topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Saturday December 14, 2024, 8:02 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Advice Needed: Fixing Pentium 4 PC with Conficker virus  (Read 9537 times)

kyrathaba

  • N.A.N.Y. Organizer
  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 3,200
    • View Profile
    • Donate to Member
Advice Needed: Fixing Pentium 4 PC with Conficker virus
« on: September 16, 2011, 05:43 PM »
My dad's Windows XP Home Pentium-4 machine has the Conficker virus, or some variant of it.  The reason I know this is that he passed the virus on to his external hard-drive (in USB enclosure), a USB thumb-drive, and his Windows XP Home laptop. 

Long story short: we've disinfected the external HD and thumb-drive, as well as the Windows laptop.  However, the Pentium-4 desktop PC seems royally screwed.  The DVD drive seems not to be working now, so even when I put a Kaspersky 10 Rescue DC in the drive and reboot, specifying CD-ROM as first boot device, we have no luck...

Managed to download and install Microsoft Security Essentials (he was running NO anti-virus initially, hence the virus), but we're unable to complete downloading of virus-definitions (presumably the virus is interfering).  Safe mode, no luck.  And his BIOS is too old to be able to allow booting from a USB.

Summary: I cannot get at the problem in any of the usual ways.  I'm wondering if I removed the hard drive and put it in an external HD enclosure, hooked that to a PC running MSE, if we could disinfect the drive, then reinstall it in his Pentium-4 desktop PC and go from there.

Recommendations?

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,193
    • View Profile
    • Donate to Member
Re: Advice Needed: Fixing Pentium 4 PC with Conficker virus
« Reply #1 on: September 16, 2011, 06:15 PM »
Microsoft Security Essentials can not be updated manually either? ie add updated definitions via USB key for example. There are other anti virus that can do that.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,859
    • View Profile
    • Donate to Member
Re: Advice Needed: Fixing Pentium 4 PC with Conficker virus
« Reply #2 on: September 16, 2011, 06:16 PM »
I'm wondering if I removed the hard drive and put it in an external HD enclosure, hooked that to a PC running MSE, if we could disinfect the drive, then reinstall it in his Pentium-4 desktop PC and go from there.

a) You could try your idea of removing it so the executables are inactive and doing the disinfect from a separate known to be secure PC. That's pretty much SOP when a disk is infected that badly.

b) Better would be just getting the data files off that drive the same way and then doing a wipe, repartation & reformat + clean install of Windows (followed by ALL the updates) and MSE. That way you're 100% sure whatever was on there is totally gone.

My inclination would be to go with option-b unless you no longer have installation media for his OS and apps. Considering the age of the BIOS on his PC I'm guessing locating them might be a problem?

Luck! :Thmbsup:


Addendum: +1 w/rgdot  :) You can download the latest 32-bit MSE definitions at this link. See KB971606 for full details. Link here.
« Last Edit: September 16, 2011, 06:21 PM by 40hz »

kyrathaba

  • N.A.N.Y. Organizer
  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 3,200
    • View Profile
    • Donate to Member
Re: Advice Needed: Fixing Pentium 4 PC with Conficker virus
« Reply #3 on: September 16, 2011, 07:05 PM »
Alright.  I've downloaded the 32-bit version, and I'll try manually providing the updated virus-defs via USB key.

Say that, for whatever reason, I wind up needing to refomat the drive and reinstall XP, but that I cannot use his CD-ROM drive.  Is it possible to install Windows on a drive that is located in an external drive case, then relocate the HDD back to the original computer?

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,859
    • View Profile
    • Donate to Member
Re: Advice Needed: Fixing Pentium 4 PC with Conficker virus
« Reply #4 on: September 16, 2011, 07:17 PM »
Is it possible to install Windows on a drive that is located in an external drive case, then relocate the HDD back to the original computer?

Depends. You could copy the Windows install CD over onto an external HD, then boot off a Windows setup floppy and point it to use the files on the external drive for an installation in the absence of a CD drive. But you couldn't do a setup (on a different machine) to the external HD, and then put that in your Dad's machine since the hardware configuration the setup saw would be different and probably wouldn't work. It could also cause activation problems since Genuine Advantage compiles a hash code based on the BIOS, mobo, and network card (MAC address) it finds. So even if the two machines had "identical" hardware configurations, there could still be problems getting it to activate..

But tell you what...if it's just a busted CD/DVD drive that's complicating your life, I have about a dozen surplus working optical drives sitting on the shelf. And I'd be more than happy to send you one. PM a shipping address and it will be on its way pronto with my compliments.
 :) :Thmbsup:

« Last Edit: September 16, 2011, 07:30 PM by 40hz »

kyrathaba

  • N.A.N.Y. Organizer
  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 3,200
    • View Profile
    • Donate to Member
Re: Advice Needed: Fixing Pentium 4 PC with Conficker virus
« Reply #5 on: September 16, 2011, 07:36 PM »
Thanks 40hz.  If it turns out to be a bad CD drive, I'll take you up on that!  :Thmbsup:

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,859
    • View Profile
    • Donate to Member
Re: Advice Needed: Fixing Pentium 4 PC with Conficker virus
« Reply #6 on: September 16, 2011, 07:39 PM »
Say the word, it's yours. Always glad to help a fellow DCer. :Thmbsup:

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,644
    • View Profile
    • Donate to Member
Re: Advice Needed: Fixing Pentium 4 PC with Conficker virus
« Reply #7 on: September 16, 2011, 07:52 PM »
Once you get a working CD, you could try CureIt! LiveCD.  It's built every day with the latest virus definitions included.

