A horrible virus wont let me reformat.

I just recived a computer from a friend that is infected with somthing ive never delt with before. He told me that it was ok if i just erased everything and started over so i assumed it would be an easy fix.

Its an HP computer so there should be a partitioned area on the HD that contians the original XP properties. Unfortunately all applications are blocked by the administrator... System restore is a no go... i cant affect user logins... i even have a back up cd of XP home that i was gonna use on bootup to restore.

When i try to access anything outside of a normal startup the computer shutsdown....

the default f10 system restore function at startup is somehow disabled... when i use my XP home disc to repair it shuts the computer down... when i try to use bios options it shuts the computer down. The virus shuts the computer down if you do anything other than let it start up into its distroyed state.

I cant think of anything else to do.... other than by a new HD. i know it would be cheap less than 80$ for sure.

Anyone got any ideas before i break it in half?

Yep, pull the drive, put it in a working machine, and format the sukka. Just do not even open ANYTHING on it. Just put it in, and format it using NTFS. Once you do that, replace into other computer, load your XP cd, press any key at the prompt, and boot from it into Windows setup. Good to go. Of course you may want to spend some time before that getting device drivers off the net for the motherboard. And also of course you will need the Product ID key for XP, which many times will be on the outer casing, look for it. Good luck.

That is little strange.

If the computer acts that way even before reading the operating system from the disk (it only reads the boot sector after the initial tests and the screen that says "Press xx to enter setup" and other messages like that) then it means that what is blocking the computer from acting as it should is BIOS, not the disk.

To be sure, you can try to unplug the power from the disk and see if the computer behaves in the same way (according to what you said it should do the same).

If it does then the problem is really in the BIOS. I think that there are some virus that affect the BIOS, but I do not really remember anything more about them.

Yeah do what ArMaP says before you even consider trying to plug that HD into another computer.

BIOS worms are horrible, that is one of the worst things that can possibly happen to a computer.

Unlikely. I have never once seen a BIOS so overcome with a virus that you couldn't pull the drive and do as I suggested, because while the MBR on the disk can be affected, and therefore generate BIOS errors, it is very unlikely it wiped out the entire BIOS. And if you do what Arp suggested, which might be a good idea, and the BIOS doesn't come up without a drive in it, usually there is a jumper on the MB which will allow a complete resetting of the BIOS read from a PROM that will definitely cure the problem. But then of course you will need the diagram for the MB to identify that jumper, if it has one. Most provide that feature in some form, and it may be a good idea regardless of any of all this to do that, just in case.

reply to post by TrueAmerican



As a ex-hacker, I've had a virus reboot my computer, go past BIOS, run a .COM file, password my bios and secure it to hard drive boot only.

I've personally designed viruses that can do the same thing, and if there is a Jumper Free OC setting, set the JFOC to manual at the highest available setting and fry CPUs and RAM.

Perhaps if nothing else works perform a low level format on the drive. Check out the HDD manufacturer's website for diagrams and the program from which you can make a boot disc to perform the format. This goes far deeper than formatting via the OS and should essentially reset the drive, restoring to "like new".

Best of luck.

reply to post by Revolution-2012


Well, maybe so, but you CANNOT override the factory installed default BIOS load, because it is etched in ROM. The suggestion to find that jumper will cure even your problem, assuming of course it did not fry his CPU or RAM, which it most likely didn't if the thing is even booting to BIOS to begin with.

And jeez, glad you are a reformed hacker... *cough* Why would you ever want to do that to someone? Are you, or were you, evil? Or were you playing "I can kill it better" with the script kiddies?

:shk:

Find the bios battery and remove it. this will alllow bios to restore to default. Good luck

reply to post by Wertdagf


The only virus I remember that was a bios affecting virus was Melissa. But that only affected certain bios'. I believe it was Ami or Phoenix bios.

HP uses Award I think so I would 1st check to see what flavor of bios it runs, and then do a search on google to see if there are any viruses that can infect that version of your bios.

Whatever you do 'DO NOT' put the hard drive into another working computer. That is the worst advice anyone can give. Because if it is infected then you run the risk of infecting the other computer.

Find the problem by unplugging the HD, then go into the bios set it to read the CD drive 1st and save the settings.

Once you have done that plug the drive in again and try your xp cd.

Originally posted by gonzo610
Whatever you do 'DO NOT' put the hard drive into another working computer. That is the worst advice anyone can give. Because if it is infected then you run the risk of infecting the other computer.

