+ Reply to Thread
Results 1 to 17 of 17

Thread: virus help

  1. #1
    Member
    Join Date
    Feb 2002
    Posts
    65

    Angry virus help

    i seem to have gotten this blaster worm and nothing seems to get rid of it
    i have used the fix from symantec and also the stinger and from there i just run into shut down problem so i have formatted 2x and immidiately after the format the virus is there again
    when i format do i need to delete the partion and then format the drive ?
    everytime i get rid of the thing it just reappears after a format i always though formatting clears your registry to so if it got in there it should be gone? am i wrong here i did recently flash the bios and update it is it possibble it was in there? i am at a total loss please help ty lol
    p3 450 brillion 128 mb sdram 256 mb sd ram 15 master drive and 40 slave win xp pro

  2. #2
    nuisance since 1968 OuTpaTienT's Avatar
    Join Date
    Oct 2001
    Location
    ɐqɟs
    Posts
    10,458

    Re: virus help

    Originally posted by dezzzi28
    i always though formatting clears your registry to so if it got in there it should be gone?
    That statement leads me to beleive your idea of formatting is not what it should be. A format doesn't do anything to a registry, a format wipes a partition clean! No Windows, no registry, no files, no nothing.

    How, exactly, are you formatting?

  3. #3
    Member
    Join Date
    Feb 2002
    Posts
    65
    i have started from cd and allow it to load it drivers when it asks to install a fresh copy of xp i say yes and i allow it to format the disc then it proceedes to wipe the disk clean and then copies the files it needs to install the o/s then it goes through the regular set up process
    as soon as it finishes i have tried to update right away but then it is there i mean it makes me set up the users and everyting so i am still at a loss i am sure it is formatted????

  4. #4
    Supporting our military Bill in SD, CA's Avatar
    Join Date
    Oct 2002
    Location
    Camelot by the Sea
    Posts
    10,068
    If the virus is on the MBR formatting is not going to get rid of ot.

    Try using the manufacturer's diagnostic disk to write zeroes to the drive or use Killdisk.

    Hardware Links

    Software Links

    Bill

  5. #5
    Member
    Join Date
    Feb 2002
    Posts
    65
    so you figure if i use kill disk on the drive then formatt it and if it is still there then it is on the mb and i need to deal with that case scenario next?

  6. #6
    Supporting our military Bill in SD, CA's Avatar
    Join Date
    Oct 2002
    Location
    Camelot by the Sea
    Posts
    10,068
    The 2 options I suggested will clear out the master boot record (MBR) and return the drive to "factory fresh out of the box" condition.

    Bill

  7. #7
    Member
    Join Date
    Feb 2002
    Posts
    65
    ty bill seems the only option here glad it is all fresh and no need to back anything up i do appriciate ty
    1 question do ya figure i need to do this to me slave drive as well it is new and only used for storage?

  8. #8
    Supporting our military Bill in SD, CA's Avatar
    Join Date
    Oct 2002
    Location
    Camelot by the Sea
    Posts
    10,068
    If the virus is on the slave drive then that would explain it showing back up after your format.

    What I would do is to disconnect the slave first then, after you zero the drive and re-install the OS, insure the virus is gone.

    Afterwards reconnect the slave and you will find out if the slave is the culprit.

    What You Should Know About the Blaster Worm and Its Variants

    Trend Micro Online Virus Scan

    Bill

  9. #9
    Ultimate Member LeftCoast's Avatar
    Join Date
    Sep 2002
    Location
    Tampa
    Posts
    1,948

    Re: Re: virus help

    Originally posted by OuTpaTienT


    ...That statement leads me to beleive your idea of formatting is not what it should be. A format doesn't do anything to a registry, a format wipes a partition clean!...
    That statement,Out, leads me to beleive your idea of formatting is not what it should be.

    A simple format deletes the file system, but leaves the files intact. This is why some viruses/corrupt Win files can and are reinstalled upon the next "fresh" OS install.

