Error loading OS. Is this virus activity?

Error loading OS. Is this virus activity?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Error loading OS. Is this virus activity? Auds 02-17-2007
Posted by Auds on February 17, 2007, 6:20 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
This is the message that I am getting this morning having closed down last
night without any signs of trouble. Mind you, the PC has locked up on me
twice in the last week, both times when I returned to it after a lengthy
period of idling. Consequently, I cannot even use F8 to get into Safe Mode
or Last Good Configuration.

This is a 2.8GHz PC with 512MB RAM. I have two 80GB hard disks, the first
having Windows on C: and data on the D: partition. The second drive G: is a
backup of D:.

I tried using the XP Pro CD to repair the problem and was surprised to find
that Recovery Console shows Windows drive D:, instead of C:, D: is shown as
E: and G: is shown as C:.

I ran chkdsk /p on each of the drives and they all showed fixes but only on
the first run.

I then ran bootcfg /list, which said there was no data to show.

When I tried bootcfg /scan, it said it could not complete possibly due to a
corrupt system.

I then looked at fixmbr and got the warning that this computer appears to
have a non-standard or invalid master boot record. I also read on the
Internet that fixmbr should not be used if there is the possibility of a
virus in the system.

This all sounds rather dire to me. Can anyone offer any reassurance?

Thanks,

brianf




Posted by David H. Lipman on February 17, 2007, 6:37 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| This is the message that I am getting this morning having closed down last
| night without any signs of trouble. Mind you, the PC has locked up on me
| twice in the last week, both times when I returned to it after a lengthy
| period of idling. Consequently, I cannot even use F8 to get into Safe Mode
| or Last Good Configuration.
|
| This is a 2.8GHz PC with 512MB RAM. I have two 80GB hard disks, the first
| having Windows on C: and data on the D: partition. The second drive G: is a
| backup of D:.
|
| I tried using the XP Pro CD to repair the problem and was surprised to find
| that Recovery Console shows Windows drive D:, instead of C:, D: is shown as
| E: and G: is shown as C:.
|
| I ran chkdsk /p on each of the drives and they all showed fixes but only on'
| the first run.
|
| I then ran bootcfg /list, which said there was no data to show.
|
| When I tried bootcfg /scan, it said it could not complete possibly due to a
| corrupt system.
|
| I then looked at fixmbr and got the warning that this computer appears to
| have a non-standard or invalid master boot record. I also read on the
| Internet that fixmbr should not be used if there is the possibility of a
| virus in the system.
|
| This all sounds rather dire to me. Can anyone offer any reassurance?
|
| Thanks,
|
| brianf
|

I can reassure you this does NOT sound viral in nature.

Go to the hard disk manufacturer's web site and download their diagnostic
software
respective to your hard disk. After the test, you will know if the hard disk is
bad or
not..

Quantum/Maxtor - PowerMax
http://www.maxtor.com/en/support/downloads/powermax.htm

Western Digital - Data LifeGuard Tools (DLGDiag)
http://support.wdc.com/download/

Hitachi/IBM - Drive Fitness Test (DFT)
http://www.hgst.com/hdd/support/download.htm

Seagate - SeaTools
http://www.seagate.com/support/seatools/

Fujitsu - Diagnostic Tool
http://www.fcpa.com/download/hard-drives/

Samsung - Disk manager
http://www.samsung.com/Products/HardDiskDrive/utilities/shdiag.htm


