Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
I will go through the steps on the Symantec page, but I would like someone to explain to me why a destructive recovery does not remove the virus. HP says Norton is giving me a “false positive”. Why would it do that on a freshly restored hard drive? Oh, and I ran the McAfee free scan on their web site and it did not show the virus. I wish someone could explain all this…
As a matter of urgency, please follow the Steps on the Web Page I provided as soon as you can.
If after following all the Steps on the Web Page you still have this Issue, please Upgrade to Norton 2009 via this Web Link, http://www.symantec.com/home_homeoffice/support/special/upgrade2007/vista/select_product.jsp?site=nuc, remebering to change the Web Site to where you are located, and then re-do those Steps in the Web Link I provided.
My 6-year-old computer became infected somehow with a trojan virus that infects the master boot record. Norton Virus 2008 could not remove it. Norton's Virus Removal Service could not remove it. HP could not remove it using a variety of virus removal tools they loaded onto my computer. I then backed up everything and did a full recovery from the partitioned recovery drive. The files were corrupted and things did not work right. I then ordered the recovery disks for my computer and did a full recovery. After I loaded the Windows XP Updates, I then loaded Norton again. The virus was still there. HP then helped me first wipe out the hard drive data before Windows loaded, and then I did a recovery using the disks again. THE VIRUS IS STILL THERE.
HP says that it is impossible for the virus to still be there. They say that Norton is somehow giving me an error message. A friend of mine thinks that the virus is hiding somewhere that is not being wiped out during recovery. What do I do now? Why is a virus still being detected?
Hannah12 wrote:.......................did a full recovery from the partitioned recovery drive. The files were corrupted and things did not work right. I then ordered the recovery disks for my computer and did a full recovery.
Hi Hannah12,
Did you delete this partition during the destructive recovery?
I spoke to both HP and the recovery disk people. They claim that the partitioned recovery drive is wiped out and recovered when the disks are run. Also, before I ran the disks the second time, HP had me manually wipe out the hard disk first and claim that this process also wipes out the partition. A friend of mine is not so sure and thinks that the virus may be hiding there.
I have tried to just run the fixmbr command as per the Symantec removal instructions, but neither I nor the HP people (!) have been able to figure out how to do just this.
But...if I do a full recovery, doesn't that fix the master boot in the process?
I have spent about 60 hours on this between backing up all my files and spending time with Norton's tech support - who gave up - and HP's tech support - who gave up. It just seems unbelievable to me that even wiping out a hard drive cannot remove a virus!
Hi Hannah12,
I guess I was thinking along the lines of your friend.
Can you go into Control Panel > Administrative Tools > Computer Management > Disk Management and see if there is a recovery partition visible on your hard drive there?
I actually just went there and ran the format option on the recovery drive and Norton showed the virus is still here. I also formated D which has the FAT just now. Now I am going to run the recovery disks again and do another full recovery.
I believe on my own computer that the recovery drive is encrypted and only usable when it has been loaded into member as a virtual drive. It may not be searchable.
Now that doesn't answer the question as how did a virus get there in the first place -- since even the recovery drive is created whole cloth from the recovery disks and installed at the factory.
I would be interested in knowing if this particular computer recovery disk actually has an embedded virus or a string of data that matches the virus signature (thus producing a false positive).
The big question is, has your machine exhibited any viral behavior. The memroot viruses that I remember reading about were powerful and quickly brought a machine to a stop. Has anything peculiar been happening other than NIS finding the virus?
Hi mijcar,
My concern over the recovery partition was that Hannah12 said it was "corrupted and things did not work right".
It just raised a red flag for me.
Phil, tell me if this sounds crazy (I’m sure everyone would): I wonder what would happen if Hannah got a new hard drive.
Are you suggesting a test or a cure?
You raised a good question about whether there were any viral symptoms.
I'd like to see the original recovery partition deleted and then check the results.
