I got wacked real good x 3 (SOLVED)

For discussions about security.
Message
Author
User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#21 Post by Aitch »

obxjerry

I realise you're getting a lot of advice, but I think we all understand the principles we are trying to convey

If you aren't able to get a linux running to do a dd from console, but have a boot floppy that will get you to dos, try rawrite2

http://www.fdos.org/ripcord/rawrite/rawrite2.exe

Or, if you can only get a windoze setup running, try rawwritewin, which will need unzipping before use

http://www.fdos.org/ripcord/rawrite/rawwritewin-0.7.zip

more info on smartbootmanager here

http://linux.simple.be/tools/sbm

I found this SBM image more reliable than the one at sourceforge, but can't explain it
Writing an image to floppy, is like burning a CD ISO, you don't just copy files to the floppy, as the all-important boot info will not be installed & it won't work

SBM will enable you to boot from any device, though I'm puzzled that you confusingly say,
CMOS lists IDE primary master as Maxtor 2RO10 H1 and IDE secondary master as CD-ROM 52x/AKH. In BIOS sequence they're HDD and CD-ROM.
and later,
I don't have 3 opticals connected. In my desperation to get the CD drive to boot I made it first, second and third on the boot sequence. Of course that didn't help.
For preference, if possible, 1st, floppy, then CD, then HDD, is a simple sequence for you to use, but SBM will overcome even bios problem device booting

& I hope you're remembering to save settings in bios?

Simple to overlook the obvious, when you're a bit flummoxed

Good Luck

Aitch :)

out_fisherman
Posts: 17
Joined: Tue 06 Oct 2009, 05:19

One more thing....

#22 Post by out_fisherman »

obxjerry -

Seems obvious, yet might get overlooked.....after following the
advice on HOW to write a boot disk, be SURE to set the little
write-protect tab on the diskette B4 you put it into ANY machine.
This in fact is hardware write-protect, which no virus can get
around as it is 'AND-ed' with the "write" signal line within
the floppy drive. If you don't do this, the virus might instantly
infect the floppy as well. It might well make the boot sequence
crash (cause they can't "get-you") but then you will have another
clue. (If in fact your BIOS is corrupt, it may try to copy itself to any
drive it detects which is WRITEABLE, like the floppy.) Not being
able to write the floppy may be a condition the virus-writers
didn't plan for - resulting in a crash. Just my $.02.

User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

#23 Post by obxjerry »

Bootable disks is not something I do a lot. I do have a XP laptop with a floppy drive. Am I right in thinking I can open the exe. file I downloaded and burn that to floppy? Or do I need to burn an image? The manual makes it sound much more entailed than that.

The hard drive is the Maxtor. It has XP on it. I'm thinking my tool of choice is Puppy on the CD. I can set boot sequence any way I want and get out of BIOS, go back in to BIOS and it's still the way I set it. The CD-ROM 52x/AKH, I'm thinking is my only optical drive. I said, I want it, I want it, I want it. It doesn't make sense but I did it. Floppy will boot (if it has a bootable disk) unless it is not in the boot sequence AND check for 40 or 80 lines is disabled.

Write protecting the floppies is something I thought of. At 40 cents apiece I don't know that I would take any chances.

out_fisherman
Posts: 17
Joined: Tue 06 Oct 2009, 05:19

Wacked...

#24 Post by out_fisherman »

Concern over topic-for-forum here, but with my background
I can't help it......to moderators - I apologize.....

obxjerry

It can get confusing swapping drives around, from one
machine to another, and STRAPPING MATTERS.
You have 2 IDE channels, each with a MASTER and a SLAVE
scheme. Pulling a CD out of machine-x who is strapped as
'master' and putting it into a machine where it is the second
drive on the same channel as the main HDD won't work -
your main HDD is (and should be) "master"
I hope I'm not being condescending here, but we all get
confused once in a while. Best bet for CD drives is
"cable select" - then it will attach itself to the proper port.
(Provided your main HDD is NOT strapped 'cable-select')
I always strap my HDD as 'master'.

