This guy told me he has this virus that ate all the software on his computer.And I do know alot about computers, but what he is saying is something I have never heard of before.So I have a few questions.


So he brought over his comp and I completely wiped it,re-partitioned it and everything.Then installed Windows XP Pro for him.It was up and running working perfect and everything.Then he calls me the next day and said the virus ate it and converted Windows XP Pro into XP Home and put all his old files back on his comp, he said files from like 4 months ago.

Is that even possible?For a virus of any kind to convert Pro into Home and bring back files from like 4 months ago?

So I re-partitioned, and wiped it again.Then I ran a boot sector virus scan and norton virus scan and reinstalled windows for him.Then a few days later he said it ate it again.But now he is saying that whatever virus it was basically invaded his windows pc with unix code and installed a bunch of unix shit on a partition on his drive and ate it from there.

Is that possible?Wouldn't fdisk read a unix partition as a non-dos partition and wouldn't you still be able to see it in fdisk?

Thanks for helping

It is possible to make it appear as XP home through some registry changes, but I doubt that one would take the time to convert a xp pro installation to a XP Home. Now these 4 month old files... are these his documents that you saved or are they totally different? If you think it is a virus, scan the documents that are on the machine. If you decide to format again, on the xp utility, remove all partitions and create all new ones, including the 8 mb file system partition that windows creates. just make sure you do a full format ntfs instead of a quick one.

If you ask me I think the guy is paranoid. you should get him a counselor instead of a computer repairer. Unix scripts creating a partition and converting xp pro to home. I think he's loco.

Just a Thought,,


if this is a Dell or a Compaq or a computer like that....

When the computer is shipped out a part of the Hard drive is locked away like 1-4GB of it, In this locked out area is the old settings old files and the system to do a complete system restore back to factory settings,

It may be possible that these settings are trying to repair them self or something, As I don't think a format would wipe these out, I'm not sure, I'm not really sure on matters like this.

Dell and other store bought computers can do some crazy shit

all I could think of that there is a virus that infected you're MBR(master boot record) on the hd.Viruses Can Infect the Master Boot Record
Many destructive viruses damage the Master Boot Record and make it impossible to start the computer from the hard disk. Because the code in the Master Boot Record executes before any operating system is started, no operating system can detect or recover from corruption of the Master Boot Record.Me personally I have never had this problem before, possibly someone else on the forum could provide a way to fix it.I gave my 2 cents , at least I identified the problem :;)

l8

What KIND of software is this person re-INSTALLING on his HD - after the FORMAT to Windows?... He might be putting something back on HD that is not clean. Also, be aware of a BIOS virus.

First, do a zero write on the drive. This will completely destroy all the files, MBR, partiton info, etc. Then, I would upgrade his BIOS, so you have a clean start. Reinstall everything, then find out what he has been istalling on it. The only thing you should install program-wise is a firewall (www.sygate.com for a good freebie) and his virus scanner. Then give him his data on CD (if he had any to back up) and tell him to leave it for a bit, to see what happens before he puts the data back. If you don't hear from him, then let him know to go ahead and replace his data and programs. If he complains after this, then you have eliminated all sources besides the loose nut behind the wheel. At that point, you start charging him $$.
I haven't ever encountered a virus (Boot sector or not) that will repartition a hard drive into Unix, then recover old deleted files but I suppose anything is possible. I think the coding needed for such a critter would be far too complex to disguise in a small package like a virus, plus I would think that an external application would be required to recover and replace teh overwritten data, or at least an external module for the virus to call. Even if it did, the files would eventually be overwritten to the point of no return, so it is odd that the files keep reappearing.

Just my $.02 :santa

Quite possibly the most fail-safe instructions I have ever invented :]

Unplug any and all internet connections.

using a write protected windows 98 boot disk, format your hard drive.

Open up the computer case, remove the battery for 5 seconds.

Place the battery back inside.

Install your operating system.

Install norton antivirus.

Run a full scan.

Keep real time scanning on.

Right click my network places, select properties, right click the properties of each of your network adapters and do the following to each, under the advanced tab of the properties of the network adapters select the internet connection firewall.

Plug in the internet

Update your windows patches.

Download zone alarm, or any other good firewall. Theres a free version out there that is a little older I think, but I have seen it, one time I downloaded it off download.com and it didnt ask me for any registration crap at all, so keep an eye out.

Download Ad-Aware or Spybot S&D and use it frequently.
Also check for updates often.

Quit using backup cds you have laying around the room, as some of mine i found out the hard way had viruses, remember you can never be too careful.

Quit downloading porno dialers and programs to view "special" websites.

Click no on every fucking ad and scan your downloads folder daily after each download session.

This is the most you can do without removing the battery and replacing it with a brand new hard drive, hopefully I have taught you enough about security to protect yourself.

Also turn off things like remote registry, which allows people to make changes to your computer if they are remote users over the internet or a network, you can find out how to change your services at cannedinfo.tripod.com my website :]

Another option you could do, is have a friend write protect his hard drive, install your hard drive into his computer, format the hard drive, then scan his computer untill you think your eyes are going to bleed from boredom, then when its finished, do a second scan, remove the battery in your pc, 5 seconds, place it back in, and then put back in your hard drive, install operating system and follow the steps listed above.

Go over to his house and check it out to see if it has done what he said it has done. And take away his pc rights =)

Did you check to see if he was telling the truth? Could it be a prank? It sounds a bit whacko to me...

As was said above, having an application that recovers files from four months ago as a virus would be a bit difficult, particularly if you're re-partitioning and formatting again and again.

Where on earth does he get the idea that there's a *NIX script doing all this? It surely would be visible in something such as FDISK.

As I said, it sounds like either the guys whacko, or it's simply a prank.

:fire

Use logic, if you don't see these sign and you know what to look for then it never happen.

Virus are normal small code that use to delete file(s), modify file(s), or open ports to the internet so a hacker can get information off your system. I never hear of a virus that does a restore of your hard drive. If it wasn't a virus then you whip his hard drive for no reason. I can't what the main problem it could be he using his CD that restore the system back to the orginal setting that the machine came with.

:hole

Well the guys an idiot what do you expect.

Some people do not deserve computers.

PEBKAC

:sw

Thanks for all the help