I got wacked real good x 3 (SOLVED)

For discussions about security.
Message
Author
User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#61 Post by Aitch »

You/others may find this useful, too
Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to:

* repair a damaged system,
* rescue data,
* scan the system for virus infections.

Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer.
http://www.free-av.com/en/tools/12/avir ... ystem.html

or maybe too many cooks? :lol:

Aitch :)

User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

#62 Post by obxjerry »

First, the good news. I learned how to and ran my first md5 checksum and they matched. My EBCD061P.ISO file says it has 6334054 bytes. I hope that will make a 60.4mb copy. Sylvander when you said I wasn't an expert I'll bet you didn't know how much you were understating the fact.

Aitch, don't you worry about too many cooks. I need all the help I can get. I talked to my wife. It seems formating the hard drives isn't as good an option as I thought.

Until I hear something else I'm headed down the EBCD path. I'll try something else if that doesn't work.

As always you have my thanks.

Jerry

User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

recovering data without spreading malware

#63 Post by prehistoric »

While we seem to be on the road to recovery here, there are some loose ends left. You still have three machines with suspect hard drives, several flash drives which may have been infected, and a number of floppies very likely to be infected. The malware doesn't appear to be sophisticated, but it is malicious.

You have an easy solution for data storage which has no data you want to preserve, format the medium and start over. This is likely to be the case for those floppies. I'm assuming your wife told you about data she wants preserved on those machines.

Where you want to preserve data, you should avoid copying it from suspect media using Windows -- the malware is designed to use features of Windows to propagate itself. My advice is to get Puppy running on a machine which can read those media, mount them and copy data which is personally meaningful to you to clean media.

Do this even if you expect to use malware removal tools to clean those media; it is always possible for things to go wrong when dealing with malicious programs. If anything does go wrong, you will have your most meaningful data safe, all you will have to replace is commercial software, etc. Failure may cost you some time and money, but nothing irreplaceable.

When you have saved those things you want to preserve, consider the time and effort of cleaning the media versus the time and effort of starting fresh without worries. In many cases, you will decide to nuke the remaining data by reformatting.

Always keep track mentally of those things which remain suspect. If keeping a mental list is unreliable, you may want to keep a list on paper. I have the habit of placing suspect items in a separate bag or box while I am working, so I am never in doubt about which items need to be checked before they can be considered clean.

When you run a scan on suspect media, make sure you are working from a known-good system with the latest version of the scanning software and the latest updates to malware definitions. In the last year, I have seen a new crop of malware which specifically targets popular anti-virus tools.

Malware which pretends to be a malware-removal tool has been around for years. Know your supplier, and check that you got the correct tool from their site, not a fake tool from a site spoofing theirs. There should be posted checksums for tools you download. Check that you actually got what they are publicly displaying.

Finally, when the crisis is over, and you are running a small system where you have a pretty good idea what is going on, remember to turn off the paranoia. Your family will thank me for this suggestion. :wink:

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#64 Post by Aitch »

2nd that, prehistoric

....and if you've got awhile, it might not be a bad idea to re-read the thread from the start, as there maybe some things you overlooked in your earlier flustered state of being.....you seem more stable now, even if the PCs aren't yet, [if that doesn't sound too unkind?]

Aitch :)

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#65 Post by Sylvander »

1. I burned the Avira rescue disk, but couldn't manage to get a good display on my monitor; just a scrambled screen no matter what display settings I chose. :(

Anyone know what I may be doing wrong?

2.
(a) By-the-way, this [version-1] EBCD cannot work with the contents of NTFS partition file systems.
This limitation only applies to tools that work with [e.g. read/write/manipulate] file systems.
Works with earlier systems = FAT32 etc.
The prog to make the floppy is OK of course, but [for example] MS Scandisk [GREAT prog] will only scan FAT[32], not NTFS.
The newer version-2 that isn't free CAN access NTFS, but has very limited functionality I believe.

(b) Don't get afrighted by the white text on a black screen at the 1st menu.
Just hit <Enter> [and make a couple of suitable config choices] to go to the 2nd menu where there is a much nicer colorful GUI, with a mouse cursor if I remember right.

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#66 Post by Aitch »

Sylvander

Maybe you burned it too fast? - or a bad d/l?
I don't know if it uses xorg or xvesa, assuming its a linux OS
If its DOS, it should use the same default one M$ uses, and should give at least a basic graphics capability unless you have a wild Nvidia or ATI card?

