There is a weird virus in my system

[Indus Monk]

On 12/10/2016 at 8:51 AM, Ryujin2003 said:

If MBAR didn't work, try Kaspersky TDSS and Norton Power Eraser.

 

Also you ignored it earlier, but how did you obtain this virus?

Infection in the boot media

[Indus Monk]

On 11/10/2016 at 11:25 PM, Edgar R. Zakarian said:

If it comes back after windows reinstall, it's not ONLY on the harddrive.

 

3 hours ago, corrado33 said:

You guys are funny with your infected PCs. Nothing withstands a bash: scrub on linux. 

 

Scrub the flash drive, download and burn a windows install DVD (no USB drive). Remove the HDD from the windows pc, scrub it with linux. 

 

Then, download whichever rootkit/bios virus removal tool you want that starts from a USB. Install it onto the cleaned USB you made with linux. Boot from it on the infected PC. Clean infected PC. Reassemble. Reinstall windows.

 

13 hours ago, Ryujin2003 said:

The super large font is especially great.

Either wipe and reinstall, or keep up the same browsing habits. Eventually he will get a good 800 number for a Microsoft Technician who will take go's credit card and "clean" his PC. Either way, which ever is easiest.

 

15 hours ago, zanthros said:

It is easier to moan and whine than to follow anyone's directions of give any troubleshooting results. Somewhere in all of the posts is the fix. WIPE and reinstall! I give up cause I don't like to listen to whining.

 

15 hours ago, AshleyAshes said:

Why does the OP keep saying that MBAM detects this 'virus' yet not once has the exact details of what MBAM thinks it has found been posted?

 

16 hours ago, paos said:

you'll have to get new boot media if thats where its coming from (preferably unpirated this time) and fresh install everything. you gotta go all scorched earth policy on that virus

I know I have been a really annoying madafaka...  But at last, I'll get a new mobo and nuke the drive (duh). But seriously, thanks for the patient replies. But seriously, can an infected boot media cause this?

[zanthros]

 At the dos prompt type in the following commands EXACTLY!

“DEBUG” (without the parentheses and press enter)

F 200 L200 0 (press enter)

A 100 (press enter)

MOV AX, 301 (press enter)

MOV BX, 200 (press enter)

MOV CX, 1 (press enter)

MOV DX, 0080 (press enter)

INT 13 (press enter)

INT  3 (press enter)

Press Enter again then type in

D100 LF

You should get the following response on the screen:

BB 01 03 BB 00 02 B9 01-00 BA 80 00 CD 13 CC

 

All gone!

[Indus Monk]

11 hours ago, zanthros said:

 At the dos prompt type in the following commands EXACTLY!

“DEBUG” (without the parentheses and press enter)

F 200 L200 0 (press enter)

A 100 (press enter)

MOV AX, 301 (press enter)

MOV BX, 200 (press enter)

MOV CX, 1 (press enter)

MOV DX, 0080 (press enter)

INT 13 (press enter)

INT  3 (press enter)

Press Enter again then type in

D100 LF

You should get the following response on the screen:

BB 01 03 BB 00 02 B9 01-00 BA 80 00 CD 13 CC

 

All gone!

getting an error saying that 'DEBUG' is not recognized as an internal or external command,
operable program or batch file. And what is a DOS prompt? I know CMD but not DOS prompt

[RossMadness]

On 10/11/2016 at 0:59 PM, manikyath said:

i'm gonna download that ISO, because i've been looking for one of these just in case

Bitdefender also has a great Rescue CD as well. I keep the ISOs for both in my bag of tricks.

 

http://www.bitdefender.com/support/how-to-set-up-a-bitdefender-rescue-cd-1249.html

[manikyath]

18 hours ago, zanthros said:

 At the dos prompt type in the following commands EXACTLY!

“DEBUG” (without the parentheses and press enter)

F 200 L200 0 (press enter)

A 100 (press enter)

MOV AX, 301 (press enter)

MOV BX, 200 (press enter)

MOV CX, 1 (press enter)

MOV DX, 0080 (press enter)

INT 13 (press enter)

INT  3 (press enter)

Press Enter again then type in

D100 LF

You should get the following response on the screen:

BB 01 03 BB 00 02 B9 01-00 BA 80 00 CD 13 CC

 

All gone!

Please explain why an utility that was on its way out since vista can magically fix virus infested media?

