The symptoms were:
3.5" floppy spun like mad on it's own for long amounts of time
3.5" floppy would spin whenever I loaded up any antivirus software or malware removers, even online scans.
Spyware Doctor reported that malware was changing it's database but couldn't detect it.
Random reboots in XP while downloading updates.
After installing Service Pack 2, when I tried to update the computer 3.5" floppy would spin.
Sometimes Windows Malicious Software Removal Tool would detect something but not tell me what it detected and also state that it cannot remove this type of malware.
Eventually my Antivirus programs would cease to load and work. PCTools Antivirus would specifically give me the error 103.
Also, the Spyware Doctor subscription would randomly declare itself invalid, or increase the subscription days to 1000+.

So I did these things:
Deleted partition, reinstalled/reformated with XP CD
The symptoms were still there.
So I deleted partition, zeroed out the drive(s), reinstalled/reformated with XP
Still there.
Deleted partition, zeroed out the drive(s), installed Ubuntu Linux
No problems in Linux so I re-installed XP hoping any boot sector virus was wiped out by Linux's boot program.
Still there.
So I took the main hard drive out and destroyed it (old drive anyways), thinking it was in that boot sector and it was the only thing left to do.
I then tried the dual boot with Linux and XP again on the second hard drive.
Problem was still there on the XP install but no problems in Linux.
So I took that hard drive out (didn't destroy this one) and bought a new 250GB hard drive.
First thing I do is install PCTools suite on there from the internet (not from a backup CD).
........................................

The 3.5" floppy still randomly spins and especially when running any PC-Tools software. Even when I turn Active OnGuard off, in each software, the floppy drive still spins when trying to run updates, check the about section of any of the PC-Tools software, starting up Anti Virus (but not any other program), and I still get the randomly weird subscription notices in Spyware Doctor either that my subscription is invalid or the subscription has 1000+ days on it (only happened once for each problem since the clean install on new hard drive).

..........................................

Right now I am very frustrated and very paranoid. I don't think a virus can transfer itself when you take one hard drive out and replace it with another one and do a clean install... Are all these problems being caused by the PC-Tools suite of software?

solcroft · #2 02-12-2007, 08:07 AM

Interesting problem, yes. But not very little.

To the best of my knowledge it is impossible for a virus to survive a hard drive replacement and clean reinstall. It would need to attach itself to someplace to store its code, and as far as I know that's not going to happen simply because there is no place other than the hard drive to record executable code. If your floppy disk is the only problem you're facing right now, you might want to check out this thread:

http://www.pctools.com/forum/showthread.php?t=45221

Also, you can try going back and re-downloading the crack file (needless to say, don't execute it this time) and upload a copy to www.virustotal.com and some good anti-spyware scanners - other than Spyware Doctor, that'd be AVG Anti-Spyware and SUPERAntiSpyware - which would tell you what kind of malware you got hit by. Zip it up, send a copy to your favorite anti-malware vendor, and wait for them to release a signature update.

jcloud · #3 02-12-2007, 08:31 AM

That explains ALOT!

I exited all PC-Tools software (even with one on the FDD would spin) and then went through and got rid of all the PC-Tools processes left running.

When I did things that normally would set off the Floppy drive spinning, nothing happened.

So PC-Tools is the culprit on this drive, and nothing else.

That isn't to say that the virus still isn't on the other hard drive. Another thing I noted is that after installing SP2 on XP the language bar keeps installing itself, and then random weird things start happening such as open browser windows crashing (when nothing else is running), etc.

I am really loathe to try and find the original crack file that did this to my system. I think you can understand my trepidation in doing so.

I think if I ever did it I would have to be using Linux or a Mac... something that wouldn't implode...

But to be honest I don't even remember the site name, as I had to follow tons of links to find the file (sites embedded in sites). All I know is I am never doing that again.

Who knows, maybe I can get Adobe to send me another CD which would solve the original problem. I can't remember if I ever registered it or not but I am pretty sure I would have had to to get any kind of customer support like that.

Thanks for your response!