virus - re format
Moderator: Wiz Feinberg
virus - re format
My computer (I am on my old spare computer right now) has a virus & I need to start from scratch. I have the boot disk, but how exactly do I re-format??
-
Craig Allen
- Posts: 486
- Joined: 24 Aug 1999 12:01 am
- Location: BEREA, KENTUCKY, USA
Steve, it depends on the type of "virus" you've contracted as to whether or not a re:format will help. If you have a memory resident virus, you can re:format 'till the cows come home, and it will make no differance.
I have not done an 'unconditional', format, but when I need to re:format, I don't care about saving files. I store very little on my hard drive, as it is.
Get to a "C" promt.then type format, and let er go boys.. {C:format} Make certain that you have any product keys, or authorization codes that you will need, to reload your system. But I say to you, that if you have a memory resident virus, this will serve no purpose. It will likly re-infect your machine.
b0b has a lot of snap about these things, and knows some sites that may be helpful with info on your particular virus, and how to kill it.
Bon Chance
I have not done an 'unconditional', format, but when I need to re:format, I don't care about saving files. I store very little on my hard drive, as it is.
Get to a "C" promt.then type format, and let er go boys.. {C:format} Make certain that you have any product keys, or authorization codes that you will need, to reload your system. But I say to you, that if you have a memory resident virus, this will serve no purpose. It will likly re-infect your machine.
b0b has a lot of snap about these things, and knows some sites that may be helpful with info on your particular virus, and how to kill it.
Bon Chance
-
Jack Stoner
- Posts: 22087
- Joined: 3 Dec 1999 1:01 am
- Location: Kansas City, MO
I'm confused. If I have a "memory resident" virus, it's only "memory resident" as long as the PC is on. If I turn the PC off and then back on, the virus info is on the hard drive and will reload in memory - Correct? If my assumption is correct, reformatting the hard drive would delete it. That is reformatting and erasing all the data on the hard drive, not just a quick reformat as the data will still be there just the flag will be set that that sector can be used.
I've never used the "U" option, does that completely erase the drive or just force it to reformat the complete drive rather than a "quick format"? If it gets to the point the hard drive needs reformatting, I would assume it needs all the data "erased".
I've never used the "U" option, does that completely erase the drive or just force it to reformat the complete drive rather than a "quick format"? If it gets to the point the hard drive needs reformatting, I would assume it needs all the data "erased".
-
Tom Diemer
- Posts: 244
- Joined: 26 Nov 2000 1:01 am
- Location: Defiance, Ohio USA
Jack,
A memory resident virus is stored in the boot sector of the hard drive. A high level format ( the format c: command ) does not replace the boot sector. Besides, the computer has to be on (thus, memory is used containing the virus) in order to format it.
Usually, booting from a clean, write protected floppy, and using the command 'format c: /MBR' will rewrite the boot sector, and remove the virus pointers. MBR means 'Master boot record'
Keep in mind, it would be VERY rare to get a memory resident virus these days. Those are for the most part, antique. Modern virus's are the script types, and do not retain in memory or boot sector. Since everyone uses Windows, a Windows virus is all you need to mess them up. Memory resident was more from the DOS world. Not unheard of, but rare.
Tom
A memory resident virus is stored in the boot sector of the hard drive. A high level format ( the format c: command ) does not replace the boot sector. Besides, the computer has to be on (thus, memory is used containing the virus) in order to format it.
Usually, booting from a clean, write protected floppy, and using the command 'format c: /MBR' will rewrite the boot sector, and remove the virus pointers. MBR means 'Master boot record'
Keep in mind, it would be VERY rare to get a memory resident virus these days. Those are for the most part, antique. Modern virus's are the script types, and do not retain in memory or boot sector. Since everyone uses Windows, a Windows virus is all you need to mess them up. Memory resident was more from the DOS world. Not unheard of, but rare.
Tom
-
Tom Diemer
- Posts: 244
- Joined: 26 Nov 2000 1:01 am
- Location: Defiance, Ohio USA
Ooops. I made a mistake in my earlier post. Guess this cold has me down more than I thought.