[zanthros]

10 hours ago, AmbarChakrabarti said:

getting an error saying that 'DEBUG' is not recognized as an internal or external command,
operable program or batch file. And what is a DOS prompt? I know CMD but not DOS prompt

You are correct, I was in err when I stated "DOS Prompt" You are correct upon your assertion of Command Prompt. Kudos to you for that one. You are much more learned than many. The reason for "DEBUG" not being recognized as an internal or external command is because it has to be run in a DOS only environment. (preferably anything from 3.1 to win 98.) It cannot be run in a GUI environment and can be run from say a windows 3.1,95,98 start up disc. Yeah, Old School. Old school that does not care what is on the disc as far as the operating system, partitions, how it is connected to the motherboard (IDE,EIDE,SATA) or format as this old school command set talks directly to the chip on the drive and tells it to clear the partition sector (Cylinder 0, Head 0, Sector 1.) This useful in removing a boot sector virus and a root kit. I have found that it is the easiest way to produce a RAW DRIVE from one that has data on it. I don't need any GUI programs that just get turned down because it does not have "permission" to work or it does not clear out the partition layout as boot sector viruses and root kits can survive the typical GUI software wipe.

It's like this..... Have you ever tried to wipe a MAC drive? You can't get rid of the EFI partition in windows or with any tools that run in windows. Pretty annoying...... you cannot use the entire drive as it has this EFI partition on it. I believe that it would be about the same for a drive that has windows 10 on it, as it uses a similar type of scheme for it's drive set up when you install it. I do not know this for certain as all drives that I wipe I use this to "clear out" the drive and then run a pass of Darik's boot and nuke to write random data on the drive. It is out of habit and the fact that it works 100% of the time. This is dangerous if you do not know what you are doing anyway, I did not have any worries in putting it out there because so few people still know how to do things like this.......... 9 lines of code to wipe a drive.... how much simpler can it get? (I won't get into "just put blah blah  software disc in and press the format button" as these lines of code is like writing the program. If you want the full info on it, just PM me.

 

And as far as:

2 hours ago, manikyath said:

Please explain why an utility that was on its way out since vista can magically fix virus infested media?

I will file that comment along with:

When we set the upper limit of PC-DOS at 640K, we thought nobody would ever need that much memory.  — William Gates, chairman of Microsoft

File.

 

Kind of like asking "why do we still use bullets and bombs in warfare? That type of warfare went out in WWII."

ANSWER: Because it works 100% of the time when properly executed young padawan.

 

It does not "magically" fix the virus infected media and if you actually knew what you were talking about you would know what it did. Real DOS has not been used in windows since it's last appearance in windows ME. Windows uses a CLI interface that is similar to DOS but it is not true DOS. Even today in windows 10 there is a CLI..... i.e. open the CMD window.....

 

[manikyath]

Just now, zanthros said:

--

i thought you'd understand i was asking what those commands are doing.

 

also, none of what you just said has any real connection to this topic, unless it was your intention to sound like an old self-centered douchebag. (which, i'm gladly taking is not your intention here )

 

but as far as i'm concerned that list of commands looks like someone's giving a theoretical class on assembly instead of doing something actually useful, and you've yet to explain me how this has anything to do with virusses.

[zanthros]

It has nothing to deal with  specifically the virus itself but rather the "wiping of the drive" and removing any possibility of a boot sector virus or a root kit in the drive. A lot of times the virus has infested the system so badly and replicated itself and continued to do so as the OP stated that it infected his installation  media (USB drive) that in order to eradicate  it one must CLEAN out everything on the drive. This code does that when implemented properly. That is how it "removes" the virus. It resets the drive to RAW parameters and the drive needs partitions and formatting. So now there is no partition, no boot sector and no formatting in place.

Better?

[manikyath]

43 minutes ago, zanthros said:

It has nothing to deal with  specifically the virus itself but rather the "wiping of the drive" and removing any possibility of a boot sector virus or a root kit in the drive. A lot of times the virus has infested the system so badly and replicated itself and continued to do so as the OP stated that it infected his installation  media (USB drive) that in order to eradicate  it one must CLEAN out everything on the drive. This code does that when implemented properly. That is how it "removes" the virus. It resets the drive to RAW parameters and the drive needs partitions and formatting. So now there is no partition, no boot sector and no formatting in place.

