Hello guys, my bios is not supporting my hard disk "Quantum fireball", how i can detect it , infact the fat32 partition system of hard drive has been damaged through hiv virus, how I can correct it.
thanks
Printable View
Hello guys, my bios is not supporting my hard disk "Quantum fireball", how i can detect it , infact the fat32 partition system of hard drive has been damaged through hiv virus, how I can correct it.
thanks
Was this hardrive in your computer, or did you switch it out? If you switched it, make sure your jumpers are set correctly, and if you have cable select selected, then make sure your IDE cable is connected correctly.
If it is in the same computer, I have to this day not found a virus that will actually inflict physical damage to actual hardware. You might have come across some bad sectors.
What I would advise doing is downloading a program called the ultimate boot CD, or look for Seagates diagnosis utility (it should have come on a CD with the hardrive, if not check their site).
My final advice:
1.) Try putting it in another computer with the correct jumper settings (if you don't know how to do this then ask, although the instructions should be on the hardrive cover).
2.) Try other IDE cables, yours could be bad.
3.) If through all of this, you get nothing, try the Seagate diagnosis disc.
Hi there Poppy,
Have a look at the Semantec (Norton) And Network Associates (McAfee) sites for removal/repair tools for the virus.
Get the installation and diagnosis tools from the hard drive manufacturer's site (seagate?) At worst you boot with the floppy and reformat the drive, if the BIOS does not support your drive size, it will install an "overlay" program (something like EZdrive) to correct this.
Lansing~ is quite right about the jumper..........at the back you will see a section with three or four pairs of little pins..........there should be a diagram on the top of the drive or printed letters on the bottom (sorry, don't have a fireball to hand) they will be something like MS = master, SL = slave, CS = cable select. Set the drive to master if it is your main machine drive. Boot with the installation floppy , format and install. Otherwise set it to slave and put it on another machine.
With cable select, the last connection is the master and the one half way along is the slave.
Cheers
thanks, this is the virus which I have found
http://www.cnn.com/TECH/computing/99...rs.asia.virus/
http://zdnet.com.com/2100-11-514464.html?legacy=zdnn
http://grc.com/cih.htm
thanks for both, I check this hard drive on other machine, because My system (bios) is unable to detect it.
i more I have all setting right as nihil and Lansing_Banda have described.
you can find tons of usefull booting tools at www.bootdisk.com mabey one of them will be helpful.
if you can't get what you need there I would be suprised. you may want to also check you bios settings you might not have you bios set to detect your hard drive you may want to reset your bios and see if that helps.
Hi Poppy~
I looks like you have two issues here? The first thing to do is to download the CIH virus recovery tool from the GRC site you mentioned and repair the FAT32 partition. You can do this on another machine.
CIH repair tools are also available free from all the major anti virus company sites such as NAI (McAfee), Symantec (Norton). This should make the drive workable.
The second question is if the BIOS on the origimal computer has been damaged? I would go to the website of the computer manufacturer or motherboard and see if they have a BIOS update and tool. Follow the instructions and overwrite the corrupted BIOS with the new version.
If your BIOS has NOT been damaged (you can test that by attaching a drive that you know works) then once you have fixed the damaged FAT32 partition, the old drive should be detected.
Cheers
thanks.
HI poppy
assuming that the drive's jumper was in correct position, did you auto-detect the hardware?try autodetection and see if it can be detected. Take note that it has different jumper settings for a "master" and "slave". If you did this correctly and autodetect the drive and nothing happens, then you probably got infected by a virus. If your Harddrive is older than your BIOS, it should be detected by the BIOS.
Have you tried this hardrive on any other computer? If your bios doesn't detect it, well then you might have a little trouble fixing it up.
Hi Lansing~
This is damage caused by the CIH/HIV virus. It scrambles the first meg of the HDD. There are a variety of free tools to fix this problem from Gibson Research & all the major AV vendors, for example.
I agree with the thinking that you should fix the HDD on another machine so that you can verify that it worked. Provide of course, that the tool you get works that way.
The next problem is that this virus tries to flash the BIOS on some systems. If it succeeds then you are screwed :( If you cannot get in to re-flash the BIOS then it is a new BIOS chip or more likely a new MoBo would be better $ value?
Poppy said that the BIOS did not recognise the HDD, which suggests that the machine is booting, so fixing the drive on another machine then re-installing it into the old machine should solve the problem. Otherwise just use a boot disk and run the repair tool.............I am not sure, but I think some of them might even create a boot disk themselves?