Nah, run on another working computer, as a slave drive it only loads the FAT into memory. You would have to run something on it first, because none of the files stored on the infected drive will be loaded into memory by themselves, just their locations according to the FAT. That's why I was clear with the instructions. Done it many many times. Never had a problem when done the way I described. If it was the worst advice anyone could give, I wouldn't be giving it. Been at this since 1990 and build my own machines, and fix them for many clients. But ok, I'm out, said my piece, overruled and beaten by the script kiddies once again. Good luck OP.

edit: if the MBR on the drive were infected, it might be possible. But I've still never seen an infected drive be able to do that booting as a mere slave drive, and just from booting alone.

[edit on Thu Jan 22nd 2009 by TrueAmerican]

The drive becomes read the second the computer starts. It checks all the drives at first boot up. Hence the reason not to do it.

All I can say is your lucky you haven't had the issue yet. I've seen it 1st hand myself, and I've done this since 1988 professionally, and as a novice since the Commodore 64 era.

reply to post by TrueAmerican


^_^

I think this will answer your question.

Got Root?

=)

Ehhhh, I've done a fair share of reverse engineering activities

Yeah, most motherboards have a Jumper on them, depending on the manufacturer. Not all OEM (Dell does I know that) motherboards have jumpers though, so if they don't you're kind of screwed.

You can't actually change the BIOS, but you can write some interesting C++ programs that will F it up so you can't access it. Something I've never done

Yeah you could say I was evil. Heh....... But good to! I made a VB program that loaded a rootkit instantly and it had like pictures of gay men I went into yahoo chatroom, and found a bunch of pedophiles and hacked their computers.

I found one that was on a .EDU NETWORK!! me and my buddy Phil who led me into the H4xx0R ways sent emails to the network and they did nothing about it.

My favorite one, was hacking into people, creating a txt document in edit, and saving it as smells, and inside of it it'd say fishy.

Its a laptop...... Lol that would have been important. Sorry i forgot to say it earlier.

I know nothing about laptop stuff.

Theres no way for me to veiw hardware once the XP is up because everything is blocked. When i try to start in safemode it generates an error and sets it to restart in 30 seconds. i can reach system restore before the timer reaches zero, but it shutsdown.

When i use the boot cd it gets to the part where i can veiw the partitions but then shuts down.

I have no idea how to remove the HD from a laptop, but i know best buy will install any component you buy for a small charge. then i could just reload Xp with my disc.

Is there any way i could use another laptop's USB port to acess the Infected laptops HD and format it from there?

Originally posted by Wertdagf
Its a laptop...... Lol that would have been important. Sorry i forgot to say it earlier.

I know nothing about laptop stuff.

Theres no way for me to veiw hardware once the XP is up because everything is blocked. When i try to start in safemode it generates an error and sets it to restart in 30 seconds. i can reach system restore before the timer reaches zero, but it shutsdown.

When i use the boot cd it gets to the part where i can veiw the partitions but then shuts down.

I have no idea how to remove the HD from a laptop, but i know best buy will install any component you buy for a small charge. then i could just reload Xp with my disc.

Is there any way i could use another laptop's USB port to acess the Infected laptops HD and format it from there?

Usually the hard drive is on one of the sides. If you look at the bottom of the laptop they will probably have a picture that looks like a cylinder with some platters next to it. There will be, at least, 1 screw possibly 2 that you need to unscrew.
Once you get it out you should be able to get into the bios and move around.

Honestly I don't think you have a bios virus because the last one, that I remember, was melissa and that remover has been out for 10+ years.

But if you get as far as I said above and can get into the bios change it, in the boot option, to boot to CD first.
BTW you may have a bad XP install disk as well. But you can always drop to a command prompt and type 'Fdisk/fixmbr' and if it's a boot sector virus it may remove it from the boot menu temporarily.

By the way turn off system restore as your working on the computer to remove the virus. Because if it infects system restore, most do, it will just keep coming back.

Go to Majorgeeks.com and download Hijackthis, all 1 word, and send me the text output and I'll check the log for your nasty bugger.

Even if i was able to download something i wouldnt be able to start the application. I have spybotS&D i have ad-aware. Once the virus hit nothing of use to remove the virus would work. I will for sure try the fix master boot record thing from command prompt....

Hijackthis can sometimes run it's not a fully installed program. So it can run when others can't. I'd try it and see if it works.

There are IDE or SATA to USB adapters that you can use to transform internal drives into external drives.

I don't think a virus can do anything if the drive were used as an external drive. You wouldn't really be executing anything, just reading it. Correct me if I'm wrong.

You would just boot up a different computer, and then attach the infected laptop drive through a USB adapter. Then format it through the USB cable.

Troy

A boot sector virus will autorun when the drive is accessed.

But you can format the drive if you want without having to do all this.

Download Ultimate boot cd at.
www.ultimatebootcd.com...

make the cd and run it. It will give you the tools you want to format the drive and only runs off the cd.

I don't understand?

Insert Windows CD, then format using that? Don't try and repair it?

[edit on 23/1/2009 by C0bzz]