Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reformatting because of Virut infection


  • Please log in to reply
11 replies to this topic

#1 Lonegungirl

Lonegungirl

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 06 September 2009 - 03:46 AM

Hi. I was being assisted with virus removal earlier in a now-closed thread: http://www.bleepingcomputer.com/forums/t/245436/infected-with-protection-system-and-tdss-variant/. It was ultimately decided that it was likely a virut infection and the best thing for everyone would be to copy what I could off of it, and then reformat and start over. I couldn't do it at that time, because I was away from all my discs at the time.

Now that I'm back, the computer won't boot up at all--it says "Windows could not start because the following file is missing or corrupt: System32\Drivers\Ntfs.sys You can attempt to repair this file by starting Windows Setup using the original Setup CD-ROM. Select 'r' at the first screen to start repair."

When I put in the Windows XP disc, it says "File \i386\biosinfo.inf could not be loaded. The error code is 4096. Setup cannot continue. Press any key to exit." I tested the XP disc on another computer and it appears to load normally. Sometimes it also switches the file to \i386\halacpi.dll with the same message.

Any ideas on how to proceed? Thanks for any assistance!

Edited by Lonegungirl, 06 September 2009 - 03:54 AM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:12 PM

Posted 06 September 2009 - 06:22 PM

Hello Lonegungirl,

I am going to move this topic to the XP forum since your question really centers around reformatting and not malware removal. I'm also going to retitle your topic to make that clear.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:12 PM

Posted 06 September 2009 - 06:26 PM

Hello again,

I'm no expert at reformatting and reinstalling, but you do not want to use a Repair installation as this will not remove the infections etc. You need to completely wipe the hard drive in order to reformat and then do a clean install of the OS.

Someone else will assist you with that.

It would be helpful to know the make and model of your computer

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:12 PM

Posted 06 September 2009 - 08:01 PM

The message you received indicates that the system is trying to boot from the hard drive.

You cannot format the system partition from within Windows, it must be closed.

System manufacturer and model?

Louis

#5 Lonegungirl

Lonegungirl
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 16 September 2009 - 06:30 AM

Hi--

While I do want to reformat the computer, I was hoping to do a makeshift repair on it first, so that I could get some photos off of it that had not gotten backed up before the whole thing went south. I have an Averatec 3200 series (AV3225HS-?0) (the label is smudged on the one digit.)

Thanks!

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:12 PM

Posted 16 September 2009 - 10:07 AM

If I'm understanding correctly...it's your infection that prevents you from booting into the system...and the only sure way to overcome the infection is to do a clean install.

Recovery of data files may be able to be accomplished...if you remove the hard drive and connect it to a well-protected second system...and then move data files from the infected system to a different partition/drive/CD/DVD, etc.

This attempt could be accomplished by using a USB-connected enclosure, such as those listed at http://www.newegg.com/Product/ProductList....amp;Order=PRICE

FWIW: Your owner's manual, http://www.trigem.com/us/support/manuals.asp

Louis

#7 Lonegungirl

Lonegungirl
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 16 September 2009 - 05:09 PM

If I removed the hard drive, got an enclosure, and hooked it up to a mac, would that be protection enough? Or is it likely that the virus can infect the mac as well?

Thanks!

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 55,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:12 PM

Posted 16 September 2009 - 05:44 PM

I can't answer any questions about Mac...this is a PC forum and I'm not a user who has each type of computer :thumbsup:.

FWIW: I do know that new Macs now feel it necessary to have AV protection of a sort, I forget what it's called (in their newer systems).

http://www.google.com/search?hl=en&sou...mp;oq=&aqi= AND http://www.google.com/search?hl=en&q=m...mp;oq=&aqi=

Based on what I see...there goes another myth :flowers:.
\
Quote from the Apple website:

"Is a Mac safe from PC viruses?

Yes, a Mac is 100 percent safe from viruses designed to attack PCs. And although no computer connected to the Internet is completely immune to all viruses and spyware, the Mac is built on a solid UNIX foundation and designed with security in mind. The Mac web browser, Safari, alerts you whenever youíre downloading an application ó even if itís disguised as a picture or movie file. And Apple continually makes free security updates available for Mac owners. You can even have them download automatically."


Sounds like doubletalk to me.

PC users don't get infected because they don't know or protection is not available...they get infected because they don't care to do the little that is required to erect proper defenses.

I don't think all the AV manufacturers have developed products for Macs...just as window dressing :trumpet:.

But I really am not in a position to assert one way or the other.

Louis

Actually...since Macs can now run Windows...this isn't a PC forum, my error :inlove:.

Edited by hamluis, 16 September 2009 - 05:53 PM.


#9 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 PM

Posted 16 September 2009 - 06:58 PM

I do not think a MAC will recognize the NTFS file system.

How ever I do believe there are programs that can make it possible. Not being a MAC person I can not help more beyond this. Sorry.

#10 Lonegungirl

Lonegungirl
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 17 September 2009 - 01:44 AM

OK, well I have an old windows laptop that isn't in much use anymore--is there anything specific you'd recommend to try to protect it against getting infected?

Thanks!

#11 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 PM

Posted 17 September 2009 - 06:42 AM

In theory it should not get infected by connecting the external drive to it.

Make sure the lap top is already running, all protection is up to date and do not use auto-run. Plug-in the external drive. Since the OS on the infected drive is not being booted from it will remain dormant and so should any virus on the drive.

After XP gives you the "New hardware is installed and ready to use message". Go ahead and reformat the drive. I would suggest a Full not a Quick format. Making sure all partitions are deleted. Or even using DBAN. This will wipe the disk with all zeros. You will need to go back and format in NTFS.

To my knowledge, deleting all partitions, this includes the MBR. Wiping to zeros then formatting in NTFS (or other file system) gives you you best chance of clearing the drive of the problem and making it safe to use again.

#12 hamluis

hamluis

    Moderator


  • Moderator
  • 55,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:12 PM

Posted 17 September 2009 - 08:52 AM

Do not reformat the drive...until you have attempted to move all data files which you wanted to recover from the infected O/S.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users