Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

flashing/reformatting/bios?


  • Please log in to reply
12 replies to this topic

#1 Kandinsky

Kandinsky

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 14 January 2009 - 02:28 AM

Hi, I need to reformat and have already done so 3 times and still have a virus. Soo... I found out how to reformat/restore the Master boot section and I will also do a "flash" (?) of the bios by moving the jumper or whatever it's called (I've done that before, I just need to find those directions again).

I'm not sure what order I need to do things in... 1. do the jumper thing, 2. the MB section on the HD, and 3. reinstall xp and the bios drivers ?? Is that the order I should follow?

And is moving the jumper thing really flashing the bios? Or is there yet another step I should or can do using the MB CD? I have an ASUS M2N which I beleive came out 2006-7 or so and came with a CD with asus drivers and some junky other software.

I'm not too keen on updating the MB drivers or trying updated MB software though, as I tryed to update MB drivers when I first got the computer and it was a mess- had to reformat after that... So hopefully this is something I can do with the CD and not a download from ASUS/AMD.

BC AdBot (Login to Remove)

 


#2 lowtek_otc

lowtek_otc

  • Members
  • 280 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 14 January 2009 - 03:08 AM

I would not suggest flashing your bios if you are uncertain on the steps.
Moving the jumper simply resets the CMOS (or the data and settings associated with the bios)
Typically, flashing a bios or resetting the CMOS is not going to solve issues regarding a virus.


How have you been reformatting, will you please list the steps you have been taking to reformat?

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:33 PM

Posted 15 January 2009 - 04:11 PM

I doubt that there is any virus in the BIOS, so I would bother flashing the BIOS. I would suspect that the virus is making it's way back on to the machine somehow after you format/reinstall. Maybe you have an infected flash drive or something like that.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#4 Kandinsky

Kandinsky
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 16 January 2009 - 08:33 PM

Thanks. I followed the steps on:
http://www.winsupersite.com/showcase/windowsxp_sg_clean.asp

deleted and reformatted the partition windows was on but did not specifically select and delete the "raw" space partition. Should I do that as well? I thought all except the mbs would be reformatted after that, maybe not.

Yes, I looked at flashing the bios with software and it does not look fun, especially as I'm not very confident about Asus updates or software. I suppose resetting the CMOS won't hurt though, might as well do it.

What is a flash drive? If it is an external hard drive I don't have one. If it is coming into the computer after the reformat I believe it may have come in through the Norton updater or the microsoft driver updater. I tryed to disable all auto updating through the program preferences and services, but may have missed something.

Sorry I didn't respond right away, was out of town and wasn't set to receive mail alerts here.

#5 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:09:33 AM

Posted 16 January 2009 - 09:39 PM

What is a flash drive? If it is an external hard drive I don't have one.

Not just an external hard drive. It can also be a USB thumb drive or even a SD card from a camera. Anything that transfers data. Even a burned CD

Edited by garmanma, 16 January 2009 - 09:40 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#6 lowtek_otc

lowtek_otc

  • Members
  • 280 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 17 January 2009 - 12:05 AM

Thanks. I followed the steps on:
http://www.winsupersite.com/showcase/windowsxp_sg_clean.asp

deleted and reformatted the partition windows was on but did not specifically select and delete the "raw" space partition. Should I do that as well? I thought all except the mbs would be reformatted after that, maybe not.

Yes, I looked at flashing the bios with software and it does not look fun, especially as I'm not very confident about Asus updates or software. I suppose resetting the CMOS won't hurt though, might as well do it.

What is a flash drive? If it is an external hard drive I don't have one. If it is coming into the computer after the reformat I believe it may have come in through the Norton updater or the microsoft driver updater. I tryed to disable all auto updating through the program preferences and services, but may have missed something.

Sorry I didn't respond right away, was out of town and wasn't set to receive mail alerts here.



So immediately after you reformat and re-install a fresh clean copy of XP from a legitimate Microsoft disc, the very first time you boot, the virus is there, installed on your hard drive?