Now for your XP laptop - if you can write a bootable floppy
with it (and this PC is not infected), go for it. I don't know what
.exe file you have, but XP can write you a bootable floppy
easily. It has been a while for me with XP, but I know the option
is out there...under system tools, I think.
Once you get that floppy, set the write-protect tab right away.
There is no reason any program needs to write to it.
If you can boot from it, you will wind up at a screen which
looks like:
A:\
Type "C:\"

If you can get there, then you need to know a few DOS
commands to get your data off the drive and transfer it to
somewhere else, using the DOS copy command. At this point
you may/may not be able to access the place/drive you want
to transfer data to. From here on it may get complicated - and
like I said before......I would just FDISK the thing, install
some flavor of Linux, and sleep well.

I would be very interested to find out the resolution here,
as this seems to be a very nasty virus. Having fixed computer
motherboards for several years, I am familiar with the failure
modes - but this doesn't fit any of the symptoms I can remember
Keep us posted....

User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

#25 Post by obxjerry »

out_fisherman, thanks for your interest and help. I am assuming the drive swapping you are talking about is when and if I get to removing hard drives and putting them in another computer.

So far, with the startup disks I have, typing from the A prompt [letter]:\ gets me "invalid drive specification". Hopefully when I have a working SBM disk I'll get somewhere.

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#26 Post by Aitch »

obxjerry

See my previous post, which explains SBM writing to floppy
It should NOT be an exe, but an image

unless they've changed things on the sourceforge site

....but the link to SBM that I gave is an image, which has to be written as a bootable image to floppy with either of the utilities in dos/rawrite2 or windoze/rawwritewin, or the dd command in linux

I don't quite understand why mention is made of the CD drive replacement, but if you are simply exchanging one CD drive for another, to see if it will boot, then, since yours is already master, it is on a separate cable to the hard drive, so it won't matter if the replacement is set to master or slave

visual guide, should you need it

http://www.helpwithpcs.com/upgrading/in ... corder.htm

For now, getting an SBM boot disk working, is a good start

Aitch :)

out_fisherman
Posts: 17
Joined: Tue 06 Oct 2009, 05:19

Drives....

#27 Post by out_fisherman »

obxjerry-

Drive-swapping.....No - your assumption is wrong....
CD drives, as well as Hard-Disk Drives, have a strapping
option on their backside, right by the place where the
cable plugs in. Often it will look exactly like the strapping
options of a hard drive. You might see things like
"MS SL CS" or the like, which stand for Master, Slave,
Cable Select.....I'll try to lay it out here - you have 2
channels, each of which has a Master and a Slave -
Logically, it looks like this:

Primary -
-Master
- ....Slave
Secondary -
- Master
- ....Slave

Rules - you cannot have 2 drives (either HDD OR CD-ROM)
strapped as the same level on any channel.
- you CAN have both strapped to Master IF they are
on different channels (IE - One on Primary, one
on secondary).
How to tell ?? Each channel is on a separate CABLE.
If your cpmputer has only ONE big, fat cable from the
motherboard to the drives, then you must strap the
drives for Master/Slave combination. OR - add another
cable to the motherboard....if you have this option.
In this day of cheaper-is-better, I wouldn't be surprised to
see motherboard MFRs just omit the second IDE channel.
Oh well - what can you do? Just keep in mind the idea that
have 4 possible combinations, 2 for each of 2 channels.
I hope I have helped....somehow.

out_fisherman
Posts: 17
Joined: Tue 06 Oct 2009, 05:19

Sorry Aitch - -

#28 Post by out_fisherman »

I guess I was composing while you were responding -
didn't mean to walk on you......

User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

a blast from the past?

#29 Post by prehistoric »

We've had some confusion about all the advice, and I may have contributed some. What I was talking about with the exe file was, if he used a W*****s machine to create the boot floppy, he could download an exe file designed to create a boot floppy on such a machine. In this case, he can avoid cli commands. Though, under Linux the command is very simple, as amigo showed.