    Bill is right about using Killdisk. It writes zeros to the drive, which is usually what the term "wiping the hard drive" refers to. Wiping a drive is also the thing to do if you're going to sell your old computer (or HDD), to keep personal info more secure. Your files are still somewhat recoverable after simply writing zeros(you can go overboard with programs that wipe above-and-beyond DoD standards, but it's overkill unless you work for the NSA, IMAO), but it is more difficult. Kinda like putting "The Club" on your steering wheel. It's a deterrent, but no silver bullet...
    Millions long for immortality who don't know what to do with themselves on a rainy Sunday afternoon.
    Susan Ertz

  10. #10
    nuisance since 1968 OuTpaTienT's Avatar
    Join Date
    Oct 2001
    Location
    ɐqɟs
    Posts
    10,458

    Re: Re: Re: virus help

    Originally posted by LeftCoast

    A simple format deletes the file system, but leaves the files intact. This is why some viruses/corrupt Win files can and are reinstalled upon the next "fresh" OS install.
    Since when? Where are you getting this information? What exactly does "simple format" mean? Never heard of it. There is "format" and there is "quick format". Both of which delete all files from the partition.

    When you partition and format a hard disk, all data on that partition is permanently deleted.
    from here

    also see here

  11. #11
    Ultimate Member LeftCoast's Avatar
    Join Date
    Sep 2002
    Location
    Tampa
    Posts
    1,948

    Re: Re: Re: Re: virus help

    Originally posted by OuTpaTienT


    Since when? Where are you getting this information? What exactly does "simple format" mean? Never heard of it. There is "format" and there is "quick format". Both of which delete all files from the partition.
    Are you serious? Is this the same Microsoft that said Windows ME was an improvement over 98SE?

    I swear, the number one misconception among techs is that formatting actually removes any information...

    Some quotes of interest:

    "Gone is gone!"
    "In most cases this just isn't the fact! Whatever happened to your data - whether files were accidentally deleted, a virus has wiped out the boot record, the drive was formatted or fdisk'ed or even is no longer recognized by the operating system, as long as it wasn't physically overwritten, the data which was on the drive is still there.

    The files just aren't accessible anymore the way they should be. For example, if you delete a file, the file's data is not deleted from the drive, but instead a signature byte is set at the start of the file's file name. This signature byte tells the operating systems that this area can be overwritten by other data next. And that's exactly what happens. The next time you write something to the drive, the new data will be written to the so marked area. But this also means, that as long as nothing new is written to the drive, the data is still there, intact and can therefore be recovered.

    This behavior is also the reason why trying to undelete single deleted files often isn't successful. When you delete a file -and you empty the recycle bin as well- as soon as you notice that you still need the file, chances are that you have done something in the meantime, that has overwritten the data area of the file.

    Even in cases which seem the most radical - when you i.e. have formatted your drive from FAT32 to NTFS- and five minutes later realize that you didn't mean to format THIS drive, all of your files are still there. When you format a FAT32 drive, everything is destroyed (the boot record, the FAT, the root directory) except for the partition table and the data. And that's all you need! As long as the data's still there your files can be reconstructed - very often nearly perfectly. " - http://www.runtime.org/advise.htm


    "With the Restorer2000 Professional data recovery software you can view, undelete and restore deleted files and folders, recover data from formatted, corrupted and damaged NTFS and FAT partitions if your system's hardware is functional and your data was not previously overwritten [Added by LeftCoast:By utilities like Killdisk]. "

    http://recallusa.com/data_recovery.html

    http://www.bitmart.net/

    http://www.dtidata.com/

    http://www.jackboxwebdesign.co.uk/data_recovery.htm

    http://cleartheconfusion.com/data_re...a_recovery.htm

    http://discount-evidence-eliminator...._scavenger.htm

    http://www.binarybiz.com/vlab/windows.php

    http://www.stellarinfo.com/disk-recovery.htm

    http://www.datarecoveryclinic.com/

    http://www.runtime.org/advise.htm

    http://www.pcstats.com/articleview.cfm?articleID=1139

    I'd get you more, but my fingers are getting tired.
    Millions long for immortality who don't know what to do with themselves on a rainy Sunday afternoon.
    Susan Ertz

  12. #12
    nuisance since 1968 OuTpaTienT's Avatar
    Join Date
    Oct 2001
    Location
    ɐqɟs
    Posts
    10,458
    So why are you going through all this effort to explain stuff that most of us know already? I know what happens to files when they are deleted and how to undelete them. What does this have to do with what we are talking about?