Better?

please explain to me how the code you posted knows which drive to target.

[Indus Monk]

1 hour ago, zanthros said:

It has nothing to deal with  specifically the virus itself but rather the "wiping of the drive" and removing any possibility of a boot sector virus or a root kit in the drive. A lot of times the virus has infested the system so badly and replicated itself and continued to do so as the OP stated that it infected his installation  media (USB drive) that in order to eradicate  it one must CLEAN out everything on the drive. This code does that when implemented properly. That is how it "removes" the virus. It resets the drive to RAW parameters and the drive needs partitions and formatting. So now there is no partition, no boot sector and no formatting in place.

Better?

Just tell me what I can do on 64 bit win7. I even got a new board today. I wanna repair and sell the old board

[manikyath]

24 minutes ago, AmbarChakrabarti said:

Just tell me what I can do on 64 bit win7. I even got a new board today. I wanna repair and sell the old board

i highly doubt something is wrong with your board, what i'm guessing is the issue is some form of virus that "procreates" itself onto any disk it can find.

 

the problem is, how does one kill a virus that procreates to any drive you plug in?

 

well...

 

using whatever (READ ONLY!!) storage medium of your preference, and any of before mentioned tools that have the capability, wipe any drive in the PC itself (not the partitions, the entire drive) and any USB disks used since the issue started occuring. (ideally you'd just toss out usb sticks, and get new ones, but some people dont quite have the budget )

 

make sure to wipe them all in one go, so no reboots, no trying to access any of the drives in between.

that *should* rid the issue.

[Indus Monk]

2 minutes ago, manikyath said:

i highly doubt something is wrong with your board, what i'm guessing is the issue is some form of virus that "procreates" itself onto any disk it can find.

 

the problem is, how does one kill a virus that procreates to any drive you plug in?

 

well...

 

using whatever (READ ONLY!!) storage medium of your preference, and any of before mentioned tools that have the capability, wipe any drive in the PC itself (not the partitions, the entire drive) and any USB disks used since the issue started occuring. (ideally you'd just toss out usb sticks, and get new ones, but some people dont quite have the budget )

 

make sure to wipe them all in one go, so no reboots, no trying to access any of the drives in between.

that *should* rid the issue.

Alright. It's 12 am here, I'll report back asap

[Indus Monk]

I feel like I owe everyone an apology. Just re installed windows with a different boot media. and the virus was gone!

The 4690k still sits at 50-60 degrees Celsius but not at 100. there are usage spikes, but overall usage does go down to 0% at idle Which probably means thde system is FIXED :\ And here i was being a dick

[Indus Monk]

@dexxterlab97 @Enderman @Electronics Wizardy @manikyath

@Edgar R. Zakarian @zanthros and to everyone who replied. I was being a dick towards reinstalling windows. Just did that and the virus is possibly gone. I still get 15-25%CPU usage at idle but as a lot of spikes. which i feel is normal

[manikyath]

Just now, AmbarChakrabarti said:

@dexxterlab97 @Enderman @Electronics Wizardy @manikyath

@Edgar R. Zakarian @zanthros and to everyone who replied. I was being a dick towards reinstalling windows. Just did that and the virus is possibly gone. I still get 15-25%CPU usage at idle but as a lot of spikes. which i feel is normal

just keep an eye on it, as long as your problem is solved i'm a happy man

[zanthros]

More than likely you will be experiencing higher than normal CPU usage and memory usage until Windows gets fully updated. If you have a problem with windows update taking forever and seems like it is doing nothing or experience EXTREMELY high memory usage for unknown reasons and task manager shows (processes for all users) svchost is chewing up your memory, then it is the Windows update. This is a well documented problem that has reared it's ugly head since SP1. If you experience this PM me and I will be happy to send you the info for the REAL fix. Good Luck!

[paos]

On 10/13/2016 at 0:34 PM, AmbarChakrabarti said:

 

 

 

 

 

I know I have been a really annoying madafaka...  But at last, I'll get a new mobo and nuke the drive (duh). But seriously, thanks for the patient replies. But seriously, can an infected boot media cause this?

yeah, if the OS was packaged with viruses, thats a pretty bad thing, and it happens unfortunately. Its sort of the catch 22 of pirating. Like others said, there are viruses that can infect the mobo bios as well, and that is just a whole 'nother level of bad.