Will not load Win Me nor 2000

[Cofresi]

Hi! I have Win ME and 2000 installed in my computer. I've encountered a trojan virus in my pc and with my antivirus software I quaranteened it. I rebooted it and for some reason
when it comes to load either os it hangs or freezes. When I tried with 2000 after a while a blue screen comes saying that dumping physical memory. Tried scandisk but freezes, tried copying files trying to back up and it freezes. Any ideas?? What can I do?? I am thinking of trying formating the hard drive and reinstalling Win ME but I will loose a lot of files. PLEASE HEEEEEELP!!!!!

[catfishjoe_1]

you have a few options. First have you deleted the quarantine?
1. If no you could (do this unconnected to the net) unquarantine the files after you have downloaded a trial copy of either trojan hunter or tds3. Load them up and see if they can remove the offending bug.
2. If your av has a repair feature you could try that.
3. If you have sys restore enabled you could try a restore point before the virus.
There are a few more ways but more difficult.
Do you know what the trojan is?
Can you get to safe mode?
If this is a built system do you have all of the needed discs to do a reformat and install including all drivers.
If this is a name brand system IE: HP, Compaq etc. do you have the restore disk?

What files are quarantined?

cat

PS - Welcome to the mech. If we can help we will and if we can't we might know who can.

[catfishjoe_1]

uh oh missed the part about not getting to boot at all. you might be able to do a repair install. If your drives are partitioned you could move data files to another partition in dos or ntfsdos before the repair/reinstall. You could run recovery i think in 2000 if you installed it. Not sure on that though, not real good with 2k or xp.
sorry for the misread
cat

[Cofresi]

Thank you catfishjoe_1 for your reply.
In DOS, I have tried deleting the quarantined filed but it freezes. I have tried safe mode and restore to a point before the virus and it freezes, too. Everything I tried freezes the pc. After a while a little box appears a tthe left top corner of the screen saying something like error writing on C, retry (r)? AT one point on using scandisk it said that there are bad or damaged sectors or something like that. Like I said, everything I try freezes the pc. Ahh, the quarantined file is 546F7D01.JS
Again, thank you for any help you could provide.

[catfishjoe_1]

do you know what the virus was called by your scanner and which scanner/av product did you use?
If you know the name of the virus you could go to the symantec website and download the removal tool to eradicate the virus.
Hope This Helps
cat

[GaryRouth]

Hi all

Cofresi - which antivirus program are you using? If it's a recent retail version of a major brand (Norton, McAffee, TrendMicro, etc...), most of these have a bootable CD that can perform an Emergency Scan while booting the computer from the CD. You download the latest virus definitions onto floppies, write-protect them, and use them during the emergency scan (you don't have to do this step if you're sure the infection is so old that the virus definitions on the CD will catch it). . . When booting from the CD, those programs should be able to delete just about any bug they find.

Physically disconnect from any networks while scanning, too.

Nice thing about the Emergency scans is that they should be able to scan both the WinME and Win2000 partitions. Not so great thing about the Emergency scans is that they take so darn long (on the larger drives, it can be a good hour and a half)

Like catfish says, Symantec (as well as some of the other vendors) has excellent removal tools available for download if you know which one you need. Make sure to write-protect the bootable floppy you create to use it from.

Best of luck
. . . Gary

[Cofresi]

Hi!! I tried but the system freezes. I tried to do fdisk the hard drive so that would be able to reformat it and then re install Win ME, and during the process of deleting the primary DOS partition it said something like write protection error or something like that. It gave me the sense that the hard drive is write protected. If that's the case, is there a way to "unprotect" it so that I could use it again? Apparently that's what's preventing it from loading windows and leting me do thing in it. Any ideas?? Thank you in advance.

[GaryRouth]

Depending on how much was altered on your fdisk try, the following might/might not help save some of your data:

Not a good sign when an Emergency scan can't finish. I wonder if the drive itself is OK. Since you want to save files on that drive before reformatting anyway, you might try slaving it in another PC running either Win2k or WinXP [and that has a real-time & up-to-date antivirus program], and letting it's antivirus have a go at it, and if OK, burn your sensitive data that you wish to keep onto CDs. That way if anything continues to degrade with that drive's health, your data is safe (and clean too).

Then put the drive back in it's original pc, and try to run the Emergency Scan again, just to double-check. If you continue to have the system freeze up, run the disk diagnostics that came with the hard drive when you bought it (or download them from the manufacturer's website - if you use a floppy, write protect it before you use it in the infected machine so that the floppy stays clean). That should help figure if there's damage to the drive itself.

Then try fdisk again - if it won't finish, and the diagnostics say the hard drive is fine, try entering Bios Setup and loading the FailSafe Defaults [sometimes this option is called "Load Defaults and Exit"]. Then see how it goes on reboot [try fdisk again]

Do you know if you used a drive overlay program of any sort to help an older motherboard cope with a large drive? That would factor in. If you had such a program running, you'd probably see a message that it was "initializing" each time you start your computer [something like "EZBios Initializing...]

I'm not sure about your "write protected" message with a hard drive. If worse comes to worse, and you want to rule out any trojan-installed hidden partitions, you could use the manufacturer's disk diagnostics tools to "Zero Write" the drive. This will Completely erase the whole shebang. No virus/trojan can survive that. Unfortunately, you'll lose all your files.
. . . Gary

[dtex]

Noticed he said scandisk indicated damaged sections on the harddrive.
Not good, but scandisk should have been able to save the data to another sector-but is not always successful at it.
Re the write protected partition. I've seen some older compaqs that keep bios info on the HD, in a small partition that is not accessible with fdisk. Trying to fdisk it will give a write protection error, to keep the user from removing the bios stuff. Been too long ago to remember the details on it.

[glc]

I'd download and run diagnostics from the hard drive manufacturer - this sounds like coincidence to me - you picked up a virus and then your hard drive decided to go south. Bad sectors are never a good thing to see.

However, that said, I just worked on a laptop that was taking 45 minutes to boot into Win2K, and the drive was clattering and chugging. I immediately assumed the drive was going south and tried running diags - yes, it had a ton of bad sectors and couldn't fix them. I threw a new drive in and decided to play with the old one. Lo and behold, a zero fill brought it back to error-free condition. Apparently the OS was so corrupted it was beyond repair.

I'd recommend a zero fill and reinstall, but in the meantime, the best way to get your files off if you have no backup (tsk tsk) is slave the drive into another Win2K or XP computer and try to copy them off with Windows Explorer.