Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Virus on HDD preventing Boot up; How to use A-V software? 2

Status
Not open for further replies.
1Apostle

1Apostle

Technical User
Aug 2, 2003
2
US
How are Viruses fixed or removed properly to clean a HD using a floppy and cdrom drive when you can't boot to the OS?

We know there is a virus (Empire.Monkey.C (b) virus) because of Norton's Diagnostics. But, it will not clean it from the infected area of the master boot record because the OS Win 98 will not load. The A-V software won't run in DOS mode. I, used a Win 98 Startup bootable floppy and Norton's Anti-virus CD to get the command prompt to run using cdrom. From here, I was able to do a diagnotic on the HD, but not "Fix" "Repair", or "Remove" the virus!

Doing a reinstall overtop of the infected OS is not a good call. The virus has to be removed first, than, if there is no success booting do a reinstall. The files have to be saved in the process. Which mean, no FORMATING the HD at this level. I need to know how to use the software at this stage.

Seeking an answer soon as I am working on a system with this problem now.
 
Sort by date Sort by votes
Sounds like you have already used /mbr on the bootstrap and removed the access to the moved partition table and since the table isn't where it shoud be for the new bootstrap you can't find the partition parameters.

I would suggest putting it on another machine as a second drive and see if AV software can remove it from there.
Or
one of the AV packages that works from a floppy DOS boot.

Ed Fair
Any advice I give is my best judgement based on my interpretation of the facts you supply. Help increase my knowledge by providing some feedback, good or bad, on any advice I have given.
 
Upvote 0 Downvote
Edfair...

I believe I heard you refer, in another unrelated thread,to a "Write All Zero's To Disc" program...(as it happens to be called on one of my Restoration CD's......

Do you think this option would be appropriate here?.....Obviously all data will be lost when implemented....

Ahh.....forget it.....I just realized that "1apostle" said the files need to be saved.....

Well then,..what if they didn't need to be saved....?
 
Upvote 0 Downvote
The zero fill, low level format, or zap, whatever you call it it the only way to wipe out some stuff that can prevent your being able to use the drive.

But it does a good job of making all the data go away.

I think that a fdisk will make the drive accessable and a program like "getdataback" would recover the FAT but would hesitate to suggest it until I proved it on a testbed. I would do it on one of mine except I've wasted too much time in the last week on something else and need to do some real work.

Ed Fair
Any advice I give is my best judgement based on my interpretation of the facts you supply. Help increase my knowledge by providing some feedback, good or bad, on any advice I have given.
 
Upvote 0 Downvote
Norton AV 2003 will bot from the cd and use the included av definitions to scan the hard drive, Have you tried this method? I know you said booted from floppy,but norton is also a bootable cd.
Rich
 
Upvote 0 Downvote
thanksedfair

Hope you get some work done...as I too have the same dilemma..

TT4U
 
Upvote 0 Downvote
if you can install the drive as a second drive in your computer then you can scan it with NAV. OR if you can add it to another computer as a second drive. If this second computer is on the network, you can map it to a drive letter on the first computer ( which would have NAV plus the latest updates installed) and scan the mapped drive.
 
Upvote 0 Downvote
Only in order to avoid confusion(as I had upon two readings of it)......and for clarification to anyone who may read this later(and it sounds like good advice also)....

Shouldn't your statement;
If this second computer is on the network, you can map it to a drive letter on the first computer ( which would have NAV plus the latest updates installed) and scan the mapped drive.

Read lik this;
If this second computer is on the network ( which would have NAV plus the latest updates installed), you can map it to a drive letter on the first computer and scan the mapped drive.

No criticism intended
sincerely
TT4U
 
Upvote 0 Downvote
Every input has served to open up understanding on this situation, and lead me in the right direction. So far, I have used the input of edfair, TekTippy4u, and rclark250; because, the closeness of their instructions to solve this delema.
For my sake, to get a clearer picture of the situation, better wording is required in some of the processes which are not fully expounded upon in my earlier Posting. This is an OJT training courses, because you won't find it in the text book, Boys. And, I still have alot to learn!

Example: I am in a customers home, they have only one computer system, and no network is set up; except the internet. This is not obtainable until after his computer loads the OS. Consequently, the system is a dual-boot system (win98 on one partition & win2k on another). Neither partition will boot when it is made the "Active Partition".

To tell you the truth, I simple tooted the HD back to the shop and ran a virus cleaning program from one of the other system's HD. But, I have to find the files to copy onto a floppy to use as a back up to the CD in this situation in the future. Thank all for your input. (Time is Money. Spent it wisely.)
 
Upvote 0 Downvote
Dual boot changes everything. Or at least it can change everything, depending on how it is done.
And assuming that you get it clean, reestablishing dual boot can be a bear.

Don't feel bad not knowing everything. We don't either. And as soon as we do, they change something.

Ed Fair
Any advice I give is my best judgement based on my interpretation of the facts you supply. Help increase my knowledge by providing some feedback, good or bad, on any advice I have given.
 
Upvote 0 Downvote
I would be very careful about the "Fdisk /mbr" command in 98 or "Fixmbr" from DISKPART. in Recovery Console of win2k....
using these tools to rewrite the mbr, assumes the drive was partitioned with the same tools......not 3rd party software.....
(such as Disk Manager, EZ-Drive, MaxBlast, Data Lifeguard Tools, or similar)


Fdisk /mbr commands are "supposed" to rewrite the boot record code, "leaving" the partition tables "intact"........
BUT...only if the above 3rd party stuff is NOT true .......These 3rd party programs use a modified MBR to access the disk.....
AND/OR the

Fdisk will overwrite the partition tables "IF" the two signature bytes at the end of sector (55AAh) are DAMAGED....
NOT BOOTING is a sign that these signature bytes WERE DAMAGED.....and the system would act as if there were no partitions at all....

Is there some way to transfer all the files directly over to another drive which has up-to-date AV software.......I don't know myself....but someone does.....

Good luck
TT4U
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

gamer87
  • Locked
  • Question
Doubt hdd impact
Replies
5
Views
803
Rick998
Rick998
gamer87
  • Locked
  • Question
doubt quicktest hdd
Replies
1
Views
3K
Rick998
Rick998
gamer87
  • Locked
  • Question
doubt sponge enclosure case hdd
Replies
8
Views
752
gamer87
gamer87
gamer87
  • Locked
  • Question
firmware bios and smart hdd
Replies
0
Views
1K
gamer87
gamer87
spiegela
  • Locked
  • Question
Unallocated space on hard/ssd Drive
Replies
3
Views
350
spiegela
spiegela

Part and Inventory Search

Sponsor

Back
Top