Another approach here, since our friend is familiar with Puppy, would be to avoid the W*****s world as much as possible, and boot Puppy on CD, or USB drive, using a wakepup2 floppy. I've used this on machines where the BIOS didn't cooperate with me, but I've never tried it when the BIOS has been clobbered. Does wakepup2 need anything from the BIOS beyond the ability to boot from floppy?

I am now thinking this malware is "a blast from the past". There was a similar thing over a decade ago which was spread by transferring floppies from one machine to another -- which rarely happens with new machines. Having both the hard drive and CD boot routines clobbered in the BIOS, while still being able to boot from floppy, makes sense if the virus needs the floppy to reproduce itself. We could have the original floppy virus resurfacing, or we could be seeing old malware as the "payload" of recent malware, which normally spreads over the Internet.

User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

#30 Post by obxjerry »

Just to check in. I am engaging in Einstein's definition of insanity, "doing the same thing over and over and expecting a different outcome" i.e. fiddling with the one computer. I'm looking online for reports of viruses similar to the one I have. I'm researching use of SBM. I'm trying to wrap my head around strapping and what has raised a red flag concerning that.

I do reread the posts here and things do sink in the eighth or ninth time I read them. Sorry Aitch, I blew by your SBM advice the first few times. Rawrite, RawWrite and I have met before and we ain't friends. Maybe this time will be better.

I have always used InfraReader to burn image disks. It is on one of the unusable computers. I couldn't remember the name so that took some searching on the web. I don't see that it burns floppies. No help there.

Computers I have up and running; I have a laptop with a CD drive (not CD-R), no floppy. It is running Puppy and 98se. It had been in the closet for years until Puppy brought it back to use.

I have a laptop with a CD drive (not CD-R) and a floppy drive. It is running XP Pro. I paid $50 for it less than 2 weeks ago. It's fine couch surfing but pushed too hard the processor gets hot and it freezes. I have some Arctic Silver 5 and have improved it but I doubt I can boot Puppy yet.

I can't swap the floppy drive to the other laptop. Both have USB ports and I do have an uninfected flash drive.

I did find this http://www.pcguide.com/vb/showthread.php?t=41498 It's an old post by Sylvander on how to compile a SBM bootable floppy. That's a possible path if RawWrite doesn't work for me.

On the plus side we've seen no indications any info has been mined from our computers.

I'm multitasking as I write this. Something I don't do well so I'm sure there are things I'm leaving out.

Take care

User avatar
RetroTechGuy
Posts: 2947
Joined: Tue 15 Dec 2009, 17:20
Location: USA

#31 Post by RetroTechGuy »

snowshaker wrote:If you got pics and stuff on the old drives, get a $20 USB enclosure and mount the drive. Then read it with another machine and save off what you need. Caution. Don't use a windows PC. Boot up Puppy or Linux or use a MAC. If the drive has an autorun.inf virus, it will jump right onto your good windows PC. Maybe that's what happened to you already?
I have a couple of these, and am quote happy with them:

http://www.newegg.com/Product/Product.a ... 6812119152

(note that these devices generally want the drive jumpered as "slave")
As for viruses spreading via RAM sticks, that's just urban legend. RAM loses its data when powered down. Maybe your article was
Though by USB stick is a different matter...
speaking of the BIOS memory. If you could stick a virus in there, it stays with the chip. What could it do? Well, I have read where one guy claim his BIOS shows his picture when the PC boots, so that could be one way for a virus to keep you from booting into CD.

More likely though that you just have a bad CD drive, given that its tray was stuck.
And by pulling the HDD, you can eliminate faulty hardware as the access issue.