Perhaps ask on Avira's forum?

http://forum.avira.com/wbb/index.php?pa ... tID=711157

Aitch :)

User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

Avira tools

#67 Post by prehistoric »

I've used rescue systems made with Spybot S&D in the past. These require you to make them on a good Windows system, presumably before the crisis. I haven't tried Avira before. Looking at their forum, I'd say you aren't the only person to have trouble with video.

I haven't suceeded in burning that Avira CD. Part of the problem is my general problem with doing anything with Windows: find a working Windoze machine; wait for it to download and install all sorts of things which have changed since the last time I ran Windows; find the external CD burner; find the power block for the CD burner; wait for Windows to realize it already knows about the device; run CD burn program by double-clicking; tell it where to find the CD burner, etc.

In the current instance, I discovered the battery on one laptop had died since I last ran Windoze, while the power brick for it stayed behind at my last field location. This started me looking for the external drive for my netbook with Windows.

When I get all these things together, the program hangs for some unknown reason at various places during the burn, creating coasters.

Is there a way to find the image file it is burning, get a checksum to see if the download was good, and burn it with something I know, (preferably under Puppy)?

User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

#68 Post by obxjerry »

It turns out my son does have an external cd burner. I wasn't sure he had one but since he got it from me I had a strong suspicion. He'll be bringing it by tomorrow evening.

As luck would have it 2 of the 3 computers have nothing but NTFS file system. I'm thinking EBCD to get the boot floppy is still plan A? I have the EBCD file in puppy. With my son's burner I can put it on CD but then I have to use a NTFS computer to burn a floppy. That will work, right?

"you seem more stable now, even if the PCs aren't yet, [if that doesn't sound too unkind?]" My stability is fair game but please don't think for a moment I'm thin skinned.

As far as my quarantine method, anything capable of carrying a virus that goes into the room with the sick computer stays in the room with the sick computer. It seems to work for now. I was hoping at some time in the future I would learn the name of the bug that bit me and the miracle cure that kills it. Too many space invader movies I guess.

Take care

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#69 Post by Sylvander »

@prehistoric
1. "These require you to make them on a good Windows system"
I did that. :D

2. "the program hangs for some unknown reason at various places during the burn, creating coasters"
When I ran the EXE file within Win2000Pro, something didn't work...
But it then asked me if I wanted to save the ISO file [from inside the EXE?], so I gave that the OK and it worked just fine, and then I used imgburn to burn the ISO quite routinely.
All seemed well, and the CD boots just fine, but I got this problem with video that I've seen with other similar CD's.

@obxjerry
3. " I have the EBCD file in puppy. With my son's burner I can put it on CD"
Remember, you MUST burn it as an ISO image [using burniso2cd], not just burn the FILE to CD.

4. "but then I have to use a NTFS computer to burn a floppy. That will work, right? "
(a) WRONG! :D
The EBCD and its program is totally self-contained [I think, unless I'm wrong there], and will burn a good floppy even if there is no HDD [or no Windows installed] on the PC.
If I'm wrong, it may be that the program detects the name of the Windows folder and uses that in the boot.ini file it places on the floppy.
You aught to use some program [the File Manager on the EBCD?] to look at the Windows folder on the partition on the HDD...
Check its name...
Make sure the boot.ini on the floppy uses the same name [edit if necessary].

(b) When you have an EBCD sitting within arms reach [and know how to use it][as I do?]...
It's really EASY do things with it, like make the Universal Boot Floppy [a name I invented for it].
That's how I made my "copy of the floppy". [He's a poet and doesn't know-it :D ]

(c) Notice that the EBCD 2nd menu also includes a free-trial version of the old version of "Image for DOS" [IforD].
That doesn't ever cease functioning; just reminds you that you should only use it for 30 days.
That's what introduced me to IforD; at one time that was what I used to make image backups.
A VERY good program.
I guess it will still work today, but won't backup to USB.
[That capability was introduced with later versions]
I made an EBCD copy including a usb4dos driver [the EBCD can have programs added], but it didn't work reliably. :(

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#70 Post by Aitch »

Jerry,

Slightly aside, going back to your question about the mobo

As far as I can see it is most likely to be DFI, as the Aopen searches only come up with Realtek avance, which is audio info

