Currently with virus: New Poly Win32 - Do I format?

http://www.bleepingcomputer.com/forums/topic63402.html

Read the info at the above link re removing it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If that fails for your scenario:

Download, install, update and scan with each of the two programs below to check for/remove Malware/spyware.

Do all the above work in Safe Mode with Networking.

 

To get into Safe Mode with Networking, tap F8 right at Power On / Startup, and use UP arrow key to get to Safe Mode with Networking from list of options, then hit ENTER.

 

 

Read all info below before starting:

 

http://www.malwarebytes.org/mbam.php

 

Malwarebytes is as the name says, a Malware Remover!

Download the Free Version from the link above.

Download, install, update and scan once a fortnight.

How to use Malwarebytes after it is installed:

1. Open Malwarebytes > Click on the Update Tab  across the top> get the latest updates.

2. On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer

3. MBAM will now start scanning your computer for malware. This process can take quite a while.

4. When the scan is finished a message box will appear

5. You should click on the OK button to close the message box and continue with the Malware removal process.

6. You will now be back at the main Scanner screen. At this point you should click on the Show Results button.

7. A screen displaying all the malware that the program found will be shown

8. You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.

9. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.

10. You can now exit the MBAM program.

 

http://www.spybot.info/en/index.html

 

Spybot Search & Destroy 1.6.2 is a very good, FREE Anti-Spyware Program.

Download, install and update it.

Then SCAN with it.

Update it, and scan your System once a fortnight.

 

 

 

Important re: Safe Mode

If you happen to find a problem that you can’t uninstall / delete, reboot the computer, and go into Safe Mode.

To get into Safe Mode, tap F8 right at Power On / Startup, and use UP arrow key to get to Safe Mode from list of options, then hit ENTER.

RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D while in Safe Mode.

 

If unable to install above Programs in Normal Mode:

Sometimes Trojans, Viruses, Malware, etc stop you installing and/or updating Programs to remove them.

If that happens, reboot into Safe Mode with Networking (from F8 list of Startup Options), and install, update and scan from there.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


If nothing works, save your Data(Read info at Dell's link below on how to do that), reinstall.
And if you reinstall, scan your saved Data to make sure it is clean of Malware.

How to use Dell's recovery DVD:

http://supportapj.dell.com/support/topics/global.aspx/support/dsn/en/document?journalid=67E9C215C4BABD6CE040AE0AB5E14F05&docid=339949

Above is Dell's way to reinstall Vista from the DVD to your computer.

Dell has all the info on saving Data at the above link, and info re the Drivers and Utilities CD.

And how to use their Recovery Partition, if possible:

http://supportapj.dell.com/support/topics/global.aspx/support/dsn/en/document?journalid=67E9C215C4BABD6CE040AE0AB5E14F05&docid=336966

And this way if you have a Recovery partition on your Hard drive.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And when you are up and running again, some general info on what to do with that Recovery partition that Files are being saved to:

Recovery Drive:

 

Contact your Computer Manufacturer on how to remove anything you have saved to the Recovery Drive, as it is their Recovery Partition, not Microsoft’s.

 

Your D: Drive normally is the Recovery Partition, that the Manufacturer put there, for your computer to put it back to factory settings in case of System Crash.

It is not for you to save anything to; and it is not to compress and/or Index,, Disk Cleanup, use for Backup, Defrag or have System Restore turned on for it.

You are supposed to have made Recovery disks from D:, in case of Hard Drive failure.

Ask the Manufacturer how to make them, and how to delete/fix what has been done there.

Cheers.

---

Mick Murphy - Microsoft Partner

While in Safe Mode try to run anti-malware programs since you are definitely infected with a VERY nasty virus (and already sustained some damage). To fix this problem download,  install, and run the following two programs: http://www.malwarebytes.org/mbam.php and http://www.safer-networking.org/en/index.html.  You should also want to try a free trial of Pandasoft (www.pandasoft.com).  Before downloading pandasoft, uninstall whatever anti-virus program you are currently using (because installing and running two at the same time can cause conflicts, freezes, and all sorts of problems).  Once you've uninstalled your current AV program, download, install, update, and scan using Pandasoft.  I think you might be amazed at how much it finds that the other software missed.  Once complete, uninstall pandasoft and re-install your current AV program (unless you decide to switch which I did when I first tried it about 4 years ago).  You should also want to try the new, free Microsoft Security Essentials http://www.microsoft.com/security_essentials/default.aspx (with the same caveat that only ONE AV program can be installed and running on your system at any one time). Reboot after completing all the scans.  This many programs may seem like overkill but you're definitely already infected so it's best to be on the safe side.

If these scans and cleans resolve the problem (if it shows it's been stopped), then let's check some of your system files:

Go to Start / Alll Programs / Accessories / Command Prompt and right click on command prompt and click run as Administrator.

Type sfc /scannow and enter and let it run. It will scan and try to fix some of your system files.  Hopefully it will complete with no corruption it could not repair (if such corruption occurs, post back here).  Chances are good there will be some corruption given the quarantined files.

While we're there, let's check your hard drive by typing chkdsk /f /r and enter and let it run.  It will scan and try to fix any bad sectors.

If it still doesn't work (if the virus is no longer active but some damage remains -you can't do some things on your PC) then the next logical step is a system repair/upgrade using a genuine Windows Vista Installation Disk (one you own or  one you can borrow from ANYONE).  Here are the procedures: http://www.vistax64.com/tutorials/88236-repair-install-vista.html along with the upgrade from an earlier version of Windows section from http://support.microsoft.com/kb/918884.  If the other procedures don't work, THIS one is almost certain to work (though the worry of still being infected depite the many scans will remain).  You may have a lot of updates to re-install (including any service packs you had to remove).  If the version on the system cane with SP1 or SP2 pre-installed and the disk is an earlier version, then you'll need to make a slipstream disk as follows: http://www.vistax64.com/tutorials/151606-vista-sp1-slipstream-installation-dvd.html.  Although this does not affect your data, settings, or programs, you should still first make a backup to be on the safe side.  If you can't get your hands on a genuine Windows Vista Installation Disk then we have no choice left but a clean install to factory settings.  You should backup your important data before doing this even though it is technically saved (just to be on the safe side).

If the scans don't stop the infection or if they do and there's too much damage and you can't do a system repair/upgrade,  then the only solution is to format the drive from the recovery disk and do a clean install (after backing up all your important data since this virus seems to target mostly .exe and .dll files).  Let's hope the virus didn't do much damage to D: drive since that seems to be your recovery partition for reinstalling the system from a clean boot if you don't have a genuine Windows Vista Installation Disk or the Recovery disk isn't an installation disk too.  Here're instructions on a clean boot: http://www.winsupersite.com/showcase/winvista_install_03.asp - but you may need to follow those provided by your computer vendor/manufacturer for use with your recovery disk and recovery partition instead.

If the recovery partition is damaged (or infected and re-infects your machine again) and you're unable to do a clean install contact the manufacturer and see what they can do to help you.  If they will do nothing, then your only choice is to purchase a copy of Windows Vista or another operating system (like Windows7) to install from scratch.

Good luck and I hope this helps.

---

Lorien - One - MCSE/MCSA/Network+/A+