If you have Puppy running (e.g. a pupsave on a USB and a live boot CD), I put together this collection of links to make the latest ClamAV run on Puppy 4.3.1 (again...sorry...I haven't played with building .pets yet -- just run each of the Debian .deb files, and ClamAV will work -- I haven't tested this on older Puppy versions, but it's likely to work there as well)

http://murga-linux.com/puppy/viewtopic.php?t=53171

However, while you have the drive mounted (perhaps even before scanning for viruses), copy all the personal files off. There is always a chance that a scan will stress the hardware enough to kill the drive, if it's weak.

If you have XP on the drive, your files are _likely_ to all be buried under "Documents and settings'.

User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

creating boot floppy automatically

#32 Post by prehistoric »

obxjerry wrote:...I have a laptop with a CD drive (not CD-R) and a floppy drive. It is running XP Pro. I paid $50 for it less than 2 weeks ago. It's fine couch surfing but pushed too hard the processor gets hot and it freezes. I have some Arctic Silver 5 and have improved it but I doubt I can boot Puppy yet...
Blast it, Jerry! If you have a machine with a floppy drive running XP Pro, you only need to download the exe file for a program which creates boot disks, run it, and follow instructions. You need not wrestle with rawwrite.

If I get a chance to test it, I'll put an floppy image file in a self-extracting archive program designed to write floppies (sfx144), and upload it. My problem at the moment is that I have a bunch of machines either without W*****s or without floppy drives.

If anyone else has a link to a neatly-packaged boot floppy image, they can post it here. It would also be nice to have a Puppy boot floppy in a self-extracting program which writes floppy images, then no nooby ever has to deal with rawrite directly to get Puppy running.

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#33 Post by Sylvander »

1. "Blast it, Jerry! If you have a machine with a floppy drive running XP Pro, you only need to download the exe file for a program which creates boot disks, run it, and follow instructions."
Yep, that's how I did it.
It was REALLY EASY to do.
Just downloaded sbm.exe whilst working within Windows [2000Pro]...
Then [once the download was complete] right-clicked on the file and chose "Open"...
Whilst there was a formatted floppy in the FDD...
And the EXE program created the bootable SBM floppy disk. :D

User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

#34 Post by obxjerry »

:D :D :D :D :D Thanks folks. I have it and it boots. I had the exe file on my computer so I was half way done before I started. A few easy clicks and I was there. Best part, no RawWrite.

Sorry I didn't show all my cards sooner.

I'll keep you posted.

Thanks so much,
Jerry

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#35 Post by Aitch »

obxjerry
Sorry I didn't show all my cards sooner.
Some people like complicated

Others, like me, prefer easy

Glad you got there in the end :D

Aitch :)

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#36 Post by Sylvander »

"Others, like me, prefer easy"
That's my philosophy too. :D

I find easy usually works... :)

And complicated tends to go horribly wrong! :(

User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

#37 Post by obxjerry »

No boot yet on CD or hard drive. It's the same as before I had the SBM floppy. Judging from the limited amount of use information on SBM I could find, I was hoping it would be intuitive. From what I saw it was highlight, enter,enter until the drive booted. I've spent a couple of hours with it and nothing. Highlight, enter, enter gets me disk error 0x03 on everything with 0xAA added for the CD-ROM. I have a D flag on everything except the hard drive where I have aA.

I am concerned about the strapping issue. As far as how things are plugged in it's the same as it's been for years. Is there a problem with the hard drive being IDE primary master and the CR-ROM being IDE secondary master? Both slaves are none.

I'm learning about BIOS settings online. Everything I see looks OK for what that's worth. CMOS settings are next.

I do have power lights on the CD and hard drive. I never get a steady blink. For some reason I'm thinking I should normally.

Is there a chance the SBM floppy is defective?

I could see a possibility the virus could have taken the hard drive out but, shouldn't it boot to CD with the hard drive disconnected? I have a couple of CD drives that were good when I took them out a few years ago. I could swap one of those in.

Floppy drive is listed twice on the SBM menu once as FDO and once as FDF. FDO is also in the bottom right corner with.........E

I am tempted to move on to the HP computer. That would be the one I'm not sure what it was doing before I shut it down. It is a dual boot with Puppy and a GRUB loader. I'm thinking that may make some difference.