I found this, and you should recognise the VIA chipset, if its yours

http://active-hardware.com/english/revi ... 5-ec-5.htm

For getting info on your system, you need either a live Puppy and use HWinfo from menu, or if you have a running windoze, d/l PC Wizard, which will give all sorts of useful info on any windoze box

http://www.cpuid.com/pcwizard.php

I also found a pdf for AK75-EC with KT133 chipset, which might be worth a look, you should recognise if its yours

http://support.octek.com.au/Downloads/F ... A-ASP1.pdf

If that is yours, there may be another possibility, which I don't think has been mentioned
- reset the bios, by removing the cmos battery...?
Might be worth a try...?

But you'll need to go into bios afterwards and set time/date and set to default settings and save, I think

HTH - sorry for extra work.... :wink:

Aitch :)

User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

#71 Post by obxjerry »

If instead of saying "but then I have to use a NTFS computer to burn a floppy. That will work, right?" I had said; The only computer I have that will burn a floppy is a NTFS computer, would that make a difference? Even if I boot the CD to burn the floppy in the sick computer, it is NTFS. I really think what you're saying is it doesn't matter because the hard drive isn't brought into play in this process.

We have to cross this bridge, we might as well do it now. I know the answer to this one but I've been wrong before. I have the 2 Puppy CDs but they've been in the sick computer. They didn't boot, but that's probably moot, (note rhyme) because nothing more (not even a virus) can be written to a CD-R that has files on it. I'm pretty sure the CD drive is read only if that matters.

So, if my Puppy CD is good to use, I could install Puppy to the NTFS laptop (it's going to be there in the end anyway). That stone would kill 2 birds. I could use Puppy to burn the EBCD floppy and it would give us a safer OS on that computer. My wife uses that computer to access Facebook (a known treasure trove of viruses). I can't say much. She knows where I sleep.

OK, I'm am gradually coming to the realization I'm really not sure where we are going. I keep trying to get a Puppy CD to boot. I'm thinking one of the features of Puppy is you can do something with files on a W*****s partition. I tried booting DSL several times and then slipping in a Puppy CD hoping I could trick it.

It finally occured to me maybe DSL isn't completely useless. I googled d*** small linux fix windows and came to this http://www.tech-recipes.com/rx/1624/how ... tfs_files/
Is this somehow useful?

Neither of the Puppy CDs I have will boot. If I burned another one is there a chance it would boot?

While I was looking for the BIOS information on the post screen I may have found something. The first screen that comes up says

SIS
Sis 6326 AGP true color graphics and video accelerator
8m byte video memory BIOS version 1.23f
Support Vesa BIOS extension ver. 2.0

the second screen says

Award Modular BIOS V6. OOPG
Copyright (C) 1984-2000 Award Software Inc.

It does have a number in the lower left corner I haven't caught yet.

Is this too many references to BIOS, like the virus has added some of them?

Sorry this post is long and perhaps silly in places but, inquiring minds want to know.

Jerry

PS Aitch, been there done that several times on the CMOS battery. I know Einstein's definition of insanity.

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#72 Post by Aitch »

Jerry, I had a feeling you would've tried the 'magic button removal' but worth mentioning
I don't quite understand why an NTFS box can't burn a CD or Floppy to be used on a Fat32 setup, as long as the file you burn has the right burn utility, unless you are dependent on ms.sys files - it's just a filesystem

Rawrite works regardless of OS as its dos based; rawritewin works on any W32 box
Any windoze burner prog e.g. HT Fireman will burn an iso - make sure to select ISO correctly, though

http://www.free-codecs.com/download/HT_Fireman.htm


try the manual pdf, and see how it looks....

if not run PC Wizard - if possible, else puppy

Try ttuuxxx's 214X - it should work with the VIA chipset, I think - he's just about to release, so you could wait 24hrs or so, but it's very stable

http://www.murga-linux.com/puppy/viewtopic.php?t=42553


Edit: Only mention of SIS 6326 is long time back - pretty sure Barry would have it supported

http://www.murga-linux.com/puppy/viewtopic.php?p=3812

However choice of Xorg or Xvesa comes after boot up.....

Aitch :)

User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

#73 Post by obxjerry »

Aitch,

Thank you. I think you did my work and found the manual to my motherboard. You even made it easy for me with the point and click links. My wife shows me that trick but I never know it when I need it.

