Hello all! I'm in a bit of trouble with my PC; I could write pages and pages describing the error codes and what I've done, etc, but I'll keep this short for now [the effects are numerous and varied, but all similarly distressing].

I have a 933MHz PC running [or, that /was/ running] Win 98 SE.

My computer is acting very erratically, starting from about 2 weeks ago. Its behaviour is as if there's a really nasty virus in it. The most obvious symptoms are that
1] my CD-drive would spin (as if seeking for a new disc) sometimes at random times, sometimes after I do something [such as "dir" or enter into a website], and sometimes before it crashes my system.
2] The malicious effects on my computer that often become obvious when my CD-ROM drive spins.

It all started about 2 or 3 weeks ago. I left my PC overnight, downloading something from Morpheus. When I woke up, Morpheus had crashed. Programs seemed peculiar and generally unstable [ie, blank buttons would show up, icons upon my desktop would take a longer time to show up than usual at bootup, etc], and within that same day, the PC crashed. I restarted, ran Norton Antivirus, and my PC locked up as it checked my boot sectors. I restarted. After Scandisk finished running, my PC shut off, automatically. Hm.

It did this again and again.

Distressed, I wanted to salvage some TXT files off the hard disk, so I booted from an EBDisk created nearly a year ago. Whenever the CD-Drive spun, the files I read into EDIT.COM displayed as half or all garbage.

The CD-Drive would sometimes spin even *as my PC booted up from the disk drive*!! I realized that more than half of my Program Files folder had disappeared.. just like that. One time in DOS, I couldn't cd to a directory that showed up. Very erratic behaviour.

For the heck of it, I tried booting into Win98 again. I managed to get in, but everything was in either 16 or 256 colours [and this wasn't safe mode], most of the application icons were generic EXE icons, etc. Later on, I'd find out that Win98 also looked different -- ie, folders would look different.

So, I booted once again from the EBD, deleted all partitioned, repartitioned, and formatted; then I tried to install Win98. I got it running... for about 10 minutes. Then a crash, and then in restarting, a DOS-like screen told me that important files were missing, and it couldn't load Windows.

I unplugged my PC, and left it off for a few days. I should note that unplugging my PC for a while seemed to have the effect of keeping the CD-Drive quiet and the "virus dormant" for perhaps 10-60 minutes, where it would start again.

It seemed to be virus free, so I repartitioned, reinstalled Win98; eventually [after a day], though, it came back.

I then booted up from an MS-DOS disk I created the next day from a separate computer.

Viral activity still at boot up and the MS-DOS session, still.

I'm being kicked off this public library computer, but I should say quickly that I zero-filled my HD, flashed my BIOS, and it's still there!

Thanx for reading this huge post! Is there anything any of y'all can do for me? Thank you!

http://www.PCGuide.com/ubb/frown.gif

It seems that you have done everything right for a virus, but I don't think you are facing a viral infection (or not just a virus/worm/malware)...

Have you tried clearing out the hard drive with the CD disconnected (both power and IDE cables)?

Or just running the machine for a while wtih th CD unplugged?

I think one of you problems is power related, either the power supply or the CD drive itself is having power problems...

Are you overclocking?

Some of what you describe are symptoms of the PCI bus not running a spec speed...like too fast. Data corruption is very common when not running at spec speed.

------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

I'm mostly stumped, but one thing stands out:

Whenever the CD-Drive spun, the files I read into EDIT.COM displayed as half or all garbage.

Same thing my hard drive did when the cable suddenly decided to go flaky. The only suggestion I have at the monent is try a new CD ROM ribbon cable, possibly a hard drive cable too, but it sounds like mostly CD ROM.

Like mjc I don't think it really sounds like a virus, some of the symptoms are very questionable, but it shouldn't be still acting like a virus after repartitioning, zero-fill, formatting and reinstalling Windows, unless you used a Start Up disk that was infected from the same machine. Any virus or trojan should be gone after all that.

It originally sounded more like trojan (backdoor) than anything else, most of the same problems can be caused by someone with remote access and malicious intent, but again after repartitioning etc that should be gone too. An old favorite of "script kiddies" is making the CD ROM open and close, spin up at random and things of that nature just to be annoying...

