Virus?

**derekpayne** · 01-07-2010, 10:18 AM

Hi

It look as though I might have picked up a virus or some other malicious peice of software. After downloading a dubious peice of software, and not running my virus scanner over it before opening, it flashed up a warning that there was a peice of malicious software threat, then immediately re-booted to the windows XP start up screen, it won't go past this screen and keeps re-booting, I have tried everything I know to overcome this but no good.

I have tried reinstalling XP but it tells me that I have no hard drive connected, although it shows up in the BIOS, I have tried many ways to reinstall it but it says the same thing.

Any idea's

Cheers

Derek

I am running XP Pro
250GB SATA hard drive
2gb Ram
AVG9
Spybot S & D

**classicsoftware** · 01-07-2010, 10:55 AM

Can you boot into safe mode?

**derekpayne** · 01-07-2010, 12:41 PM

It doesn't matter which way I try and there are several ways to boot, none of them work

**classicsoftware** · 01-07-2010, 06:55 PM

On clean PC, dowload a copy of Eraser of Dban. Make a bootable floppy and erase the drive that way.

**derekpayne** · 01-08-2010, 04:27 AM

Are you saying that I have to format my drive? I want to try and avoid that as there are things on it that are important?

Cheers

Derek

**Sylvander** · 01-08-2010, 06:03 AM

1. With Puppy Linux you CAN:
(a) Quickly/easily have a working operating system whilst you work on Windows.
This can be used to browse/copy folders/files to some other storage media.
Puppy will almost certainly be unaffected by any infection [the nasties are designed to attack Windows].

(b) Make a "Puppy Universal dd" [Pudd] image backup of the [dormant] Windows partition.

And/or...
(c) Run the FREE version of SyncBack->[under WINE] to backup the folder/file contents of the partition.
I normally save both of these [(a) & (b)][from the "source" = the Windows partition] to a "destination" [a folder on a partition] on a USB HDD.

(d) Scan & fix any problems in the dormant Windows partition file system.
Both GParted and Pdrive can do this job.
If the problem is particularly bad they may tell you to use chkdsk, run using the Windows install CD.

(e) Scan for infection using either the natively included scanner [X-fprot? Varies with the version of Puppy]...
Or else...
Install the FREE for personal use on-demand scanner = Avast! Antivirus.
I have this installed and like it; you tell it what to scan [the Windows partition contents], and if it finds infections [some may be "riskware" that doesn't need eliminated], and [if I remember right] you can choose which to have it eliminate.

**classicsoftware** · 01-08-2010, 06:46 AM

I would get the drive in another machine and use GetDataBack and see if you can salvage your data.

**Fruss Tray Ted** · 01-08-2010, 07:50 AM

I was just doing this very thing over the last day or so on a (relative's) laptop with identical symptoms as DerekPayne. For some odd reason, I could not get my adapter to function putting the notebook's drive as master on my secondary ide channel of the main computer.

What I ended up doing was booting the laptop to a live disk -> Knoppix, and using an external USB HDD to copy the data to, then wiping the laptop's drive and reinstalling Windows. As a matter of fact, I am not quite finished as I still have to install A/V, firewall etc, and all of the recovered data back this morning.

The notebook was heavily infected and I ran scans on the external drive after recovering the files we wanted to keep and found more malware amongst the documents.

I see no reason to use GDB yet, unless the OP's drive is seen in BIOS but cannot be accessed by another OS. Either slaving the drive or using a live or portable Linux OS would be much faster than the free version of Get Data Back. I have never tried the purchased version of it however.

**classicsoftware** · 01-08-2010, 05:57 PM

I try to avoid recommending Live CD's as a rescue method unless the poster appears to be pretty computer savy. Since the Windows CD does not recognize the drive, I think GDB is elegant, fast and easy to use.

**derekpayne** · 01-12-2010, 04:22 AM

Since Monday I have managed to retrieve all my data from the hard drive using Ubunta linux, also I tried Puppy Linux, and both of these systems recognised the hard drive and allowed me to access it.

I have managed to format the drive by deleting the primary dos partition and then adding a dos partition, but when I go to install a fresh copy of Windows XP the hard drive is invisible to the Windows installation.

It shows up in the BIOS and I have managed to install a complete Ubuntu Linux programme on the drive.

