Please report all spam threads, posts and suspicious members. We receive spam notifications and will take immediate action!
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 26

Thread: Anti-virus software?




  1. #11
    Join Date
    Nov 2002
    Posts
    442

    Default

    I seem to have contracted a Boot Sector virus. I have cleaned one of my hard drives but the drive that used to be my main drive has it still and Win XP doesnt see it as having been formatted. The drive is a 120 gig drive that had about 9 gig of info on it and it is now being labled as a 111 gig drive. I have McAfee Professional AV but i am still unable to get it to read the drive as a formatted drive. It was formatted with FAT32 but is now only able to be formatted under NTFS. Does anyone know how to get the drive to be read and scanned? I have been told to do some wild stuff..everythign from freeze it for 30sec. Tap on the drive spindle head 10 times....this is almost like a case of the hiccoughs!! does anyone know of a software or a procedure to follow to remove this and still save the Data? This is making me pull my hair out!!!

  2. #12
    Join Date
    Nov 2001
    Posts
    4,723

    Default

    A potentially dangerous situation.
    If the virus is present in data you recover from the drive, you run the risk of reinfection - might want to do a thorough risk assessment before proceeding.

    That said;
    It is possible to restore a boot sector. I'm not sure of the exact procedure for Windows XP (the question is, does fdisk /MBR apply to this OS?).

    It may be possible to recover the data whith help of a recovery utility --- such as Disk Investigator, which you can get for free at;
    http://www.theabsolute.net/sware/dskinv.html

    I have used this utility in 9x with great success.
    It reads the data in it's raw form directly from the HDD -- I have actually recovered data 3 weeks after it's deletion in 1 instance, 27 Mb ___ and that's with using the PC normally the whole time.
    (I still have no recollection of ever deleting that darn file???)
    At least that method will be non destructive to the data on the HDD and might be worth a try till another better method is presented.

    Again, if you recover an infected file you could lose what you have going for you now.

    Any info you can supply regarding what virii exactly has struck your PC may help to supply a more pertinent answer.
    The reason a diamond shines so brightly is because it has many facets which reflect light.

  3. #13
    Join Date
    Nov 2001
    Location
    Texas, USA
    Posts
    4,825

    Default

    I'd probably do it the old fashioned way, and yes, the fdisk /mbr command would be highly advisable.

    Start the system with a bootable Win98 floppy disk and start off with the fdsik /mbr command to the drive. From there, you should be able to go into the standard fdisk command and remove all partitions. If you're in NTFS file system right now, then you'll just need to delete the non-DOS partitions and anything else you find in there.

    From here, you should be able to create a partition(s) and format it in whatever floats your boat.
    Old age and treachery will overcome youth and skill
    My Toys

  4. #14
    Join Date
    Nov 2001
    Location
    The Land of OZ!
    Posts
    674

    Default

    FDISK /MBR will work.

    if you want another alternative. boot off the XP CDROM and run the recovery console.

    when you get the command prompt type HELP

    theres 2 commands in there which may help.

    FIXMBR and FIXBOOT..

  5. #15
    Join Date
    Nov 2002
    Posts
    442

    Default

    Hey thanks for the responses! I am going to try out this info and see if it works! I will let you all know what is up thou i am leaving for the holidays and wont be back till after Christmas. I just hope i can get this figured out before i leave so I don't have this sitting on my mind!!

  6. #16
    Join Date
    Nov 2002
    Posts
    442

    Default

    Lets give an update here. The drive in question cold boots to the win 98 safe mood start up screen (thou its never had 98 on it) When i tell the comp to start WIN in safe mode it tells me that these files are missing or corrupted HIMEM.SYS DBLBUFF.SYS IFSHLP.SYS and then asks where the command line interpreter is located. If I boot the comp with the McAfee emerg boot disk i am able to get it to scan the drive but on the 2nd scann pass it always hangs up on a file (dumb me didnt write the name down) could that file be the Virus? Using the Win 98 boot disk it loads and i am able to see, in dos, the files that are still on the drive, but i am unable to get the WINXP disk to run at all. Runing fdisk tells me that the drive is formatted with FAT32. If I run fdisk /mbr will that destroy the data on the HDD? If I remove the DOS partitions and reinstall them is that going to affect the data on the drive in anyway? I am trying to save as much of the data on there as possible. This has been my 1st major nightmare with a comp and i am still learning how to really use DOS( getting a crash course right now). FYI the HDD in question is the WD se 120 gig drive. I know this is a hard situation and i truely appreciate the help that is being given!!!

  7. #17
    Join Date
    Nov 2001
    Location
    Texas, USA
    Posts
    4,825

    Default

    - fdisk /mbr will not destroy data on the hard drive

    - fdisk used to remove a partition will destroy ALL DATA on the partition being removed.

    If you still want the data and are sure that the infection is in the boot sector, then just attach the drive as a slave to retrieve the data and then scrap it and start it fresh. You will, of course, want to run a very thorough scan of all files transferred from the 120GB drive to double check that they are indeed clean. And make sure that you don't execute any files from the corrupted drive until they have been tested as clean.
    Old age and treachery will overcome youth and skill
    My Toys

  8. #18
    Join Date
    Sep 2002
    Posts
    536

    Default



    Here's a blushing one.

  9. #19
    Join Date
    Nov 2002
    Posts
    442

    Default

    I tried to set the drive as a slave and remove the files that i wanted from the drive that way but WinXP doesnt see the drive as having been formatted. It see's the drive as a raw drive and wont let me access the drive in anyway other than to format it(though the drive displays as a 111gig drive). The only way i have been able to look at the files on the WD drive is booting with a safe disk. Any tricks on how to get the comp to read the drive in its correct format FAT32? I don't know if this really is a virus or if the drive has failed in some way. But i do know how to answer the problem once and for all:hammer: but i would like to kinda keep the drive!

  10. #20
    Join Date
    Jul 2002
    Posts
    5

    Default

    Try getting a second HDD from a friend. Setup Win and then attach the second HDD (the one that gives you problems). On Win install Ontrack FixIt utilities or Norton Utilities. With fiel retrieval tools try restoring data. If system recognizes your hdd without problems you wont need them.
    If Neither Norton UT nor Ontrack FixIt cant help it's big chance your hdd is for no use. After trying all you know maybe it's time for a repair-guy to look at it. And the last, if there are no data worth trying for, think on a lowlevel formating the drive.

Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •