Solved

Vfat virus /boot sector type

Posted on 1998-11-09
7
159 Views
Last Modified: 2013-12-29
Had a malicious email from Holland- my clock kept cnanging times to 1996 etc Ultimately got the dreaded 'Non system Dsik error' Booted with the System Disk in a: drive and attempted to reinstall Win95, then got error messages about Vfat (thats why I call this one the Vfat Virus). I then tried to access C: drive from the A: drive. This was sucessfull. I guessed that the io.sys and or msdos.sys files had been corupted so I decided heck I am about to lose all my data anyway - so I simply typed sys C; at the A prompt. I then retried to reinstall windows95 AND IT WORKED :) So iv'e still got the darn virus only it is struggling to survive with unprdictable sytem files hehe
Though my MS Explorer is running really slowly Netscape is running fine. I am here on MS Explorer. I will try to get to Mc Afee Antivrus Site to get the FORM A treatment But I will check back to see if any one has an easier answer to this nasty bug.
mike
0
Comment
Question by:mcaddan
  • 3
  • 2
  • 2
7 Comments
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
If you have a virus, get the antivirus software.  I prefer McAfee myself, but Norton or any other reputable 3rd party should work for you.
0
 
LVL 3

Accepted Solution

by:
uilleann earned 30 total points
Comment Utility
try fdisk /mbr
that should get rid of it.
0
 
LVL 3

Expert Comment

by:uilleann
Comment Utility
ooops, do that after booting from a CLEAN floppy disk
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
doing an Fdisk/mbr MAY get rid of it for you (I had a hard disk that didn't respond to this and the only way to remove it was to use antivirus software).  But consider this.  You got the virus from somewhere and you won't be able to find out unless you get an antivirus package that checks floppy and you're hard disk.  Last time I checked, fdisk/mbr doesn't work on floppies.
0
 

Author Comment

by:mcaddan
Comment Utility
Hi again Uillean and lew I wish could reward both but Uilleans answer is the better - incidently Mc Afee AntiV does not see the darn thing at all! It is still in there some where and has invaded a completely empty drive! H: that is.
Before I fdisk/mbr  the C: drive I wonder would that eraze the data out side the master boot record? If not does fdisk/mbr just renew the boot area and not the rest of the disk?
Any case I know enough not to crash but not enough to isolate this one!  PS I do like MS
experts board and am now beginning to use Explorer more than Netscape hmmmm I wonder if this is a result of the xcellent news reader that comes with Win95 :)

0
 
LVL 3

Expert Comment

by:uilleann
Comment Utility
leew is absolutely right, the fdisk /mbr ONLY changes your bootrecord.
The virus is still somewhere on your system.
First kill all files you got in the email that caused this.
Second, get a decent anti virus prog.
Look for Thunderbyte, it finds so much it sometimes drives me crazy, changed code (cracks)
viri off course and..., eeeh.., it can immunize your bootrecord. (also on flops)
I must warn, it's a whiner, but better very safe than very sorry, not?
So, a dutch trick led to this, let a dutch anti-virus prog solve it :)
0
 

