Viruses embedded in HD permanently

3212 Views 17 Replies 9 Participants Last post by johnwill, Sep 22, 2005

bill_82

Discussion Starter · Sep 18, 2005

Hi, I was just wondering if anyone has heard of anything like this before.

This hard drive has these viruses that are impossible to erase. I have tried the software from the Seagate site, partitioned, low level formatted, and zero'd the entire drive. Then with a fresh install of XP the virus files are all in the same places. There's hundreds of dll and exe files all over the drive. There are so many that the computer will last maybe 2 hours before it wont boot again. I tried Windows 2000 next, same thing. Explorer even has a searchbar installed on first boot !? What a waste of time :laugh:

Status: Not open for further replies.

1 - 18 of 18 Posts

Terrister

· #2 · Sep 18, 2005

I think I would talk to the security section about this. I do not think this is a hardware problem. I have heard of CMOS viruses. They can what you are talking about.

johnwill

· #3 · Sep 18, 2005

I've never heard of that, and I also don't believe it. I'd have to see that drive in person to believe that, and I'm sure there's an explanation that doesn't involve voodoo.

linderman

· #4 · Sep 18, 2005

try this prog on the drive / the department of defense uses it !!!

http://dban.sourceforge.net/ download the floppy version

let us know >> if this doesnt work ; I will will start gathering some chicken feet and toad eyes for the vodoo exorsism !! LOL

regards

joe

See less See more

twajetmech

· #5 · Sep 18, 2005

Unless you perform a FULL Format using the programs the other members suggested or Maxblast (from Maxtor) you cannot rid yourself of virus' in the MBR (Master Boot Record) of your HD, only a full format can accomplish that.

Stu_computer

· #6 · Sep 19, 2005

Then with a fresh install of XP the virus files are all in the same places.
I tried Windows 2000 next, same thing. Explorer even has a searchbar installed on first boot !?

Are these burned copies of windows? This is typical of a burned copy that has been infected by the computer that burned it.

johnwill

· #7 · Sep 20, 2005

Of one thing we can be sure, the virus problem is NOT them hiding in the hard drive if you zero it with the disk manufacturer's diagnostic.

:grin:

linderman

· #8 · Sep 20, 2005

John Will:

I got the chickens ready & a bucket of toads / what do you want me to do ????? do I prep them or cut em loose

joe

bill_82

Discussion Starter · #9 · Sep 20, 2005

Thanks for all your input. 1 copy of windows is burned, the copy of XP is not. Someone said CMOS virus, but how can that much data fit in there?

After zero'ing the HD, low-lvl formatting, no network connection at all, both copies of windows, all the same. First boot, i have "pokapoka65.exe" "luxor.exe" .. and several others in the C:\ .... hundreds of files like this all over every directory. In processes , theres several programs flashing on and off, taking up lots of memory. Panda and AVG catch them all but they just keep reappearing. Thanks for everyones input and suggestions :laugh:

linderman

· #10 · Sep 20, 2005

Bill:

you are re-installing the viruses with your windows install disks / someone has given you a funny !!!!

zero out the drive and use a legit RETAIL version of Win XP / you can buy win xp for $70.00 on ebay with a COA (certificate of authenticity)

I will gurantee you that will kill your virus problems !!

regards

joe

See less See more

Tumbleweed36

· #11 · Sep 20, 2005

Hi,

IMO, there has to be one of two sources:

First, is there any chance that you have any other drive in the computer that might be infected and it then reinfects the boot drive that you just set up? There has to be a source once you completely "zero" the drive and wipe it clean. Check slave hard drives, USB drives, Zip drives, etc., etc., etc.

Second, an infected disk Operating System disk that has been a burned copy that was infected when it was burned.

I don't think there are any other legitimate sources of the infection from the information that you gave us.

bill_82

Discussion Starter · #12 · Sep 20, 2005

Windows XP CD is from factory, cd-key not in use. The copied one was scanned for viruses, with Panda and AVG, came clean. RAM is erased when powered down right? So where is this source?! I'm going with the voodoo guys...
I have no slave drives installed . I'm going to put this HD in another computer, wipe it out and see if the same thing happens. Just a video card, 256+128 RAM, cd-rom, hd.

ebackhus

· #13 · Sep 20, 2005

Infected BIOS.

