Planetarion Forums - View Single Post

meglamaniac · 24 Oct 2002, 01:36

Information and actions required to get any further:

a) If the friend can remember, the name of the file(s) concerned.

b) The name of the virus. If the problem keeps reoccuring, then you presumably still have the virus. Scan for it, or allow it to be picked up, and give us the name and as much of a description as possible. Norton has a basic description of each virus it knows in a database - for more detailed information SARC is the place to go.

c) Drive info. Is there more than one physical drive? If so, disconnect the one that's not required to eliminate it as the source (or implicate it, as the case may be). Is there more than one partition on the master drive? If possible format them too.

d) Format method. Do NOT attempt to format in any 'fancy' way. The best way to do it is to get a WinME rescue disk (from another computer for christsake). WinME is the only version of windows which actually produces a useful rescue disk - it contains all the files you need to get a machine up and running - or to destroy a setup as the case may be. To create one, go to Add or Remove Programs in Control Panel and choose the Startup Disk tab.
Boot off the disk and DO NOT select any of the menu options. Read the bottom of the menu screen. It should say something like "Command prompt only: Shift + F5". Whatever the combination is, do it.
Run fdisk (type fdisk at the prompt) and remove all the partitions on the disk (assuming there's nothing on them your mate needs to keep desperately). Exit fdisk and perform a hard reset (either the reset button or power off then on again). Boot off the disk in the same manner as before. Recreate the partition(s) in fdisk. Exit fdisk. Hard reset and boot off the disk again.
Type "format c: /u" at the prompt without the quotes - that will perform an unconditional format - ie. no recovery info is saved.

If you STILL get it after that you are looking at infected installation media or infected additional media (drivers disks, whatever programs you might install, etc), or some kind of BIOS/CMOS resident virus which, I have to admit, I have never heard of in my life. The only way to get a virus into the BIOS/CMOS would be to flash in a modified version of the BIOS itself which is theoretically possible but highly unlikely, and would probably fail if it was attempted while in windows.
Other than that, it's could be down to simple co-incidence - something bit of hardware may just have fked up on him right after he got the virus. As far as I know a "windows protection error" is just ME saying "oh **** something's gone very wrong somewhere and I don't have a clue what it is".

If you follow the format method above, you eliminate anything present on the harddisk - in the logical drive or in the partition table or in the MBR or whatever. If it's still happening, you're either installing the virus when you reinstall the system, the virus is still resident somehow, or it's not a virus and something's just fked up.

24 Oct 2002, 01:36	#11
meglamaniac Born Sinful Join Date: Nov 2000 Location: Loughborough, UK Posts: 4,059	Information and actions required to get any further: a) If the friend can remember, the name of the file(s) concerned. b) The name of the virus. If the problem keeps reoccuring, then you presumably still have the virus. Scan for it, or allow it to be picked up, and give us the name and as much of a description as possible. Norton has a basic description of each virus it knows in a database - for more detailed information SARC is the place to go. c) Drive info. Is there more than one physical drive? If so, disconnect the one that's not required to eliminate it as the source (or implicate it, as the case may be). Is there more than one partition on the master drive? If possible format them too. d) Format method. Do NOT attempt to format in any 'fancy' way. The best way to do it is to get a WinME rescue disk (from another computer for christsake). WinME is the only version of windows which actually produces a useful rescue disk - it contains all the files you need to get a machine up and running - or to destroy a setup as the case may be. To create one, go to Add or Remove Programs in Control Panel and choose the Startup Disk tab. Boot off the disk and DO NOT select any of the menu options. Read the bottom of the menu screen. It should say something like "Command prompt only: Shift + F5". Whatever the combination is, do it. Run fdisk (type fdisk at the prompt) and remove all the partitions on the disk (assuming there's nothing on them your mate needs to keep desperately). Exit fdisk and perform a hard reset (either the reset button or power off then on again). Boot off the disk in the same manner as before. Recreate the partition(s) in fdisk. Exit fdisk. Hard reset and boot off the disk again. Type "format c: /u" at the prompt without the quotes - that will perform an unconditional format - ie. no recovery info is saved. If you STILL get it after that you are looking at infected installation media or infected additional media (drivers disks, whatever programs you might install, etc), or some kind of BIOS/CMOS resident virus which, I have to admit, I have never heard of in my life. The only way to get a virus into the BIOS/CMOS would be to flash in a modified version of the BIOS itself which is theoretically possible but highly unlikely, and would probably fail if it was attempted while in windows. Other than that, it's could be down to simple co-incidence - something bit of hardware may just have fked up on him right after he got the virus. As far as I know a "windows protection error" is just ME saying "oh **** something's gone very wrong somewhere and I don't have a clue what it is". If you follow the format method above, you eliminate anything present on the harddisk - in the logical drive or in the partition table or in the MBR or whatever. If it's still happening, you're either installing the virus when you reinstall the system, the virus is still resident somehow, or it's not a virus and something's just fked up. __________________ Worth dying for. Worth killing for. Worth going to hell for. Amen.