Solved

Possible virus  "Need Help"

Posted on 1999-01-26
30
175 Views
Last Modified: 2010-04-27
I hope this is the right place to post this question. I am helping a person with a hard drive change. He told me that the reason the old hard drive crashed was because of a virus
he may have got from the Internet. Well he got this other hard drive from someone and now I am setting it up for him. The bios will autodetect it fine but will not boot to it. One time I got a harddrive failure error but only once. Ive set the jumper to master. I looks like it cant find boot record or something and then goes to the "A" drive and makes the "A"drive make funny noises and will not boot to a boot disk.
 I took a known 540 harddrive of mine and put it on his system and it booted once and ran fine. After that it now has the same symtoms. Is this a memory resident virus that has tranfered itself to the other harddrive. Can anyone identify and fix this problem.
0
Comment
Question by:JAYRU
  • 6
  • 5
  • 4
  • +9
30 Comments
 
LVL 1

Expert Comment

by:jcarlo
ID: 1138306
This person needed a new hard drive because of a virus?  Hmmm, usually you just format and the virus is gone (or in the worst case you do an FDISK/MBR or a low-level format).  Okay, but anyway...

Did you run FDISK to partition the drive, then format each partition?  If you did not, you won't see any drive letters.  Also be sure the drive is detected by the BIOS, and that LBA is enabled if the drive is larger than 512 Mb.

Regards,
Jeremy
0
 

Author Comment

by:JAYRU
ID: 1138307
As my original question stated the harddrive autodected fine. I cant run fdisk because I cannot boot to floppy drive either. CMOS settings are correct for floppy and IDE harddrive is autodetecting. It is a 700 mg Quantum and I have tried LBA, NORMAL AND LARGE. I dont know how this harddrive was setup but is suppose to be loaded with OS.  Keep in mind that I took a perfectly good hard drive of myown and put It on this system and it ran one time and the next time I booted it,it aquired the same problem as the 700mg Quantum. It is configured for master drive.
0
 
LVL 1

Expert Comment

by:jcarlo
ID: 1138308
you have no boot floppy?   If you don't have a floppy disk, then you can make one on any computer.  If you do have a boot floppy, check it on another computer to see that it works.  Other than that, check your floppy drive connections.  If the floppy light stays on constantly, your ribbon cable is reversed.  Your power connector may not be in securely, or you could have a bad floppy disk.  Anyway, your first order of business is to get the floppy disk working, since you can't go much further without it.

-JPC
0
 
LVL 1

Expert Comment

by:jcarlo
ID: 1138309
Also, if your hard drive is supposed to have data on it, don't try writing anything to it yet, as you could lose that data.  The setting in BIOS should be to LBA for the hard drive.  Oh, and make sure the boot sequence in BIOS is A, then C or something like that, or else it won't even look at the floppy disk.  I didn't think of that before.

regards,
Jeremy
0
 
LVL 1

Expert Comment

by:MetallicA
ID: 1138310
>Hmmm, usually you just format and the virus is gone

Where did you get this idea.  Viruses(ones that acually work) get stored in the memory.  Formating the harddrive will delete the infected file, but eventually the virus will be back.
0
 

Expert Comment

by:smike
ID: 1138311
virus can be stored in master boot record ( MBR ) its first sector of hdd  
and formatting sometimes cant clean MBR
( format.com of DOS usualy cant )
you can overwrite MBR with standart contents of hdd with command
fdisk /mbr

u have to boot from flopy with fdisk.exe on it
0
 

Author Comment

by:JAYRU
ID: 1138312
The floppy is fine and is A to C in bios. It's not that I dont have a bootdisk it is because it wont boot to a bootdisk. I have several bootdisk and none will boot on this system. I feel sure this is a direct result of some kind of virus because of screwing up one of my own personel harddrives also. I am asking if anyone has had this problem what to do. I should not have to throw away two hard drives because of this problem. I think I will try putting new memory chips in and making the bad drive slave. Let me know if this makes sense
0
 
LVL 12

Expert Comment

by:Otta
ID: 1138313
> I think I will try putting new memory chips in

That makes *NO* sense -- every time you turn the computer OFF,
the contents of the RAM are lost; thus, it's not possible
for a virus to "hide" in your RAM.

A virus *COULD* hide in the computer's BIOS,
because your motherboard has a small battery,
which continually powers the BIOS's memory.

> and making the bad drive slave.

Find *ANOTHER* computer, and run a virus-scan on it.
When it is "clean", then install one of the "bad" hard-drives
as a "slave", boot the computer, and run the virus-scan
against this "slave" drive.  

Repeat for the other "bad" hard-drive.

Create a "bootable" diskette on this computer.

Go back to your computer,
still without any hard-drive connected, enter BIOS-setup,
and use pencil and paper to record all the settings.
Select "load BIOS default settings",
and then try to boot from the newly-created diskette.

