Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I have a virus-how much of the HD needs to be wiped

Status
Not open for further replies.
scallosa

scallosa

ISP
Mar 7, 2002
76
US
My PC (Win98) has an insidious virus. The symptoms include shutting down IE whenever it wants. If I go to a free site to perform a virus scan, and it will scan for a few minutes, then IE will take a GPF. It also will not allow me to install McAffee virus protection.
Other times, it will cause Windows to fail with a GPF in WINMX on startup.
The problem started with a download from Kazaa, a bogus mpeg I think. The download was on the E drive (I have 2 physical hardrives, C on one and D, E, F on the other). For the virus to work, I am assuming it must have found its way to the C drive. My questions are,
what kind of a virus is this, and, do I have to wipe out the D, E and F drives as well as the C? That is, could it be hiding on other than the C drive?
Thanks.
 
Sort by date Sort by votes
I saw the earlier thread about a similar situtation, I downloaded Stinger, but the virus killed it in midstream.
It did run once to completion, but subsequent HD scans then died.
 
Upvote 0 Downvote
Can you reboot into safe mode and run stinger through there, then install McAfee in there?
I would also run a good spyware checker (Spybot S&D, Ad-Aware, Bazooka) over the machine as well as antivirus in your case.

John
 
Upvote 0 Downvote
I ran Stinger in safe mode on all hds but found nothing.
Safe mode comes up without CD support, so can't do that.
Still trying to kill the beast so I don't have to clean the hd.
 
Upvote 0 Downvote
Boot into safe mode, load MSConfig and untick all dodgy entries. You may find if you try to run it through standard mode that any malware/virus will stop it running.

John
 
Upvote 0 Downvote
I ran Fprot's DOS virus scanner and it found
c:\windows\bi.dll, a backdoor program.
But the shutdowns and GPFs continued.
So I fdisk'd and formatted, and reinstalled Win98.
And guess what? I am getting similar messages as before!
98 installs up to the point of running Plug and Play.
Then it takes this error:
Error in MsgServ32
MsgServ32 Invalid page Fault in Commctrl.dll.
When I boot to floppy and run c:\windows\win.exe, the message is
VFAT device initialization failed

The only step (that I remember) that varied somewhat was when I first started the process of wiping out the HD was that I booted up WITH CD rom support just before FDISK.

Maybe the worm hiding in the power supply?????
Argh matey and avast.
 
Upvote 0 Downvote
Carr, thank you for the info.
But how can the parasite live after the fdisk?
Or do the problems I'm now encountering relate to something else? Is there anything left of the registry after fdisk and format?
 
Upvote 0 Downvote
There is mention of this infection being able to go to the internet to download information to further complicate things. I have DSL, but an internet connection has to be established before it can communicate, right?
I'm just trying to understand how the symptoms can still be present after wiping everything off the drive. I'm assuming the installation failure of win98 is related.
 
Upvote 0 Downvote
Dont know if this will help but some comments about VFAT problems.

It's too bad you didnt post about the bi file prior to reformatting, but having gone that far, you might want to consider backing up one more step and going to manufacturers site for your harddrive and get the zerofill utility for it, run that and then go forward with the fdisk and other steps. If you happen to have a copy of ghost or drive image, getting an image of your base win98 install might also be helpful to you in case you have to start over again. Also once you get back up with all apps installed and clean of adware problems, another image at that point would be good too.

If your temporary internet files were not on c drive, you probably should find and clear that folder.
 
Upvote 0 Downvote
A DSL is just that. A "dedicated service line."
You are always on and always vulnerable, unless you physically disconnect the line or have you firewall up to spec.

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
And there is always the possibility of memory resident problems. So a power down and reboot is probably a good idea.

Ed Fair
Give the wrong symptoms, get the wrong solutions.
 
Upvote 0 Downvote
Carrr's given you info about the problem. That file just happens to be one of the recognizable symptoms of that issue and there's a chance it could have been fixed without reformatting.

However, starting from where you are now, you've got to get a working reinstall of your operating system and applications going, then in addition to antivirus you also need to do something to try to block the adware. Carrr will have some good suggestions for you on that.
 
Upvote 0 Downvote
one thing that you probably didn't do when you fdisk was "fdisk /MBR" which clears the master boot record of the hdd. Alot of virus's hang there and a normal fdisk will not clear them.
 
Upvote 0 Downvote
I tried to run Killdisk to zero fill, but it choked with the error
"Running under an 80386 (32-bit implmentation) processor returns to real mode for reflected interupts instead of V86 mode"
"Return error code from INT 31 function 202 is:
202 EXP Handler: 11"

Will try the fdisk /MBR when I get home.
Thanks.
 
Upvote 0 Downvote
Took the HD out and replaced it with the slave drive.
Win98 installed successfully.
Thank you all for your help.

Who are the evil fiends who write this malicious software?
Do they get paid to do this? Don't you think that, like pyromaniacs getting an sick thrill from watching a building burn, these terrorists scan the technical bulletin boards
looking for evidence of their malformed technical prowess?
Otherwise, what would be the point? Why go thru the trouble of writing the code, if not to peer into the very souls of beings so beset with the suffering caused by their binary spawn? Like another infamous villain, taking delight in the screams of fury and frustration, as we muddle through this morass that we call internet, turned into a living hell by one who has turned his craft in the service of Pure Evil.

And that's what I think about the whole sorry mess.


 
Upvote 0 Downvote
Who are the evil fiends who write this malicious software?
Click to expand...

Profilers show them as males, under 30, loners, high intelligence, and bored. Of course, there are exceptions. For the most part, they enjoy seeing some else squirm. It gives them a feeling of powers in a world where they feel powerless.

James P. Cottingham

There's no place like 127.0.0.1.
There's no place like 127.0.0.1.
 
Upvote 0 Downvote
2ffat,

Sounds more like you're describing virus writers.
A great deal of the conventional adwares and hijackers are being written by talented misanthropes on company payrolls. There's $$$ in this equation.

"'Tis an ill wind that blows no minds." - Malaclypse the Younger
 
Upvote 0 Downvote
Yup, your right, I wasn't looking carefully enough at which was which. [blush]

James P. Cottingham

There's no place like 127.0.0.1.
There's no place like 127.0.0.1.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
304
Oorde
Oorde
2ffat
  • Locked
  • News
MalwareBytes may have been hacked
Replies
0
Views
179
2ffat
2ffat
shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
269
2ffat
2ffat
2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
244
2ffat
2ffat
ChrisOfOz
  • Locked
  • Question
Lenovo startup problem please any ideas? 2
Replies
10
Views
777
Yoko Littner
Yoko Littner

Part and Inventory Search

Sponsor

Back
Top