Against my better judgement I foolishly opened an MPEG video emailed to me from
ID: 658106 • Letter: A
Question
Against my better judgement I foolishly opened an MPEG video emailed to me from a friend's email address because the topic in the email was something we had recently discussed.
I am fairly certain that the MPEG was malware as it only opened Media Player long enough to do some kind of exploit and then closed. Shortly afterwards the Windows Explorer window containing the file closed.
I immediately swore, switched off the PC and disconnected it from the Network and Internet. I then disconnected the SSD D: drive that the MPEG file was saved to and restarted the PC. I ran a full Windows Defender scan and cleared out the Windows temp files.
I suspect that the D: drive has been compromised by a scripting attack and perhaps been encrypted? I have not checked to see if I can access the D drive for fear of making matters worse.
Does my analysis sound correct?
How should I recover from this? Is there some way I can format the D: drive without compromising my system?
Any help will be gratefully received.
Explanation / Answer
If you can access the D drive after booting from your boot disc (which is different from booting into safe mode), then it will be reasonably isolated to scan everything using multiple virus, rootkit, and malware scanners. The only vulnerabilities you will be exposing your system to at that point, it has already experienced.
You can just format the D drive at that time as well. If you want to be extra cautious you can use a format parameter (such as /P:1 or /P:3) that will overwrite most of the sectors on drive D, but that will take a fair amount of time to run