Report back.
0
 

Expert Comment

by:sleslie
ID: 1138314
reset cmos/bios by reset jumper on mobo. boot from clean floppy.
FDISK/ and reformat. or run anti virus. mcafee ot Norton are good. If the hard drive is not present, then hd fail.
0
 
LVL 12

Expert Comment

by:Otta
ID: 1138315
OTTA wrote:
> Select "load BIOS default settings",
> and then try to boot from the newly-created diskette.

and then SLESLIE wrote:
> reset cmos/bios by reset jumper on mobo.
> boot from clean floppy.

Plagiarism by SLESLIE ???

OTTA wrote:
> Find *ANOTHER* computer, and run a virus-scan on it.
> When it is "clean", then install one of the "bad" hard-drives
> as a "slave", boot the computer, and run the virus-scan
> against this "slave" drive.

and then SLESLIE wrote:
> run anti virus. mcafee ot [sic] Norton are good.

More plagiarism, or at least the minor-sin
of clicking "answer" instead of "comment"
when posting "suggestions" which may, or may not, work.

JAYRU, please "reject" the "proposed-answer".

Then, try all the suggestions.

If one works for you, you can invite that author to post an "answer".

0
 

Expert Comment

by:jayru
ID: 1138316
Sleslie,
 Is shorting jumper for bios same as"load BIOS default settings"?

Otta,
I'll update later tonight
0
 
LVL 12

Expert Comment

by:Otta
ID: 1138317
> Is "shorting jumper for BIOS" same as "load BIOS default settings"?

It has the same effect.

Older motherboards had the jumper,
which forced you to open the case, and move the jumper,
i.e., 10 to 15 minutes of work.

Newer BIOSes contain the software option "load default settings",
which make it much quicker, i.e., 10 to 15 seconds,
to achieve the same result.

0
 

Expert Comment

by:sleslie
ID: 1138318
i guess i'll not give any more help ....just telling you what I did when i got an unbootable hd from mbr virus.
0
 

Expert Comment

by:sleslie
ID: 1138319
i guess i'll not give any more help ....just telling you what I did when i got an unbootable hd from mbr virus.
0
 

Expert Comment

by:jayru
ID: 1138320
Well I have a update. I took the boot disks I was using to another machine and ran norton on them. One of them had the NYB virus on it. It said that it was a resident virus. I then made a clean boot disk from that machine and was finialy able to boot to a floppy. I was able to FDISK/MBR and get my hard drive back to life but the hard drive the original question was derived from is still dead. It will autodetect but cannot see it. Fdisk say's non-dos partion. I tried to delete partion but it say's no partion to delete. I try to create partion it say's no room. Whats up.  Has a third party disk manager set this drive up or what. Some comments and maybe a rejected answer help to get my test harddrive back to life but not the one in question. Dont know quite how to award points in this matter. Unless someone has more input i will award points to someone (maybe smike because his rejected answer fixed mine)
0
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

 

Author Comment

by:JAYRU
ID: 1138321
Fdisk did not fix drive in question, theirfore I must reject your answer but I do appriecate your effort.
0
 
LVL 9

Expert Comment

by:rmarotta
ID: 1138322
With the bad hard drive connected properly and setup using LBA, boot the computer in question with a known-good floppy disk that has FDISK on it.

Run the FDISK /STATUS command and report the results here.

Regards,
Ralph

0
 
LVL 1

Expert Comment

by:MetallicA
ID: 1138323
If you want, I could send you a virus.  Just a thought though.  
0
 

Expert Comment

by:misguided
ID: 1138324
mmmmmm....if u can't boot from ur drive..that doesn't mean there's a virus on on ur pc...besides..virus on ram? i don't think so just as the other one said..everytime u turn off ur comp ur ram is erased..and...there's no way a virus could stay on a comp without a harddrive?..lol..and with the Virus on BIOS. its possible there are flash bioses right..but it is unlikely..
so i guess the problem is defective hardware, cables perhaps..and try following the suggestions, about trying the hddrive on another comp if it works. If it works then it's definitely hardware!

try a new cable..
check the connections,drive to MB
check the MB, maybe there's something wrong with it..
but i'm sure it's not a virus.

:)
0
 

Expert Comment

by:adrian123196
ID: 1138325
What OS did he have on his HDD, was it 3.11, 95, 98, NT, etc..



0
 

Expert Comment

by:markdt
ID: 1138326
I have had this problem before and all I did was replace the I/O card or the cable this can go bad by a spike in the eletrical.  and it is the cheepest to replace. To change the Memmor might be the problem but it is mor expencive and harder to return.
0
 
LVL 12

Expert Comment

by:Otta
ID: 1138327
Since one drive works, but not the other,
MARKDT's suggestion to change hardware is unlikely to solve your problem.

