I’ve got a virus on my system that has infected the boot record of the hard drive, and I can’t get rid of it. Norton AV finds it but can’t remove it, their emergency recovery disks aren’t helping (mine has been misplaced), and I can’t seem to rid my system of it.
Anyone got any ideas?
It’s odd that Norton can’t remove it. Do you have the latest version and all?
It’s time for cold boots and updated virus definitions and new startup disks from your anti-virus software maker.
Other than that, the last time I caught NYB off of some old disks, a handy subscription to Mcaffee.com’s very convenient scanning tool removed it immediately. $29.95/yr.!
-Sam
A shot of penicillin in the CMOS should do the trick. Was that any help to you?
I just picked up Norton’s version 6.0 antivirus, which came with a set of 3 recovery disks, but no luck. It finds and identifies the virus, but can’t remove it. I don’t know where this virus came from, as the research I have done says it’s passed from floppies, but I don’t use floppies.
I did just take my system into Best Buy for a new power supply, but I don’t have any “proof” that they infected it. It is such a pain. I don’t mind losing all the data on the harddrive, but when I try to format and re-install the data off of my HP Recovery CD’s, it says that my memory is not configured correctly. If I boot into windows98, though, I do see my memory fine. Ugggghhh!!!
Rubes-
Read my post. NYB is also a boot sector virus that is passed from floppy to HD boot sector. McAffee.com will wipe out the virus, easy. It also finds and destroys Bots, Trojans and worms.
FWIW, I’ve had similar experiences with Norton’s not cleaning up virus, but identifying it nonstop.
-Sam
GaWd,
I have McAffee on the system currently (came preinstalled on the HP) but it doesn’t even see the virus. I had it scan all files on the c:\ but came back w/no viruses found.
If this virus only infects the boot sector of the hard drive, it should be relatively simple to clean.
First, create a boot disk on a non-infected system that uses the same operating system that you use. Make sure that fdisk.exe is placed on the diskette.
Flip the tab to write-protect the diskette and boot your infected system with the diskette.
After you boot up, run the following command:
fdisk /mbr
This command makes fdisk refresh, or overwrite, the master boot record of your hard drive with a clean copy. This is done without data loss.
Once this is done, shut the machine off. (very important) Wait a few moments and boot the the hard drive again. If this is a boot sector virus, this process will remove it.
Whoa, for $0 you can visit the mcaffee online clinic & let it deal with it live on the web…trial online thing should be free. Otherwise like $20 a year for all the computers you want, but you know, you have to be able to get online to use it.
Sometimes this does not work, but usually it does. I had some kind of monkey virus that it did not work on- I think the virus was on the master and backup boot records though. Try it though, and be careful- if you piss of fdisk, it won’t be your buddy anymore…
The reason for the fdisk /mbr command failing in Stoned Empire Monkey virus infections is that this virus infects floppy boot sectors as well as hard disk sectors. When booting from an infected floppy disk, it will cause the system to be unable to find the hard drive. Thus, fdisk will be unable to clean the master boot record. This is the main reason I suggested obtaining a boot disk created by a non-infected system.
This is true. But the fdisk /mbr command does not load any menu screens or require any further interaction. It simply cleans the boot record and returns to the command prompt. No danger there.
For full info on the Stoned Empire Monkey virus, see this page on the SARC website:
http://www.symantec.com/avcenter/venc/data/stoned.empire.monk.html