Electronics & Computers Deals here!
Computer help: can virus survive reformat?
can virus survive reformat?
by bently - 8/25/06 1:14 PMUsing XP home, sp2, Kerio 2.1.5 firewall, D-Link router, AVG and regularly run Ewido, Spybot,AdAware, AVG (with current updates)
Have 2 harddrives, each formated with 2 partitions, one is ''C'' and ''D'', and the other is ''E'' and ''F''... Plenty of free space remaining.
My computer started running slow and Ewido, Spybot,AdAware, AVG and several other programs could not find any malware.
I suspected some malware hidden that I could not find so I reformatted ''C'' drive. (NTFS)
Before reformatting, I unplugged from the modem.
After reformat and new install of XP sp1, I installed SP2 from disk, AVG, Kerio and router, before connecting to internet.
After connecting to internet, first thing I did was get updates for AVG
*** After all this, my computer still running slow, so I googled for info.
Found a web site where they say that virus/trojan can survive a format. I thought format would remove all virus and trojans???
Here is one of the suggestions I copied from that site....
''You can start by wiping your hard drive clean (a complete format that wipes out all data – all 0’s). Then turn off your computer, unplug it, and then disconnect the lithium ion battery. There is no way any data (worms) can be stored on your hard drive or in the mother board memory if you do this. Everything should be reset to the factory setting.''
My questions...
!. can virus/trojans survive a reformat?
2. would removing the battery really be necessary?
Thanks
Ben
1. Yes. See boot virus.
by R. Proffitt
- 8/25/06 2:26 PM
In reply to: can virus survive reformat? by bently
2. No. No known virus lives in the CMOS settings.
Bob
Possible, but rare
by john_mcdoogle - 8/25/06 3:01 PM In reply to: can virus survive reformat? by bentlyBoot viruses are pretty rare these days, and would be hard to become infected with if you have never run anything other than XP on the system in question.
What does seem possible, is something was lurking on one of the other partitions, and then lodged itself in your system again once you accessed that partition.
Maybe you should try and describe what you mean by your system is running slowly. What about it seems slow? It could be something pretty simple, like the PIO/DMA bug that plagues many many people in XP.
By slow.....
by bently - 8/26/06 7:26 PM In reply to: Possible, but rare by john_mcdoogleI mean taking 1 to 2 minutes to go from one page to the next on the same website, or changing to another web site.
Sometimes it will take just a couple seconds (normal) and the next time it may take 2 minutes. The slowness may persist for an hour then for no apparent reason, the speed returns to normal for a while then slows down????
I am concerned that malware may somehow be in the D, E, or F drive, which I have not reformatted.
I am considering moving files from D drive to E and F drive and reformatting the C and D drives and then reinstall XP again to see if this will help.
PIO/DMA bug... I googled this and found no usefule (to me) info. Don't have a clue what this is.
Thanks
Ben
That may be normal
by john_mcdoogle - 8/26/06 8:24 PM In reply to: By slow..... by bentlyThat sort of thing can be explained away by normal variations in Internet traffic. If you have any P2P programs going, those can easily saturate your connection creating problems like you describe, as one simple example.
People are often very quick to assume every little problem is somehow virus or malware related. While they are a problem, they aren't the root of EVERY problem with computers.
What often works well for me if a site seems to be taking a long time to load, is hitting Esc to stop the loading of the page, and trying again. Most of the time, the second try will work like expected.
Of course if you're concerned about malware, you should take care to avoid using Internet Explorer. Use Opera or Mozilla Firefox instead. Instant immunization against sites that exploit security holes in IE to install malware. Which now includes some of the larger name sites, like MySpace. IE is good for getting new updates and little else.
ISP?
by axekick - 9/4/06 2:04 AM In reply to: By slow..... by bentlyAny chance it isn't simply your ISP being sluggish? I have used Charter and my speeds vary greatly over the years, and do so from day to day, morning to evening. That said, I am currently typing on a Pentium II 450 because my computer is trashed by NewDot. My system performance degraded slightly, I found this program and deleted it without researching it then all hell broke lose. I cannot reformat the hard disk, or use Fdisk and my pc manufacturer has told me the only solution is a new hard drive which they are suppose to be shipping off tomorrow. You may try www.dslreports.com and test your internet speeds, packet loss, etc.. to see if the problem isn't simply your Internet Severice Provider rather than your machine.
Router ??
by Cursorcowboy - 8/27/06 4:58 AM In reply to: can virus survive reformat? by bentlyStarting mid July the two systems connected through a Netgear router had the same symptoms you describe when surfing. I wasn't concerned that the systems had been or was infected and besides I was going to upgrade the Internet cable system on 1 August. After the new modem and digital phone were installed the same symptoms continued. Time Warner and Road Runner made several trips to check their wiring and splitters as well as changing out the modem -- still the same. I found that CompUSA had Linksys routers on sale so decided to purchase one so the company could not say that my added equipment had anything to do with the slowness. Well, with the new router, my access problems went away as soon as the router was replaced.
Yes.
by GeeBee - 8/27/06 7:34 AM In reply to: can virus survive reformat? by bently1. Boot sector virus.
Lives in sector zero of your hard drive. As the hard drive starts to spin up, the virus is read into memory. Anything you do after this including repartition and reformat will have no effect because the virus in RAM is tagging along with you every step away. After you do all the things you did, none work, because the rogue file has attached and rewritten itself back into sector zero! 
this technique has been used on computers for decades inculding Atari / Commodore / Mac / PC. It's the way virus' used to work by default.
