Complete.Org: Mailing Lists: Archives: discussion: May 2002:
[aclug-L] Re: ever have one of those weeks.. Viruses
Home

[aclug-L] Re: ever have one of those weeks.. Viruses

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: discussion@xxxxxxxxx
Subject: [aclug-L] Re: ever have one of those weeks.. Viruses
From: "Arnold Cavazos Jr." <abcjr@xxxxxxxxx>
Date: Tue, 28 May 2002 12:17:37 -0500
Reply-to: discussion@xxxxxxxxx




On Mon, May 27, 2002 at 09:30:08PM -0500, David Carmichael wrote:
> 
> It has been one of those weeks.........

<SNIP>

> So on Thursday stepfather brings over the old P-133 to pull the drives out
> of and transfer data to a 5gb harddrive that I had on hand (upgrading from a
> 850mb drive)
> 
> It was about here in the story where the case screws end up in the air vent
> that most of you have had a good laugh about all ready..
> 
> Pull the drives and connect to new motherboard, start a scan disk to make
> sure that the data is in good shape before trying to do a data transfer...
> 
> Only to have the basic windows scan disk started giving me error messages
> about how every file that it tries reading has the file space allocated
> wrong.....
> 
> So I stop the scan disk... saying something is wrong and start up Norton A/V
> from CD.... all of a sudden Norton starts flashing screens about having a
> boot sector virus along with two other viruses on the system (it was 2:AM
> and should of written down the name of the viruses, but was so freaked over
> the fact that these drives were infected, that I forgot to write them
> down!!).. so I tell Norton to try to fix and repair the drive........ six
> hours later ........Norton is done... BUT ...all the data on the drive has
> been lost... I inform my mother and step father what had happened and told
> them to try to contact co-works and other family that used this computer of
> the virus and have the them check their systems..
> 
> So booting from CD I wipe the drive (did this about six times to try to make
> sure that the drive and memory were virus free) re-ran Norton.. it said
> things were virus free...
> 
> Fast forward 48 hours.
> 
> So had (most) everything installed on the replacement 5gb harddrive
> when..... the drive failed!! The replacement drive now has some sort of
> "BLOCK '0' READ ERROR" as being reported by "Maxtor PowerDiag" program.
> 
> Now on the P-133 after clearing the former 850mb drive I went to reinstall
> it so that this machine would become the 'visiting family email' machine
> (hey it has 128megs of 30pin memory installed!!) I found that the BIOS had
> been password protected some how.. Stepfather says that he did not do it..
> and did not know the password .. ended up clearing the BIOS.
> 
> So while Norton A/V says that the drives on the new system and the older
> system are now clean and I have trashed any and all floppies that I have
> used on the above two systems.
> 
> Are there any known viruses, that could of...
> 
> Locked out a systems BIOS
> DAMAGE a boot block (Block '0') of a formatted harddrive that was connected
> to a system?
> 
> _Or_
> 
>  Is the BIOS being password protected (maybe one of my nephews did this
> playing on the system) and the loss of the boot block just 'one of the
> things' to happened and the fact that they both happened near the same time
> just "ONE OF THOSE THINGS THAT HAPPEN?"


I am willing to bet a moderate sum of money that there was in-fact no
virus on the old hard disk, or at least on the MBR.  This sounds an
awful lot like there was some type of disk-management software like
(Western Digital's OnTrack or Maxtor's MaxBlast) written into the MBR.  
This software commonly comes with hard drives so that one can get around
certain types of BIOS <-> HD size barriers (
http://maxtor.custhelp.com/cgi-bin/maxtor.cfg/php/enduser/std_adp.php?p_faqid=344
) .

I have seen many instances where this software is installed even when it
doesn't need to be, just because the disk comes with the hard drive.  
Some of the newer versions actually prevent redundant installs, but the
older versions definately do not.  This software actually does LBA
(Logical Block Addresing) as a software shim for BIOS's that cannot do
it themselves (and BIOS's that can in certain unfortunate situations).

If you booted off a hard disk, floppy disk, or CD-ROM that did not have 
the "Disk Manglement" software layer loaded, one can mis-diagnose the 
software as a boot-sector virus _OR_ as a disk that has file space 
allocated incorrectly.

As far as I know the only "Real" way to uninstall Disk Manglement 
software is to use the same disk that was used to install it.  
Un-installing the Disk Manglement software basically means wiping the 
disk as well.

YMMV

-- 
Arnold B. Cavazos, Jr.                           Voice:  (316)858-3000
Director of Sales & Marketing                      Fax:  (316)858-3001
Hubris Communications                        Toll-Free:  (866)267-INET
abcjr@xxxxxxxxxx   http://www.iwichita.com    http://www.dslkansas.net

-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]