Another total Windows reinstall averted

The virus problem that I thought I had fixed came back again and I had more problems getting rid of it than I did before. Here is a record of how things went.

My regrun anti-Trojan security program detected that my autoexec file had been changed. If I turned off my computer windows would not restart claiming that it was missing numerous DLL files. This is the same thing that happened before so I knew that the virus was back. I also could not open most programs.

I did a differential backup to my external USB hard drive using Acronis TrueImage. (I will later use this differential backup to restore particular files and folders).

The last time I had this problem I fixed it by doing a virus scan and deleting the virus and then restoring an overwriting the entire Windows directory. Things were fine for about four or five days and then the virus came back. When I tried to restore the Windows directory this time I ran into multiple errors from Acronis TrueImage saying that it was unable to replace the file for whatever reason. I contacted Acronis support regarding the issue and they said it is not recommended that I use Acronis TrueImage to restore system files. If you would like to restore system files you should only do so when restoring an entire partition. Why it worked the first time and not the second I am not sure. I ran into the same error when trying to restore my user folder in the documents and settings. There must be some system files in there as well. However most of the files in the user folder did not cause an error so most everything was back.

I then restored my C drive partition using my Acronis boot disk. Click on this link to learn more about Acronis. The partition restore went just fine and everything was working. I did a full virus scan and found two different viruses and got rid of them after after turning off system restore and scheduling a boot time scan using my free antivirus software Avast. The antivirus software was having a problem deleting the file while Windows was running. The boot time virus scan was successful in deleting the file.

So then I was back in business. My computer was running without viruses however some files were about three months out of date. So I then use Acronis TrueImage to restore those particular out of date files such as: my Outlook data files, my voice recognition files, all files on my desktop, etc.

Here are the two different virus/Trojan’s I found:

win32:small-ejl

this Trojan was hiding in my system volume information folder.

I also found “win32:delf-cat” which is another Trojan that had replaced the Explorer.exe file in my Windows directory.

Soundman.exe was also found in my Windows directory and add it to my registry. Regrun was able to detect this one however my other virus package avast was unable to detect this one.

All of this restoring and virus fighting probably took around 10 hours over the course of four days.

Lessons learned:

try to keep all of your data on one partition and all of your Windows system files or operating system files on another. I already keep most of my data on a separate partition but I need to move the following data files: Microsoft Outlook data files, Dragon NaturallySpeaking voice-recognition user files, Cobian backup, and maybe a few others.

Do more frequent virus scans by scheduling them.

Do more frequent Acronis partition backups. I think you can schedule these too.

Learn more about my regrun programs features such as anti-replacement, file protection, boot time scans, registry restoration, et cetera.

A friend recommended that I try out another antivirus program called nod32. I tried to install the 30 day free trial but it said that I needed to remove all other antivirus programs so I decided to abort the installation and learn more about my current programs and how I could use them more effectively.