Hard Drive & Virus

Posted on 2002-04-17
Last Modified: 2010-05-18
Gee, I barely can believe this, tell me it is not true.

Is it possible that a virus produces the same problem on two computers on a network or is it just a coincidence and it is not a virus but just bad luck that the C drive is damaged and has to be replaced.

In device Manager:

The CD-Rom is not shown
The Hard Drive is not shown
Primary and Secondary IDE Controller has a Exclamation mark.

The first PC by changing the hard drive only fixed everything, now I have a second PC with the same problem.
BUT all of these CD-Rom, hard drive is recognized in the BIOS.

What produces this problem?

If it is a virus (and I've tried detecting with a virus program on some other machines but not all, with no negative result) can it reproduce itself on my other machines within the network or even outside my network via my friends?

Question by:RogerRabbit
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 32

Expert Comment

ID: 6949056
It sure seems unlikely that two DIFFERENT machines would experience the SAME problem at the SAME time due to hardware failure.  The odds are just way against that.

It sure could be a virus that attacks your IDE controller driver or BIOS settings.

I think it unlikely that it could have cause any sort of permanent damage.
LVL 16

Accepted Solution

Kyle Schroeder earned 100 total points
ID: 6949065
This can happen if you have a virus that infects the MBR, but probably not the case since you did a virus scan (you did do it from a bootable floppy disk, right?  Some virii can't be detected from Windows).

In Safe Mode, click Start, choose Run, then type regedit and press enter.Browse to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\IOS
In the right pane, there may be a line that says "NOIDE".  Select this value (right click) and delete it.
Restart and see if it works.
If not, boot to Safe Mode and see if you can remove all devices under "Hard Drive Controllers".  Try removing the "PCI IDE Controller (dual FIFO)" or whatever it shows there first, then the "Primary/Secondary IDE Channels" after that.  If that doesn't work, or you get errors that you can't remove the parent controller, you will need to remove the Primary/Secondary IDE controllers manually
through the Registry in Safe Mode to fix this.

Now close RegEdit and restart.  If the controllers still show (!), then we'll need to go back to RegEdit
and make some more changes (in Safe Mode again).  Browse to HKEY_Local_Machine\ENUM\PCI.  Now you will
need to look through the various keys under this until you find (in the right side pane) one that includes
"PCI IDE".  There will actually be a couple of these; you'll want to delete the parent folder (the one
directly beneath the PCI folder in the tree-view on the left).  Each subfolder will correspond to the
Primary and Secondary IDE Controllers that you see in Device Manager.

Once those are cleared, reboot and it should redetect the new IDE controller drivers just fine.  Most
likely, removing the NOIDE entry will fix this though, as this generally happens on Win95 -> Win98 upgrades.


Author Comment

ID: 6950922
Well Dogztar I've tried everything and I still have the same problem. I also need to tell you that on the first machine that had this problem, I tried reformating and it still had the same problem after.

What should I do, Pls help !
IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?


Author Comment

ID: 6950949
Also I forgot to say that at a certain point when I booted up in safe mode I got a microsoft window message saying that my master boot record could have a virus.


What do I do now ?

Expert Comment

ID: 6950952
Are both of the PC's the same age and make.  I could be that you have a batch of faulty IDE controlers.  If you have installed a new hard drive and tryed to format it and it failts I would say that it is not a virus.

How old are the PC's and what make?

have you had a look on the web site of the company that make the motherboards also have you tryed calling there technical support.  It does sound like a hardware fault.
LVL 16

Expert Comment

by:Kyle Schroeder
ID: 6951090
Boot from a known clean boot disk, then run FDISK and remove all partitions.  Close FDISK, (ESC), shut down, then reboot to the disk again, run FDISK again and recreate your partition(s).  Then close FDISK and run FDISK /MBR from a command line prompt.  Then shut down and reinstall Windows again.

LVL 16

Expert Comment

by:Kyle Schroeder
ID: 6951108
Or actually, before you remove partitions, etc, just run the FDISK /MBR command from a clean boot disk, if you still get the error then the virus is still in there (somehow..this is highly unlikely) and then proceed with the above suggestion of wiping out all partitions.  If that STILL doesn't do it (somehow) then find out the vendor of the harddrive (IBM, Maxtor, Seagate, etc) and get their utility that will wipe the drive.  I think IBM's utility may work on any drive make, go to and look for the DFT (Drive Fitness Test).