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by Auds on February 18, 2007, 2:49 am
If you were  Registered and logged in, you could reply and use other advanced thread options
>
> | This is the message that I am getting this morning having closed down
> last
> | night without any signs of trouble. Mind you, the PC has locked up on me
> | twice in the last week, both times when I returned to it after a lengthy
> | period of idling. Consequently, I cannot even use F8 to get into Safe
> Mode
> | or Last Good Configuration.
> |
> | This is a 2.8GHz PC with 512MB RAM. I have two 80GB hard disks, the
> first
> | having Windows on C: and data on the D: partition. The second drive G:
> is a
> | backup of D:.
> |
> | I tried using the XP Pro CD to repair the problem and was surprised to
> find
> | that Recovery Console shows Windows drive D:, instead of C:, D: is shown
> as
> | E: and G: is shown as C:.
> |
> | I ran chkdsk /p on each of the drives and they all showed fixes but only
> on'
> | the first run.
> |
> | I then ran bootcfg /list, which said there was no data to show.
> |
> | When I tried bootcfg /scan, it said it could not complete possibly due
> to a
> | corrupt system.
> |
> | I then looked at fixmbr and got the warning that this computer appears
> to
> | have a non-standard or invalid master boot record. I also read on the
> | Internet that fixmbr should not be used if there is the possibility of a
> | virus in the system.
> |
> | This all sounds rather dire to me. Can anyone offer any reassurance?
> |
> | Thanks,
> |
> | brianf
> |
>
> I can reassure you this does NOT sound viral in nature.
>
> Go to the hard disk manufacturer's web site and download their diagnostic
> software
> respective to your hard disk. After the test, you will know if the hard
> disk is bad or
> not..
>
> Quantum/Maxtor - PowerMax
> http://www.maxtor.com/en/support/downloads/powermax.htm
>
> Western Digital - Data LifeGuard Tools (DLGDiag)
> http://support.wdc.com/download/
>
> Hitachi/IBM - Drive Fitness Test (DFT)
> http://www.hgst.com/hdd/support/download.htm
>
> Seagate - SeaTools
> http://www.seagate.com/support/seatools/
>
> Fujitsu - Diagnostic Tool
> http://www.fcpa.com/download/hard-drives/
>
> Samsung - Disk manager
> http://www.samsung.com/Products/HardDiskDrive/utilities/shdiag.htm
>
>
Thanks for that reassurance, Dave. In fact I had already run the MaxPlus
diskette which says both drives are fine. I guess I had better run fixmbr
and fixboot in that order.

I'm still puzzled about why this has happened though.

brianf



Posted by cquirke (MVP Windows shell/use on February 18, 2007, 4:40 am
If you were  Registered and logged in, you could reply and use other advanced thread options

>This is the message that I am getting this morning having closed down last
>night without any signs of trouble. Mind you, the PC has locked up on me
>twice in the last week, both times when I returned to it after a lengthy
>period of idling. Consequently, I cannot even use F8 to get into Safe Mode
>or Last Good Configuration.

I had a fascinating case recently; an XP PC that would spontaneously
BSoD, especially when it was left idle (the opposite from what you'd
expect if it were a heat-related issue).

It turned out he had a failing HD with bad sectors in several of his
photos, and when his screensaver randomly selected these for the
slideshow, it would crash the system.

>This is a 2.8GHz PC with 512MB RAM. I have two 80GB hard disks, the first
>having Windows on C: and data on the D: partition. The second drive G: is a
>backup of D:.

OK...

>I tried using the XP Pro CD to repair the problem

I wouldn't do that until I knew the hardware was OK, and my first
priority would be to check RAM and physical HDs. For different
reasons, anything that writes a lot of stuff to disk (such as a repair
install of Windows) should be avoided if either problem is present.

>and was surprised to find that Recovery Console shows Windows
>drive D:, instead of C:, D: is shown as E: and G: is shown as C:.

Drive order can appear different for various reasons:
- explicit letter shuffle, via XP's storage manager
- implicit letter shuffle, dating from OS installation
- comb effect of remembered vs. new drives
- BIOS device boot order
- BIOS device enumeration order
- relationships between S-ATA and IDE devices

>I ran chkdsk /p on each of the drives and they all showed fixes but only on
>the first run.

Define "fixes". I hate this "trsut me, we'll fix it" stuff...

>I then ran bootcfg /list, which said there was no data to show.

>When I tried bootcfg /scan, it said it could not complete possibly due to a
>corrupt system.

Around about now should be experiencing ground rush, and janking hard
at the ripcord. Nature's trying to tell you something. Stop digging!

>I then looked at fixmbr and got the warning that this computer appears to
>have a non-standard or invalid master boot record. I also read on the
>Internet that fixmbr should not be used if there is the possibility of a
>virus in the system.

Yes - or any other "special" code that needs to be in the MBR. But
your case sounds like you have a sick HD, which you are currently
forcing to march through the snow under the whip. Ungood.

>This all sounds rather dire to me. Can anyone offer any reassurance?

