Help? A virus damaged 2 mobos and 2 or 3 hard drives.

[IsmaelRamos]

Two or Three weeks ago I received a virus thru the Internet that infected my main computer.

It is a "Boot Virus" that installed itself into my hard drive and into the motherboard BIOS, and that does not allows windows to boot or to be re-installed in that hard drive again.

I tried to erase it, by formating the hard drive and by running F disk several times, but there is no way to get rid of it.

It looks like it installed hidden files into the hard drive that are impossible to erase.

To make it worse, since my computer was unable work I decided to put together another computer using another motherboard. Before installing the hard drive into the computer I "Fdisk" the hard drive to eraze all partitions and then installed the hard drive into the "new" computer. When I run Fdisk in the new computer "Fdisk" the gave me a message that indicated that "Fdisk was going to modify the boot sector" and to answer yes or no. Thinking that saying yes was going to correct the problem I answered yes, and I ended with another motherboard infected.

And, to make it even worse, I tried with a new hard drive, and it infected it also, since the virus was already in the motherboard.

Now both of this hard drives are the main hard drives for Windows and programs only, not for data, which is a different (separate) hard drive, and I don't know if that third hard drive (the most important, because it conteins all the saved data) is also infected.

I was running Norton Anti-Virus, which I always check for updates in a daily basis, and Norton cannot detect any Virus at all. The virus seems to be new and very powerfull, because it damage the motherboards and the hard drives. The motherboard built-in anti-virus "PC-cillin" indicated it is a Boot-virus.

I contacted Symantec Norton Anti-Virus and their response was basically that they do not care. I asked them if I can send them the Hard drives to them so they can check if for what type of virus it is and if possible for the virus to be eliminated and they indicated NO, that they don't do it.


What I can do. Symantec do not care if I got a virus, even while using their product and they don't help me in any way to get rid of it either. I don't know how I can get rid of the virus in the motherboard, if possible.

Someone told me that by installing an updated BIOS in the motherboard I can get rid of the boot virus in the motherboard. Is this true? How is done? What about the one in the hard drives? How I can get rid of it, if possible? Or, did I had to buy new hard drives and loose all the information that is still in the data hard drive?

How can I prevent this from happening again?

Don't tell me with Norton Anti-Virus, because it is a useless program, and from a Company that do not care at all about its customers or its problems.


Thanks in advance for your help or comments in this respect

 

[BallisticMissle]

woah.. ur problem seems very very serious .. you should try rebooting your computer..so deletes everything

 

[BallisticMissle]

but should be last resort if nothing else works

 

[Rick014]

You can save your drives by doing a low-level format. It will clean the complete drive. Then fdisk and do a normal format.
For low-level I use Ontrack data eraser. Check with the drive manufacturers web site, they may provide a free utility for doing the same thing.

 

[Knightlife]

Perhaps reflash your motherboard bios as well? Just a thought if the low-level format idea doesn't work.

Edit: Actually, flash the BIOS first. That way, you know that the motherboard won't just be messing up harddrives. I need more information about your system (motherboard type/processor) or I can't help you any more.

 

[jbritt1234]

Dude, the chances that you have some new monster virus is pretty small. No offence, but you've probably just got something wrong. It's possible, but not probable. If you got this virus a few weeks ago, I would think that it would have ended up on the news by now.

What OS are you trying to install?

 

[IsmaelRamos]

Knightlife: I sent the main mobo (Soyo) back to the company for replacement under warranty. It was using an overclocked AMD XP-2400+.

I still will need to fix the other infected motherboard (by the same hard drive, even after being F-disk and formated from a CD). This one is a DFI K6VB3+ with 2MB of L3 cache that was running a K6-III 500Mhz.

 

[IsmaelRamos]

I tried all them from DOS, OS-2, Win 98, Win Millenium, Win NT- 4.0, and Windows 2000, even using NTFS intead of FAT (in the case of Win NT and 2000).

All them will try to install, but will not finish the instalation, and of course there is no way to boot into any version of Windows.