    You said:
    A simple format deletes the file system, but leaves the files intact.
    That's not exactly correct. It does not leave the files intact.

    Sure the data is still around (until it gets overwritten) if the disk was not zero'ed out. But so what? Are you saying a worm or virus that was attached to a file that gets deleted could still find it's way out from beyond the grave? That's a new one on me. But anything's possible. Got a link for that? That would be an interesting link that I might actually click on.
    Last edited by OuTpaTienT; May 1st, 2004 at 01:04 PM.

  13. #13
    Ultimate Member LeftCoast's Avatar
    Join Date
    Sep 2002
    Location
    Tampa
    Posts
    1,948
    Originally posted by OuTpaTienT
    So why are going through all this effort to explain stuff that most of us know already. I know what happens to files when they are deleted and how to undelete them. What does this have to do with what we are talking about?

    You said: "A simple format deletes the file system, but leaves the files intact."

    That's wrong. It does not leave the files intact.

    We all know the data is still around if the disk was not zero'ed out. But so what? Are you saying a worm or virus that was attached to a file that gets deleted could still find it's way out from beyond the grave? That's a new one on me. But anything's possible. Got a link for that? That would be an interesting link that I might actually click on.
    As I've said before, the number one misconception among techs is that formatting actually removes any information. What you're missing is that formatting (or simple formatting, as I refer to it, because it really doesn't do bupkis) is very similar to deleting files, in that the files (including virus and corrupt Win files) are still intact, on the HDD, ready to be recovered. How else are all these programs recovering files from a formatted HDD if the files are not intact?

    And yes, I am saying that when you lay a "fresh" OS install over a HDD that's infected/corrupted, it is not uncommon to retain the exact same virus or system problem that motivated you to do the format/reinstall in the first place. If the files are still lurking around on the HDD, it's a short putt to think they might get reused/reinstalled. As to how, your guess is a good as mine, but I know from personal (as well as shared)experience that it does, more often then you'd like. This is why I use Killdisk every time I do a reinstall, so any corrupt files are overwritten, leaving one less thing to worry about.

    Here, again, is a link that many techs should peruse:
    http://www.runtime.org/advise.htm

    "Whatever happened to your data - whether files were accidentally deleted, a virus has wiped out the boot record, the drive was formatted or fdisk'ed or even is no longer recognized by the operating system, as long as it wasn't physically overwritten, the data which was on the drive is still there.

    The files just aren't accessible anymore the way they should be. For example, if you delete a file, the file's data is not deleted from the drive, but instead a signature byte is set at the start of the file's file name. This signature byte tells the operating systems that this area can be overwritten by other data next. And that's exactly what happens. The next time you write something to the drive, the new data will be written to the so marked area. But this also means, that as long as nothing new is written to the drive, the data is still there, intact and can therefore be recovered.

    Even in cases which seem the most radical - when you i.e. have formatted your drive from FAT32 to NTFS- and five minutes later realize that you didn't mean to format THIS drive, all of your files are still there. When you format a FAT32 drive, everything is destroyed (the boot record, the FAT, the root directory) except for the partition table and the data. And that's all you need! As long as the data's still there your files can be reconstructed - very often nearly perfectly. "
    Last edited by LeftCoast; May 1st, 2004 at 02:16 PM.
    Millions long for immortality who don't know what to do with themselves on a rainy Sunday afternoon.
    Susan Ertz

  14. #14
    Banned
    Join Date
    Apr 2004
    Posts
    125
    Well, you are both right - kinda.