It was a very destructive virus in its day, but it is rather old?
Cheers
I have checked it on other system, bios detects it but operating system not.
If i copy the cih virus removal utility on other system's disk, and try to correct it by attatch the damaged drive as slave. It is right?
Poppy~
Yes, that is what I was trying to suggest...............the CIH virus can attack both BIOS and hard drive, so clean the drive on another machine first.
That will tell you if your BIOS has been attacked on the first machine? Otherwise, attach a known working drive with operating system to the first machine (as the master) and see if it boots. That should tell you about the condition of the BIOS on the first machine?
Good luck
Huh, I have never heard of a virus that actually screws with the BIOS like that. My bad nihil, I will leave the rest to you while I investigate this.
/edit
So I read up on the CIH and that is some pretty crazy stuff. Pisses off the hardrive and flashes the bios! And everyone thought MSBlaster was harsh. Hell if a virus like this got big, I mean damn. And it wouldn't be all that hard to pull off. Just include a flash utility with the virus and run it.
euhhhhn... Is see many people here refer to Seagate for a Quantum disk. While Seagate and Quantum do use similar software (I believe they both use Ontrack) for their hdd diagnostic tools, Quantum disks are not Seagate.
Some info:
Quantum is a manufacturer of very good harddisks and several tape products. Recently (a few years ago) they are bought by MaXtor, the harddisk division is taken over by MaXtor. Quantum now concentrates on the professional (backup) market. So new harddisks with the label Quantum are past.
MaXtor provides a diagnostic tool on their website for your Quantum disk.
nihil wrote
Yes I have checked, bios works fine..Quote:
attach a known working drive with operating system to the first machine (as the master) and see if it boots. That should tell you about the condition of the BIOS on the first machine?
on the other system, bios is detecting but OS is not detecting, nor that utility from grc.com, I have checked, it is also unable to repair it.
Infact I need my data on it otherwise I have to format manually to make Fat or ntfs on it.
Nihil Yes I have checked on other system. but Operating system is unable to detect it. grc's utility is also unable to repair it, infact I have important data on it. otherwise I have to format it for fat or ntfs.
OK Poppy~
I will have to find a few tools for you. I am rather busy for the next few hours so please be patient!
I have a few questions:
1. How big is the drive that does not work?
2. How much free space is there on your other machine's hard drive?
3. What was the operating system on the drive that does not work?
4. What operating system have you on your other machine?
I have two gameplans:
PLAN "A"
Put drive into original machine, boot with floppy disk, run a repair tool on the drive.
PLAN "B"
Copy your files off the drive onto the second machine.............then just format the drive, as you mentioned. We need to be sure that you have enough space to do that, so you might like to do a bit of housekeeping and defragment the drive of the second machine.
ALSO!!!!!!!!!!!!
Be sure to update the antivirus on your second machine.........we will need to scan the copied files before they are opened!!!!!!!!!!!!!!!! God knows what might be in there?
:eek:
Good luck
I will get back to you later today.
1-10gb
2-15gb
3- winme
4- winxp
thanks nihil, Plan A, I will check it, Plan B is possible If plan A is succeeded. I will check and reply soon.
Hi Poppy~
Can you get hold of a WIN98 boot disk? You need to boot into DOS.
Then at the A:> prompt type in
fix-cih /bootroot
Please note the space before the /
That is if it does not work normally with fix-cih.............that may give you a "fixed" message, but not have done it when you check.
Please go very carefully.............you will have infected files on that drive.............need to fix that first ;)
If that doesn't work, I guess we have to try data recovery.................we can do that safely on the XP box, because CIH won't run on an NT based operating system..........
Sorry for the "poor service"...........but that virus is 5 years old..............I have sort of forgotten :D
Good luck
It has shown me all figures of my drive accurately, and I am repairing through "fix-cih" utility.
nihi, I am doing as you say, It has shown me all figures of my drive accurately, and I am repairing through "fix-cih" utility now, it is "other boot sectors" this time.
Hi Poppy~
It is Sunday here and I have to go out................other boot sectors huh?, yes that does sound familiar...............I will get back to you today, but later.
Hey, I think that we are making some progress? but sorry, it must be a good three years since I had to do a CIH recovery, I have forgotten a lot
:D
Catch you later...