------------------
If your nose runs and your feet smell...
You're built upside down!
Note: Please post your questions on the forums, not in my email.

Computer Information Links (http://www.dreamwater.com/paleopete/computer.htm) has been moved, please update your bookmarks.

hmmmm that's about it I think.

either the cable, or possibly the bootdisk was not LOCKED, and it too 'caught the virus", and if you didn't fdisk /mbr before it got infected............

I was working on a P-III tonight same thing happened.

I made sure to have a known good bootdisk which also had delpart- (a simple search on google can obtain it for free)- reason I used it was because the virus had rewritten the hdd Volume name to characters which I didn't know from character map.

even though my EBD was locked, I ran fdisk /mbr, then did everything else- I'm sure someone will explain to me that this was somehow redundant but it worked.

http://www.PCGuide.com/ubb/wink.gif



------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/index.html)

Y'all are really capital! Thanks for replying so promptly, all of you!

I've been doing a /small/ amount of browsing at the other forums... I wish IPC had such dedicated engineers as Stephen2's computer company has! Anyhow, I'm glad to see that other ppl have gotten help [and comfort] to really worrying problems, just as I'm getting.

mjc, I'm in fact not overclocking. As for the PCI bus speed [which, I must admit, I don't know what is], I haven't changed any CMOS etc settings before the problem happened. My PC is about a year and a month old, and hasn't displayed any problem this bad.

Could something power related/bus-speed related/cable related or anything similarly hardware related happen just like that?

Paleo Pete, as for the garbage appearing on my screen, it actually would appear as I read files *from the hard disk*.

sea69, what do you mean by my cable being locked?

I think I will perhaps try running my computer unplugged... but I'd have to talk it over with IPC first. I haven't ever opened a PC before; I wouldn't know where to start, and I may void my warantee.


What interested me most about what you all said was that it wasn't a virus. But, could it be? I mean -- especially the symptoms before zero-filling -- the symptoms seemed very... virus-like. For instance, the turning off of the computer right after scandisk ran, the deletion of files from my hard disk, etc.

And even afterwards: the change in appearance of how an opened folder in Win98 would look [ie, the little pictures and directories and colours, etc]. And, afterwards, too, booting into Windows was sometimes weird: it'd crash as I was in it. Off-on. Then, as I boot in, various errors could occur, such as files needed were missing. Off-on. Then, perhaps it almost got into Windows, but would lock up. Off-on. Then, finally, would go into Windows, until it crashed again.

This multi-boot-until-successful-reboot happened quite often.

Which made me think: is it possible for a virus to infect firmware of the hard disk or CD drive?

So my main question asks: what made you think it's not a virus [or malicious code]? If it's not, how does it explain the symptoms?

I maybe also should mention that my hard drive light flashes briefly when the CD drive starts to spin.

I'm a little hesitant to babble on like this about my problem, but I'm trying to get as much info as possible. IPC isn't exactly being supportive.. I'm thinking maybe I'll give them some places to look. I have to spend 50 to who-know's-how-much money just to ship it there! And if it's 'viral', the warantee doesn't cover that. So, if I can convince and show them that it isn't....

Furthermore, the problem isn't consistant, either. It takes awhile for it to show up, but when it does, many things can happen. So, it isn't obvious whether or not it's solved... which may make them ship it back without fixing the problem.

Thanks for reading all of this -- and for already replying! I look forward to your replies! :-)

oops -- I meant

"CD-ROM drive unplugged" and not "computer unplugged"

I thought I recorded on paper a blue screen error concerning the CD drive... I hope you don't mind me sharing two other errors I got in the past, both upon bootup.