    There is no such thing as low level formatting anymore.
    In the old small drive days, before LBA or 48 bit addressing, an x was paced in front of sector addresses during a "simple" format, to tell the harddrive to move on. Now that drives are huge the sectors are just counted starting from zero in arithmetic order. One can eliminate the countup table references (all binary data unchanged), or write all zero's to every sector bit on the HDD.

    Defragging a drive after zeroing out with a drive utility really mixes things up well.

    The prob with virii, is that if they are in MBR bootsector, they are always in the same place no matter what, the very first sector on the HDD. Also in FAT 32, two copies of the FAT table and root directory are kept contiguously in the very next series of clusters. Which is good for backup, but bad news when it is corrupted by virus.

    It would not seem remotely possible a self contained self executing contiguous VBscript virus as a hidden file could be resurrected after all the ones on HDD are overwritten as zero. However, I would not rule out it happening during a "common" format, where the address TABLE is overwritten. There is a coolweb virus SHREDDER (CWS Shredder) you can download from Symantec, which suggests persistence, at least before zeroing out.

    Anyway, for the poster (assuming current O/S installed), I would shut down machine, take out battery, unplug for a few hours (Bios Virus), change RAM (do not reinstall old), zero out the drive, slightly change partition arrangement, format, then immediately defrag. I would also make sure any floppies were not infected, if used, or some program you always load, like winzip or winrar.

    At the risk of posting too long here, the following info is quite good:

    Low-Level Format, Zero-Fill and Diagnostic Utilities
    http://www.pcguide.com/ref/hdd/geom/...ilities-c.html

    Older hard disks required periodic low-level formatting by the system configurator or end-user. To facilitate this, low-level format utilities were created. These are small programs written to control the low-level formatting process for the hard disk. The hard disk controller would normally include one of these programs in a ROM chip in hardware, enabling access to the software without requiring any drives to be running in the system, and thus avoiding a possible "chicken and egg" quandary. In addition, more sophisticated, third-party utilities were available that would perform an LLF and also do other related features such as scanning for bad sectors or analyzing the drive to determine an optimal interleave setting. These would typically be loaded from a floppy disk.

    Low-level formatting an older hard disk could be a rather complicated procedure, particularly for one who was not very familiar with PCs and hard disks. Various factors needed to be taken into account, such as defect mapping and setting the interleave factor. The particular conditions of the drive when formatting were also important: due to the vagaries of stepper-motor actuators, doing an LLF when the drive was very cold or very hot could lead to errors when the drive returned to a more normal temperature. Even the orientation of the drive when it was formatted was an issue.

    As I have said (probably too often, sorry) modern drives do not need to be low-level formatted by the end user, and in fact cannot be LLFed outside the factory due to their precision and complexity. However, it seems that the need to LLF hard disks on the part of users has never gone away. Like some primordial instinct, many PC users seem to have a fundamental desire to LLF their modern disks. Maybe it is built into the genetic code in some way yet undiscovered. In fact, even if it were possible, the vast majority of the time that someone "needs" to LLF a hard disk today, it is not really necessary. Many users jump quickly to wanting to try an "LLF" whenever they have a problem with their hard disk, much the way many jump to re-installing their operating system whenever it gives them trouble.

    Hard drive manufacturers have created for modern drives replacements for the old LLF utilities. They cause some confusion, because they are often still called "low-level format" utilities. The name is incorrect because, again, no utility that a user can run on a PC can LLF a modern drive. A more proper name for this sort of program is a zero-fill and diagnostic utility. This software does work on the drive at a low level, usually including the following functions (and perhaps others):

    * Drive Recognition Test: Lets you test to see if the software can "see" the drive. This is the first step in ensuring that the drive is properly installed and connected.
    * Display Drive Details: Tells you detailed information about the drive, such as its exact model number, firmware revision level, date of manufacture, etc.
    * Test For Errors: Analyzes the entire surface of the hard disk, looking for problem areas (bad sectors) and instructing the integrated drive controller to remap them.
    * Zero-Fill: Wipes off all data on the drive by filling every sector with zeroes. Normally a test for errors (as above) is done at the same time.