Terrister

· #14 · Sep 20, 2005

Would flasing the bios remove the infection? I have never seen one of these in real life. Just heard about it.

linderman

· #15 · Sep 20, 2005

I have heard of bios virus infections as well as memory resident viruses

If I were in your shoes / I would purchase another new bios chip on ebay for about $15.00 and two fresh memory modules

then zero out the drive again / install windows againnnnn / then check for virus presence

after that / if would be a matter of trying the memory in the computer again / if you dare and hope it didnt permanently write itself to the memory chips / I am not even sure if that's possible ??????

regards

joe

See less See more

johnwill

· #16 · Sep 20, 2005

I've never seen an infected BIOS either. I have seen a poor attempt, the virus attempted to FLASH the BIOS and rendered the MB into a doorstop. :smile: I removed the BIOS chip and used my FLASH programmer to put the BIOS back, then installed the write protect jumper to keep that from happening again. FWIW, there have been more widely distributed BIOS virus strains, as far back as 1998, consider this from OnTrack.

Until this new type of virus emerged early in 1998, viruses only damaged software. The new CIH viruses infect Windows 95/98 program executable files and cause damage to systems with a flash BIOS ROM. As it infects, the virus attempts to reprogram the flash BIOS ROM chip. If the virus succeeds there is no remedy, other than replacing the chip or having it “reflashed” by a hardware service agent. If the flash BIOS ROM is permanently attached to the mother board, the entire motherboard must be replaced.

“The CIH virus produces few clues to unsuspecting computer users that their machines are infected. The virus cleverly infects files without increasing their length. However, the virus occasionally causes system crashes,” according to Robert Stroud, Ontrack virus expert. “Still, the best line of defense against CIH infection is anti-virus software, like VET 9.8.1, which has been specifically upgraded to recognize this new form of corruption.”

There are two parts to the CIH virus payload. The first attempt is to destroy the flash BIOS ROM by reprogramming it with garbage. The second attack overwrites the contents of the hard disk drive with garbage, working through a number of sectors in each cylinder of the drive. The damage caused to information on the hard disk may be recoverable through professional data recovery services, but will be difficult.

tinyhu

· #17 · Sep 22, 2005

linderman said:
you are re-installing the viruses with your windows install disks / someone has given you a funny !!!!

zero out the drive and use a legit RETAIL version of Win XP / you can buy win xp for $70.00 on ebay with a COA (certificate of authenticity)

I will gurantee you that will kill your virus problems !!

He already said it's a legit XP CD, not a copy. The Windows CD is not the problem. I have seen a BIOS virus before, nasty little buggers, pain to get rid of. Flashing the BIOS might work, or just get a new BIOS chip as someone suggested. Wouldn't hurt to replace the RAM chip(s) also.

Another recommendation, set everything up (install Windows XP, drivers, software) WITHOUT being connected to the Internet. Disconnect your computer. Make sure Windows XP firewall is enabled. Just a precaution to make sure the virus isn't coming thru the Internet, IP targetted or something like that (slight chance this is the case, doubt it though, but could be possible).

The CMOS is small in size, but a virus can hide there. Many viruses create "dummy" files that antivirus programs will pickup and remove, only to be replaced by more. The virus spawns these files, making it look like the virus is large in size, but in reality it probably is quite small. I've seen a number of those, and it can be tough to track down the original virus file(s) and usually involves scanning the hard drive in a different computer to keep the virus from being active and replicating. In your case, this won't help you since the virus very likely isn't on your hard drive to start with, but rather coming from another source (BIOS/CMOS probably). Just wanted to give you an idea of what a virus can do though.

See less See more

johnwill

· #18 · Sep 22, 2005

tinyhu said:
He already said it's a legit XP CD, not a copy. The Windows CD is not the problem. I have seen a BIOS virus before, nasty little buggers, pain to get rid of. Flashing the BIOS might work, or just get a new BIOS chip as someone suggested. Wouldn't hurt to replace the RAM chip(s) also.

I'm dying of curiousity about the comment about the RAM chips, that's more farfetched than the disk having a virus!

The CMOS is small in size, but a virus can hide there. Many viruses create "dummy" files that antivirus programs will pickup and remove, only to be replaced by more. The virus spawns these files, making it look like the virus is large in size, but in reality it probably is quite small. I've seen a number of those, and it can be tough to track down the original virus file(s) and usually involves scanning the hard drive in a different computer to keep the virus from being active and replicating. In your case, this won't help you since the virus very likely isn't on your hard drive to start with, but rather coming from another source (BIOS/CMOS probably). Just wanted to give you an idea of what a virus can do though.

AFAIK, this is an urban legend. How about a link to an actual description of this CMOS virus?

1 - 18 of 18 Posts

Status: Not open for further replies.