===
Warning: the system configration manager failed to run. Some of your real-mode drivers may not initialize properly.
[3 does like lines, such as c:\set stsyn=c:\windows.]
Bad command or file name
Cannot execute c:\progra~1\norton~1\navdx.exe
batch file missing
Cannot find WIN.COM, unable to continue loading Windows.
===
While initializing device IOS:
Error: An I/O subsystem driver failed to load.
Either a file in the .\iosys sybdirectorey is corrupt, or the system is low on memory.
===

Interesting, yes? However, for both times, the computer eventually did load into Windows after enough Off-Ons.

after repartitioning, zero-fill, formatting and reinstalling Windows, unless you used a Start Up disk that was infected from the same machine. Any virus or trojan should be gone after all that.

If I don't ask I won't learn http://www.PCGuide.com/ubb/tongue.gif (bold lettering inserted by me) what does this mean and how is it done?

------------------
Ernie

http://www.pcguide.com/ref/hdd/geom/formatUtilities-c.html
This explains it in more detail.

Basically, I was told [from other sources than above] that formatting your hard disk doesn't actually get rid of the data, it just gets rid of the /pathways/ leading to the data. That is, it gets rid of the yellow brick road leading to Oz, but not Oz itself. This is why there are utilities that _unformat_.

Zero-filling basically fills the entire hard disk with zeros -- so, it's really truly clean.

This is as much as I understand, ErnieK. Maybe someone else can give a more detailed response!

Thanks Silpheed
I have saved the page and will read later

------------------
Ernie
Ps. second question. Is this the same as running the likes of PGP over the empty part of the HD? (Like encrypting emtpy spaces)

[This message has been edited by ErnieK (edited 05-01-2002).]

*sad face* I was hoping that someone else would reply, thus showing that people are still reading this thread! Ah, well; I suppose that there are so many other threads [I'm trying not to complain, can you tell? ;-)]

Uhm; I'm not sure what you mean by 'encrypting encrypting empty spaces', Ernie. Zero-filling wipes /everything/ with zeros -- that is, it wipes out ALL data from the hard drive. There is no data left -- it's like wiping the blackboard down with soap and water -- NOTHING is left behind.

There ain't really anything left to.. well, encrypt, after zero-filling. Zero-filling just erases completely the hard drive....

hope that helped you, Ernie. Please explain yourself if I didn't!

As for everyone else... *semi- humble puppy dog face* please help me with my question I posted just before Ernie came on! Unfortunately, the people at IPC are.. well, they're not exactly keeping my faith up in them.. but I'm patiently waiting. Kindof.

I sure don't know what's up, but it's very unnerving.. especially when I have 2 ISUs due in about a month! [I'll quiet, now: enough of the sob stories...!]

Thanks, all!

PS. I'll toss in another symptom: if I reboot softly [with the reboot button, I mean] after a crash after the CD-ROM spins, then the CD-ROM might spin during bootup. Lately [ie after flashing my BIOS for the second time], it doesn't spin during bootup -- but I goofed, and the last time I used my PC, I reset softly, and it did spin.

Now, why would it do that...? Interesting... .

Have you tried an online virus scanner such as House Call. Just a thought. Otherwise I'm not much help. Good Luck

candrews

silpheed_tandy : We're still reading it...lol!..probably most are like me and have no clue. Did you try changing the actual ribbon cable to the CDRom as recommended above? Did you find out about warranty info that you mentioned above? Obviously if going into the puter violates your warranty, you may have no choice about waiting for their tech support. Three of our best people have checked in above in this post..and you're not gonna get better advice. I certainly don't fit in their category, but I don't see how a virus could survive a complete rewipe, zerofill, etc..so lean toward the bad cable or maybe even a bad CDRom drive..we had one puter that installed Windows 98 with a CDRom..then turned around and said it couldn't even "see" the CDRom anymore. We changed the CDRom out and no more problems.

I am struggling with a new build that seems like it has gremlins in it too..got a message in Device Manager that said, "This device is not working properly, but Windows doesn't know why". LOL! Well, neither do we. That's neither here nor there, but wanted you to know that I know exactly how you're feeling..and haven't gotten much work done in the last couple of weeks either.

Edit: Sea meant to lock the EBD (Emergency Boot Disk). Not a cable locked, unless I misunderstood his post. If the EBD is not locked, one could transfer a virus over, but doubt if that's what happened here.

[This message has been edited by kayofcircles (edited 05-06-2002).]