Simply reinstalling Windows when you have a virus never takes care of things. You need to write zero’s to the drive which will Completely erase all data. All hard drive manufacturers offer this. Both my Seagettes came with bootable cd’s to erase the drives. If you write zero’s to the drives then all data including viruses will be gone. How did you reinstall Windows? Did you completely areas your partition? Did you do a low level format?
Diesel,
Hannah implied she had reimaged the system from recovery disks. You are right; if she only reinstalled Windows, that would do probably not accomplish anything. But neither will writing zeros. Whatever artifacts are left on the harddrive have no software value unless they are recovered and entered into the indexer. Something then would have to actual launch these. Writing zeros provides security (to a certain point) in terms of making old stuff unrecoverable (great if you a mid-level spy).
No not true. I have built several pc’s. Including my gaming pc. I did a fresh install of XP and before that I wrote zero’s to the drive. After writting zero’s to the drive I bought the drive to my local pc repair place and had him scan all the sectors. And guess what. Nothing was found. The drive was like new.
I formatted the D and E drives (see above) and then ran the full recovery off the disks. When it finished, I immediately disabled the system restore which Symantec says to do for this virus. Then I downloaded SP2 and installed Norton AV 08. It once again picked up the virus. I scanned the D and E drives and they both were clean.
The guts of this 2002 computer make it impossible for me to even put in another memory stick without pulling everything out, which I don't feel qualified to do, so if I got another hard drive, I would have to pay someone to install it, and I am tired of sinking money into it, otherwise I would just do that. I would rather keep saving my money to buy a new computer next year some time. It there are more things I can try to get this virus removed, I am willing to do them, however.
Apparently I am just not wiping it out. Before I ran the disks the second time, HP had me erase the hard drive which took several hours. Then I ran the disks. They won't help me any more and just say that Norton is giving me a false positive which doesn't sound right.
And I have to say that I am really annoyed with Norton for their lame virus removal page on this virus. I would like to write to Elia Florio who wrote the instructions, but I can’t find anything on the site on how to email her.
Could you please post a screenshot what says that you are infected? That way we could look further and see if Norton is right or not
You formatted D and E you say. 90 % of pc’s the hard drive is “C” . D and E are usually your cd rom drives. Do you have 2 hard drives? What kind are they? About every 6 months you should open up your pc to clean it out of dust. Double click My Computer. What label is your hard drive. When you format you can only do this via a Windows Bootable CD which when you boot up you need to hit “enter” and then you get a Blue and White screen. Is this what you did? From what I gather youer not deleting your partition. When you boot up with a Windows CD Window will ask you what you want to do. Repair or Reformat. If you select reformat then you will be prompt that this will erases all data to you want to continue. Then you should see a screen about deleting your Windows partition and installing a new copy of Windows. You need to delete your partition. Do you have a Blue Bootable XP CD?
Hannah12 wrote:I formatted the D and E drives (see above) and then ran the full recovery off the disks. When it finished, I immediately disabled the system restore which Symantec says to do for this virus. Then I downloaded SP2 and installed Norton AV 08. It once again picked up the virus. I scanned the D and E drives and they both were clean.
The guts of this 2002 computer make it impossible for me to even put in another memory stick without pulling everything out, which I don't feel qualified to do, so if I got another hard drive, I would have to pay someone to install it, and I am tired of sinking money into it, otherwise I would just do that. I would rather keep saving my money to buy a new computer next year some time. It there are more things I can try to get this virus removed, I am willing to do them, however.
Apparently I am just not wiping it out. Before I ran the disks the second time, HP had me erase the hard drive which took several hours. Then I ran the disks. They won't help me any more and just say that Norton is giving me a false positive which doesn't sound right.
Please Upgrade to N.AV. 2009 via the Web Link I gave you and re-do the instructions I gave you; remember to Turn On Windows' Firewall as N.AV. 2009 has no Firewall. However, I would advise that you Buy and Install N.I.S. 2009.