The reason I ask is because the probable cause would be you are loading the infection back through a backup. Are you loading files from a backup? Is the disc legitimately from Microsoft?

If the virus is there immediately on the machine on first boot after a format, then I suggest you perform a full drive wipe using Darik's Boot and Nuke
http://www.dban.org/

#7 Kandinsky

Kandinsky
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 18 January 2009 - 07:00 PM

well, it's there after using Norton's updater... Not sure if it's there right at first boot. I will look into Darik's. 2 other possibilities- it could be in the master boot section of the hard drive, I beleive that is not reformatted during the process I followed. OR ?? Hmmm... is it necessary to delete the raw space and reformat that also? First raw partition then operating partition? I hope it's not in the bios, or in some piece of hardware, I really don't want to know that much...

Yes, it is a genuine windows disk.

I'm also still not sure what order to do the whole process as well. 1st clear bios w/jumper, then clean master boot section, then reformat? or reformat then clear bios? And at what point should I wipe the HD with a wipe program?

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:33 PM

Posted 18 January 2009 - 07:07 PM

The Master Boot Record does get overwritten during the format/reinstall process, there is no need to overwrite it separately.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 Kandinsky

Kandinsky
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 18 January 2009 - 07:26 PM

it is also possible it was on the disc I had an OLD copy of zone alarm on, but I wouldn't take it for granted. One reformat I loaded ZA after loading norton and scanned it before norton updates, in the other reformat I updated then scanned ZA. In the first case it seemed to appear in the ZA logs DURING the norton update, about 2 hours into the process (I have dial up). Not before. In the second case it seemed already there. I really think it's coming in through holes during autoupdates if it's not in the MBSection or bios.

In any case, if I have to reformat again I might as well do it right and be anal about it so hopefully I won't need to do it again for a while.

#10 Kandinsky

Kandinsky
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 18 January 2009 - 07:29 PM

>>>>The Master Boot Record does get overwritten during the format/reinstall process, there is no need to overwrite it separately.

Are you sure about that? I had read it only does that if the MBS or MBR is corrupted.

I came across some interesting reading on reformatting the MBS or record;
http://www.cknow.com/vtutor/FDISKMBR.html
from this I gather, that for me the important thing here is to make sure all security programs are uninstalled before doing this OR to do a basic reformat first.

Edited by Kandinsky, 18 January 2009 - 09:27 PM.


#11 lowtek_otc

lowtek_otc

  • Members
  • 280 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 19 January 2009 - 12:02 AM

When installing Windows XP: I always will delete all the partitions so that it is all one "Unpartitioned Space" before formatting it to NTFS.

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:33 PM

Posted 19 January 2009 - 04:24 PM

If you install two different antivirus applications then most likely they will detect each other's definitions files as malware.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 Kandinsky

Kandinsky
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 19 January 2009 - 11:04 PM

thanks Lowtech, I'll do that.

Budapest, there was only one antivirus on the computer at any time. I installed and uninstalled and updated 4 different av's at various times and checked several online scanners and a few antispyware and a couple antitrojan and antirootkit programs. A couple of pieces of trojans were detected and removed (partially I think) but the main program or remote marker or whatever the $%^&* it is is still there. I called the isp it keeps trying to send and receive from and they said it was a customer of theirs and they would look into it. FWIW anyway...

Nothing really detects it, the only thing that shows are connections and isp addresses in zone alarm. It's not a valid updater, it takes over other program's updaters, and rather quickly too. Including microsoft and most of the antivirus's. It took over tcpview too.

I have sp2 and am waiting on sp3 to come in the mail before I reformat. So... trying to learn as much as I can here before reformatting in the hopes I can get RID of it finally.

Makes you wonder... how many people might have key loggers on their machines that AV's don't pick up on? ...Creepy SOBs....

Edited by Kandinsky, 19 January 2009 - 11:15 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users