> Fdisk says "non-dos partition".

Get a newer (and thus "smarter") version of FDISK,
or use the commercial software "Partition Magic"
to delete the partition(s).


0
 

Expert Comment

by:jayru
ID: 1138328
I have to withdraw  the question because  I think its a bad harddrive after all of this  work.
I'm going to give it back him or maybe offer to put in a new one for him. How do I close the  question out and leave it for others to see without awarding points. I thank all for your help.  Jay
0
 
LVL 12

Expert Comment

by:Otta
ID: 1138329
Since a "proposed answer" has been posted,
first you must "reject" it.

Second, I suggest that you should invite one of the experts who helped you to post an "answer", so that you can reward that expert, in appreciation for their efforts.

Since at least one "proposed answer" has been posted,
you no longer can "remove" the question.
So, you can award points, as noted above,
or you can make a "zero-point" posting to:
http://www.experts-exchange.com/topics/experts-exchange/
asking that the question become a PAQ (Previously Answered Question).
One of the managers of E-E can "manually" do this, but I
still prefer the idea of awarding the points to an "expert",
as an expression of your gratitude for receiving help.


0
 
LVL 1

Expert Comment

by:jcarlo
ID: 1138330
Whoa,  hold on a min.

Don't be so quick to get a new hard drive.... Save your hard-earned money until you are absolutely sure the drive is dead.  As I understand you have been able to boot using a floppy (make sure it is write-protected and clean of viruses (recheck it just in case it contracted another infection)!).  Ok then.  I apologize if I repeat the comments of others, but it's good just to run through and see that all approaches have been tried.

Does the drive recognize CORRECTLY in the BIOS?  (Be sure LBA is enabled if the drive is larger than 500 MB or so, and set the BIOS to autodetect the drive - check # of heads, cylinders, etc. and compare to the drive's documentation or try the manufacturers' website if the documentation is gone).  This is the first thing to check, if it has not been done already.  Be absolutely sure the drive is recognized properly, or else all efforts will be for nothing!

Can you run Scandisk or NDD on the drive at all?  I searched the thread for scandisk and NDD and found no mention of either, although I may have missed it (if so, sorry!).  Especially important is the surface test, which will find physical errors on the drive and repair them if possible.  

Get a FAT32-aware version of FDISK (if the drive is in FAT32) or whatever the file system is and try to get an FDISK/STATUS report.  At least then we have something to go on.

If you can't get anything, you can do a low-level format of the drive, which we can advise about later.

Try the drive in the other IDE connector; the IDE port could have a problem.

Check the jumpers on your drive!

Check the integrity of your IDE cable, it might have a small cut in it or something.  Try another IDE cable if you have one, and check that your connections are good and solid.

Try to use a program such as Norton DiskEdit to see if there is any valid-looking data on the drive at all, and if the drive is even readable at all.

Does the drive spin up when the comp goes on?  Just put your ear next to the thing and listen if you can hear anything (or feel any vibrations or warmth coming out of the drive), although I'm pretty sure the drive must be spinning up for the BIOS to think that there's anything at all there.

Try restoring BIOS defaults, you might have some weird setting enabled that causes a problem with your drive.

If you are sure the disk is virus free, try moving it to another computer, as you could have a problem with the motherboard (in that case buying a new drive would not help anyway; at E-E another question from you will be posted saying "I bought a brand new hard drive and it doesn't work! Help!")

Any other suggestions, this is the time!  I guess at this point it's strictly a recovery operation, as saving any data is not likely.  And again, I apologize for repeating earlier answers.

Regards,
JPC
0
 

Author Comment

by:JAYRU
ID: 1138331
Mark,
Sorry but does not solve problem.
Sorry it took so long to get back but I've had some major problems lately.

Smike,
I am going to post a new question asking how do i reset Master Boot Record  for you because your rejected answer did get one of the drives working Thanks again
0
 
LVL 12

Expert Comment

by:Otta
ID: 1138332
Use 'FDISK /MBR' to "Make a new Boot Record".
0
 
LVL 7

Expert Comment

by:linda101698
ID: 1138333
JAYRU requested that I post an answer to this question so it can be moved to the previously asked questions.  

Linda Gardner
Customer Service @ Experts Exchange
0
 
LVL 7

Accepted Solution

by:
linda101698 earned 100 total points
ID: 1138334
I added to points used to post this question back to your account and posted an answer so it could be saved.  I do not understand why you rejected the answer.

Linda
0
 

Author Comment

by:JAYRU
ID: 1138335
Sorry I did not mean to reject
0

Featured Post

Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

Join & Write a Comment

I recently purchased an HP EliteBook 2540p notebook/laptop. It has two video ports on it – VGA and DisplayPort. HP offers an optional docking station for the 2540p that also has both a VGA port and a DisplayPort. There are numerous online reports do…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now