Author Comment

by:mcaddan
Comment Utility
Thanks Guys, incidently there appears to be two win.ini files. I dont know why. One is the regular one in the windows directory, a second was in the programs directory. I moved that one to a floppy. Performance was not affected! That file when edited is goobldy gook ... lots of charicters no recognizable text!
Here is the contents
MZ ; ³ @ Aÿÿ    !                    '   2   =   H   S   ^   l      ‹   –       ®   Ä   Ò   ã   î   ù       #  .  <  Q  [  f  p  {  †  ”  ¥  °  ¾  Ï  Ú  ä  î  ù   ! ¶ ! » !  ! Õ ! ÷ ! !   8²"@! ƒ! š! Ž! w! [! A! í! Ó! ¹! ! N!  Óp! |! |! ž! ²      ! a
! Ê ! ¤ ! I ! ò
! š      "ž      "¢      "¦      "ª      "®      "²      "…! m! _! ´! ! ²! ©! Ž! k! <! 3! *! !!  ! ²! ©! „! {! .! ó! —! L! Ù! Ê! ¾! ¦! š! p! g! L! @! $! ! ü! é! Á! ²! ¢! ‹! s! c! L! ! û! $! ß! Í! ¹! ­! ¢! †! \! J! ,! ! ý! ¿! ‹! V! ?! j!  Ò Ó1      8&
8*
8N
8R
8v
8€ 8¦8ª8 88Ø8Ü8=8A8¢88l8p8Ñ8Õ8
88o8s8Ô8Ø86 8: 8› 8Ÿ 8ƒ"8>:8B:8?;83>8U>8                                                                                                                                                                                                                                                                                      U‹ì¸ š¾! VWj šÆ;8ƒÄj šà;8ƒÄhB š2! ƒÄhW š2! ƒÄhZ š2! ƒÄh^ š2! ƒÄhw š2! ƒÄh“ š2! ƒÄh° h² šÞ! ƒÄ‰Fü=  té) jšÆ;8ƒÄj šà;8ƒÄh¿ š,! ƒÄjšã! ƒÄhÐ hÒ šÞ! ƒÄ‰Fü=  téj ÿvüšò! ƒÄhÞ hà šÞ! ƒÄ‰Fühì ÿvüšô! ƒÄÿvüšò! ƒÄÿvüšò! ƒÄhñ hó šÞ! ƒÄ‰Füh ÿvüšô! ƒÄÿvüšò! ƒÄh      š2! ƒÄhhšÞ! ƒÄ‰Fü=  té) jšÆ;8ƒÄj šà;8ƒÄhš,! ƒÄjšã! ƒÄÿvüšò! ƒÄh-š2! ƒÄhJhLšÞ! ƒÄ‰FühUÿvüšô! ƒÄÿvüšò! ƒÄhºh¼šÞ! ƒÄ‰FühÈÿvüšô! ƒÄÿvüšò! ƒÄjšÆ;8ƒÄj šà;8ƒÄhvš,! ƒÄ_^ÉË                              ´0Í!<s3ÀPË¿‹6 +÷þ r¾ úŽ×Ä>ûsèW3ÀPè÷¸ÿLÍ!6£Î†à6£Ì‹Æ±ÓàH6£Œ»Ž6Œƒäþ6‰g¸þÿP6‰g
