Vfat virus /boot sector type

Posted on 1998-11-09
Medium Priority
Last Modified: 2013-12-29
Had a malicious email from Holland- my clock kept cnanging times to 1996 etc Ultimately got the dreaded 'Non system Dsik error' Booted with the System Disk in a: drive and attempted to reinstall Win95, then got error messages about Vfat (thats why I call this one the Vfat Virus). I then tried to access C: drive from the A: drive. This was sucessfull. I guessed that the io.sys and or msdos.sys files had been corupted so I decided heck I am about to lose all my data anyway - so I simply typed sys C; at the A prompt. I then retried to reinstall windows95 AND IT WORKED :) So iv'e still got the darn virus only it is struggling to survive with unprdictable sytem files hehe
Though my MS Explorer is running really slowly Netscape is running fine. I am here on MS Explorer. I will try to get to Mc Afee Antivrus Site to get the FORM A treatment But I will check back to see if any one has an easier answer to this nasty bug.
Question by:mcaddan
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
LVL 96

Expert Comment

by:Lee W, MVP
ID: 1727289
If you have a virus, get the antivirus software.  I prefer McAfee myself, but Norton or any other reputable 3rd party should work for you.

Accepted Solution

uilleann earned 90 total points
ID: 1727290
try fdisk /mbr
that should get rid of it.

Expert Comment

ID: 1727291
ooops, do that after booting from a CLEAN floppy disk
Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

LVL 96

Expert Comment

by:Lee W, MVP
ID: 1727292
doing an Fdisk/mbr MAY get rid of it for you (I had a hard disk that didn't respond to this and the only way to remove it was to use antivirus software).  But consider this.  You got the virus from somewhere and you won't be able to find out unless you get an antivirus package that checks floppy and you're hard disk.  Last time I checked, fdisk/mbr doesn't work on floppies.

Author Comment

ID: 1727293
Hi again Uillean and lew I wish could reward both but Uilleans answer is the better - incidently Mc Afee AntiV does not see the darn thing at all! It is still in there some where and has invaded a completely empty drive! H: that is.
Before I fdisk/mbr  the C: drive I wonder would that eraze the data out side the master boot record? If not does fdisk/mbr just renew the boot area and not the rest of the disk?
Any case I know enough not to crash but not enough to isolate this one!  PS I do like MS
experts board and am now beginning to use Explorer more than Netscape hmmmm I wonder if this is a result of the xcellent news reader that comes with Win95 :)


Expert Comment

ID: 1727294
leew is absolutely right, the fdisk /mbr ONLY changes your bootrecord.
The virus is still somewhere on your system.
First kill all files you got in the email that caused this.
Second, get a decent anti virus prog.
Look for Thunderbyte, it finds so much it sometimes drives me crazy, changed code (cracks)
viri off course and..., eeeh.., it can immunize your bootrecord. (also on flops)
I must warn, it's a whiner, but better very safe than very sorry, not?
So, a dutch trick led to this, let a dutch anti-virus prog solve it :)

