• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Help? A virus damaged 2 mobos and 2 or 3 hard drives.

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Originally posted by: IsmaelRamos

I contacted Norton about this situation, and they told me the do not scan customers hard drives for viruses. They told me I had to put the virus in a floppy and mailed to them. Now, how I am going to send them a virus that hides in hidden files in a hard drive that has been Fdisk and formated and that it is supposedly empty (except for those hidden files). Norton Anti-virus software does not detect the virus as present on the hard drives or in the boot sector, even when was updated before doing the scan, so it cannot be NYB or it will detect it.

McAfee basically told me that since I am not using their product they cannot help me. In other word they do not care either. They told me, "buy our program and scan it with it".

Now, my question is. From where those Anti-virus companies get the new viruses if they do not scan customers hard drives for possible viruses? Are they creating those viruses themselves, in order to sell us their software? Are they creating them everytime they need to sell more software? Something smell fishy here.
Click to expand...

Can you imagine what the logistics and liabilities would be of sending drives containing both data and viruses in to companies? That would be a huge cost, hiring techs to analyze the drives (many of which would be false alarms), a shipping department to handle the incoming and outgoing drives - not to mention the privacy advocates yelling about what could be done with the data on the drive while it'd be in the hands of the corporation. Norton Antivirus' quarantine function does let you send any viruses that it traps to Symantec for analysis.
 
i had a similar problem with a boot virus. i didn't have any AVS installed so the virus ran rampant and infected almost every .exe's. the virus was designed to go off every april 26 and when it got to that date, my computer froze forcing me to reboot. the damage was already done, my HD with multiple partitions were hosed. i didn't know so i tired the HD in another computer with a flashable BIOS and the virus also hosed the BIOS. my first mobo didn't have a flashable mobo so it was still ok but the second mobo was dead and would not boot from anything, floppy, HD, cd, nothing. i didn't low level format before i reinstalled windows so only after a few days, everything was lost again. i then did my research and finally low level format before i install anything. that HD has been clean every since.

these boot virus suck big time...not only do they make you lose data, it can hose your hardware too.
 
I had been trying to get as much information as possible recently, about what I should do.

I was able to verify that in order to get rid of the "boot block virus" from the hard drives I had to use the FDISK /MBR command. My question is how I do it? Should I use the same procedure as FDISK, by booting from a Windows CD or DOS diskette, and just adding the /MBR switch, or did I need a special program or utility for this?

This procedure probably may not necessarily erase the virus from the hard drive, but maybe it does. At least, if it works, it should allow operating systems to be installed to the hard drives (right now the virus do not allow any operating system to be installed into the hard drives). And who knows, maybe I am lucky and I am able to save the data on the "D" (slave) hard drive, or not having to do a low level format to them.
 
jvang125,
Sounds the like "wonderful" Chernobyl virus, (aka W95.CIH) that you're talking about.
I've seen that turn up all too frequently when using winmx/kazaa.
Found a program that supposedly allows one to recover their HD in the event that someone actually gets their HD hosed due to that. (Not very likely now, one would hope.)
 
Dude,

If you will read the posts that people have left for you, you will find that yes, it's just fdisk with a /mbr switch. (C:\fdisk /mbr)

I was able to verify that in order to get rid of the "boot block virus" from the hard drives I had to use the FDISK /MBR command.
Click to expand...
It's great that you were able to "verify" that... Where did you get that verification? If I were you, I would still do that low lvl format.

p.s. If you ask how to do that again, or ask how to get the program, I will hunt you down and kill you like the dog you are... If I seem a little... Short... with you, it's because i'm agrivated that you ask our opinion, then you seem to not even read it, much less follow the directions, just ask more questions. Questions that have already been answered.
 
Originally posted by: jbritt1234
Dude,

If you will read the posts that people have left for you, you will find that yes, it's just fdisk with a /mbr switch. (C:\fdisk /mbr)

I was able to verify that in order to get rid of the "boot block virus" from the hard drives I had to use the FDISK /MBR command.
Click to expand...
It's great that you were able to "verify" that... Where did you get that verification? If I were you, I would still do that low lvl format.

p.s. If you ask how to do that again, or ask how to get the program, I will hunt you down and kill you like the dog you are... If I seem a little... Short... with you, it's because i'm agrivated that you ask our opinion, then you seem to not even read it, much less follow the directions, just ask more questions. Questions that have already been answered.
Click to expand...

Ok, some valid points there, but chill out a bit with the threats. The mods don't like seeing stuff like that; neither do a majority of the members here.

IsmaelRamos: The instructions are all here. ZAP the drive (zap 0), Fdisk it (fdisk /mbr), reboot, and then partition and format the drive. Assuming that the floppy you booted off of was uninfected, and write-protected, the hard drive connected (only have one drive connected at a time for cleaning) will now be clean of viruses, and any data in general that would pose a threat.
 
Ok, some valid points there, but chill out a bit with the threats. The mods don't like seeing stuff like that; neither do a majority of the members here.
Click to expand...

I wrote...
I will hunt you down and kill you like the dog you are...
Click to expand...

I'm sorry if you actually see that as a threat. In this day and age, that expression has pretty much become a joke. And that's how I ment it.

I COULD take your comment as a threat also. And I KNOW I wouldn't like that. But I am not taking it that way, because I know (well, think anyway) you don't mean any harm. Just the way I diddn't
 
Although Norton Anti-Virus (updated the day before the virus) was not able to find any virus, it really look like it is WIN32/CIH ver1.4 or maybe a new ver1.5, because I think it was around 1:00 a.m. in the morning of June 26th my system was infected.

After trying to clean the hard drives by doing Fdisk and format unsuccesfully I used one of the supposedly clean and formated hard drives (but obviously still infected) and it damaged the other motherboard also.

I received today one of the motherboards replaced under warranty by Soyo, but the hard drives are still infected. I have not tried FDISK /mbr on them yet. The hard drive manufacturers indicate I cannot do a low level formating to them because it will damage them unless it is done at their factory. They have a program to restore the hard drive to factory specs without doing a low level format, but I had not bother to download it yet. I may end buying new hard drives instead. It is a shame, the 200GB hard drive had only a few days of use, but I cannot risk using any of them and damaging more motherboards.
 
Your motherboard should have boot block protection. Make sure its enabled.
Just download your specific disk manufacturers utility, and do a zero fill on the drive from floppy.
I'll take that 200 giger off your hands if ya want.
 
I finally received and installed the motherboard. Soyo replaced it with another one, instead of just changing the BIOS chipset.

I did "low level formating", FDISK /mbr command and "low level formating" again to one of the hard drives, the "C" drive which is the one that I use for OS and programs, with a program called "Wipe Drive" from Access Data.

The computer seems to be running fine again.

I still had not done this procedure to the "D" (data) drive, but I will as soon as I have the time. I know I will loose all the information on it, but is the only way to get rid of the virus, if also infected. Supposedly WIN32/CIH 1.4 virus automatically infects all hard drives.



Hopefully this is the end. Thanks to all that help me with your positive and helpfull ideas.

 
You must log in or register to reply here.

TRENDING THREADS

Back
Top