?
Solved

Format HDD and still virus?!

Posted on 2003-12-07
11
Medium Priority
?
887 Views
Last Modified: 2010-04-11
Hi all

We have an Hp 8660 running win98. Recently Windows could not detect the cdrw drive. Suspecting a virus I scanned the whole system with AVG (yeah i know) and found nothing. So I booted from the recovery cd which worked fine. I formatted the hdd and recovered. At first boot the preinstalled Mcafee (very old) found the welcomB virus in memory. In windows it detects a CDROM drive which works, but not a CDRW drive, as adeptec burning software cannot find a supported cdrw drive. I cannot see how this virus survived the format and recovery or why it causes this problem as on the web it says it is harmless. Maybe the IDD ribbon is loose as the primary and secondary IDE controllers have a code 10. But then how did i recover the thing?

Probably unrelated, the machine had ram upgrades recently.

Any input would be great thx
0
Comment
Question by:marcus03
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 3

Expert Comment

by:Mr_Skinny
ID: 9892199

Info and removal instructions here: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1445

The reason it survived the format is that the virus is memory resident, as explained in this article.
0
 
LVL 97

Expert Comment

by:war1
ID: 9892211
Greetings, marcus03!
   What operating system?  If Windows XP, this is a known problem.  Here is a fix

CD and DVD Restore in Windows XP
http://www.theeldergeek.com/restore_missing_cd_or_dvd_drive.htm


Best wishes, war1
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9892788
welcomB is a boot sector virus

I would:
Wipe the disk with a known uninfected write protected diskette and killdisk or wdclear.

power off

power on and boot from the CD and do a clean install
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 4

Accepted Solution

by:
MobileOakAI earned 400 total points
ID: 9893243
If you boot from CD or bootable system diskette, the partition manager should clean it with command:

FDISK   /MBR

The MBR is make-boot-record, the first sector (that the format did not clean).

Format   /u

Unconditional format takes longer, wipes better

The CDRW is probaably a separate issue, where you may need to load in some drivers or to run an install process, since the format wiped out whatever it needed. Look for install disk, or better, check out the manufacturer website for their latest recomendation for your operating system, they may have improvements for it by now. You are right, loose cables often are difficult to detect once you screw it back together. But I think that although you should verify firm connections (you can bump a cable when adding ram), you probably also need some Win98 specific addon for the writer if you have all the drive letters - check device manager for clues? Did bios show it on bootup?
0
 

Author Comment

by:marcus03
ID: 9895624
Hi, thanks for your comments, i will try what you say. If the ribbon was knocked when i added ram i don't see how i was able to boot from the cdrw drive with the recovery cd and completely recover the disk. (there is only one cd drive). Later
0
 
LVL 97

Expert Comment

by:war1
ID: 9897613
Did you try the CDROM fix that I proposed?
0
 
LVL 4

Expert Comment

by:MobileOakAI
ID: 9897635
Possibly it got knocked a little looser after reboot. Got a cat? (fall guy).  It used to be that cases left too little room, such as they could further snag the ribbon either when closing or opening case.
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9899789
ferrets are worse
0
 

Author Comment

by:marcus03
ID: 9914784
I restarted in msdos mode and used FDISK /MBR, which did the trick. The virus was no longer found in memory and the cdrw drive started working properly. So the problem had nothing to do with a loose cable after all.

war1 - no because the os is win98, as i said in my original post.

Thanks mobileoakai and the rest for your input.
0
 
LVL 4

Expert Comment

by:MobileOakAI
ID: 9917433
ThanQ          - glad it worked out for you.
0
 
LVL 4

Expert Comment

by:MobileOakAI
ID: 9917437
:-))       "ferrets are worse "  (chicagoan)
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question