A little about my comp:
Windows XP Prof
Cyberpower PC (out of business)
512 MB DDR Ram
AMD Athlon 1800 (1.53 GHz)
40 gig MAXTOR 6LO40J2 hard drive 7200 rpm
T1 Connection


I had made an earlier post but this time the scenario has changed a bit. The free space in my hard drive (or at least what is stated) is not only lower than it should be but it also keeps decreasing. It is currently at 850 mb and going down rapidly. I did a virus scan with Antivir and deleted the files that had viruses. There were four archive files that were also infected but could not be deleted. I have three viruses currently plaguing my computer: worm/klez.e, w32/elkern.c, and one trojan which i believe the scan destroyed. I'm just not sure what i should do. Any help would be great.
Thanx,
k44mudfootball

i do have file sharing with the rest of my boarding school, if that helps at all

I hope the files you have on your hard drive are not real valuable. With the stuff you have there, I would urge starting over. Download the utilities from the hard drive maker or use another utility to zero out the hard drive, probably more than once. This will write zeros to the entire hard drive and let you start over. Make sure you power down for a few minutes after you do this so that the virus can't linger is RAM. Once you have done this, do a clean install of your Windoze and make sure you set up lots of security before going online again. There are some reports that the Klez can infect your BIOS and if this is happened you are probably out of luck. You can replace the BIOS if necessary, but that is a bit more complex.

You can certainly try to save your files and delete what is left of the garbage, but I personally don't believe that will work. Since you are doing file sharing, there is a good chance that everyone that you share with is infected too and they need to run scans as well. Any files that you have saved recently are probably also contaminated and should probably be given up for lost. Try to make the floppies for the zeroing out on a known clean PC and write protect it so it isn't also infected when you start to use it.

Hello K44

Here’s what I wrote to someone else and it applies pretty closely to you too.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
This is where taking backups can be a great help.

You make a backup when the system is working well. Particularly just before installing some software.
You keep two or three backups that leap frog each other so that the oldest becomes the newest.
When you hit a software problem, one option available is to re-format the c: drive and restore a suitable backup.
This way you do not need to rebuild your software from zero and you don’t lose your important data, e-mails, address books, favourites etc.

I read a suggestion that this kind of technique is a good way to eliminate a HDD infection from the files.
The backup must be clean of course.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I read that viruses cannot INFECT BIOS ROM memory, but can only alter the BIOS’s configuration settings.
Then I read that if you have flash upgradeable BIOS, some viruses can alter the contents of this BIOS memory.

If you had a backup and intended to restore it:
Anti-virus software like “AVG” makes a backup of the Master Partition Sector and will repair it.
The above is the “RESTORE” alternative to starting again.
This way you do not lose all your valuables.

Will the music files that i burn onto a cd be completely clean? I realize that i should scan them first but i am just overly worried. This way i could get all my important files out. Also, i need help in figuring out whether my BIOS is infected and ways to fix it. How do I isolate my computer from the network and file sharing. I have disallowed file sharing on all of my folders but I still appear as a network computer with access to my scheduled tasks and printers and faxes. I guess i'm not completely familiar with what the virus i have does so i was confused by you saying that every file that i save is probably infected. Can files carry the virus but not be detected by Antivir?

Thanx much,
K44mudfootball

Data files like “.wav” and “.mp3” cannot be infected, only corrupted, so they’ll almost certainly be ok.
Word documents can be infected though and should be scanned.

Your virus scanner will probably be set to scan [executable] files that can harbour infection.

If you cleaned your system and re-installed Windows and an anti-virus prog and tested and saw no signs of infection then you would be quite reasonable to assume there’s no virus in the BIOS ROM.
To fix BIOS ROM infection, you’d need to flash your BIOS.

It’s possible for viruses to successfully conceal themselves from detection by anti-virus software.
It’s not possible to guarantee detection.

There are apparently circumstances in which MP3 and Wav files can also be infected, it is difficult to know for sure. Any antivirus program you installed on your computer may also have become infected, so the only way to get a good scan is to use an online scan or from write protected floppies that are up to date and made on a known clean system. You can certainly take the risk of backing up your music files and hope that they are clean, but it is a risk and you could end up with more problems in the future. Keep in mind that virus writers intend them to be as mean and nasty as possible and to make them really hard to get rid of, they will not make it easy on you.

As Sylvander said, it is possible for the virus to change your AV software to make it not detect an infected file. While it is true that every file may not be directly infected, the risk remains that they are so it may not be worthwhile to try to save them. It is up to you how much risk you want to deal with.

As for file sharing, if you were file sharing at any time after you were infected there is a good chance that the people you shared with are also infected. Turning off file sharing for the future is good, but you will probably also want a firewall and good antivirus software to avoid reinfection.

Also, when you burn music files onto a CD, you may have burned some virus files with them. I would scan these carefully with a known clean AV scanner or three before trying to open and play any files on these disks.