Best guess, the day after my son brought his computer over and I worked on it, I was using the HP my wife was using a laptop both of us running Puppy. Both were slow and erratic surfing the net. They were replacing a utility pole close to our house and we thought the DSL service had gone flaky or maybe a virus.

The following day, when my wife started the HP, she thinks she chose Puppy at the boot menu. Windows started but wouldn't boot. I tried it again and it didn't boot. I didn't try booting Linux. By now I was suspecting my son's computer may have a virus so I shut the HP down and unplugged power and ethernet.

There seems to be a consensus opinion that this may be a virus that affects the BIOS, boot sector, MBR and not so much the data on the hard drive. I'm thinking if that is the case the damage is done and the worst is over quickly.

If anyone has any suggestions or knows of available information I could research I would appreciate hearing about it.

Take care

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#38 Post by Aitch »

You should see a menu like this if SBM is working

http://sourceforge.net/dbimage.php?id=127460

Select your CD, by highlighting & enter



As far as I can determine, it's probably a firmware problem of your CD player not liking the CD make or type you are using
- possibly you are using a CDRW or worse DVDR??

Try sourcing a different make of burnable CD and get CDR rather than CDRW
Verbatim are usually OK with older drives

see

http://ubuntuforums.org/archive/index.php/t-525241.html

Try different CDs in the drive, like for example another linux OSs or even a windoze one, to see if SBM will read them


I thought you might get confused by the 'strapping' error

No worries, as many seasoned users will have been, too - strapping is not usual computer terminology, but is a medical term, AFAIK

We normally refer to jumpering or setting the HDD or CD
Each IDE device can be set by jumper, a small 2 pin connector, as Master or Slave, at the rear of the CD/HDD when installing

As I already commented, you have said you have yours set as HDD primary master, and CD as Secondary Master, which means each device is on a separate cable and motherboard header or connector, so nothing to worry about

Read more here

http://www.cheap-computers-guide.com/in ... CDROM.html

You are gradually getting closer to a solution, and congratulations on giving the error codes! - It helps


Aitch :)
Last edited by Aitch on Sat 06 Mar 2010, 21:45, edited 2 times in total.

User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

progress

#39 Post by prehistoric »

O.K. Jerry, that is actually progress. If your machine had a bootable partition on the hard drive that should show up with the boot manager. I'm guessing your MBR got hit. Does the boot manager show all the partitions you remember having before? The partition table is part of the MBR. If it is missing, this is strong evidence something zapped the MBR.

I'm less certain about what is going on with the CD. Did you have a bootable CD in the drive when you ran the boot manager? In addition to the device, you also need a filesystem of a particular type on that device to boot. I have some working CD drives which are hard to boot from using a floppy, probably because they are slow to respond to commands, so this may require more effort.

You are right that the strapping (jumpers) on the drives should not have changed. Leave that alone, since it was working just before you got hit.

If you, like many computer types, have an old hard drive which is known to work, you could pull the suspect drive from one machine, and eliminate one variable by putting the replacement in. This will also protect any data remaining on the suspect drive while you experiment. Most likely the hard drive is set as the master device on that channel. The strapping (jumpers) on the replacement should be set the same way as the one you pull out. Simply pulling the hard drive may not allow the CD to work, because many systems will not work if there is no master device on a channel, or if the master device is a CD.

If you are certain the floppy could not have been overwritten, use it to try booting that other machine. If you have any doubt, rewrite the floppy the same way you created it, then you will know it is not carrying a virus.

It will take me a few minutes to set up an old machine downstairs to try to parallel what you are doing. I'll get back when I have a better idea of exactly what you should be seeing.

I echo Aitch about the error codes and getting closer. Believe it or not, you are getting somewhere.

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#40 Post by Aitch »

Sorry prehistoric,

I was editing to improve my phraseology, and add a link at the beginning, for clarity

Aitch :)

Post Reply