Good point Quad.Hannah12…dont use the recovery cd’s from HP. Only use the XP cd which is a bootable cd. Completely erasing a hard drive when I have done it in the past a couple of times takes atleast 4 hours or so. Again what is the manufacture of the drive cause in there site they have tools to erase the drive. As far as I know HP doesnt make hard drives. It is either a Seagate or something else. Open up your case and look at the hard drive label.

---

Tony_Weiss wrote:
Before we all throw in our recommendations, I have requested that Hannah12 run the fixtool for boot.mebroot, following all the steps in the instructions. Let's wait for the results of that fix before we repeat our previous recommendations. Thanks!

---

Is this your pc? I honestly believe you are not wiping your drive clean.

 http://h10025.www1.hp.com/ewfrf/wc/prodinfoCategory?lc=en&dlc=en&cc=us&product=90390&lang=en

http://h10025.www1.hp.com/ewfrf/wc/document?docname=bph03429&lc=en&dlc=en&cc=us&lang=en&product=90390

http://www.xentrik.net/software/wipedrive.html

http://www.killdisk.com/orderform.htm

 http://www.download.com/Erase-Your-Hard-Drive/3000-2092_4-10571514.html

I am also keeping an eye on how Hannah12 got on, I was just replying to 2 questions in my previous post that's all. (the memory and MBR).

It will be interesting on how it goes with Tony's instuctions. 

Quads 

Hannah, this is NOT for you.  At least, not yet.  At the moment, you should be following tony Weiss' instructions.

This is for the team.

We all know that a full reformat (high level) should clear the entire hard drive (that means ALL PARTITIONS).  And even without zeroing the artifacts, there really should be nothing problematic when reimaging the hard drive.

There are only two things that haven't been explored - one of which has already been hinted at.

1.  The bios themselves contain something that is viral in appearance if not reality.  I've never seen this; but I suppose it is possible.

2.  The recovery CD's contain something that is viral in appearance or reality.

For the moment just consider option 2, the recovery CD's (or DVD).  Contemporary computers almost all have a hidden partition containing the software for reimaging the hard drive.  Some of the contents are not viral, but put your computer at risk -- software like earlier versions of Flash or Shockwave or Adobe Reader or Real Player or Java.  If you run a "risk-detector" like Secunia it finds those programs.  You aren't really at risk because you are no longer using them, but you are momentary at risk any time you reimage your harddrive -- those programs need to be upgraded (and sometimes uninstalled by hand).

Now what if at the time Hannah's computer was being "built," there was a piece of malware not recognized as such and it was included in her package.  Not at all unlikely, based on my experience.  Or a piece of out-of-date software that was once considered viral but is now recognized as safe, but which Norton never made an adjustment for.

If it's the latter possibility, then that might explain similar complaints in a number of other threads -- all users who are being warn of virus at a deep level that no other AV program finds.  In order to discover whether this is the case or not, Norton would be a copy of Hannah's recovery disks to image a computer for testing.  Perhaps the manufacturer would be willing to work with Norton to explore the issue.  It would be for everyone's benefit.

If it's the former possibility, then the suggestion made earlier is really vital.  Stop using recovery CD's.  Instead:

1.  Don't just reformat the harddrive.  Remove all the partitions, too, as part of the reformatting.

2.  Install windows from a CD.

3.  Get the updates from Windows Update, opting for SP3 as soon as it is offered.

4.  Install the Norton AV2009 or NIS2009 and run a full scan.

If the computer gets a clean bill of health, a lot has been established:  no physical problems with the computer, no problems with Windows, no interactive problems with Windows or Norton.  If the computer is said to have a virus, this is "impossible," which only means there is a physical flaw in the computer, or the Windows installation disk is defective, or the Norton installation software is corrupt.  (This is if we have ruled out BIOS as a problem.)

If there is no problem, Hannah could then use the product recovery disks to put in the particular drivers necessary for her computer, a couple at a time, checking every so often with Norton to see if there is yet any problems.  And then do the same thing with the software.