Why is it invisible to Windows, (when I run the installation, it says that there is no hard drive attached to the PC, or the hard drive is not found)?

Cheers

Derek

**Sylvander** · 01-12-2010, 05:00 AM

Did you set the boot flag on the partition? [Make it active/bootable?]

Here's the boot flag set on my own Windows partition as seen in GParted within "XP-like" Puppy Linux. [Screenshot below]
[I'm giving XP-like a try; it's made by some Hungarians, who made an English language version]
Here's the thread = XP-like puppy ENGLISH version.

**Fruss Tray Ted** · 01-12-2010, 08:15 AM

The reason XP is not able to see the drive is because you have made it a DOS partition.

Download the appropriate drive manufacturer's software to write zeros to your disk, then boot to XP again and let XP format it. You MUST do that prior to any Linux OS and if you plan to use Linux, with XP's disk, make a partition for XP and only format that partition. Leave the remainder unformatted for the Linux install later. Also you can always format it later with XP (or any MS OS) in Windows if desired.

Classics,
The reason I chose to advise a live disk over GDB was the ability to do several files at once rather than using the free GDB and being limited to 1 file at a time. When recovering the nowadays hundreds of gigs worth of files, using GDB free could take weeks to accomplish!

**classicsoftware** · 01-12-2010, 08:40 AM

Originally Posted by Fruss Tray Ted

The reason XP is not able to see the drive is because you have made it a DOS partition.

Download the appropriate drive manufacturer's software to write zeros to your disk, then boot to XP again and let XP format it. You MUST do that prior to any Linux OS and if you plan to use Linux, with XP's disk, make a partition for XP and only format that partition. Leave the remainder unformatted for the Linux install later. Also you can always format it later with XP (or any MS OS) in Windows if desired.

Classics,
The reason I chose to advise a live disk over GDB was the ability to do several files at once rather than using the free GDB and being limited to 1 file at a time. When recovering the nowadays hundreds of gigs worth of files, using GDB free could take weeks to accomplish!

It's so cheap and that along with the fact that hard drives fail, makes GDB and indispensable tool. It also includes lifetime upgrades. I use it all of the time.

**hackerballs** · 01-12-2010, 11:22 AM

make sure that after you recover any data that you scan your data for malware as you don't want to re-infect your HDD

**mjc** · 01-12-2010, 11:58 AM

If you are dealing with XP and a SATA drive, then if the drive isn't being found by the install disk, it's quite likely you will need to find and install the SATA drivers during setup. It will say 'hit f6 to install drivers'...

Almost all modern versions of Linux and Vista/W7 will correctly handle SATA drives...also the newest releases of XP handle most of them.

And formatting isn't really enough...but since you did install Linux to the drive, that should be. Formatting just deletes the 'pointer' information and says the drive is empty. It doesn't actually erase anything. Some malware can, like some copy protection, place information that is not accessible to the operating system and the tools used by it for disk 'maintenance' on the hard drive. That's why, in a case like this an actual disk 'wipe' is needed...it will write random data and/or 0s to the ENTIRE drive...the best ones make multiple passes.

**Sylvander** · 01-12-2010, 12:30 PM

If using a dd command in a terminal within a Puppy...

To write random patterns of 1's & 0's to the unused space on a partition/drive:

dd if=/dev/urandom of=/mnt/sda/fileconsumingallfreespace.file

Success?

Then delete the file.

sda is the assumed identifying name given by the Puppy to the drive.
Change it to suit the actual name given in your case.

**derekpayne** · 01-13-2010, 03:06 PM

Hi

Just to give you all an update.

I have used "Kill Disc" to erase all data from my SATA hard disc, used fdisk to create a partition, formatted it and then using the 6 floppy discs to re-install Windows XP, it seems to be working OK and I am now installing all the programmes I need to work with.

I did give the hard drive to a friend of mine who runs his own computor repair business, to see if he could fix it, but he informed me that the hard drive was faulty.

I got it back from him, installed Ubuntu 8.10 successfully and managed to retrieve all my data using this programme.

I would recommend that if anyone is in the same position as me that they try doing the same.

It would appear that it was some kind of malicious type of software that infected my PC and not a hard drive failure as first thought.

Cheers

Derek

Thread: Virus?

Thread Tools

Virus?

Thread Information

Users Browsing this Thread

Posting Permissions