can a virus survive a reformat??

Hi there,

I'm completely stumpted. My girlfriend has picked up the slotch bar IVC adware nasty and last week i tried every thing to get rid of it. Symptoms:
1. regedit would not open
2. msconfig would not open
3. the shift/control/delete program manager only flashes up for a millisecond and then disappears
4. Internet is sending and receiving thousands of megabyes for no reason (without even turning internet explorer on)

So - I reformatted the hard drive (format c: not fdisk).
After reloading windows XP and reconnecting to the internet the same problems reappeared without even connecting to an internet site. Megabytes being transferred in and out without reason.
It seems as though someone (or something) has control of the computer. We cannnot connect to websites without very long delays - obviously because the band width is being used for some other purpose and any other program takes an age to load.
The system is relatively new:
Windows XP
pentium 4 - 1,7Mhz

Any ideas???
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

moduloConnect With a Mentor Commented:
PAQed with no points refunded (of 500)

Community Support Moderator
Hello graeme57 =)

Have a look at this site !!

Task Manager, MSCONFIG, or REGEDIT disappears while opening:
( site credit goes to Ramesh >> :)

can u see those symptoms on ur machine ??

I don't think it's likely a virus will survive a reformat. After a hard drive died completely that wasn't infected I had this problem not long ago when reformatting a pc and then installing xp. Is the XP install disk XP only without SP1 by any chance? On internet connection the pc was immediately infected by some virus or nasty that ate up the internet connection bandwidth that I believe was taking advantage of a massive microsoft security vulnerability. Either way dealing with this can be a pain,

You have a few choices, but either way your best bet is to get the os, sp1, relevant windows update patches and a decent av program on it asap with minimal internet connection. You can go for XP sp2 if you're brave enough but I wouldn't recommend it just yet due to the problems still around with it. Some pc's are fine, others have problems with it related to hardware and/or software.

Assuming that you haven't too much data on this pc as yet as you've just re-installed it, I'd suggest:

Reformat and re-install the os, then without internet connection, also install xp - sp1. You may have a separate disk with it on supplied with the pc's original installation disks, otherwise get it from the link below. You can either burn it to cd from another system, or load it onto a usb flash drive,
Windows XP Service Pack 1a Network Installation
Then immediately after installing sp1, go to windows update and get the rest of the patches from microsoft from the custom install option of windows update if you don't want sp2. Next get yourself a decent av software : This is pretty good and picks up trojans (spyware/malware) very well too (symantec/norton isn't doing too well at this right now). Fully functional 30 day eval copy here but make sure that you update it immediately:
PC-cillin Internet Security
If you can do these you shouldn't have further problems, but post back what your situation is,

Deb :))
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Your system may have had a trogan. Formatting would have removed this, however the reoccurance of the problem may be due to a number of reasons:

-A hacker has your IP address and exploits a vunerability in your system and plants a trogan which closes the applications (or their windows) and allows him/her to add,move,delete files (the use of the bandwidth)
-Your software that you use (Windows OS, Office, games etc) may have a virus or trogan in them causing the reoccurance of the problem when you reinstall Windows.
-Windows had a number of flaws in it that allow hackers to remotely access and compromise your machine. If it has not been updated (which it would not have had after a reinstall) then this could most definetly be a cause (this is how the blaster worms worked)

Solving the problem:

1/ Install antivirus software if you havn't already (free one at
2/ Install a good firewall (can block the connection of a trogan or the like ) - Zone alarm:
3/ install anti-adware/spyware software : &

Hope this both explains and solves your problem


Also get updates your system :)

The trouble is trying to get to those sites if your Internet is running slow.....

You will have to try and wait.....

Best Regards,

no a virus wont survive a reformat because a virus is also a data element stored in the storage a reformat destroys every element in the storage therefore even the virus would surely destroy, that is why virus that cannot be cleaned in antivirus software offers options to delete the file which is infected because it is the "ultimate" solution in a virus
graeme57Author Commented:
Thanks to all replies.