Does anyone at all have any problem with this strategy if Tony's advice doesn't help and if Hannah is open enough to explore it?  Note that if there are things you want Hannah to do different than this, nothing about this will stop her ... afterwards.  This process will only answer some fundamental questions that aren't yet being answered.

Well said mijcar. Hannah here is a simply test. If your hard drive is completely wiped then your pc should be unbootbale excpet if you have a Windows Xp cd in it and hit “enter”.

---

Dieselman743 wrote:
Well said mijcar. Hannah here is a simply test. If your hard drive is completely wiped then your pc should be unbootbale excpet if you have a Windows Xp cd in it and hit "enter".

---

All suggestions are helpful till she gets back online. Telling me to hold off has no bearing here.

What I would like to know, after reading all of this, if anyone reviewed the Software and Driver Downloads section for this particular HP Model.

The OP makes no mention of HP updates. Some of these older models are quite dependant upon specific HP updates, including security fixes that can be unique for certain models and/or software configurations.

This particular model, according to the specs, came with XP (pre Service pack era) and is one of the HP/Compaq models that had serious issues with SP1 installation, and again, with SP2. A non-destructive recovery hosed the OS big time. Was a very serious issue when SP1 came out. If there was a failutre to install this prior to the discovery of the trojan, XP will be destroyed, by the simple act of doing a non-destructive recovery. Then I noticed that this issue carried over to SP2 with an additional update, this time, with a MS KB article http://support.microsoft.com/kb/835409.

I just mention this because this is such "old news", it may be overlooked today - even by HP's own tech support people.

Also, there is a security fix for Easy Internet Sign-up which may or may not be the trojan in question. Very little info is provided by HP concerning the security fix. And, perhaps some of the numerous security fixes are unique to the model in question. I am not certain.

I would want to know just how to get things installed safely, since there are indications that the computer came with Vanilla XP - no service pack, no firewall. An outdated security suite that is too old to update (?) and protect. That is a rather dangerous scenario under today's internet environment.

And, sometimes people just do not have spare XP discs floating around, and some of the earlier HP/Compaq XP models did not take too well to a "simple clean install" off of a retail disc

I am not a guru of any sorts, and my only experience with this type of problem is from owning a 2002 Compaq up until early this year.

These are just my observations and please disregard if these things have been considered already.

Hannah12, I hope these guys get you squared away.

Just wanted to check in to let you know that the virus hasn’t gone away, but that I am working with Tony on it.  Thanks for all the help and suggestions so far…

Hannah,

Right working with Tony is the best thing you could be doing.

Same problem with virus removal, deleted partition, reformatted partition, re-installed WinXP from CD and Samantec Corp Edition Anit-virus sitll found it.

I will be interested in a solution to this one!

Did you do a low level format? Did you write zero’s to the drive? You need to be sure that the drive is completely empty. Do this by boot up after writing zero’s to the drive and the pc should be unbootable.

---

hilltop wrote:

Same problem with virus removal, deleted partition, reformatted partition, re-installed WinXP from CD and Samantec Corp Edition Anit-virus sitll found it.

 

I will be interested in a solution to this one!

---

Could you post a screenshot?

Dont know how to insert an image here

Or just upload it to rapidshare or something

Hi hilltop,

I am still working with Symantec on this and will let you know what happens. 

Do you have the mebroot virus? or another one?

I have tried many different things so far that are mentioned in the thread and talked to a lot of technical support people at Symantec and HP and on this board and at Fry's electronics and just people I know.  Everyone is stumped.  The latest thing I tried was Symantec's removal tool for the mebroot virus but it didn't work, either.  The virus is maybe a slight variant of the the original mebroot.  They have some more ideas, however, and maybe one of those will work.

I'll let you know.

Did you completely erase your hard rive by writing zero’s to it? By now why don’t you just go buy a new hard drive and be done with it all.It doesnt make sense to spend hours and days on this when a new hard drive is very cheap.

---

hilltop wrote:

Same problem with virus removal, deleted partition, reformatted partition, re-installed WinXP from CD and Samantec Corp Edition Anit-virus sitll found it.

 

I will be interested in a solution to this one!

---