 

[dw58]

It sounds like the MBR is infected in the hard drive. The master boot record is not cleaned when you do a normal format or fdisk ( I know, I just went through this.). To clean the mbr run ' fdisk /mbr ' without quotes. Good Luck

 

[BT7990]

Just curious:

When you identify this new powerful monster virus that wrecked your motherboards BIOS and a low level format will not remove, please let us/me know the name...

 

[Rick014]

I don't think he's done a low level yet, as this would erase the boot sector of the hard drive and remove anything that's on the drive.
If the M.B. bios chip is infected, a bios flash might not fix it as a flash does not erase all the info in the bois. He may have to replace the bios chip to salvage the mother board.

 

[Jeff7]

I don't think that a sophisitcated virus would be able to fit in the BIOS chip. There's not a whole lot of space there to begin with, and the BIOS program itself needs to occupy some of that just to be able to boot the system, much less be able to interact with drives in order to infect them. As far as I know, BIOS viruses usually have one goal - damage the BIOS so that the system is unbootable and thus completely unusable. Plus, these viruses are very rare; I also find it unlikely that this is a super "unstoppable" virus.

What was it that you downloaded; what did it do initially to make you say it's a virus?

But whatever it may be, on an uninfected computer, make a boot disk and put ZAP on it (IBM disk utility). Also put Fdisk and format on the disk; maybe you'll want to just use a floppy image (I prefer Win98SE w/out RAMdisk) from Bootdisk.com. Use the little tab on the disk to write protect it. Put all the infected hard drives into a computer (with no other hard drives), and boot it with the safe boot floppy. Type in ZAP 0 to do the first disk (primary master), ZAP 1 for the next (primary slave, and so on...this'll destroy anything on the drive. Then you can Fdisk and format the drives. Viruses will be gone. As for the infected/corrupted BIOS, try the clear CMOS jumper on the motherboard, then flash the BIOS with a ROM/BIN from the motherboard maker's website; write-protect the floppy first though to avoid any problems.

 

[IsmaelRamos]

As Rick014 indicates, I have not yet done a "low level format". Put it this way, I don't know what "low level format" is, and I do not have any program to do it yet. I am trying to get one. Up to now they had told me to use "On track data eraser" or "WDclear" to do a low level format.


The virus just do not allows Windows to turn on. At boot (or re-boot in case of a clean new instalation) it will give you a message that indicates that Windows cannot find a file needed to run.


Probably just deletes that needed file for Windows to boot, again and again.

 

[IsmaelRamos]

I do not (at least in purpose) download any file. I was browsing (surfing) in the Internet, and when I clicked to open one page many others pages opened automatically and started downloading or doing something, I tried to stop the download by using control-alt-delete and ended re-booting the computer. It never turned on after that. I don't know what it was doing because the message was on German, and I tried to stop it as fast as I can.

By the way Norton Anti-Virus was updated the day before. I always update the anti-virus in a weeekly basis every Wednesday night. And I am running a firewall due to my cable modem, and an Anti-Spies program (really good).

 

[jbritt1234]

Ismael, Basically when you low level format a hard drive, it writes all 0's to the hard drive, erasing every bit of data from the drive. When you do a regular format of the drive, not ALL the data is astually re-written and some viruses can remain on the drive.

As far as where to get one, use the link that Jeff7 included above. I have personally been lucky enough that I have never needed to use one, but i'm sure it works fine. I'm not familiar with the 2 you mentioned, but that means nothing.

After you get that taken care of, reinstall Windows. 1st, Be sure you have everything plugged in correctly and all the cards fully seated. Be sure you have master/slave settings set correctly on the HDD. From your 1st post, I take it that you have 3 HDD's in your PC. Only have 1 drive connected when you reinstall. This will eliminate any conflict with the drives.

Tell us how that goes.

Good luck!!!


p.s. In my opinion NAV is a very capable antivirus program. But, in the quest for the fastest most optimized computer, i notice myself disabling the background scanning when I play games etc. Then I never re-enable it when I go back online or check e-mail. It's probbably only running about 1/8 of the time my PC is on. This seems to be a common trend with other peoble also. That's why businesses have to use corporate versions so the users cand disable them. Not only do you have to have updated definitions, the program has to be actually running to find them. If I ever accidently open an email with a virus, i'm probably screwed cause NAV isn't scanning...

