Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
my pc has a mbr virus and after booting from a clean startup disk and doing fdisk /mbr, my pc still has the virus. iv also tried installing different types of antivirus but the virus cannot be detected except on AVG antivirus (it says partition table mbr) but it does nothing to remove it. help on removing the virus and preventing it to reinstall itself will be greatly appreciated! btw if i replace the infected HD with a new HD, is there any chance that the new HD will get infected? tnx in advance
btw if i replace the infected HD with a new HD
If that means you REMOVE the infected HD and plug in another, then NO. You wont infect the new hard disk.
But if u mean connecting the infected HD as slave and another as master, then YES. There are strong chances that you will end up with the virus on both hard disks.
I dont know if this would help, but have you tried a sys C: from a start up disk?
Good Luck and Happy Computing,
Kailas Shastry,
India.
0 
0
AAAARRGGH
Just wrote a lengthy reply then IE crashed just before I sent it...
Will endeavour to respond v soon (will write it in notepad n copy n paste - easier n safer)
Watch this space...
0
Ahh, back at last.
You have to trace the virus first.
Find its name (you could visit AV sites, go thro' their databases in search of mbr virus names and search for them on your hard drive.
Delete them then press "Control,Alt and Delete", if the processes are running then shut them down (if you dont then they will prob write themselves back to the hard drive and system-boot records/reg from memory at shutdown).
Reboot with floppy, Fdisk/mbr, then reboot.
check with AVG again.Also check within this key:-
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"
see if there is a dodgy value in there (always back-up reg 1st).Try going to "Startbar" then "run", type "msinfo32", go to "tools", "System Configuration Utility", then
"startup", have a looksee...Had the same prob years ago, virus started corrupting files from end of drive, slowly working to front, resulting in user files (ie docs, pics, etc.) being corrupted before system files. Sorry, cant remember name tho'. (will search all my info tho'.)
You could also try McAfee's free online scan - "FreeScan" - registering costs nowt!
Good luck and let us all know...
Phil
0
ok i tried a new HD(borrowed a clean one from a friend) as primary and unplugged the infected HD, i did a clean boot from a startup disk, made new partitions, formatted, fdisk /mbr and started to install stuff from scratch but for some strange reason the new HD i plugged-in was getting the same symptoms(installation errors, corrupted and missing files) just like the infected HD. it also came to a point were the registry got messed up by the virus itslf. what im wondering is if theres such a virus that infects the 64M memory module or is it just HardDisks that gets infected? did a search here and found a reply that says...
____________________________________________"I had the same problem just recently. I used both Norton and McAfee to scan and they found nothing. I have 2 drives, I fdisk/mbr both drives, and it still happened. Finally, I took my computer apart and re installed the memory modules one by one (I had 3) I finally found the problem by removing a 64M memory module."
____________________________________________==> does the 64m memory module get infected in any way? iv tried a clean HD but after using it in my cpu it seems to have gotten the virus itslf!
____________________________________________
error i get ==> internet explorer then crashes during mcafee freescanIEXPLORE caused an invalid page fault in
module <unknown> at 0000:5ad699e3.
Registers:
EAX=0058a1dc CS=0187 EIP=5ad699e3 EFLGS=00010246
EBX=0058a264 SS=018f ESP=0058a1c0 EBP=0058a220
ECX=0157b960 DS=018f ESI=03c74fa4 FS=35bf
EDX=0058a24c ES=018f EDI=0058a26c GS=0000
Bytes at CS:EIP:
0
the virus also corrupts downloaded files (including zip archives) and most installations are interrupted. avg bootup scan doesnt detect any virus during startup nor does any other virus scanner and only avg detects something in win98 quick scan ==> it says PARTITION TABLE, MBR
0
avant! scan result. it doesnt seem to detect the virus
3/2/04, 7:38:32 PM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (1.1s).
----------
Files scanning started...
No virus body found.
Files scanning finished (7031 files, 0 infected, 215.0s).
Drives scanned: C: D:
----------
0
Have you done any research into BIOS viri (or viruses - for those who cant smell, I mean spell right, I mean use correct grammar - lol.
Perhaps your Bios is faulty even.
Have you also got the latest Bios version and the flash tool to use.
If flashing your BIOS ALWAYS & I mean ALWAYS back up the old version first (otherwise, if summin goes wrong you might as well throw away the mo'bo)I was just about to put an 80Gig HD into my older PC, good thing I didnt, it only supported up to 64Gb till I flashed BIOS with latest ver...
Good luck.
Phil
0
One more thing that may be an oversight.
Have you done a virus scan on the floppy?
Sounds daft but you could have overlooked this. Its easy to do when faced with a beige box not doing what you want it to...
Must admit tho', does sound like mem prob.
Perhaps its a rogue mo'bo on the way out...PS mem modules cannot have resident virus probs, every time the PC is powered down the mem loses all data, every time the PC is powered up the mem is clean n empty till the pc starts loading stuff into it from first the BIOS (not always true), next the hard drive, then windows.
Try using a different mem stick & also check BIOS settings - esp CAS Latency
Regards,
Phil.
0
yes iv scanned all floppy disks w/ different types of updated AV software. perhaps somethings wrong with the memory itslf since zero mbr/br viruses have been found. i might let a comp technician have a look at my hardware before anything else. keep me posted on ur tips and suggestions. tnx n advance
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
