Help on Bootsector Viruses Eek.b 1

[tasteegroove]

Hello all. I have a Win98 system running Norton Corporate Ediation 7.6 (I believe that's the version.. i don't have the computer with me). The Virus definations are the latest LiveUpdate versions, 2/20-something/03k. When Logging into Windows, i received a message about a virus being found in memory and suggest I reboot and use a Rescue disk. The virus is Eek.b and is also known as Wyx.C . I don't have any Rescue disks for this system that were made before it was infected, so I didn't make any new Rescue disks since this is a bootsector virus and would infect the disks. Anyway, I turned teh computer off for a minute to clear the memory, booted back up and have scanned the drive using a bootable Win98 CDROM with Norton's Navdx.exe (with the latest definiations) and it says it finds the Eek.b virus so I choose to remove it. Now when booting into dos and scanning it no long finds the Eek.b virus, but when logging into windows, Norton still finds the Eek.b aka Wyx.C virus. I performed a full system scan in DOS according to Symantec's Wyx.C removal procedures, but it still registers in windows.
Is there a way to find out if maybe a program is being run during Windows bootup and reinstalls teh virus, or possibly fdisk /mbr would get rid of it? If I did fdisk /mbr, would it cause any problems? Any help would be greatly appreciated.

 

[smah]

Although it's not too clear, according to this information,

http://hq.mcafeeasap.com/dispVirus.asp?virus_k=10444

I would expect there to be something in the autoexec.bat that loads it into memory.

 

[tasteegroove]

Thanks for the link, smah. Unfortunately I don't have McAffee, but it sounds simliar to the Norton NAVDX process I have tried before, doing a NAVDX /BOOT /CLEAN to check and clean the bootsector. This did work, but alas it does detect the virus in Windows again. I'll be sure to check the autoexec.bat for any suspicious executables. On another note, if I did a fdisk /mbr to restore the boot record, would I still be able to boot into Windows? I had heard someone mention to me about doing a SYS to restore the sytem files for Win 98, but I wasn't sure if that'd be necessary...

 

[KimberTech]

Step by step removal instructions are on this page, at Symantec site:

http://www.symantec.com/avcenter/venc/data/eek.b.html

I have also quoted the following from the page:

"Some systems using boot managers or multiple-OS systems that store information in the first track of the hard disk might be irreparable. "

Good luck, and I hope this is not the case for you.
Virus attacks are getting nastier by day.

Kimber

The more I learn,I realize how much more there is to know!

 

[KimberTech]

Sorry to repeat post, but I found other info that was necessary to post here.

1. Versions of the Emergency Disk program that are included in NAV 2000 and earlier may not be able to remove this virus. You need to download the free, updated version of the DOS scanner.
2. Your virus is also known as Wyx.B
3. Make sure if you are using a newer version of NAV and #1. does not apply to you, that you have the latest version of the virus sig files installed before you create the rescue set. You need to do this on an uninfected computer, or just use the dos scanner. There are download instructions on the page link I gave you.

Good Luck! Kimber

The more I learn,I realize how much more there is to know!