[RESOLVED] Cleaning Viruses

February 28th, 2001, 12:44 PM

can anyone tell me the best way to scan/clean a computer of viruses? And what are some of the pit falls I might encounter like files that can't be cleaned?

*Damned Angel* · February 28th, 2001, 12:54 PM

We do it one of 2 ways here. first we use f-prot from dos. Had to make a 2 disk set for it though because its too big to fit on only one disk now. If we come across a virus we can't clean with it, we take it over to a test system with Mcaffee loaded on the drive and hook up the infected one as a slave or secondary master. If we still can't clean it, delete the files infected and re-extract them from the windows cabs. In some cases though, a format reinstall is still called for.

------------------
If it aint broke......use a bigger hammer

March 1st, 2001, 10:54 AM

Same as above but sometimes I have had to do a Low Level format to remove a virus off a hard drive.

March 1st, 2001, 04:39 PM

Quote:

<font face="Verdana, Arial" size="2">Originally posted by *BSOD*:
Same as above but sometimes I have had to do a Low Level format to remove a virus off a hard drive.</font>

Low level format? Must be some kind of a nasty virus. A high level dos format is enough to take care of a virus. Not to mention, you should never have to low level an ide drive or "bad things" might happen.

cyberhh · March 2nd, 2001, 02:45 PM

Quote:

<font face="Verdana, Arial" size="2">Originally posted by CiscoGuy:
Low level format? Must be some kind of a nasty virus. A high level dos format is enough to take care of a virus. Not to mention, you should never have to low level an ide drive or "bad things" might happen.

</font>

Also format /autotest or fdisk /mbr from a clean floppy should remove any MBR based virus' from the machine - a low level format is never reccommended on an IDE drive - that is a featrue from when the drives did not have their own on board controller (RLL and MFM tech)

------------------
Death is lighter than a feather - duty heavier than a mountian.

March 3rd, 2001, 04:11 AM

Maybe I've been doing it all wrong then but the only way I've succesfully removed stonedtemplemonkey is to lowlevel till it gives you an error message then partition and format as normal. I had 20 systems donated for a kids project and every one of them had that nastya%$% virus on there.
If anyone knows any other way to remove that virus other than with a low level format please let me know. Thanks.

------------------
Sarchasm: The gulf between the author of sarcastic wit, and
the recipient who doesn't get it.

March 4th, 2001, 07:06 AM

Some viruses only add a bit of code to the beginning or end of an EXE file. These are easy to clean. Viruses that are designed to create damage to files can be cleaned (removed from the computer), however the damage they have caused cannot be repaired. For this reason you should always backup your files. Any virus scanning software company has a database of viruses and their properties: what damage do they do, symptoms, can they be cleaned, how prevalent is the virus in the "real world"

I have no pity for people who do not backup their data and then lose it.

------------------
sHIFT hAPPENS

March 14th, 2001, 03:02 AM

Install NAV 2000/2001. Use liveupdate to update the virus definations. DO NOT SCAN IN WINDOWS IF YOU SUSPECT A VIRUS. Turn off computer. Cold Boot from clean bootdisk.
Change to [usually] c:\progra~1\norton~1.
Type -> navdx /a /doallfiles /repair /delete.
Please note this can take several hours, especially with the MAtrix virus.
If NAV detects any viruses try and get removal info about it from Norton website from another machine if possible before you do anything else. Some viruses can infect Norton AV or hide from it on reboot into windows. Others, like Chernobyl will just do more damage. After removing virus then do a full scan in Windows. I actually have a spare 540 MB hardrive with just WIN98 and NAV2001 on a test bed. If I can't get NAV2001 installed a customers system and I suspect a virus I yank the HD and scan it from my testbed. Have fun!

------------------
What I know about computers would fill volumes - what I don't know would fill a wharehouse.

March 14th, 2001, 09:48 PM

If you know what virus it is, and its payload is not to severe, I like to remove them manually.

(Remove any files associated with the virus, replace all files infected by it and remove all references to it in the reg, ini and other files)

------------------
Is it because light travels faster than sound that some people appear bright until they speak????

February 28th, 2001, 12:44 PM	#1
homepc Guest Posts: n/a	Cleaning Viruses can anyone tell me the best way to scan/clean a computer of viruses? And what are some of the pit falls I might encounter like files that can't be cleaned?

February 28th, 2001, 12:54 PM	#2
Damned Angel MegaMod Join Date: Aug 1999 Location: Winnipeg, MB Posts: 2,582	We do it one of 2 ways here. first we use f-prot from dos. Had to make a 2 disk set for it though because its too big to fit on only one disk now. If we come across a virus we can't clean with it, we take it over to a test system with Mcaffee loaded on the drive and hook up the infected one as a slave or secondary master. If we still can't clean it, delete the files infected and re-extract them from the windows cabs. In some cases though, a format reinstall is still called for. ------------------ If it aint broke......use a bigger hammer __________________ "we're all amateurs, it's just that some of us are more professional about it than others" ----George Carlin The above post is © Damned Angel 1999-Present

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

March 1st, 2001, 10:54 AM	#3
BSOD Guest Posts: n/a	Same as above but sometimes I have had to do a Low Level format to remove a virus off a hard drive.

March 3rd, 2001, 04:11 AM	#6
GirlGeek Guest Posts: n/a	Maybe I've been doing it all wrong then but the only way I've succesfully removed stonedtemplemonkey is to lowlevel till it gives you an error message then partition and format as normal. I had 20 systems donated for a kids project and every one of them had that nastya%$% virus on there. If anyone knows any other way to remove that virus other than with a low level format please let me know. Thanks. ------------------ Sarchasm: The gulf between the author of sarcastic wit, and the recipient who doesn't get it.

March 4th, 2001, 07:06 AM	#7
MacGyver Guest Posts: n/a	Some viruses only add a bit of code to the beginning or end of an EXE file. These are easy to clean. Viruses that are designed to create damage to files can be cleaned (removed from the computer), however the damage they have caused cannot be repaired. For this reason you should always backup your files. Any virus scanning software company has a database of viruses and their properties: what damage do they do, symptoms, can they be cleaned, how prevalent is the virus in the "real world" I have no pity for people who do not backup their data and then lose it. ------------------ sHIFT hAPPENS

March 14th, 2001, 03:02 AM	#8
Froghead Guest Posts: n/a	Install NAV 2000/2001. Use liveupdate to update the virus definations. DO NOT SCAN IN WINDOWS IF YOU SUSPECT A VIRUS. Turn off computer. Cold Boot from clean bootdisk. Change to [usually] c:\progra~1\norton~1. Type -> navdx /a /doallfiles /repair /delete. Please note this can take several hours, especially with the MAtrix virus. If NAV detects any viruses try and get removal info about it from Norton website from another machine if possible before you do anything else. Some viruses can infect Norton AV or hide from it on reboot into windows. Others, like Chernobyl will just do more damage. After removing virus then do a full scan in Windows. I actually have a spare 540 MB hardrive with just WIN98 and NAV2001 on a test bed. If I can't get NAV2001 installed a customers system and I suspect a virus I yank the HD and scan it from my testbed. Have fun! ------------------ What I know about computers would fill volumes - what I don't know would fill a wharehouse.

March 14th, 2001, 09:48 PM	#9
3fingersalute Guest Posts: n/a	If you know what virus it is, and its payload is not to severe, I like to remove them manually. (Remove any files associated with the virus, replace all files infected by it and remove all references to it in the reg, ini and other files) ------------------ Is it because light travels faster than sound that some people appear bright until they speak????