Nope.

Your priorites would usually be:
- disconnect the HDs
- eyeball motherboard for bad capacitors -> fix
- eyeball fans, heat sinks etc. -> fix
- check RAM for 24h -> fix if any errors
- get the data off
- get the installation off
- test the HD -> replace even if "just one bad sector"
- check file systems -> repeat data salvage as fixed
- exclude malware, ideally from Bart CDR boot
- relax and focus on getting Windows to work again

Useful tools:
- MemTest86 (boot from CDR or 1.44M)
- BING (boot from CDR or 1.44M, use to iamge C:)
- Bart PE Builder (to build a maintenance OS)
- HD Tune (www.hdtune.com use from Bart CDR boot)

As you have two HDs, I'd connect these one at a time and check each
for physical errors. If one HD is OK at the physical and file system
level, you can use that to hold what is recovered from the other.

The difficulty is finding somewhere to "stand" while you do all this -
i.e. a HD-independent maintenance OS system. MS has left you screwed
there, but Bart PE is free and effective, though it takes some
knowledge to use it to its full potential.

You don't want to run Windows from the HD because Windows *always*
writes to disk, corrupting it if RAM is bad, or trashing it if HD or
file system are bad. So you'd need a good PC to download your tools,
build your bootable CDRs, etc.



>--------------- ---- --- -- - - - -
Saws are too hard to use.
Be easier to use!
>--------------- ---- --- -- - - - -

Posted by BrianF on February 19, 2007, 5:50 am
If you were  Registered and logged in, you could reply and use other advanced thread options

> This is the message that I am getting this morning having closed down last
> night without any signs of trouble. Mind you, the PC has locked up on me
> twice in the last week, both times when I returned to it after a lengthy
> period of idling. Consequently, I cannot even use F8 to get into Safe Mode
> or Last Good Configuration.
>
> This is a 2.8GHz PC with 512MB RAM. I have two 80GB hard disks, the first
> having Windows on C: and data on the D: partition. The second drive G: is
> a
> backup of D:.
>
> I tried using the XP Pro CD to repair the problem and was surprised to
> find
> that Recovery Console shows Windows drive D:, instead of C:, D: is shown
> as
> E: and G: is shown as C:.
>
> I ran chkdsk /p on each of the drives and they all showed fixes but only
> on
> the first run.
>
> I then ran bootcfg /list, which said there was no data to show.
>
> When I tried bootcfg /scan, it said it could not complete possibly due to
> a
> corrupt system.
>
> I then looked at fixmbr and got the warning that this computer appears to
> have a non-standard or invalid master boot record. I also read on the
> Internet that fixmbr should not be used if there is the possibility of a
> virus in the system.
>
> This all sounds rather dire to me. Can anyone offer any reassurance?
>
Now I know what happened. Because I had no idea that XP, for some peculiar
reason, has decided that my G: drive is in functional terms the C: drive it
evidently has to carry the boot instructions. I only use the G; drive for
data back-up purposes so thought it was a good idea to compress the drive to
save space - little realising that I was also compressing - and so rendering
useless - the boot files. I forget when I did that but probably Friday
morning and then forgot all about it. Saturday morning, revealed the results
of that action but, of course, I gave no further thought to the compression
of the back-up drive.

It has been a very educational weekend.

brianf



Similar ThreadsPosted
Strange Virus Activity October 18, 2007, 5:49 pm
Security pop up messages about virus activity/software August 25, 2005, 1:25 pm
Virus-like Activity after a boot-time Scandisc November 11, 2007, 12:32 pm
Daily virus attack and IE script error messages July 19, 2005, 4:56 pm
Re: Microsoft update virus security issue (W2k SP4) error: 0x8DDD0002 August 18, 2005, 11:06 pm
Re: Microsoft update virus security issue (W2k SP4) error: 0x8DDD0002 August 22, 2005, 11:19 am
HD activity 24/7 December 4, 2006, 7:40 pm
Re: Unknown svchost.exe DNS port 53 network activity December 20, 2006, 4:26 pm
Unknown download activity in background - how to determine what it is? July 28, 2007, 3:51 am
Stop error March 13, 2006, 3:59 am

The site map in XML format XML site map

Contact Us | Privacy Policy