÷ÐP6‰g6‰g6‰&ˆ÷‰6 ŒÃ+Þ÷Û´JÍ!6ŒÊü¿F ¹@+Ï3Àóª‹0 ãÿÑš”! š! 3íš! ÿ6îÿ6ìÿ6êš    PèÃ.¡ŽØ¸ ÇŠãP.‹ŽÛšð! è™è<>2 ÖÖuXPÿ6 ¸ÿ PÿŠ¸ 5Í!‰¶Œ¸¸ %ºÝ Í!‹B ã)ŽÊ&‹6, ¡D ‹F 3Ûÿ@ séd¡H ‹J » ÿ@ ŽÊ&‹, ã>ŽÁ3ÿ&€= t4¹ ¾¨ó¦t ¹ÿ3Àò®u!ëå‹÷¿Ö±¬,ArÒà’¬,Ar
ªëî» €§Ö¿¸ DÍ!r
ö€t€Ö@Kyç¾L ¿P è³ ¾P ¿P èª ¾X ¿X è¡ ËU‹ì3ÉëU‹ì¹ ëU‹ìVW¹ ëU‹ìVW¹ˆ.ýQ
Éu¾4¿4èm ¾P ¿T èd >2 ÖÖuÿ8 ¾T ¿T èO ¾T ¿X èF šâ! ÀtX
äPu ƒ~ uÇFÿ è X
äu‹F´LÍ!_^]Ë‹B ã» ÿ@ Ŷ¸ %Í!Ã;÷sƒï‹ EtòÿëîÃU‹ì¸ü P蜃>  tÿþ¸ÿ P艋å]˸ é.þYZ‹Ü+Ør ;r‹ãRQËRQ¡@u3Àéþÿ.V3ö¹B 2äü¬2àâû€ôUtèÿ¸ Pè<¸ ^ˏ
¡Îº <t)ŽÊ&Ž, Œò3À™¹ €3ÿò®®uûGG‰>ð¹ÿÿò®÷Ñ‹Ñ¿ ¾ ŽÊ¬< tû<      t÷<to
ÀtkGN¬< tè<      tä<t\
ÀtX<"t$<\tBëä3ÉA¬<\tú<"tÑëÓ‹ÁÑéѨuÊëN¬<t+
Àt'<"tº<\tBëì3ÉA¬<\tú<"tÑëÛ‹ÁÑéѨuÒë—‰>ê×GÑç×B€âþ+â‹Ä£ì‹Øû6‰?CCÅ6ð¬ª
Àuú6ŽÊ¾ ë3Àª¬< tû<      t÷<t|
Àtx6‰?CCN¬< tá<      tÝ<tb
Àt^<"t'<\tªëä3ÉA¬<\tú<"t°\óªëÑ°\Ñéóªs°"ªëÅN¬<t.
Àt*<"t·<\tªëì3ÉA¬<\tú<"t°\óªëÙ°\Ñéóªs–°"ªëÍ3ÀªÇ  ÿ.U‹ìŽÊ&‹, ŽÃ3À3ö3ÿ¹ÿÿ Ût&€>   tò®F®uú‹Ç@$þF‹þÑæ¹       è¦ P‹Æè  £î‹Ï‹Ø3ö_Iã&‹6;¨uQVW¿¨¹ ó§_^Yt&‰?CC¬ª
ÀuúâÚ&‰]Ë U‹ìVW‹V¾m ­;Ât@–t —3À¹ÿÿò®‹÷ëë–_^‹å]Ê U‹ìWÿvèÊÿ Àt ’‹ú3À¹ÿÿò®÷ÑI» >2 ÖÖuÿ4 ´@Í!_‹å]Ê  SQ¹ ‡Ö      QPš ! [Ö      YŒÚ Àt[ËÁéSû r3À‹å]ËsøPè X2ä‹å]Ësè ¸ÿÿ™‹å]Ë2äè Ë¢Ò
äu"€>Ír <"s < r°ë<v°» ט£ÄÊÄë÷ Ë U‹ìƒìWV¿ÿÿ‹F‹ð‹ØöG@tÆG é™ öDƒué‹ VèãƒÄ‹ø‹Þë&‹‡Ê‰FþVè/ƒÄŠD*äPš! ƒÄ À|Yƒ~þ tV¸ PFôPš¢! ƒÄFö‰Fò€~ô\t¸"PFôPšb! ƒÄëÿNò¸
 Pÿvòÿvþš*! ƒÄFôPš6!! ƒÄ Àt¿ÿÿÆD ‹Ç^_‹å]ËU‹ìVšÔ! ‹ð ðu3ÀëVÿv
ÿvÿvšÔ! ƒÄ^‹å]ːU‹ì3ÀPÿvÿvš²! ‹å]ːU‹ìƒìWV‹vVèýƒÄ‹øF
PÿvVšü ! ƒÄ‰FüVWèSƒÄ‹Fü^_‹å]ËU‹ìƒìWV¾.VèŃċøFPÿv¸.Pšü ! ƒÄ‰Fü¸.

0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

For a variety of reasons, it sometimes makes sense to reboot a Windows-based computer on a regular, perhaps daily basis. This "cures" a lot of ills by resetting processes, flushing caches, refreshing memory, and reestablish network connections. In a…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now