Solved

Format HDD and still virus?!

Posted on 2003-12-07
11
881 Views
Last Modified: 2010-04-11
Hi all

We have an Hp 8660 running win98. Recently Windows could not detect the cdrw drive. Suspecting a virus I scanned the whole system with AVG (yeah i know) and found nothing. So I booted from the recovery cd which worked fine. I formatted the hdd and recovered. At first boot the preinstalled Mcafee (very old) found the welcomB virus in memory. In windows it detects a CDROM drive which works, but not a CDRW drive, as adeptec burning software cannot find a supported cdrw drive. I cannot see how this virus survived the format and recovery or why it causes this problem as on the web it says it is harmless. Maybe the IDD ribbon is loose as the primary and secondary IDE controllers have a code 10. But then how did i recover the thing?

Probably unrelated, the machine had ram upgrades recently.

Any input would be great thx
0
Comment
Question by:marcus03
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 3

Expert Comment

by:Mr_Skinny
Comment Utility

Info and removal instructions here: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1445

The reason it survived the format is that the virus is memory resident, as explained in this article.
0
 
LVL 97

Expert Comment

by:war1
Comment Utility
Greetings, marcus03!
   What operating system?  If Windows XP, this is a known problem.  Here is a fix

CD and DVD Restore in Windows XP
http://www.theeldergeek.com/restore_missing_cd_or_dvd_drive.htm


Best wishes, war1
0
 
LVL 18

Expert Comment

by:chicagoan
Comment Utility
welcomB is a boot sector virus

I would:
Wipe the disk with a known uninfected write protected diskette and killdisk or wdclear.

power off

power on and boot from the CD and do a clean install
0
 
LVL 4

Accepted Solution

by:
MobileOakAI earned 100 total points
Comment Utility
If you boot from CD or bootable system diskette, the partition manager should clean it with command:

FDISK   /MBR

The MBR is make-boot-record, the first sector (that the format did not clean).

Format   /u

Unconditional format takes longer, wipes better

The CDRW is probaably a separate issue, where you may need to load in some drivers or to run an install process, since the format wiped out whatever it needed. Look for install disk, or better, check out the manufacturer website for their latest recomendation for your operating system, they may have improvements for it by now. You are right, loose cables often are difficult to detect once you screw it back together. But I think that although you should verify firm connections (you can bump a cable when adding ram), you probably also need some Win98 specific addon for the writer if you have all the drive letters - check device manager for clues? Did bios show it on bootup?
0
 

Author Comment

by:marcus03
Comment Utility
Hi, thanks for your comments, i will try what you say. If the ribbon was knocked when i added ram i don't see how i was able to boot from the cdrw drive with the recovery cd and completely recover the disk. (there is only one cd drive). Later
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 97

Expert Comment

by:war1
Comment Utility
Did you try the CDROM fix that I proposed?
0
 
LVL 4

Expert Comment

by:MobileOakAI
Comment Utility
Possibly it got knocked a little looser after reboot. Got a cat? (fall guy).  It used to be that cases left too little room, such as they could further snag the ribbon either when closing or opening case.
0
 
LVL 18

Expert Comment

by:chicagoan
Comment Utility
ferrets are worse
0
 

Author Comment

by:marcus03
Comment Utility
I restarted in msdos mode and used FDISK /MBR, which did the trick. The virus was no longer found in memory and the cdrw drive started working properly. So the problem had nothing to do with a loose cable after all.

war1 - no because the os is win98, as i said in my original post.

Thanks mobileoakai and the rest for your input.
0
 
LVL 4

Expert Comment

by:MobileOakAI
Comment Utility
ThanQ          - glad it worked out for you.
0
 
LVL 4

Expert Comment

by:MobileOakAI
Comment Utility
:-))       "ferrets are worse "  (chicagoan)
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now