I've used it previously with good results.

kyrathaba

  • N.A.N.Y. Organizer
  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 3,200
    • View Profile
    • Donate to Member
Re: Advice Needed: Fixing Pentium 4 PC with Conficker virus
« Reply #8 on: September 16, 2011, 07:53 PM »
Dear old dad is a hunt-and-peck typist, and an avid but unsophisticated computer user :)  Love his heart, nine out of ten times when he tells me his PC has "started acting up...", it turns out he's done something he shouldn't have done.  Used to be, I could just use the built-in recovery partition to restore his system, but I've noticed that more and more laptops and notebooks are no longer coming with a recovery partition pre-installed.  Instead, they want you to create your own on a DVD (or set of DVDs).  And some manufacturers (HP comes to mind) will only allow you to create this Recovery Disc once (why, I ask).

After finally getting his aging Dell Latitude C800 WinXP machine up and running again, mother and I got him a new Dell Presario with Win 7 Home Premium and 2 GB Ram.  He's still raving about how fast it is, LOL...

kyrathaba

  • N.A.N.Y. Organizer
  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 3,200
    • View Profile
    • Donate to Member
Re: Advice Needed: Fixing Pentium 4 PC with Conficker virus
« Reply #9 on: September 16, 2011, 08:01 PM »
Now let me show my ignorance (and hopefully learn something):

Say that I wind up formatting his desktop's HDD.  Virus gone: *POOF*.  But will I then be able to access the CD-ROM, or will I be missing the drivers necessary to do that because I just formatted them out of existence?

I know that there's something the PC Repair Guys use, called a Preinstallation Environment, and I have BartPE on USB (but my dad's desktop won't boot from a USB).

To rephrase...

Say it turns out that his CD_ROM drive isn't failed in any hardware sense, but was simply being messed-up by the Conficker bug.  Nevertheless, will I be able to access the CD drive if I reformat the HDD?

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,885
    • View Profile
    • Donate to Member
Re: Advice Needed: Fixing Pentium 4 PC with Conficker virus
« Reply #10 on: September 16, 2011, 11:54 PM »
Say that I wind up formatting his desktop's HDD.  Virus gone: *POOF*.  But will I then be able to access the CD-ROM, or will I be missing the drivers necessary to do that because I just formatted them out of existence?

The only time I ever needed drivers installed to use a CD drive on a PC with no OS was when there was a controller card sitting between the CD drive and the motherboard, and it wasn't CD drivers that were needed, it was for the controller card.

If you wipe it and can't get the CD drive to work, it's most likely a bad CD drive.

Consider when building a brand new computer that has never had an OS, never had any drivers installed on it. Once you have finished putting the hardware together, you pop in the CD to install the OS and it works. Some interesting magic if it needs to have drivers installed in order to work, huh? Where would you have them installed to if you don't have an OS? And what media would they come on...a CD? That would create a hell of a catch-22 where you need the CD drive to work so you can install the drivers, which require you to have an OS installed first, but you can't install the OS or the drivers because the CD drive won't work.

Optical drives are standardized for just this reason. They don't need drivers except maybe for extra features that deviate from the standard, which you wouldn't be able to use until you had an OS installed any way.

kyrathaba

  • N.A.N.Y. Organizer
  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 3,200
    • View Profile
    • Donate to Member
Re: Advice Needed: Fixing Pentium 4 PC with Conficker virus
« Reply #11 on: September 17, 2011, 06:35 AM »
Thanks, app!  Sounds like I can safely assume it's a bad CD drive, if it fails to work after getting rid of the virus.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,649
    • View Profile
    • Donate to Member
Re: Advice Needed: Fixing Pentium 4 PC with Conficker virus
« Reply #12 on: September 18, 2011, 08:24 AM »
Thanks, app!  Sounds like I can safely assume it's a bad CD drive, if it fails to work after getting rid of the virus.

Even with a boot sector virus, if the CD is ahead of the HDD in the boot sequence, and it still isn't booting ... Safe bet the CD-ROM drive is bad.

On days where time and or hardware are scarce. I've used a Trinity Rescue Disk to boot an infected machine to its Linux/Samba server share, mapped a drive letter to it, and then scanned the mapped drive with AV from another machine.

It's also generally best to update/rewrite the MBR before booting back into the "cleaned" drive to be sure nothing is lurking there for later reinfection.

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,644
    • View Profile
    • Donate to Member
Re: Advice Needed: Fixing Pentium 4 PC with Conficker virus
« Reply #13 on: September 18, 2011, 08:54 PM »
Before you toss out the optical drive you could try cleaning the lens with a camera lens blower brush, (like this).

That's assuming it's the normal tray type laptop drive where the lens is exposed when you eject the tray.  You never know, it could be as simple as dust stopping the laser from reading the disc.