I was concerned that EC didn't follow AK75 printed on the board. The board layout looks the same though.

Thanks

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#74 Post by Sylvander »

1. " I really think what you're saying is it doesn't matter because the hard drive isn't brought into play in this process"
Exactly. :D
That's what I believe to be the case.
You boot the EBCD, and run the program, and it writes to the floppy, generic copies of the 3 necessary files, and those 3 files are on the CD, not needed from a Windows installation on the internal HDD.
And I think that when it writes the generic boot.ini, that includes/assumes a name for the Windows folder.
But I could be wrong.
All I know for sure is that when I got it to make the floppy on my own PC [with a Win2000Pro "WINNT" folder], the name WINNT was used in the boot.ini file.
Hence, I think you'd need to check the contents of the boot.ini on your floppy once made, to see what name has been used for the Windows folder.

2. "I could use Puppy to burn the EBCD floppy"
WRONG! :(
(a) You can use a Puppy [or for that matter any version of Windows] to burn the EBCD ISO file to a CD-R or CD-RW, to make the EBCD bootable CD.

(b) Once you have the EBCD burned...
And boot it...
That has/provides its OWN operating system included on the CD.
So the program on the EBCD, running within its own operating system...
Is what writes the files [included on the CD I believe] to the floppy disk.

(c) Hence:
Puppy doesn't write the floppy.

3. " I keep trying to get a Puppy CD to boot"
(a) A known good Puppy CD?
(b) On the problem PC?
(c) Using the SBM floppy?
(d) And it fails?
(e) And yet DSL succeeds?
(f) With or without using SBM floppy to boot DSL?

(g) We need to discover why DSL will boot, and yet Puppy will not.

4. "Is this somehow useful?"
(a) If you're good at using commands in a terminal, you might be able to copy your files to a 2nd HDD.

(b) Or else you could slave your HDD in another working PC, and copy the files there.

(c) Or put your HDD in an external USB enclosure, and access the files that way, using a working PC and OS.

5. "Neither of the Puppy CDs I have will boot. If I burned another one is there a chance it would boot?"
There should be no magic involved in this.
You need a working Puppy CD, in an optical drive that is functional, with a BIOS that is configured to boot it.

6. "It does have a number in the lower left corner I haven't caught yet"
That's the code that exactly identifies your BIOS that's in use.

7. "Is this too many references to BIOS"
No, that's as it should be.

User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

filesystems, CD-Rs, BIOS number, etc.

#75 Post by prehistoric »

obxjerry wrote:If instead of saying "but then I have to use a NTFS computer to burn a floppy. That will work, right?" I had said; The only computer I have that will burn a floppy is a NTFS computer, would that make a difference? Even if I boot the CD to burn the floppy in the sick computer, it is NTFS. I really think what you're saying is it doesn't matter because the hard drive isn't brought into play in this process.
Not exactly, we are talking about the file system used on the hard drive by the operating system that burns the floppy. Floppies don't support NTFS so that file system is irrelevant for them, except for running your good system off the hard drive which is not suspect.
We have to cross this bridge, we might as well do it now. I know the answer to this one but I've been wrong before. I have the 2 Puppy CDs but they've been in the sick computer. They didn't boot, but that's probably moot, (note rhyme) because nothing more (not even a virus) can be written to a CD-R that has files on it. I'm pretty sure the CD drive is read only if that matters.
You are essentially correct, although it is possible to burn Puppy "multisession" to allow adding to a CD. If you didn't deliberately do that, your CDs are read-only, and present no danger of contamination. Even if they were somehow contaminated, it is doubtful the malware would work under Puppy. As long as you don't use those disks while you are running Windows, you should be completely safe, even if they were burned "multi-session".

Since you have these already made, you can use the super multi-boot floppy you made previously (just for example) to boot them even if the machine will not boot directly from the CD.
So, if my Puppy CD is good to use, I could install Puppy to the NTFS laptop (it's going to be there in the end anyway). That stone would kill 2 birds. I could use Puppy to burn the EBCD floppy and it would give us a safer OS on that computer. My wife uses that computer to access Facebook (a known treasure trove of viruses). I can't say much. She knows where I sleep.
Installing Puppy to that machine should not present challenges. If you have a working Windows system, I do not recommend wiping the hard drive, -- particularly on notebooks. OEMs have the habit of sticking secret bits of code in places you might not know about. Sometimes these are diagnostics, or recovery software, in other cases they are treated as part of the BIOS, like the award flash utility. The swap file used by hibernate functions on Windows machines is inside the Windows partition, as is code to resume. You don't want to completely eliminate this if you have any choice. (All these things help to tie you to the supplier, so they aren't always forthcoming about what they have done.)