The command to clear the MBR is FDISK /MBR, not format c: /MBR
Some ROM's do have format abilities, but those are usually SCSI adapters with that feature. Part of the SCSI bios is the format ROM chip. Using SCSI type hard drives. They commonly refer to that as 'initializing' the drive. Same as a low level format. After that is done, you must Fdisk to create the partitions, then format c: (high level format)before the drive can be used to store files.
It is true that many of the newer PC's will boot and install from the CD-ROM, if that's what you meant. But that is a high level format only.
I'm not aware of any IDE drive systems that format from ROM. Perhaps I am mistaken?
IDE drives are factory initialized, and need a special program to low level format them. Example is WDFMT.EXE for Western Digital drives. Or Data Lifeguard tools, (free download from Western digital),Microscope, Checkit, or Troubleshooter, to name a few.
Hope this helps, and is accurate.
Most of the newer virus's are more a nuisance than damaging. I deal with them often in my work. If I can help , please drop me an email, Ill try to give you a line on how to remove it, and what damage, if any, was done, during removal, and what to do to repair the OS. Lot's of good info on Symantic's support sight, [url=http://www.sarc.com,]www.sarc.com,[/url] I believe it is.
Tom (MCP, CNE, A+)
The command to clear the MBR is FDISK /MBR, not format c: /MBR
Some ROM's do have format abilities, but those are usually SCSI adapters with that feature. Part of the SCSI bios is the format ROM chip. Using SCSI type hard drives. They commonly refer to that as 'initializing' the drive. Same as a low level format. After that is done, you must Fdisk to create the partitions, then format c: (high level format)before the drive can be used to store files.
It is true that many of the newer PC's will boot and install from the CD-ROM, if that's what you meant. But that is a high level format only.
I'm not aware of any IDE drive systems that format from ROM. Perhaps I am mistaken?
IDE drives are factory initialized, and need a special program to low level format them. Example is WDFMT.EXE for Western Digital drives. Or Data Lifeguard tools, (free download from Western digital),Microscope, Checkit, or Troubleshooter, to name a few.
Hope this helps, and is accurate.
Most of the newer virus's are more a nuisance than damaging. I deal with them often in my work. If I can help , please drop me an email, Ill try to give you a line on how to remove it, and what damage, if any, was done, during removal, and what to do to repair the OS. Lot's of good info on Symantic's support sight, [url=http://www.sarc.com,]www.sarc.com,[/url] I believe it is.
Tom (MCP, CNE, A+)
-
Jack Stoner
- Posts: 22087
- Joined: 3 Dec 1999 1:01 am
- Location: Kansas City, MO
Tom, I was referring to a low level or "Fdisk" as what would be needed to completely erase the disk.
I keep a copy of the older WD EZ Disk program that will format either FAT16 or 32 drives. I still have two clients that have older OS's and the FAT16.
BTW I used to be 3.12 Novell certified. Once I retired there wasn't any reason to spend the money to get upgraded.
I keep a copy of the older WD EZ Disk program that will format either FAT16 or 32 drives. I still have two clients that have older OS's and the FAT16.
BTW I used to be 3.12 Novell certified. Once I retired there wasn't any reason to spend the money to get upgraded.
-
Jack Stoner
- Posts: 22087
- Joined: 3 Dec 1999 1:01 am
- Location: Kansas City, MO
Granted most consumer PC's don't use SCSI, but I've run SCSI in all of my home-built PC's since the 80's. You can't beat it for UNIX or Linux, and I still use a SCSI CD burner. I've never had a buffer underrun when burning a CD, and I can continue to work while burning without having to shut down extra processes.
-
David Pennybaker
- Posts: 1210
- Joined: 7 Aug 2000 12:01 am
- Location: Conroe, TX USA
- Contact:
Check out the latest CD-R drives with "Burn-Proof" technology. No more coasters do to buffer under-runs. Even on IDE!<SMALL>I've never had a buffer underrun when burning a CD, and I can continue to work while burning without having to shut down extra processes.</SMALL>
------------------
The Unofficial Photographer of The Wilkinsons