Hello! I have four computers. At least one of them was found to be infected with trojan yesterday. Below are some basic info. I'm trying to decide what to do next, and was wondering if you could kindly give me some advice and guidance.
- Computer #1. Has two internal drives. Drive A has three partitions. 1st: the system; 2nd: documents + a folder with programs that do not need installation to run; 3rd: music and video. Drive B has millions of html, text, and image files for a research project.
- Computer #2. One single partition drive with system and documents.
- Computers #3 and #4. Both have two internal drives: System drive + a drive with millions of html, text, and image files for a research project.
- All the computers are on the same LAN. I frequently use Windows Remote Desktop to access one computer from another.
- I use mapped network drives, flash USB drives, and external hard drives to move files among the four computers. They also share the same set of external backup drives.
I noticed an unexpected IE popup on Computer #1 yesterday. So I did complete scans to Drive A in Safe Mode w/o Internet. Ad-Aware SE found Win32.TrojanPWS.Agent and Win32.Adware.Cydoor in a system restore point, and removed them. Windows Defender found nothing. Spy-bot S&D found some minor things. SAV found Backdoor.Trojan in VRDPlus.dll (belongs to Video Redo Plus) and removed it. After restart, SAV found Downloader.Trojan in ..\WINDOWS\System32\dsound3dd.dll but said access denied. Restarted to Safe mode again, scanned dsound3dd.dll with SAV but found nothing wrong. Deleted it anyway.
At the same time, I did Ad-Aware, Windows Defender, Spy-bot S&D, and SAV scans to the whole drive on Computer #2 and the system drives on Computers #3 & #4. The only problem found was Win32.Backdoor.Hupigon on #2.
Now I'm going to go through the 8-step procedure on #1, but have some questions before doing that: It says we need to do a "full scan" to the system, which in those programs means a complete scan on all the drives in the computer. But I was wondering:
1. Do I have to scan non-system internal hard drives on the same computer? For example, Drive B on computer #1? May I just disconnect it during the scan? (Given the large number of files on that Drive B, it may take a very long time to scan.)
2. Are complete scans on the other three computers necessary, given that they are connected and used in a way described above (Remote Desktop, drive mapping, sharing external drives, etc.)?
3. How about the external drives? Do I have to scan all of them too?
Also, if the problem on computer #1 is serious, I'm ready to do a reinstall. But the same questions remain for the "clean" install:
4. When formatting the hard drive, should I just format the system partition, or the whole drive that has the system partition, or all the internal drives on the same computer?
5. If I have to format the entire system drive (which has separate partitions containing documents and such), I need to copy out the documents, media files, and possibly software installation packages to external drives and then move them back after the new installation of Windows. Will that be a problem, i.e., will the malware stuff hide in those files and come back to reinfect the new system?
I'm sorry for the long post. I know the above may just be really stupid questions, but I was confused and hope you experts could kindly offer some advice. Thank you!
Edit: I've replaced SAV with Symantec Endpoint. May I use that in place of the recommended anti-virus software, or better not? Thanks!
- Computer #1. Has two internal drives. Drive A has three partitions. 1st: the system; 2nd: documents + a folder with programs that do not need installation to run; 3rd: music and video. Drive B has millions of html, text, and image files for a research project.
- Computer #2. One single partition drive with system and documents.
- Computers #3 and #4. Both have two internal drives: System drive + a drive with millions of html, text, and image files for a research project.
- All the computers are on the same LAN. I frequently use Windows Remote Desktop to access one computer from another.
- I use mapped network drives, flash USB drives, and external hard drives to move files among the four computers. They also share the same set of external backup drives.
I noticed an unexpected IE popup on Computer #1 yesterday. So I did complete scans to Drive A in Safe Mode w/o Internet. Ad-Aware SE found Win32.TrojanPWS.Agent and Win32.Adware.Cydoor in a system restore point, and removed them. Windows Defender found nothing. Spy-bot S&D found some minor things. SAV found Backdoor.Trojan in VRDPlus.dll (belongs to Video Redo Plus) and removed it. After restart, SAV found Downloader.Trojan in ..\WINDOWS\System32\dsound3dd.dll but said access denied. Restarted to Safe mode again, scanned dsound3dd.dll with SAV but found nothing wrong. Deleted it anyway.
At the same time, I did Ad-Aware, Windows Defender, Spy-bot S&D, and SAV scans to the whole drive on Computer #2 and the system drives on Computers #3 & #4. The only problem found was Win32.Backdoor.Hupigon on #2.
Now I'm going to go through the 8-step procedure on #1, but have some questions before doing that: It says we need to do a "full scan" to the system, which in those programs means a complete scan on all the drives in the computer. But I was wondering:
1. Do I have to scan non-system internal hard drives on the same computer? For example, Drive B on computer #1? May I just disconnect it during the scan? (Given the large number of files on that Drive B, it may take a very long time to scan.)
2. Are complete scans on the other three computers necessary, given that they are connected and used in a way described above (Remote Desktop, drive mapping, sharing external drives, etc.)?
3. How about the external drives? Do I have to scan all of them too?
Also, if the problem on computer #1 is serious, I'm ready to do a reinstall. But the same questions remain for the "clean" install:
4. When formatting the hard drive, should I just format the system partition, or the whole drive that has the system partition, or all the internal drives on the same computer?
5. If I have to format the entire system drive (which has separate partitions containing documents and such), I need to copy out the documents, media files, and possibly software installation packages to external drives and then move them back after the new installation of Windows. Will that be a problem, i.e., will the malware stuff hide in those files and come back to reinfect the new system?
I'm sorry for the long post. I know the above may just be really stupid questions, but I was confused and hope you experts could kindly offer some advice. Thank you!
Edit: I've replaced SAV with Symantec Endpoint. May I use that in place of the recommended anti-virus software, or better not? Thanks!