LVL 16

Expert Comment

by:Kyle Schroeder
ID: 6951114
From Microsoft KB article:
Built-In Anti-Virus Support in Windows 95 [Q143281]

Recognizing Master Boot Record (MBR) Modifications
Most viruses infect your computer by modifying the MBR and hooking the INT13h
chain. This allows the virus to monitor hard disk access and damage the data on
your hard disk. Windows 95 prevents this type of virus from damaging your data
by maintaining a list of the programs that are currently hooking the INT13h
chain. Each time you start your computer, Windows 95 checks to see which
programs are monitoring the INT13h chain, and then compares this list of
programs with the list that it recorded the last time Windows 95 started. If any
new programs that Windows 95 does not recognize have hooked the INT13h chain,
the following message is displayed:
   WARNING: Your computer may have a virus. The Master Boot Record on your
  computer has been modified. Would you like to see more information?
If you click Yes, the Performance tab in System Properties is displayed, which
provides more information and allows you to begin troubleshooting the problem.
This situation is most likely to occur when you start an operating system other
than Windows 95 using a bootable floppy disk. If the floppy disk is infected
with a virus, the virus will most likely modify the MBR on the hard disk and
hook the INT13h chain. When you remove the floppy disk and start your computer
normally, Windows 95 recognizes that the MBR has been modified and that the
INT13h chain has been hooked by an unknown program. The warning you receive
gives you an opportunity to remove the virus before it can damage your data.
When a virus modifies the MBR, the Performance tab in System properties and the
Ios.log file typically report that a file called Mbrint13.sys is causing drives
to be accessed in MS-DOS Compatibility mode. To access the Performance tab,
double-click the System icon in Control Panel, and then click the Performance
Identifying Unknown Device Drivers
Windows 95 maintains a list of all the real-mode device drivers that it can
safely replace with its own protected-mode drivers. If you add a new device
driver that hooks the INT13h or INT21h chain, and the driver is not on the list
of drivers that can safely be replaced, Windows 95 is forced to access drives
using MS-DOS Compatibility mode instead of protected mode. When this occurs, the
following message is displayed:
   A new MS-DOS resident program named '<filename>' may decrease your
  system performance. Would you like to see more information about this
where <filename> is the name of the new device driver. If you click Yes,
the Performance tab in System Properties is displayed, which typically
identifies the driver that is causing the problem and shows you how to remove
the driver from your computer.
This feature allows Windows 95 to identify those viruses that propagate from a
device driver instead of modifying the MBR. By identifying device drivers that
it does not recognize, Windows 95 gives you an opportunity to investigate the
situation and remove any viruses before they can damage your data.


Author Comment

ID: 6951461
Ok let me try this but before I get to the option where I remove the partition, will It delete files ?

Author Comment

ID: 6951511
Also one PC is a clown and the other is an IBM Pentium 400, the last is the one I,m having problems with.
LVL 16

Expert Comment

by:Kyle Schroeder
ID: 6951572
Well, if you already reformatted it then I don't suppose there are any files anyway.  Try the FDISK /MBR first, that won't hurt your current Windows install.  Also the brand of PC doesn't matter (IBM or clone), virii aren't quite so choosy.


Author Comment

ID: 6951703
Well no, the drive that was replaced is on the clone and that fixed everything, now were talking IBM, so this drive has not been reformated guys.

I've tried the Fdisk/mbr and the Drive Fitness test and nothing came up as unusual, also tried the extended test & averything is ok.

I really appreciate your help guys, I really do.
LVL 16

Expert Comment

by:Kyle Schroeder
ID: 6952039
Did you run the fdisk /mbr from a Windows boot disk that was made on a separate machine?  If you made the disk on the infected machine, it probably has a virus as well (on the floppy).

Have you tried the other registry edits I posted above to remove the IDE controller?


Author Comment

ID: 6952305
I had this boot disk for close to a year and it was made from the IBM machine but I also originally used it on the clone machine when I had troubles with it and yes I've tried all of the registry edits.


Author Comment

ID: 6953501
Well Dogztar, what I did was, I made a new Boot disk, we tried the fdisk/mbr, then went into safe mode, went back into the registry and deleted all you said and EVERYTHING is back up and running perfectly.

Thank you so much for your help guys !
LVL 16

Expert Comment

by:Kyle Schroeder
ID: 6953503
Hmm...then I'd say you need to dump and recreate the partitions and format, then reinstall Windows....maybe someone else has another idea.

LVL 16

Expert Comment

by:Kyle Schroeder
ID: 6953508
Ooop, I didn't see that 2nd update from this morning.  Glad its working for you now!


Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Rasberry PI is a low cost piece of hardware that you can have a lot of fun with through experimenting and building/working on projects like media players, running a low cost computer, build data loggers etc. - see:
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question