Solved

Format HDD and still virus?!

Posted on 2003-12-07
11
884 Views
Last Modified: 2010-04-11
Hi all

We have an Hp 8660 running win98. Recently Windows could not detect the cdrw drive. Suspecting a virus I scanned the whole system with AVG (yeah i know) and found nothing. So I booted from the recovery cd which worked fine. I formatted the hdd and recovered. At first boot the preinstalled Mcafee (very old) found the welcomB virus in memory. In windows it detects a CDROM drive which works, but not a CDRW drive, as adeptec burning software cannot find a supported cdrw drive. I cannot see how this virus survived the format and recovery or why it causes this problem as on the web it says it is harmless. Maybe the IDD ribbon is loose as the primary and secondary IDE controllers have a code 10. But then how did i recover the thing?

Probably unrelated, the machine had ram upgrades recently.

Any input would be great thx
0
Comment
Question by:marcus03
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 3

Expert Comment

by:Mr_Skinny
ID: 9892199

Info and removal instructions here: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1445

The reason it survived the format is that the virus is memory resident, as explained in this article.
0
 
LVL 97

Expert Comment

by:war1
ID: 9892211
Greetings, marcus03!
   What operating system?  If Windows XP, this is a known problem.  Here is a fix

CD and DVD Restore in Windows XP
http://www.theeldergeek.com/restore_missing_cd_or_dvd_drive.htm


Best wishes, war1
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9892788
welcomB is a boot sector virus

I would:
Wipe the disk with a known uninfected write protected diskette and killdisk or wdclear.

power off

power on and boot from the CD and do a clean install
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 4

Accepted Solution

by:
MobileOakAI earned 100 total points
ID: 9893243
If you boot from CD or bootable system diskette, the partition manager should clean it with command:

FDISK   /MBR

The MBR is make-boot-record, the first sector (that the format did not clean).

Format   /u

Unconditional format takes longer, wipes better

The CDRW is probaably a separate issue, where you may need to load in some drivers or to run an install process, since the format wiped out whatever it needed. Look for install disk, or better, check out the manufacturer website for their latest recomendation for your operating system, they may have improvements for it by now. You are right, loose cables often are difficult to detect once you screw it back together. But I think that although you should verify firm connections (you can bump a cable when adding ram), you probably also need some Win98 specific addon for the writer if you have all the drive letters - check device manager for clues? Did bios show it on bootup?
0
 

Author Comment

by:marcus03
ID: 9895624
Hi, thanks for your comments, i will try what you say. If the ribbon was knocked when i added ram i don't see how i was able to boot from the cdrw drive with the recovery cd and completely recover the disk. (there is only one cd drive). Later
0
 
LVL 97

Expert Comment

by:war1
ID: 9897613
Did you try the CDROM fix that I proposed?
0
 
LVL 4

Expert Comment

by:MobileOakAI
ID: 9897635
Possibly it got knocked a little looser after reboot. Got a cat? (fall guy).  It used to be that cases left too little room, such as they could further snag the ribbon either when closing or opening case.
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9899789
ferrets are worse
0
 

Author Comment

by:marcus03
ID: 9914784
I restarted in msdos mode and used FDISK /MBR, which did the trick. The virus was no longer found in memory and the cdrw drive started working properly. So the problem had nothing to do with a loose cable after all.

war1 - no because the os is win98, as i said in my original post.

Thanks mobileoakai and the rest for your input.
0
 
LVL 4

Expert Comment

by:MobileOakAI
ID: 9917433
ThanQ          - glad it worked out for you.
0
 
LVL 4

Expert Comment

by:MobileOakAI
ID: 9917437
:-))       "ferrets are worse "  (chicagoan)
0

Featured Post

SendBlaster Pro 4 - Bulk Email Sending Software

SendBlaster 4 Pro - Best Bulk Emailing Sending Software
Automatic Subscribe / Unsubscribe Processing
Great for Newsletters & Mass Mailings
Optional HTML & Text Composition
Integration with Google Features
Built in Spam Score Checking
Free Professional Templates - Feature Packed!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question