You can resize the NTFS partition, using Gparted, and create a modest (a few GB) ext2 partition in the space made available. If you have enough space, it might also be nice to create a 512 MB Linux swap partition while you are using Gparted (from within Puppy.) It is a good idea to run whatever filesystem checks your Windows system has on that NTFS partition, and defragment, before resizing, and run it again immediately afterward, so it can correct any errors Gparted makes which might confuse it.

When you come to installing Puppy on that new partition, choose a frugal install. You can use this while booting from a CD, or you can install GRUB to the MBR to get a boot menu for dual-booting. We'll help you to edit the menu.lst file for your particular configuration, (assuming we can still talk to you.)
OK, I'm am gradually coming to the realization I'm really not sure where we are going. I keep trying to get a Puppy CD to boot. I'm thinking one of the features of Puppy is you can do something with files on a W*****s partition. I tried booting DSL several times and then slipping in a Puppy CD hoping I could trick it.

It finally occured to me maybe DSL isn't completely useless. I googled d*** small linux fix windows and came to this http://www.tech-recipes.com/rx/1624/how ... tfs_files/
Is this somehow useful?
That is certainly one route to go, and might help to recover irreplaceable pictures, for example, though I believe you are not as far from using Puppy as you think. (By irreplaceable, I do not mean pictures downloaded from a free site in Ukraine. Those are widely available.)
Neither of the Puppy CDs I have will boot. If I burned another one is there a chance it would boot?
Yes. But, rather than continuing to do the same thing, put the CD in first and then try to use the boot floppy to boot off the Puppy CD. On a fair number of old machines this works even when you can't boot directly off the CD from the BIOS.
While I was looking for the BIOS information on the post screen I may have found something. The first screen that comes up says

SIS
Sis 6326 AGP true color graphics and video accelerator
8m byte video memory BIOS version 1.23f
Support Vesa BIOS extension ver. 2.0

the second screen says

Award Modular BIOS V6. OOPG
Copyright (C) 1984-2000 Award Software Inc.

It does have a number in the lower left corner I haven't caught yet.

Is this too many references to BIOS, like the virus has added some of them?...
No, the separate video BIOS is perfectly normal. To get the boot screen to hold still so you can copy the number, all you need to do is hit "pause" on the keyboard. Here's what the number looks like on an old machine of mine.

Code: Select all

09/03/2000-VP4-686A-645LHM3CC-00
BTW: I have a machine with SiS 6326 video, and Puppy works on it.

At this point, I'm thinking that malware which got you was very unsophisticated. The reason is that it doesn't appear to have any money-making potential, and it gives itself away quickly.

If this is true, you have only two hurdles: get back to booting your Windows system, clean up the infection. That free trial of bootITng would be enough to find out if it can repair the boot block. I didn't have to pay anything to download it. (But don't install it to the hard disk.)

Sophisticated exploits will prevent you from downloading and using malware removal tools under Windows. I'm guessing this one is dumb. Get to the point of booting Windows, and we can go after the malware with any number of tools even if they have to be downloaded on that other machine. Just remember the system you are running is still suspect.

If you can't get back to booting Windows, we will continue along the route of using separate bootable recovery tools.

User avatar
obxjerry
Posts: 390
Joined: Fri 29 Jan 2010, 22:34
Location: Louisville, Kentucky

#76 Post by obxjerry »

I worry that I'm wearing out my welcome because I'm not as computer literate as everyone else here and because of this there seems to be a communication problem. Definitely nothing anyone has said but everyone's patience has limits. Hopefully I can address some things and help the situation.

I think I'm good on the EBCD deal; burn iso image to CD using either Puppy or I have always used InfraReader in the past, boot a computer from the CD, burn a floppy.