Thanks nihil I have retrieved all my data back, I just scanning for virus, thanks for fix-cih and nihil again. any online virus scanning ??
HI Poppy~
Thank you for the update..............run Trend Micro "Housecall" it is a very good up to the minute online AV scanner.
Once again, please accept my appologies for the amount of time this took..............I have not seen that virus for a long time :)
Also, I think that you must be in a very different time zone from me
Take care
Johnno
nihil I am scanning online from http://www.ravantivirus.com/scan this time, here is a log while it is scanning.
Scan started at 5/24/2004 3:31:54 PM
Scanning memory...
Scanning boot sectors...
Scanning files...
H:\quantum2\mscs\semester 6\java DOT\MSCS-263realproject.rar->real
project\server\folder.htt->(SCRIPT0000) - VBS/ActiveXExploit* -> Infected
H:\quantum2\mscs\semester 6\java DOT\MSCS-263realproject.rar->real
project\server\folder.htt->(SCRIPT0001) - VBS/Redolf* -> Infected
H:\quantum3\project 266-263.rar->project 266-263\folder.htt->(SCRIPT0000) -
VBS/ActiveXExploit* -> Infected
H:\quantum3\project 266-263.rar->project 266-263\folder.htt->(SCRIPT0001) - VBS/Redolf*
-> Infected
H:\quantum3\softwares\keylogger.zip->KeyLogger.exe->(ZipSfx)->UPIN Key
Logger/keylog.exe - Win32/Nihilit.L@mm -> Infected
H:\quantum3\softwares\password recovery utility cain25b45.exe - Backdoor:Win32/Cain.2_5 ->
Infected
H:\quantum3\softwares\Msn hacking\TELNET.exe - SpyTool:Win32/MSN_X3 -> Infected
H:\quantum3\softwares\nmap\name.rar->name.txt->nmap.exe - Win95/CIH.1003 -> Infected
H:\quantum3\softwares\nmap\name.txt->nmap.exe - Win95/CIH.1003 -> Infected
H:\quantum3\softwares\nt crash\NTCRASH\ntcrash.rar->NTCRASH.EXE - Win95/CIH.1003 ->
Infected
H:\quantum3\softwares\nt crash\NTCRASH\web.rar->nt.txt->NTCRASH.EXE - Win95/CIH.1003
-> Infected
This is data of effected drive, I will scan my whole system so.
Hi Poppy~
1. Are you running this on your WinXP computer, or on the original PC?
2. Autoclean: Automatic clean the infected/suspicious files.
Inside archives: Scan for malwares inside archives.
Unpack executables: Unpack executables during the scanning process.
Please select the above options and let the scan do the WHOLE PC
3. Has anyone other than yourself had access to the infected machine? Because it looks as if you might have been "owned"
You have a password cracker (Cain) a back door (allowing remote access), a spytool and a keylogger (Nihilit)...........hey they have named a nasty after me! fame at last! :D
Unless these are part of your studies?
You have some executables infected with the CIH virus
I am starting to remember my CIH virus. Please DO NOT use this machine/drive on May26th. The CIH virus has a payload trigger date of the 26th of the month I believe that the first one only did it on the 26th. April, but it looks like you have a later variant, which will trigger every 26th. of the month. We need to be sure that you are "clean" before that date, or wait until afterwards to be perfectly certain.
Cheers
Yes nihil, I am running on my original machine, infact I have two hard drives, after retrieving data from effected drive, I copy all data into other drive(not effected)'s h: drive. and then scan only this drive.
what do you mean?Quote:
hey they have named a nasty after me! fame at last
and last one, how I can completely white washed this cih virus from my system?
Hi Poppy~
I am back!............I live in England, and think that I am some 5-6 hours behind you? you must live somewhere to the East?
http://housecall.trendmicro.com/
Please run the first option over both drives (it should do that anyway) let it scan everything and let it automatically repair anything.
What do I mean by:
That is my rather poor English sense of humour :D The name of the bad guy was NIHILit?.......I had never even heard of it up until now...........do not worry, it has no influence on cleaning your machine :)Quote:
hey they have named a nasty after me! fame at last
Please remember that this virus will deliver its payload on the 26th. We MUST be certain we have killed it, or don't use the machine on that date.
It infects executable files, each time you boot up and open them, but it only runs the payload either once per month or once per year (April26)
Good luck, and please keep me informed
thanks nihil, wish u good luck