I believe I have 2 hard drives infected with a Botnet Trojan. Symptoms: PC fan kicks into overdrive when computer is idle, and when in use. 100% CPU usage at all times. PC takes a long time to shut down, or won’t shut down properly. All programs are running very slowly, and Internet Explorer unstable and cannot download antivirus software updates / visit vendors’ websites. Internet access slows to a crawl. Cannot download operating system updates. Windows Task manager shows programs with very cryptic names or descriptions, and multiple "international resricted" connections. This is what ACTIVE KILL DISK revealed about a hidden sector on my hard drive that it was unable to wipe: Floppy Disk 0 NO NAME (A:) NAME: VERSION: SERIAL: DEVICE GEOMETRY: MODE LBA: NO CYLINDERS: 80 TRACKS PER CYLINDER: 2 SECTORS PER TRACK: 36 TOTAL SECTORS: 5760 BYTES PER SECTOR: 512 TOTAL SIZE: 2.813 MB (2949120 bytes) Writing Block (00) CANNOT OVERWRITE ERROR WRITING SECTORS 1 - 5760 ON FLOPPY DISK 0 Below is Image view of Floppy Disk 0: -<<ROOT>> +$ EXTEND .HS... (Hidden, system, MFT) $ Extend +$ RECYCLE.BIN .HS... (Hidden, system) +$ Recycle.bin +$ SYSTEM ~ 1 .HS... (Hidden, system, resident) System Volume Inf + $ EXTRA.!!! (Found) +!!! Extra Deleted $ mft 262144 .HS... (Hidden, system, MFT) $ mftmirr 4096 .HS... (Hidden, system, MFT) $ logfile 4194304 .HS... (Hidden, system, MFT) $ volume 0 .HS... (Hidden, system, resident) $ attrdef 2560 .HS... (Hidden, system, MFT) $ bitmap 1976752 .HS... (Hidden, system, MFT) $ boot 8192 .HS... (Hidden, system, MFT) $ badclus 0 .HS... (Hidden, system, resident) $ Secure 0 .HS... (Hidden, system, MFT) $ upcase 131072 .HS... (Hidden, system, MFT) $ Extend $ quota .HSA.. (Archive, hidden, system, resident) $ objid .HSA.. (Archive, hidden, system, resident) $ reparse .HSA.. (Archive, hidden, system, resident) +$ RECYCLE.BIN + S - 1 -5 - ~ 1 .hs... + S - 1 -5 - ~ 2 .hs... + S - 1 -5 - ~ 3 .hs... SYSTEM VOLUME INF Tracking.log .HSA.. (Archive, hidden, system) +!!! EXTRA DELETED +Folder 29 (Found) I believe this is the HIDDEN virus that has replaced the original MBR on my operating systems. I have not been able to wipe this with multiple operating system reinstalls, or low level formatting. I have tried multiple detection tools to no avail. Can anyone provide some insight on how (If it is possible) to remove, or at least cripple this nasty Trojan? Thanks!!

Have you tried running MalwareBytes on it? Since you can't download software on the infected computer, then you should use a flash drive to transfer the files over. Then update MBAM manually using their posted Rules.ref files if you can. You'll find that information on the site. after that, run a full scan and ensure that all drives are selected. Then post the log that appears. MBAM should detect something.

Have you tried running MalwareBytes on it? Since you can't download software on the infected computer, then you should use a flash drive to transfer the files over. Then update MBAM manually using their posted Rules.ref files if you can. You'll find that information on the site. after that, run a full scan and ensure that all drives are selected. Then post the log that appears. MBAM should detect something.

Since you are looking to do an OS reinstall, boot with a Windows 7 DVD. At the first screen hit <SHIFT>+<F10> to open an elevated command prompt. Assuming you have only a singe HD in your computer, type the following: diskpart select disk 0 clean Once disk is "cleaned," install as normal.

Hi, Please boot in Safe Mode, end the processes which occupy the CPU and memory from Task Manager. Then use the antivirus program or removal tool to scan for viruses. You can transfer the program or tool via flash drive. Microsoft Safety Scanner http://www.microsoft.com/security/scanner/en-us/default.aspx If the viruses cannot be removed completely, I suggest contacting PCSafety support for help. For support within the United States and Canada, call toll-free (866) PCSAFETY (727-2338).Niki Han TechNet Community Support

Hi, Please boot in Safe Mode, end the processes which occupy the CPU and memory from Task Manager. Then use the antivirus program or removal tool to scan for viruses. You can transfer the program or tool via flash drive. Microsoft Safety Scanner http://www.microsoft.com/security/scanner/en-us/default.aspx For information about Security updates, visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy. If you are having issues with installing the update itself, visit Support for Microsoft Update for resources and tools to keep your PC updated with the latest updates. Niki Han TechNet Community Support

Hi, Please boot in Safe Mode, end the processes which occupy the CPU and memory from Task Manager. Then use the antivirus program or removal tool to scan for viruses. You can transfer the program or tool via flash drive. Microsoft Safety Scanner http://www.microsoft.com/security/scanner/en-us/default.aspx If the viruses cannot be removed completely, I suggest contacting PCSafety support for help. For support within the United States and Canada, call toll-free (866) PCSAFETY (727-2338).Niki Han TechNet Community Support