Re: HDD: Hard Drive Dilema
From: Zvi Netiv (support_at_replace_with_domain.com)
Date: 02/16/05
- Next message: Mike Hall \(MS-MVP\): "Re: Hard Drive Dilema"
- Previous message: Malke: "Re: Hard Drive Dilema"
- In reply to: Malke: "Re: HDD: Hard Drive Dilema"
- Next in thread: Zvi Netiv: "Re: HDD: Hard Drive Dilema"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Feb 2005 16:45:13 +0200
Since I don't have the original post on my server anymore, then I'll answer from
Malke's follow-up.
DigitalBIOS wrote:
> Hello anyone, first of all...sorry for the long message....this is
> really serious stuff to me.
> From time to time, I do some pc fixing, whether it be on my pc or someone
> elses. I always finish the job with a satisfactory....not this time.
> I haven't given a diagnosis yet. Here's a detailed explaination to
> what's happening:
>
> 1. I turn the pc on..so far so good....finishes searching for
> installed HDD(s) and/or CD-Roms.
> 2. As you all know the next step should be this one: a black
> background screen presenting (in this case WinXP) the XP logo and a
> blue "loading OS" indicator at the bottom. I hope you understand.
> 3. Well, it never gets to that second step. I immediately know it's
> serious. The pc reboots by itself and the cycle restarts all over,
> again and again and again.
Did you mention under what OS that disk was running? This is vital information
for giving you the correct advice. The "loading OS" message suggests Windows
9x, which you contradict below.
> I took the hard drive out from its place and placed it as a secondary
> drive on another pc to run antivirus software (TrendMicro PC-cillin Internet
> Security 2005).
Bad idea !
Cleaning from current malware should be done from local boot for the following
reason: Most current malware like worms and spyware tie themselves in the
system by modifying entries in the registry, as well as injecting themselves
through system configuration and startup paths. A successful cleanup requires
the reversal of the bogus changes, which is what anti-spyware and cleaners (e.g.
Stinger) do. When cleaning a boot drive attached as slave, you are actually
handicapping the cleaners by depriving them the "knowledge" about the drive's
indigenous configuration and startup components and path. At best, your cleaner
may find some of the infected files, but will do nothing to what may be a far
more fundamental cause to the problem.
> I found more than 300 trojans and worms....some were
> repeated, including the known sasser virus.
Finding Sasser traces suggests W2K or XP, in contradiction with the above!
> I thought that did the
> trick, but I was very very skeptical towards the matter prior to booting up with the
> sick hard drive. I was right...no signs of getting better were
> apparent. So I have come to isolate the problem to the boot sector of the hard
> drive...worm?.... messed up sector?...
Nonsense. Have you tried booting in safe mode (by aid of the F8 key)? If
FAT-32, have you tried accessing the drive from external boot (of a Win98 or
FreeDOS boot floppy, see on my page)? If either of the above works, then your
"boot sector" os OK.
> I cant really know for sure.
> Im cornered beacuse I am forcing myself not to use formatting. Its too
> early for that.
> ANY HELP ANYONE?
Your problem is to restore *first* self-boot ability to the drive and the way to
do it is *not* by slaving it. The virus problem is secondary and should be easy
to resolve once self-boot ability is restored.
I may be able to help further after you answer the questions, above.
Regards, Zvi
-- NetZ Computing Ltd. ISRAEL www.invircible.com www.ivi.co.il (Hebrew) InVircible Virus Defense Solutions, ResQ and Data Recovery Utilities
- Next message: Mike Hall \(MS-MVP\): "Re: Hard Drive Dilema"
- Previous message: Malke: "Re: Hard Drive Dilema"
- In reply to: Malke: "Re: HDD: Hard Drive Dilema"
- Next in thread: Zvi Netiv: "Re: HDD: Hard Drive Dilema"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
