[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Format HDD and still virus?!

Posted on 2003-12-07
11
Medium Priority
?
889 Views
Last Modified: 2010-04-11
Hi all

We have an Hp 8660 running win98. Recently Windows could not detect the cdrw drive. Suspecting a virus I scanned the whole system with AVG (yeah i know) and found nothing. So I booted from the recovery cd which worked fine. I formatted the hdd and recovered. At first boot the preinstalled Mcafee (very old) found the welcomB virus in memory. In windows it detects a CDROM drive which works, but not a CDRW drive, as adeptec burning software cannot find a supported cdrw drive. I cannot see how this virus survived the format and recovery or why it causes this problem as on the web it says it is harmless. Maybe the IDD ribbon is loose as the primary and secondary IDE controllers have a code 10. But then how did i recover the thing?

Probably unrelated, the machine had ram upgrades recently.

Any input would be great thx
0
Comment
Question by:marcus03
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 3

Expert Comment

by:Mr_Skinny
ID: 9892199

Info and removal instructions here: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1445

The reason it survived the format is that the virus is memory resident, as explained in this article.
0
 
LVL 97

Expert Comment

by:war1
ID: 9892211
Greetings, marcus03!
   What operating system?  If Windows XP, this is a known problem.  Here is a fix

CD and DVD Restore in Windows XP
http://www.theeldergeek.com/restore_missing_cd_or_dvd_drive.htm


Best wishes, war1
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9892788
welcomB is a boot sector virus

I would:
Wipe the disk with a known uninfected write protected diskette and killdisk or wdclear.

power off

power on and boot from the CD and do a clean install
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 4

Accepted Solution

by:
MobileOakAI earned 400 total points
ID: 9893243
If you boot from CD or bootable system diskette, the partition manager should clean it with command:

FDISK   /MBR

The MBR is make-boot-record, the first sector (that the format did not clean).

Format   /u

Unconditional format takes longer, wipes better

The CDRW is probaably a separate issue, where you may need to load in some drivers or to run an install process, since the format wiped out whatever it needed. Look for install disk, or better, check out the manufacturer website for their latest recomendation for your operating system, they may have improvements for it by now. You are right, loose cables often are difficult to detect once you screw it back together. But I think that although you should verify firm connections (you can bump a cable when adding ram), you probably also need some Win98 specific addon for the writer if you have all the drive letters - check device manager for clues? Did bios show it on bootup?
0
 

Author Comment

by:marcus03
ID: 9895624
Hi, thanks for your comments, i will try what you say. If the ribbon was knocked when i added ram i don't see how i was able to boot from the cdrw drive with the recovery cd and completely recover the disk. (there is only one cd drive). Later
0
 
LVL 97

Expert Comment

by:war1
ID: 9897613
Did you try the CDROM fix that I proposed?
0
 
LVL 4

Expert Comment

by:MobileOakAI
ID: 9897635
Possibly it got knocked a little looser after reboot. Got a cat? (fall guy).  It used to be that cases left too little room, such as they could further snag the ribbon either when closing or opening case.
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9899789
ferrets are worse
0
 

Author Comment

by:marcus03
ID: 9914784
I restarted in msdos mode and used FDISK /MBR, which did the trick. The virus was no longer found in memory and the cdrw drive started working properly. So the problem had nothing to do with a loose cable after all.

war1 - no because the os is win98, as i said in my original post.

Thanks mobileoakai and the rest for your input.
0
 
LVL 4

Expert Comment

by:MobileOakAI
ID: 9917433
ThanQ          - glad it worked out for you.
0
 
LVL 4

Expert Comment

by:MobileOakAI
ID: 9917437
:-))       "ferrets are worse "  (chicagoan)
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question