The code that identifies my BIOS is 03/28/2001-8363A-686B6A6LMD4FC-00

I have 9 proven bootable CDs. The sick computer will not boot any of them without the SBM floppy. If it doesn't have a bootable floppy to boot to it tries to boot the hard drive. In BIOS it is set to boot to the CD after the floppy, before the HD.

With the SBM floppy, one of the disks (DSL) will boot most of the time. When I try to boot the DSL CD I get the 0x03 error code, I hit enter then either it boots or I get the 0xAA error code.

The openSUSE CD does the same thing basically. When it does boot it takes me to a menu of; Memtest- that works, Mediacheck-that works, boot openSUSE- can't find kernal and Failsafe openSUSE-doesn't boot.

The 7 that don't boot get the 0x03 error then the 0xAA error every time. There is a small click from the CD drive with the 0xAA error but the drive does not spin. There is no error message, no tried and failed. I don't think they go far enough for them to be having an OS won't run on my computer problem. I'm still thinking the drive is picky and it's not necessarily the program that's on the disk. I other words if I had another same version DSL CD it may not boot.

I have another question. DSL sees my NIC. DSL has Firefox. Can I connect to the net without infecting the world? It goes without saying it would be the only computer connected to my network at that time. If I can do that could I use an online scan tool to my advantage?

Prehistoric, thanks for the heads-up on not wiping the hard drive to install Puppy. I bought that laptop a couple of weeks ago. It had a "new install" of XP Pro on a 10gb HD. It was using over 8gb. I didn't think XP could be contained to 10gb but I tried making room. I would delete stuff, M$ would update, not much was gained. I'll have to weigh my options, pick partition sizes and go with it at some point.

Take care

User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

boot problems with CD

#77 Post by prehistoric »

obxjerry wrote:I worry that I'm wearing out my welcome because I'm not as computer literate as everyone else here and because of this there seems to be a communication problem.
I'll let you know if you approach my limits. (Not yet.)
...The code that identifies my BIOS is 03/28/2001-8363A-686B6A6LMD4FC-00
I'll get back to you on this, after I've done some investigation.
I have 9 proven bootable CDs. The sick computer will not boot any of them without the SBM floppy. If it doesn't have a bootable floppy to boot to it tries to boot the hard drive. In BIOS it is set to boot to the CD after the floppy, before the HD...
The picture I'm getting now is one of a CD device on its last legs. It was probably limping along before, but then you had an operating system that would keep trying until commands or data were transferred correctly. If this takes place silently, at electronic speeds, you aren't even aware of it, unless you run diagnostics or look at error logs. The BIOS, or boot floppy, code isn't very smart and may not succeed where the OS can.

CD drives depend on certain mechanical tolerances to get them close enough to the right place to read something off the drive they can use to adjust head position. If this isn't reliable, they may read some CDs and not others, even if these are made on the same device, using the same type of media. Take a dead CD drive apart, and you will see what cheap mechanical parts they use. Unless you pay a premium, you aren't going to get a drive designed for long years of use.

Another cause of random failure is dust on the lens. Careful cleaning can restore a drive to reliable operation, bad cleaning can destroy it. More consistently, the diode laser used may lose output power over time, or the optics could be out of alignment. This could also be a cause of your problems.

I would swap out that CD drive. At this point, you don't need the ability to burn a CD/DVD.
I have another question. DSL sees my NIC. DSL has Firefox. Can I connect to the net without infecting the world? It goes without saying it would be the only computer connected to my network at that time. If I can do that could I use an online scan tool to my advantage?
Yes, to that last question. Once you are able to boot Windows at all, (common scanners assume you are running on the infected system,) I'd recommend you try the eset or trendnet house call scanner for example. (Kaspersky on-line scan appears to be temporarily unavailable right now.) Be aware that even a site which claims it is merely scanning your computer could be up to no good. There is also a natural commercial tendency to report false positives to boost sales. Those sites I mentioned are well-known and respected. If something fishy happens to them, the news will get out fast.

As for fear of infecting the Internet, I have bad news for you, the whole world out there is infected. In a random sampling of personal computers connected to the Internet, 48% were found to be infected.
Prehistoric, thanks for the heads-up on not wiping the hard drive to install Puppy. I bought that laptop a couple of weeks ago. It had a "new install" of XP Pro on a 10gb HD. It was using over 8gb. I didn't think XP could be contained to 10gb but I tried making room. I would delete stuff, M$ would update, not much was gained. I'll have to weigh my options, pick partition sizes and go with it at some point.
Your laptop sounds like an ideal candidate for an install of Puppy to a USB flash drive, a very common option with the Puppy Universal Installer. This can be removed and carried to another machine in your pocket. The only thing tricky is getting that first boot. Some people have had to try several different installation options, BIOS settings or brands of flash drive. I'm confident I could do it quickly if I were there.

