Solved

Format HDD and still virus?!

Posted on 2003-12-07
11
883 Views
Last Modified: 2010-04-11
Hi all

We have an Hp 8660 running win98. Recently Windows could not detect the cdrw drive. Suspecting a virus I scanned the whole system with AVG (yeah i know) and found nothing. So I booted from the recovery cd which worked fine. I formatted the hdd and recovered. At first boot the preinstalled Mcafee (very old) found the welcomB virus in memory. In windows it detects a CDROM drive which works, but not a CDRW drive, as adeptec burning software cannot find a supported cdrw drive. I cannot see how this virus survived the format and recovery or why it causes this problem as on the web it says it is harmless. Maybe the IDD ribbon is loose as the primary and secondary IDE controllers have a code 10. But then how did i recover the thing?

Probably unrelated, the machine had ram upgrades recently.

Any input would be great thx
0
Comment
Question by:marcus03
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 3

Expert Comment

by:Mr_Skinny
ID: 9892199

Info and removal instructions here: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1445

The reason it survived the format is that the virus is memory resident, as explained in this article.
0
 
LVL 97

Expert Comment

by:war1
ID: 9892211
Greetings, marcus03!
   What operating system?  If Windows XP, this is a known problem.  Here is a fix

CD and DVD Restore in Windows XP
http://www.theeldergeek.com/restore_missing_cd_or_dvd_drive.htm


Best wishes, war1
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9892788
welcomB is a boot sector virus

I would:
Wipe the disk with a known uninfected write protected diskette and killdisk or wdclear.

power off

power on and boot from the CD and do a clean install
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 4

Accepted Solution

by:
MobileOakAI earned 100 total points
ID: 9893243
If you boot from CD or bootable system diskette, the partition manager should clean it with command:

FDISK   /MBR

The MBR is make-boot-record, the first sector (that the format did not clean).

Format   /u

Unconditional format takes longer, wipes better

The CDRW is probaably a separate issue, where you may need to load in some drivers or to run an install process, since the format wiped out whatever it needed. Look for install disk, or better, check out the manufacturer website for their latest recomendation for your operating system, they may have improvements for it by now. You are right, loose cables often are difficult to detect once you screw it back together. But I think that although you should verify firm connections (you can bump a cable when adding ram), you probably also need some Win98 specific addon for the writer if you have all the drive letters - check device manager for clues? Did bios show it on bootup?
0
 

Author Comment

by:marcus03
ID: 9895624
Hi, thanks for your comments, i will try what you say. If the ribbon was knocked when i added ram i don't see how i was able to boot from the cdrw drive with the recovery cd and completely recover the disk. (there is only one cd drive). Later
0
 
LVL 97

Expert Comment

by:war1
ID: 9897613
Did you try the CDROM fix that I proposed?
0
 
LVL 4

Expert Comment

by:MobileOakAI
ID: 9897635
Possibly it got knocked a little looser after reboot. Got a cat? (fall guy).  It used to be that cases left too little room, such as they could further snag the ribbon either when closing or opening case.
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9899789
ferrets are worse
0
 

Author Comment

by:marcus03
ID: 9914784
I restarted in msdos mode and used FDISK /MBR, which did the trick. The virus was no longer found in memory and the cdrw drive started working properly. So the problem had nothing to do with a loose cable after all.

war1 - no because the os is win98, as i said in my original post.

Thanks mobileoakai and the rest for your input.
0
 
LVL 4

Expert Comment

by:MobileOakAI
ID: 9917433
ThanQ          - glad it worked out for you.
0
 
LVL 4

Expert Comment

by:MobileOakAI
ID: 9917437
:-))       "ferrets are worse "  (chicagoan)
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question