Help with a virus infected hard drive!!!!

[MidgetSniffer]

Hi,

One of my moms friends computer recently got hit with a nasty virus.... Im not to sure which one it is though. I have to reformat the drive but it is not allowing me to do so. The drive DOES manage to boot up maybe 1 out of 10 tries so I know it isnt wasted. Do you guys have any suggestions on what to do? Its a HP pavilian with a 10 GB quantam fireball hard drive. any suggestions will be appreciated. Thanks in advance.

 

[agentK]

if your options are REALLY down to re-formatting the drive, heres what to do:

get a win98 startup disk and boot in a:\
run fdisk and check your drive... cuz im guessing the virus messed up the boot sector and the partitions of the drive
recreate all partitions (Dos and logical ones)
reboot and reformat
reinstall

Good Luck

 

[MidgetSniffer]

I tried that... i get a "no fixed disks present" message when I run fdisk... I did a search and saw that someone recomended to try fdisk/mbr which also gives me the same message. As far as data on the drive now goes, I really dont care about it. I already told the lady it was toast... I just want to get it so I can put a new OS on it. any other suggestions???

 

[Uuplaku]

Well, most virusses are crafty, and actually store temselves on the machines CMOS chip (it's a little Nickel-sized piece of metal on the motherboard). Carefully following the instructions in the manual, you should try to clear the CMOS. That will almost always clear up a virus problem. If it doesnt, then I really cant tell ya anything else.

 

[agentK]

fdisk /mbr resets the boot record of your drive. since "no fixed disks present" shows up, it may be a hardware problem. does the BIOS recognize the quantum drive? if not, try disconnecting the cables and reconnecting them and see if that works.

 

[MidgetSniffer]

O yeah.. the hard drive is definitly in bios... havent tried reseting the cmos yet though... keep the suggestions coming!!!

 

[VBboy]

<< Well, most virusses are crafty, and actually store temselves on the machines CMOS chip (it's a little Nickel-sized piece of metal on the motherboard). Carefully following the instructions in the manual, you should try to clear the CMOS. >>

This is simply not true.

First of all, only a couple of viruses deal with BIOS (not exactly CMOS), for example the Win32.CIH virus. But it doesn't store itself in CMOS. It does however flash your BIOS with "garbage", making the motherboard useless unless the manufacturer re-flashes it. It is practically impossible to store a virus in CMOS, let alone execute it from there.

However, many viruses to infect the boot sector of the drive as well as executable files. Also, they usually stay resident in memory and infect other running programs. That's how they usually spread, although they can also copy themselves over the network, spread using E-mail, etc.

As for formatting the drive: if the virus is already loaded in memory, it will simply re-infect the drive as soon as the format is complete. One must boot off a non-infected floppy disk and format the hard drive then.

 

[MidgetSniffer]

woah woah woah.... does that mean that my bootup disk is infected??? I agree with you on the cmos and being close to impossible to execute a virus from there, but where does that leave me with trying to get a new OS on this thing????

 

[VBboy]

MidgetSniffer,

Yes, most likely your floppy disk is infected. Always write-protect your floppies unless you actually need to write something this very hour.

I'm too tired to investigate your problem.. I don't know if it's a virus or a hardware problem or something else.. The best thing to do is to take our the HD, put it into another PC that already has an anti-virus installed, and scan your drive. Don't try to run any programs from it before you do.

The coolest virus I had was on my first PC. It was memory-residemt; after I formatted a floppy, it would copy itself to its boot sector, so it didn't show up as any file. The only way to tell was to look at the free space on the floppy: it was less than the 1.457 KB or whatever that number is, exactly.

 

[agentK]

VBBoy pretty much said it. make sure your startup disk came from a computer that your sure is clean.
also, if you take out your hard disk , install it in another pc and scan it, that will help you with two things:
1. if it detects a virus, then it was virus related and it wasnt your hardware
2. the drive isn't detected by the other pc and most probbably is a hardware problem
tell us what happens.