Ismael_Ramos

Distinguished
Jul 8, 2003
6
0
18,510
Two or Three weeks ago I received a virus thru the Internet that infected my main computer.

It is a "Boot Virus" that installed itself into my hard drive and into the motherboard BIOS, and that does not allows windows to boot or to be re-installed in that hard drive again.

I tried to erase it, by formating the hard drive and by running F disk several times, but there is no way to get rid of it.

It looks like it installed hidden files into the hard drive that are impossible to erase.

To make it worse, since my computer was unable work I decided to put together another computer using another motherboard. Before installing the hard drive into the computer I "Fdisk" the hard drive to eraze all partitions and then installed the hard drive into the "new" computer. When I run Fdisk in the new computer "Fdisk" the gave me a message that indicated that "Fdisk was going to modify the boot sector" and to answer yes or no. Thinking that saying yes was going to correct the problem I answered yes, and I ended with another motherboard infected.

And, to make it even worse, I tried with a new hard drive, and it infected it also, since the virus was already in the motherboard.

Now both of this hard drives are the main hard drives for Windows and programs only, not for data, which is a different (separate) hard drive, and I don't know if that third hard drive (the most important, because it conteins all the saved data) is also infected.


I was running Norton Anti-Virus, which I always check for updates in a daily basis, and Norton did not detected any Virus at all. The virus seems to be new and very powerfull, because it damage the motherboards and the hard drives. The motherboard built-in anti-virus "PC-cillin" indicated it is a Boot-virus.

I contacted Symantec Norton Anti-Virus and their response was basically that they do not care. I asked them if I can send them the Hard drives to them so they can check if for what type of virus it is and if possible for the virus to be eliminated and they indicated NO, that they don't do it.


What I can do. Symantec do not care if I got a virus, even while using their product and they don't help me in any way to get rid of it either. I don't know how I can get rid of the virus in the motherboard, if possible.

Someone told me that by installing an updated BIOS in the motherboard I can get rid of the boot virus in the motherboard. Is this true? How is done? What about the one in the hard drives? How I can get rid of it, if possible? Or, did I had to buy new hard drives and loose all the information that is still in the data hard drive?

How can I prevent this from happening again?

Don't tell me with Norton Anti-Virus, because it is a useless program, and from a Company that do not care at all about its customers or its problems.


Thanks in advance for your help or comments in this respect
 

goloap

Distinguished
Sep 9, 2001
36
0
18,580
A Boot Virus installs itself in the Boot loader partition of your hard drive, it does not affect the BIOS.

If what you have is a BIOS virus, (which I doubt, because you would not be able to boot your computer up) than you have to change your BIOS chip: goto to a good computer store.

If what you have is Boot virus, than I suggest you get a program to make a low level format of your HD i.e. a write-0 or write-1 program. (You have to get it from the manufacturer of your HD). Then your HD will completly be cleared and you can restart the installation process.

In ancient times they had no statistics so they had to fall back on lies
 

Ismael_Ramos

Distinguished
Jul 8, 2003
6
0
18,510
This virus is some how inside the motherboard, because I removed the infected hard drive, and installed a brand new one (not yet Fdisk) and as soon as I turn on the computer and tried to run Fdisk (from a CD not even from a floppy) it damaged the new hard drive also.

The computer is able to boot but not able to install any version of Windows in the hard drive once infected, and when you tried to erase it, the hard drive will indicate that it has hidden files that cannot be erased. I already damaged three hard drives trying. It will attempt to start to install it, but it will never do it.

I don't know what type of virus is, but it has to be something new. I have been working with computers since '89 and I never have a virus that acted like this.
 

kinetic_tw

Distinguished
May 29, 2003
34
0
18,580
You could always just cut your losses and replace the motherboard/hd simultaneously. I know it's not very helpful advice, but if there's anything I've learned from PC repair, it's to know when to stop trying to salvage the part.
 

goloap

Distinguished
Sep 9, 2001
36
0
18,580
Maybe it is another type of BIOS virus. The only way I know to clear that is change the BIOS chip, but first you can try installing an update for the BIOS maybe it will overwrite the virus. You have nothing to loose.

In ancient times they had no statistics so they had to fall back on lies
 

Ismael_Ramos

Distinguished
Jul 8, 2003
6
0
18,510
Is not the two infected motherboards and the two infected "C" drives that worry me.....It is the "D" drive were I had all the saved data and years of work, for which I do not have a backup. They are aproximately 120GB of info in a 200GB hard drive. I don't know if there is any way of removing the virus from the "D" drive without destroying its data.
 

jihiggs

Distinguished
Oct 11, 2001
127
0
18,630
question, how do you know you have a virus? you said no scanner can detect it. you only said you cant install windows, why do you think its a virus?

wpdclan.com cs game server - 69.12.5.119:27015
 

nach

Distinguished
Jun 11, 2003
2
0
18,510
It is a "Boot Virus" that installed itself into my hard drive and into the motherboard BIOS, and that does not allows windows to boot or to be re-installed in that hard drive again.
This does sound like a boot sector virus, it has not got into the BIOS or you wont even get past the Mobo beep. The virus is in the first area of the disk to be read and the disk is dead. A low level format from your disk manufacturer can overwrite boot sector.

You could try a boot sector virus cleaner on DOS boot disk.
 

Ismael_Ramos

Distinguished
Jul 8, 2003
6
0
18,510
The virus was verified by PC-cillin Anti-virus. The new motherboard is being fix or replaced under warranty by Soyo.

The old one (DFI) is still in my house, since is not under warranty anymore.
 

Ismael_Ramos

Distinguished
Jul 8, 2003
6
0
18,510
I will need to do a Low level format of the hard disk's because even after several times of Fdisk and formats the virus is still present on the hard drives. But, I do not have the program to do it yet.

In the mean time, I am using a third backup computer.

I really do not care about the motherboards and/or the "C" hard drives. I am upset because the information in the "D" hard drive will be lost due to this virus, and because Symantec Norton Anti-virus do not care to even scan my hard drives to find a cure for this virus.

I just hope no one else gets infected with it. Specially a big company with important information in their main frames hard drives.
 

goloap

Distinguished
Sep 9, 2001
36
0
18,580
This is only an idea: no guarantees. If you put your D: HD in a good system as slave, the virus (if it's a boot virus) will not execute because you will load the OS reading on the first drive. So you could backup your HD without infecting the system.

In ancient times they had no statistics so they had to fall back on lies
 

Ismael_Ramos

Distinguished
Jul 8, 2003
6
0
18,510
If this drive is also infected (always has been a "D" drive in a secondary connector, never a boot hard drive) transfering data from one hard drive to another will also transfer the virus.
 

Codesmith

Distinguished
Jul 6, 2003
62
0
18,580
Formating a partion doesn't erase the boot record.

Boot viruses are fairly common, BIOS viruses are practically non exsistant.

You may not have a virus at all, the virus detection built into motherboards are not that sophisticated.

Assuming that you have a boot virus, here are some things you can try.

1) boot from Norton AV CD and see if it can detect and delete the virus.

2) Use Norton Ghost to image your hard drive. You can then extract all your files from this image and scan them for viruses. Remember an infection cannot spread unless the files that is infected is being executed.