Your Windows XP system probably has all kinds of things which could be removed without losing the ability to run a few Windows applications you actually need. For my purposes, where I just need to run exe files once in a while to unpack archives, etc. It can be a lot smaller. Don't waste too much time on this. You can probably find someone who has upgraded their laptop from a 40 GB drive to 160 GB and has an old drive just lying around. You mainly need to make sure it uses the same interface (IDE or SATA). Most laptop drives today are 2.5" disks 9.5 mm thick, making them physically interchangeable. We can talk about moving the Windows partition from one disk to another later, after the crisis is over.

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#78 Post by Sylvander »

1. "I worry that I'm wearing out my welcome"
No way! I've been doing this for years without my patience wearing out.

2. "because I'm not as computer literate as everyone else"
No matter how good or bad anyone is, there's always someone better and also someone worse.

3. "I have 9 proven bootable CDs. The sick computer will not boot any of them without the SBM floppy"
The info you gave beginning here was/is really useful/clear.

4. " If it doesn't have a bootable floppy to boot to it tries to boot the hard drive"
(a) Very significant! :D
So it is skipping-the-disk in the optical drive. [Because the BIOS hasn't (yet) detected the presence of a disk]
[Only happens when/if the optical disk is the 1st disk available (or aught to be, but isn't ready?)].
It would do that if the disk wasn't bootable, or not-ready, or not-readable methinks.
Is the optical disk in the drive before you ever switch on the PC? [Good]
Or do you switch on and rush to get the optical disk in place and the drawer closed? [Bad]

(b) And yet it boots those same disks OK if the SBM is used to boot them, right?
Possibly because using the SBM gives you plenty of time to get the optical disk in place and close the drawer before you hit <Enter>.

5. " I hit enter then either it boots or I get the 0xAA error code"
(a) Seems like either the BIOS is having trouble establishing contact with the drive, or else the drive is having trouble reading the disk.
In any case, when you hit <Enter>...
If things are not yet ready to go...
You get a failure with an error code.

(b) Try detecting signs that the disk/drive is ready to go.
Wait longer.
Only then hit <Enter>.

User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

Avira rescue disk

#79 Post by prehistoric »

@Sylvander,

Thanks to your tip about the exe file for the Avira rescue disk offering to save the iso file, if the program failed to burn it, I was able to get that image file, to burn and verify it with tools I understand. All I had to do was create a fault that would convince the program the burn had failed. My problem before was that it hung during the burn, and never offered that option.

The disk boots on a 550 MHz machine, and even gets to a graphical screen, but doesn't ever seem to do anything else. Not sure what the problem may be. Could it be that the machine has no Windows system?

If you choose the last option on their boot menu (5), it will let you choose the video mode. I played around with this, and got it to boot in video mode 5, 80x34 characters. This should work on all kinds of machines. Of course, it also showed graphics when started in several VGA and VESA modes.

On my 1.8 GHz Dell D610 laptop, with 1 GB RAM, the Avira rescue disk comes up with a GUI, and, when I start a scan, this completes, correctly showing my Windows system clean as a whistle. I don't have an infected system handy to test it on. That should turn up any day now.

My general impression is that the Linux system they have compiled is not as flexible as the Puppy kernel in dealing with older machines. For typical used systems coming off lease right now, like the Dell D610 I mentioned, it should be fine.

W.R.T. Jerry's CD drive, I think one experiment to test our hypotheses would be to try booting that DSL disk repeatedly, to see if it always works. Or, try to boot a Puppy disk, that once worked, several times to see if you can get it to succeed once in a while. I'm betting behavior isn't consistent.

OT: Why doesn't the heart of West Lothian have the literary appeal of your neighbor?

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#80 Post by Sylvander »

"OT: Why doesn't the heart of West Lothian have the literary appeal of your neighbor?"
Huh?
Don't understand. What is OT?
Are you referring to the "Hearts of Midlothian"?

Post Reply