Hey guys.
I got a problem and I went straight to the geniuses of the field.
A friend of mine caught a very interesting virus.
It displays the text "ImIm" and "DuDu" during the initial boot up screen in red text.
Once the next boot screen comes up, every line on the screen is covered with a - or a = making it hard to read the text behind it.

I have initially thought it was a main board problem. I switched the board on the same hdd and a second later it hit it as well.

I believe it is a virus. Now, it hides in the MBR of the hard drive and blocks off all visibility on screen to deleting it. I have tried to do fdisk /mbr but it does not go in with the windows 98 boot disk.

The virus also copies itself onto a part of the bios.

I figured I need to delete the MBR and format the drive completely.
Once that is complete, turn off the computer and run a flash bios program and install new bios on it.

Now, does anyone know how I can delete the Master Boot Record? Please do not tell me how to do it in windows!

Thanks, any suggestions will be greatly appreciated!

It's real simple if you have a Win98 boot disc...

at the a:\ prompt type "C:\"
at the c:\ prompt type "fdisk \mbr" or "fdisk /mbr"

Then FDisk and Format the drive, if you have to. Let me know if this works.

Well, if it's a very well programmed virus, formatting the HD and then flashing wont help.
You can format, but if its infected the BIOS, it will just put a fresh copy onto the HD.

Get a mobo that lets you lock the ability to write on the BIOS via jumpers, then put that HD on it and try formatting.

But because you tried a different mobo, try putting a old HD on either of the mobos and see if the viruse infects that HD too (If you have an old ~2gb hd.)

Edit: typos x.x

Quote: Originally posted by Fantazmic2 It's real simple if you have a Win98 boot disc... at the a:\ prompt type "C:\" at the c:\ prompt type "fdisk \mbr" or "fdisk /mbr" Then FDisk and Format the drive, if you have to. Let me know if this works.

I tried that before.
All that occurs is that it will skip a line and go back to C prompt

Gladiator, If you have done that...then you have FDisk'd your MBR...DOS does not come back and say finished, the only thing message you will recieve is if you type a wrong commang.

Did you also Fdisk the hard Drive and Format it? Were you able to flash the Bios?

Quote: Originally posted by Fantazmic2 Gladiator, If you have done that...then you have FDisk'd your MBR...DOS does not come back and say finished, the only thing message you will recieve is if you type a wrong commang. Did you also Fdisk the hard Drive and Format it? Were you able to flash the Bios?

I thought fdisk mbr had a menu where you can choose to restore the boot record or delete it.

I think the bios is not infected anymore. I dont the cmos clear as well as bios reset program built into the a-bit board and have had clean boots without the hard drive. Once the hard drive is connected, it all appears again.

I think that the fdisk mbr is not deleting the master boot record. The hard drive is an IBM deskstar. I thought trying to use MaxBlast which comes with maxtor hdd but it autodetects the non-maxtor drive and quits the program early.

What can be done to save this hard drive?

It looks like your only option is to FDISK and REFORMAT the harddrive which would mean you would have to start over from a blank harddrive.

I have never seen an option when FDISK'ing th MBR.

Sorry to hear about all the problems your having.

fantazmic,
heres what i did so far:
booted using win98se boot disk
Ran fdisk /mbr
ran fdisk to create a new partition
formated

i still think the virus is on it.
Is there a program to completly wipe out the hdd?

I have a program that we call "GOD DISK", it does a governement wipe. Recently there was a thread regarding wiping the HD. There were some suggestions there.

If you FDisk'd the MBR, FDisk'd the Hard Drive (delete the old partition and created a new one) and formatted it, the virus should be gone unless it resides inside the Bios.

What is the name of the virus that you picked up?

no clue of the name. I think it was inserted by hand by someone. The computer is not mine but of my friend. He makes professional type of movies like party videos and etc. One of his business friends was jealous and did it (what we believe although we are not 100% sure. I have gotten the computer to boot into windows xp before and it recognized a virus and would not completly boot.

It would stop 1/2 way in/

Where can i find this god disk?

Unfortunally It is one of those "I got this program from a friend...", and it's a program that you have to do a Disk to Disk copy...I've tried to zip the files, unzip them to a blank floppy, and no go.

if you have an original Norton CD, you can boot off that and it should run a quick scan, though if it's a new virus it might not be detected.

You could have a buddy create a rescue disk set from their Norton Antivirus, but these are supposedly machine specific, probably worth a shot though...

Quote: Originally posted by Sportbilly if you have an original Norton CD, you can boot off that and it should run a quick scan, though if it's a new virus it might not be detected. You could have a buddy create a rescue disk set from their Norton Antivirus, but these are supposedly machine specific, probably worth a shot though...

Thanks will try that.

Btw Fantazmic2. why not make an image?
winimage is perfect for that

Ive got something similar to that Fantazmic, 2 different progs one called wipeit and the other is destroy it... cant remember where they came from but they sound like the same sort of thing and both run of floppy disk.

you may be able to find them online Gladiator

i cant get rid of the virus on board.
I did a flash and a fresh update from the abit site
I have the NF7-S 2.0

I think the virus is chernobyl

I'm not familiar with your board, can you lock the bios? If need be, I gather for about 20 clams you can order a new bios chip, or send yours in for reprogramming. Google should help you on that one.

This program from Symantec claims to terminate CIH (Chernobyl virus) from your memory, should at least confirm what the virus is. I *think* it'll run in DOS, if you boot from a win98 disk.

Info on that prog, and Chernobyl in general, is here. They claim a 2001 or later Norton CDshould do it.

Well, might as well put in my .02 cents

Run a Norton Anti-Virus scan/clean disk after booting to dos with a boot disk. If it finds it, it should clear it from the boot record and the hard drive.

Flash the bios with an older version of the bios, or whatever the ABIT board will let you do.

Doing a super duper wipe of the hard drive probably won't cure your problem. We use BC Wipe at work, which does a 7 pass wipe of the hard drive...and the only reason we do that is for classified systems to ensure no data is left to recover...I doubt the virus is written so well it can recover itself from a formatted disk and go back to work causing havoc.