 

[IsmaelRamos]

First: How you make a boot diskette? Is that the same as formating a brand new diskette?

Even to flash a motherboard they say "create a bootable diskette" and install the new flash Bios on it in order to re-flash, but...How I create a bootable diskette in order to re-flash the mobo.


I really want to try your idea by using the computer I am using right now to clean or erase the infected hard drives, but I am a little confused with your instructions. Did ZAP will be able to do the low level format needed to erase those hidden files that Fdisk, format and ScanDisk cannot get rid of.


Now two of the affected hard drives (both were used as "C" drives) are no big deal, because they used to contain only Windows and programs, which I had all the CD's to re-install them. In fact, I even don't care about them, I can put brand new ones to replace them.

The one that really worry me is the one that I was using as the "D" drive. That's were all my data, years of work is. That's the one I don't know if has been infected. If there is any way to know if it has been infected or no, or if infected if I can get rid of the virus from this one without loosing all the data on it?

 

[jbritt1234]

Go 2 lhe link Jeff7 included above for bootdisk.com you can get one there. They are easy to use. You can also make on with Windows, but it's harder to explain.

Yes, ZAP is a low level format util.

Use only one drive as your C when you 1st reinstall and check it out. Be SURE 2 leave the D drive disconnected untill you are sure that everything is running fine. You can connect it later and windows will see it. You don't need to go buy another HDD.

 

[Cogman]

Im sorry, but I find that this Super Virus is more or less a figment of your imagionation. (thats right, I dont belive you). 1st, you are overclocking, that is the easy cause of you rebooting error. Your, Infection, Problem with the computers not booting up to windows is the fact that you changed the boot sector. You probibly renamed drive C to drive D or something to that effect. it is very possible that you have faulty ram. Poor ram, or lack of ram, will often leed a computer into failure when installing OS's. I would also like to know where you got all the diffrent copies of OSs, because that is quite the collection. Now here is my remedy for the so called virus.

#### If you plan to install a FAT32 file system ####
1. insert the boot disk into the floppy drive.
2. Make sure the BIOS is set up to boot to floopy
3. make sure that you are in the A drive
4. type in fdisk
5. delete all partions
6. exit and answer yes to all questions asking you to save
7. reboot and go back into the floppy
8. Type in Fdisk
9. remake your partions.
10. answer yes to all questions as you exit.
11. reboot
12. type in Format C:
13. repeat for every partion you created placing the correct drive letter in its place (D, E, F, G)
14. insert the OS for a fat32 system and cd into the cdrom
15. run setup.exe
16. install windows you you choosing.
17. reboot one last time and have fun.
#### Windows XP installation ####
1. insert winXP cd into the Cdrom
2. Enter the BIOS and make sure you are set up to boot to cdrom
3. it will ask you to select the installation partion, delete all partions and choose the blank white space
4. Make sure (if it give you the option) to install the NTFS file system onto the hardrive
5. It should ask to format the HD quick or slow, do the slow one.
6. install winXP to your likings
7. remove the CD-Rom and enjoy.

Im rusty on the exact details as Im running a pure linux system and have not installed windows for over 2 years now. also, I will go on to say the it is unlikly that you installed a virus, especially and BIOS virus, just by surfing the web. The virus you described would have to be very sophisticated to act the way it did with the BIOS with completly devestating the computer.

 

[IsmaelRamos]

Thanks jbritt1234 for the info.


I only had two hard drives in the computer. One as the "C" drive for Windows and its programs and another as the "D" drives for all the data to be saved. I never save nothing at all on the "C" drive, not even downloaded programs. I created a folder in the "D" drive just for those programs that I download or for updates.