This is why you need to boot from a safe and clean source such as a bootable OS CD, or a virus clean system floppy disk (with the tab open). By doing so, no files on the hard drive are actually in use. Because the computer is running from safe media, even though the infected boot sector has been accessed as the drive spun up, it has not been run.
2. A problem which can and will kill a computer.
The CIH / Chernobyl virus effectively attacked the BIOS and corrupted it, but it did not live in there! The trick and problem there is a dead computer that has had it's BIOS destroyed by a virus file a user launched, cannot replicate the file and problem.
In some cases the CIH / Chernobyl virus corrupts the BIOS entires, and removal of the battery and resetting to defaults cures the issue. In some cases it completely scrambled the BIOS and recovery isn't easy.
It's hard to assume that running AVG and various scans (you can shedule a system scan before the OS launches for BOOT sector and file tagging (where a rogue virus file tags onto the end of a safe executable file) would leave you with an infected computer. There are many other reasons why a computer will suffer slow down, before you can assume that a virus has slipped through.
You should press "CRTL + ALT + Delete" to check Windows Task Manager > Processes > Click CPU (twice to put the busiest apps to the top of the tree) to confirm just if you computer is actually busy doing something or not.
After that (not sure if you have these options) ;
Control Panel > Administrative Tools > Performance
Can show you graphically just what your PC is up to.
Good luck,
GeeBee.
found answer
by bently - 8/29/06 5:00 PM In reply to: Yes. by GeeBeeUsing win xp home and Mozilla 1.7.13
THANKS to all,
I tried to remove router and just use the DSL modem without router to see if this would speed things up.
Could not get online at all without router. After several tries, I redid my online setup and reset the router to factory settings.
After a few glitches I got back online using the router and now computer is loading at normal speeds.
Only problem now is I can't access my Mozilla email because it will not recogonize my password. Posted this info on C NET BROWSER forum.
Thanks again to all.
Ben
reinstall IE6
by murman - 9/1/06 4:58 AM In reply to: found answer by bentlyI was going to suggest a reinstallation of IE6 and then download maxthon to use. I had to reinstall it which is easy, then added the maxthon plugin and haven't had a problem since. Knock on wood!
Virus vs reformat
by craig125 - 9/1/06 5:57 AM In reply to: can virus survive reformat? by bentlyYou are probably getting the spyware when you reconnect to the web. I reformatted 3 times and got adware as soon as I went for the Windows updates. Apparently a spybot found my IP address and would instantly dump it's program on me as soon as I connected. I solved the problem by connecting a router between the PC & modem. The router is a hardware firewall that stopped the attacks. Voila! No more problems.
Zero the drive
by alfunso - 9/1/06 9:59 AM In reply to: can virus survive reformat? by bentlyZero the drive to be sure. Most all reformating software has the option.
I agree with rare...
by tonyman262 - 9/1/06 5:39 PM In reply to: can virus survive reformat? by bentlyThere are several additional things to check rather that assuming virus or malware. After a fresh format and install including updates for your OS, favorite applications and virus software you want to check how many and which services/processes are running.
Taskmanager and msconfig can help you determine if the things that are running are supposed to be running.
I believe you also mentioned using a modem. This could also add to the slowness. Consider things you are doing locally on your PC verses work you're doing across the Internet. If the things you are doing locally seem to be at the right speed then maybe you have localized to the devices between your PC and ISP.
Also consider any other driver or devices that may or may not be installed completely or most recent drivers. If Device Manager is showing any (?) yellow question marks clear these up.
Lastly, a pretty cool and free utility by Sysinternals called Process Explorer will tell you about nearly thing that is currently running on your machine (real time). You can watch as you start and stop applications. It's what TaskManager should have been years ago. http://www.sysinternals.com/Utilities/ProcessExplorer.html
I hope this helps.
!!!!!!Yes, it will, but you don't have a virus!
by PC_Nerd-Henry_Chan - 5/1/09 8:54 AM In reply to: can virus survive reformat? by bentlyyes, it can survie one. It will survie unless if you formatt the whole HD with the "ntfs format" option, not the "ntfs format (quick)" option.
But, the virus will not be started. You must select the old partition if it is a boot sector virus! or else it will still start. Selectiong the old partition and erasing it fully deletes the boot sector, thus remove the virus.
but, I don't think you have a virus. Viruses are hard to get. I think you have a worm instead. they are easier to catch. a virus is programmed at the same time by a hacker. a worm is in a spam email.
and, runnin adaware pro slows the computer.
turn off outlook and erase account settings in outlook and outlook express and use email by the web browser is safer - and worms will be destroying Hotmail/Y!mail/... instead of your computer. remeber to set the email program in IE to Hotmail to stop outlook.
click tools>options, then select the program tab, then select Hotmail/Yahoo!mail. even if you don't have an account, that stops your outlook from running and downloading spam.
Message was edited by: admin to remove email address to prevent spam harvesters from picking it up
HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!plz!!!!plz!!
by Bayley4512 - 5/8/08 1:41 AM In reply to: !!!!!!Yes, it will, but you don't have a virus! by PC_Nerd-Henry_Chanmy pc has been fromated twice and this virus thing keeps oncomming back i thought if you format your pc everything is lost including a virus????
i think it started with internet exploerer tho it could have been something i downloaded the only thing i can think of is that i downloaded theme manager.??
would this be the problem??
basically it wouldn'tlet me go on internet explorer it kept on saying i had to send an error report or it said don't send what ever i clicked it still didn't work.
i thought this was just to do with my internet however it spread to everything, to my comp,control pannel, everything i couldn't get on anything??
i have managed to put win98 on it now i am putting on windows xp pro service pack 2 again.
but there was another error with that error 5001???
any suggestions wot this might be
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