Seems like most answers have their merits. The only possibility must be a compromised IP with an old copy of windows XP and the lurkers are able to automatically hack it immediately the internet connection opens.

This is the nastiest case of adware/trojan that I have encountered (and I've encountered a few). Once the computer is "registered" as vulnerable then you just cannot connect to internet or even use the system as there is no memory resource left.

My questions are:
1.What on earth are the hackers doing with all the system resource? Sending out emails? Tracking other vulnerable systems?
2. And how on earth do they justify the expense of setting such sophisticated operations up? does anyone really actually buy anything from them? or from the sites that they advertise?

Solutions: I am going to try the sp1 download (i have my own computer - the problem is with the girlfriends) in conjunction with a firewall and a different antivirus (currently using Norton - I have to say that it hasn't been very good at finding or dealing with adware - this particular compromise just turns it off - another one of the symptoms)

Then its the reformat followed by uploading all programs without internet.

I'll let you know how I get on.

Thanks for your help

Graeme (Madrid)
Download and run cwshredder from here:

This should be able to remove the hijacker.
>>>1.What on earth are the hackers doing with all the system resource? Sending out emails? Tracking other vulnerable systems?

There is a process that hackers use that involves hacking another more 'important' system from a compromised system that may be yours for example. This means that it is harder to trace the source of the hacker. If the hacker is doing this then they could be Stealing information from the 'more important' system. This would explain the bandwidth issue.

Similarly you are right, they could be a spammer using your system in a similar way to the abover mentioned example -> it makes it harder to track the real spammer because they are using a host of compromised machines

Thirdly i don't think many people buy from these guys but they make money from the advertisements, and so if they can get people to see, or click the ads then they are making money



Hi graeme,

Some virii hide a small portion of themselves in the Master Boot Record. If you're reformatting your HD, I would recommend that you do a complete FDISK operation. After that, on the command prompt, type FDISK \MBR. That switch will wipe the Master Boot Record in the drive.

After reinstalling your OS, my standard procedure is not to connect the machine to the Net or a network until an AV and Firewall have been installed. Only then, connect to the Net but only to run the AV Update. Disconnect from the Net and run a full system scan. Since only the OS and the AV/Firewall are installed, a full scan should take only a few minutes.

Then I would reconnect to the Net and run Windows Update.

That way, risk is minimized that any malicious software may reinfect the machine while it's still vulnerable.

Good Vibes!

If the virusis in the master boot record, then you can just do :

fdisk /mbr

without having to reinstall and reformat.

Redoing the master boot record with the above command should wipe the virus.
NO - don't run fdisk /mbr if you've just re-installed (although you shouldn't be able to just run it as is on an XP PC anyway)!
Please refer to these for future reference .
Any decent virus program that's been updated should be able to deal with a boot sector virus if present, although I seriously do not believe that's what the problem is here,

Deb :))


>>Norton - I have to say that it hasn't been very good at finding or dealing with adware

AdWare is a different beast to a virus, and a beast Norton is not designed to deal with. I would not trust any AV that claims to remove adware and spyware as well. To block adware and syware you need a good Firewall in place and, if you're gonna be using IE, also a good browser protection like the Immunize feature in Spybot S&D.

The behaviour you mention of shutting down Norton is typical of a trojan infection. In order to determine what is the nasty that is doing it I would run Process Explorer, and then use a combination of RegistrarLite and KillBox to remove the malware.

Good Vibes!

a) Yes if a virus ( such as Monkey) screws with the MBR it will survive a format
b) Bullguard is best AV
c) BlackIce is a good fw ( really should go nortel or cisco )
D) get firefox ( using ie is like inviting a virus to come in its got so many holes , goes for windows as well )
E) TDS-3 full system scan ( get the exe off of the website on your good machine burn to a CD-R and transport ) disconnect from internet till completed
All Courses

From novice to tech pro — start learning today.