    When most users today talk about "low-level formatting" a drive, what they are really talking about is doing a zero-fill. That procedure will restore a functional drive (that is, one that does not have mechanical problems) to the condition it was in when received from the factory. There are occasions when a modern hard disk can become so badly corrupted that the operating system cannot recover it, and a zero-fill can help in this situation. Stubborn boot sector viruses for example can be hard to eradicate without resorting to low-level intervention. Since the zero-fill cleans all programs and data off the drive it will get rid of almost any data-related problem on the drive, such as viruses, corrupted partitions and the like. Just remember that it's a bit like burning down your house to get rid of termites: you lose everything on the drive.

    This type of utility can also be used to "hide" bad sectors by telling the drive to remap them to its collection of spares. Just remember that a drive that continues to "grow" bad sectors over time is one whose reliability is highly suspect. I discuss this matter in more detail here.

    Warning: Only use a low-level zero-fill or diagnostic utility designed for your particular hard disk. You can download one for free from your drive manufacturer's web site. Even though damage probably won't result from using the wrong program, you may lose data and you may also complicate any warranty service you try to have performed on the drive. (Technical support people at "Company X" generally don't like to hear that you used a utility on their drive written by "Company Y".)

    Last edited by websteraaa; May 2nd, 2004 at 05:04 AM.

  15. #15
    nuisance since 1968 OuTpaTienT's Avatar
    Join Date
    Oct 2001
    Location
    ɐqɟs
    Posts
    10,458
    Ok, so someone says: "i always though formatting clears your registry"

    That sounds a little odd to me. So I question exactly how they are doing a format with the purpose of the question to see if they are going about it correctly. I'll admit I shouldn't have used the term "wipes" as that is a specific term usually meaning a deleted files data is overwriten. But regardless, that was not the point. The point was find out if they are going about it correctly then move on from that point and continue helping them.

    What I want to know is how did we go from that to some young-pup over-eager tech trying way too hard to lecture me (broken record) about knowledge that I've known about for some 10+ years. I mean, what's the point? What are you trying to accomplish? Or are you trying to impress someone? Whatever your goal is you're trying WAY too hard. Relax why don't you?

    - - -

    Very decent post websteraaa.

  16. #16
    Ultimate Member LeftCoast's Avatar
    Join Date
    Sep 2002
    Location
    Tampa
    Posts
    1,948
    Quote Originally Posted by OuTpaTienT
    "[b...What I want to know is how did we go from that to some young-pup over-eager tech trying way too hard to lecture me (broken record) about knowledge that I've known about for some 10+ years. I mean, what's the point? What are you trying to accomplish? Or are you trying to impress someone? Whatever your goal is you're trying WAY too hard. Relax why don't you?

    ...Very decent post websteraaa.

    Outpatient, byte me. If you don't want to hear the answer, don't ask the question. And my self-esteem doesn't need any boost from you, sport!

    I had dedicated a total of two unique sentences concerning you on this thread, before you (in a somewhat abrasive tone) "called me out" for proof, inferring my statements were from Pluto, or somewhere else not quite based in reality. It wasn't your use of the word "wipes" that was at issue; it was the entire idea you were conveying, that formatting erases everything on the HDD (The purpose of these threads is to get correct information to the OP so as to resolve their problem, right?). As I've said before, the number one misconception among techs (even those with more than 10+ years experience) is that formatting actually removes any information from the HDD.

    Apparently you liked my response better when it came from websteraaa, but hey, as long as it sticks...

    I'm finished with this thread, unless dezzzi28 has anything else for us.

  17. #17
    Junior Member
    Join Date
    May 2004
    Posts
    2
    WebsterAAA .... re your advice to NOT reinstall RAM .... is this "forever" ... I have 4 PCs that appear to have been hit by a virus where the HD and BIOS are cross-infecting .... I planned to start from scratch with reflashed BIOS' and cleaned HD's (just downloaded killdisk) ..... are you advising I pitch the RAM and buy new? ....

Quick Reply Quick Reply

If you are already a member, please login above.

What is 10 and 5 added together?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Copyright 2014 All Enthusiast, Inc