The third hard drive was infected when I installed it to the computer as another "C" drive when the prior Hard Drive refused to boot into Windows and to re-install Windows on it. The secondary cable for the "D" drive and CDRW recorder was disconneted during this process. That is the reason that I know the virus is on the motherboard, because there was no other hard drive connected at that time to infect the new hard drive, and I was booting from Windows CD not from a floppy.

 

[IsmaelRamos]

The hard drives were Fdisk anf formated several times during all the attempt to install any version of Windows.

Yeah. You cannot imagine how many versions of Windows I have accumulated during all these years (even on floppies). I have being working with computers before Windows was even invented. At that time we used DOS and DOS programs. Windows was a blessing compared to DOS. It was a pain in the back having to memorize different commands for different programs.

By the way, I also had different versions of Linux. Do you think they may be able to help? I never had used any one of them, but they came with computers that I erase them and installed Windows. The latest one that I had is Lindows v.3.0.5

 

[Cogman]

Well, As a test to see if you truly do have a virus. you could get a copy of Mandrake, or RedHat and reformat your drive to ext2 or ext3. If that did not work then I might be wrong. (Has happend before so it is possible) But like I said. It just seams very unlikly that you have a virus, it sounds as if you have had a computer for a long time as well. something you might try, you said you have data saved onto one of the drives right? well if you get a startup disk from a non infected computer and lock it, the floppy can not be infected. Also if that data you have is word document, you can try starting via boot disk and placing in a clean disk and coping the files onto that disk.

 

[BT7990]

I have being working with computers before Windows was even invented.

but

How you make a boot diskette? Is that the same as formating a brand new diskette?

Something smells funny...........or is this a test?

 

[Ape]

Sounds like the NYB virus. But I could be wrong. Ape Out

 

[jbritt1234]

This is the description of the NYB virus off the Symantec site -

NYB is a simple virus that infects master boot records (MBR) and DOS boot sectors (DBS). NYB spreads to a system only when there is an attempt to boot the system from an infected floppy disk.

So, unless he booted off a floppy, that's not it.

Ismael, You keep on saying that you have f-disk'd and formatted your drive, have you done the low-lvl format yet?

Also, are you overclocking? If so, set it back to defaults. There is a good chance that is causing the problem. Iven if it booted ok before and you canged nothing.

 

[IsmaelRamos]

No, I have not done low level format to anyone of the infected hard disk yet. I do not have the program to do it yet either.


The first thing that I did when the computer was not able to boot into Windows before formating, Fdisk and formating again the hard drives was to set the computer to its default speed. In fact, I even lower the speed from its default speed trying to see if that was the problem.


I know that the motherboard and the Master Boot Record of the hard drives are infected by a boot virus, because the Anti-virus program "PC-cillin" verified they are infected by a boot virus. I sent the motherboard to Soyo to be fixed or replaced under warranty. As soon as I receive it back, I will put the computer together again with brand new hard drives. I do not trust the old ones. One of them (200GB) was brand new, with only one or two weeks of use before being infected, and maybe I can be replace it under warranty, but I had not even tried to contact the manufacturer about this possibility. The other two are less than a year old, but I doubt they will replace them, so I will need to do a low level formating to them, to erase those hidden files.


As for floppy drives, I took them out of my computers like two years ago. I have no use for them. I use a CD-RW disk instead when I need to.


My main concern was trying to save the data from the infected "D" drive, but it seems cannot be possible.


I contacted Norton about this situation, and they told me the do not scan customers hard drives for viruses. They told me I had to put the virus in a floppy and mailed to them. Now, how I am going to send them a virus that hides in hidden files in a hard drive that has been Fdisk and formated and that it is supposedly empty (except for those hidden files). Norton Anti-virus software does not detect the virus as present on the hard drives or in the boot sector, even when was updated before doing the scan, so it cannot be NYB or it will detect it.


McAfee basically told me that since I am not using their product they cannot help me. In other word they do not care either. They told me, "buy our program and scan it with it".


Now, my question is. From where those Anti-virus companies get the new viruses if they do not scan customers hard drives for possible viruses? Are they creating those viruses themselves, in order to sell us their software? Are they creating them everytime they need to sell more software? Something smell fishy here.