Author Comment

ID: 1727295
Thanks Guys, incidently there appears to be two win.ini files. I dont know why. One is the regular one in the windows directory, a second was in the programs directory. I moved that one to a floppy. Performance was not affected! That file when edited is goobldy gook ... lots of charicters no recognizable text!
Here is the contents
MZ ; ³ @ Aÿÿ    !                    '   2   =   H   S   ^   l      ‹   –       ®   Ä   Ò   ã   î   ù       #  .  <  Q  [  f  p  {  †  ”  ¥  °  ¾  Ï  Ú  ä  î  ù   ! ¶ ! » !  ! Õ ! ÷ ! !   8²"@! ƒ! š! Ž! w! [! A! í! Ó! ¹! ! N!  Óp! |! |! ž! ²      ! a
! Ê ! ¤ ! I ! ò
! š      "ž      "¢      "¦      "ª      "®      "²      "…! m! _! ´! ! ²! ©! Ž! k! <! 3! *! !!  ! ²! ©! „! {! .! ó! —! L! Ù! Ê! ¾! ¦! š! p! g! L! @! $! ! ü! é! Á! ²! ¢! ‹! s! c! L! ! û! $! ß! Í! ¹! ­! ¢! †! \! J! ,! ! ý! ¿! ‹! V! ?! j!  Ò Ó1      8&
8€ 8¦8ª8 88Ø8Ü8=8A8¢88l8p8Ñ8Õ8
88o8s8Ô8Ø86 8: 8› 8Ÿ 8ƒ"8>:8B:8?;83>8U>8                                                                                                                                                                                                                                                                                      U‹ì¸ š¾! VWj šÆ;8ƒÄj šà;8ƒÄhB š2! ƒÄhW š2! ƒÄhZ š2! ƒÄh^ š2! ƒÄhw š2! ƒÄh“ š2! ƒÄh° h² šÞ! ƒÄ‰Fü=  té) jšÆ;8ƒÄj šà;8ƒÄh¿ š,! ƒÄjšã! ƒÄhÐ hÒ šÞ! ƒÄ‰Fü=  téj ÿvüšò! ƒÄhÞ hà šÞ! ƒÄ‰Fühì ÿvüšô! ƒÄÿvüšò! ƒÄÿvüšò! ƒÄhñ hó šÞ! ƒÄ‰Füh ÿvüšô! ƒÄÿvüšò! ƒÄh      š2! ƒÄhhšÞ! ƒÄ‰Fü=  té) jšÆ;8ƒÄj šà;8ƒÄhš,! ƒÄjšã! ƒÄÿvüšò! ƒÄh-š2! ƒÄhJhLšÞ! ƒÄ‰FühUÿvüšô! ƒÄÿvüšò! ƒÄhºh¼šÞ! ƒÄ‰FühÈÿvüšô! ƒÄÿvüšò! ƒÄjšÆ;8ƒÄj šà;8ƒÄhvš,! ƒÄ_^ÉË                              ´0Í!<s3ÀPË¿‹6 +÷þ r¾ úŽ×Ä>ûsèW3ÀPè÷¸ÿLÍ!6£Î†à6£Ì‹Æ±ÓàH6£Œ»Ž6Œƒäþ6‰g¸þÿP6‰g
÷ÐP6‰g6‰g6‰&ˆ÷‰6 ŒÃ+Þ÷Û´JÍ!6ŒÊü¿F ¹@+Ï3Àóª‹0 ãÿÑš”! š! 3íš! ÿ6îÿ6ìÿ6êš    PèÃ.¡ŽØ¸ ÇŠãP.‹ŽÛšð! è™è<>2 ÖÖuXPÿ6 ¸ÿ PÿŠ¸ 5Í!‰¶Œ¸¸ %ºÝ Í!‹B ã)ŽÊ&‹6, ¡D ‹F 3Ûÿ@ séd¡H ‹J » ÿ@ ŽÊ&‹, ã>ŽÁ3ÿ&€= t4¹ ¾¨ó¦t ¹ÿ3Àò®u!ëå‹÷¿Ö±¬,ArÒà’¬,Ar
ªëî» €§Ö¿¸ DÍ!r
ö€t€Ö@Kyç¾L ¿P è³ ¾P ¿P èª ¾X ¿X è¡ ËU‹ì3ÉëU‹ì¹ ëU‹ìVW¹ ëU‹ìVW¹ˆ.ýQ
Éu¾4¿4èm ¾P ¿T èd >2 ÖÖuÿ8 ¾T ¿T èO ¾T ¿X èF šâ! ÀtX
äPu ƒ~ uÇFÿ è X
äu‹F´LÍ!_^]Ë‹B ã» ÿ@ Ŷ¸ %Í!Ã;÷sƒï‹ EtòÿëîÃU‹ì¸ü P蜃>  tÿþ¸ÿ P艋å]˸ é.þYZ‹Ü+Ør ;r‹ãRQËRQ¡@u3Àéþÿ.V3ö¹B 2äü¬2àâû€ôUtèÿ¸ Pè<¸ ^ˏ
¡Îº <t)ŽÊ&Ž, Œò3À™¹ €3ÿò®®uûGG‰>ð¹ÿÿò®÷Ñ‹Ñ¿ ¾ ŽÊ¬< tû<      t÷<to
ÀtkGN¬< tè<      tä<t\
Àuú6ŽÊ¾ ë3Àª¬< tû<      t÷<t|
Àtx6‰?CCN¬< tá<      tÝ<tb
Àt*<"t·<\tªëì3ÉA¬<\tú<"t°\óªëÙ°\Ñéóªs–°"ªëÍ3ÀªÇ  ÿ.U‹ìŽÊ&‹, ŽÃ3À3ö3ÿ¹ÿÿ Ût&€>   tò®F®uú‹Ç@$þF‹þÑæ¹       è¦ P‹Æè  £î‹Ï‹Ø3ö_Iã&‹6;¨uQVW¿¨¹ ó§_^Yt&‰?CC¬ª
ÀuúâÚ&‰]Ë U‹ìVW‹V¾m ­;Ât@–t —3À¹ÿÿò®‹÷ëë–_^‹å]Ê U‹ìWÿvèÊÿ Àt ’‹ú3À¹ÿÿò®÷ÑI» >2 ÖÖuÿ4 ´@Í!_‹å]Ê  SQ¹ ‡Ö      QPš ! [Ö      YŒÚ Àt[ËÁéSû r3À‹å]ËsøPè X2ä‹å]Ësè ¸ÿÿ™‹å]Ë2äè Ë¢Ò
äu"€>Ír <"s < r°ë<v°» ט£ÄÊÄë÷ Ë U‹ìƒìWV¿ÿÿ‹F‹ð‹ØöG@tÆG é™ öDƒué‹ VèãƒÄ‹ø‹Þë&‹‡Ê‰FþVè/ƒÄŠD*äPš! ƒÄ À|Yƒ~þ tV¸ PFôPš¢! ƒÄFö‰Fò€~ô\t¸"PFôPšb! ƒÄëÿNò¸
 Pÿvòÿvþš*! ƒÄFôPš6!! ƒÄ Àt¿ÿÿÆD ‹Ç^_‹å]ËU‹ìVšÔ! ‹ð ðu3ÀëVÿv
ÿvÿvšÔ! ƒÄ^‹å]ːU‹ì3ÀPÿvÿvš²! ‹å]ːU‹ìƒìWV‹vVèýƒÄ‹øF
PÿvVšü ! ƒÄ‰FüVWèSƒÄ‹Fü^_‹å]ËU‹ìƒìWV¾.VèŃċøFPÿv¸.Pšü ! ƒÄ‰Fü¸.


Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question