YEA!!! I finally did it. Everyone, I got a very severe BIOS virus that also infects the MBR of the hard drives. I spent a lot of time trying to fix this issue. I finally got the solution. The best part of this solution is that I was able to keep all of my data!!!! YEA!!!!
I tried to attached the infected drive as a slave so I could run a virus scanner on the infected drive. However, this is a really bad BIOS virus AND it writes to the MBR of the infected hard drives. So, when I booted up the computer with a clean boot drive and the infected drive as a slave, the computer would freeze for a minute (60 full seconds) on the POST screen. Then, the computer would claim that I do not have any drives attached to my computer!!!! In other words, the virus would infect the clean drive BEFORE it was able to boot (POST SCREEN). This happened because the BIOS would look for drives. When it hit the infected drive, it would read the MBR and BAM!!!, the MBR would infect the BIOS, which would then infect the clean hard drive. I would use the CLEAR_CMOS jumper on the motherboard to clear the virus out of the BIOS. However, every time I tried to run with an infected drive attached as master or as slave, the BIOS would be re-infected. If you read this thread, you also know that I could not see the CD-RW when the BIOS was infected so I could not run a CD with antivirus against the infected drive. ######! This is a very bad BIOS / MBR virus.
I then launched a clean Windows with a virus scanner. Then, while Windows was running, I plugged in the infected drive with the hope that I could see and clean the drive before the MBR infected the clean drive. However, no matter what I did, I could not get the infected drive to show up on the Windows machine. I unplugged the infected drive and turned off the computer and used the CLEAR_CMOS jumper to be sure the BIOS did not get infected by the attached infected drive. I rebooted the computer WITHOUT the infected drive and my clean Windows drive was still clean.
The epiphany came when I realized that this virus is a Windows virus. So, I decided to hit it with Linux. I tried the McAfee Rescue disk, but it was Windows based and did not work. I tried the Kaspersky Rescue Disk, which is Linux based, but it did not work. I finally tried the BitDefender Rescue Disk and it worked!!!! YEA!!! Thank you BitDefender!!!
Here are the steps:
* Using a clean computer, download the free "BitDefender Rescue Disk" and create a CD from the ISO file that you download. If this link does not work, simply google for it. Make sure you download the ISO from BitDefender's website and not some hacker's website: http://www.bitdefender.com/support/How-to-...cue-CD-627.html
* Using a clean computer, download "Parted Magic", which is a free disk partitioning tool that is written on Linux: http://www.livecdlist.com/ then scroll down to "Parted Magic". Download the ISO and then burn it to a CD.
* Clear the BIOS by physically moving the CLEAR_CMOS (or CLRCMOS) jumper. Refer to the motherboard user's manual for the jumper's location.
* Make sure all drives are unplugged except the CD-RW (or DVD-R). Then, put the BitDefender Rescue Disk in the CD-RW as you turn on the computer.
* Let the "BitDefender Rescue Disk" to boot up and then it should automatically update its virus database.
* After BitDefender has updated, and while BitDefender is running, plug in the infected hard drive (PATA or SATA). Give it a few minutes to "see" the drive.
* If BitDefender Scanner window is closed, double-click the BitDefender Scanner icon on the Linux desktop.
* Click the "Scan Now" button
* Click "File System" on the left
* Click "Open" on the bottom, right and the scanner starts scanning. This will take a long time on a Terabyte hard drive (2 hours for me). You will get a lot of I/O errors while the scanner fights with the MBR virus. I got 399 I/O errors! If the screen locks up, don't worry about it. Go away and grab dinner, curse at the person/people who wrote this ###### virus, and come back in about 2 hours.
* BitDefender found 92 issues. All of them were similar to this:
Gen: Trojan.Heur.JP.Ju2@akWcCegi
Gen: Trojan.Heur.LP.008@amBBdZe
... and 90 more messages similar to these two.
* When BitDefender finishes, click the Finish button, then the Done button. Click the Shutdown icon on the right side of the task bar, which is located at the bottom of the screen.
* If your computer is still locked up after 2 hours, press and hold the power button on your computer to do a hard boot. I had to do this step on one of my infected hard drives. The process still worked on it. Apparently, BitDefender was still able to kill the virus even though it looked like it locked up.
* Restart your computer with BitDefender still in the CD-RW and the infected drive attached. Hit F11 or the boot menu key for your BIOS and make sure you boot off the CD-RW. After BitDefender boot_s up and updates its virus database, hit the "Scan Now" button and scan everything again. Look for I/O errors that may indicated "inaccessible" or "password protected" files
* After the second scan process is completed (and possibly a reboot and then a third scan process if you feel it is necessary), you need to clean "inaccessible" or "password protected" files. The infected drive should show up on the BitDefender's Linux desktop at the top, left side of the screen. Double-click on the icon and find the i/o error files. Select the file and HOLD DOWN THE SHIFT KEY while you press the Delete key. It will ask you if you want to permanently delete the file. Hit "Yes". The "password protected" files for me were in the _restore folder. Yea, I'm going to do an accidental restore and get the virus restored back to my computer!!! ###### NO!!! ###### virus and ###### CREATORS of the virus.
* Now is time to use the Parted Magic CD that you created. Put the Parted Magic in the CD-RW drive as you boot the computer. When Parted Magic fully boot_s, change to the "cleaned" drive by clicking the dropdown selector near the top, right side. You will see 2 mb of open space on the right side. Click the Resize button near the top. Click the middle space selectors to increase the size of the used space. As you increase the size, the right side side unpartitioned space will go down to zero. You should have zero space before you main partition and zero space after your main partition. Click the Apply button. After the process completes, click the LogOff | Shutdown icon on the task bar at the bottom of the screen.
* After you clean your drive and got rid of the small unpartitioned space, attach the now cleaned drive as a slave on a clean computer. Just to be sure, I got a chea.p drive and installed Windows on it. This way, if I attached the supposedly "cleaned" drive and had problems, I would only lose a chea.p drive. However, it worked perfectly! I ran a virus scanner against the slave drive and it found nothing wrong. I opend the drive and copied my critical files to a USB hard drive, just to be safe. You should do the same. Take this time now to copy your critical data to a USB drive in case you cannot boot from the now cleanded drive. I also deleted a few suspicious files, including a folder that gave me an "access denied" error. I googled to find out how to take control of an "access denied" folder, I took control, and then I deleted it.
So far, everything is working perfectly! I have all of my drives back, including my two Terabyte drives, with all of the data intact. YEA!!!!
Just a quick heads up. I tried to boot one of my boot drives (PATA) and it would not boot. I used the Windows XP installation disk to run the repair function. It still did not work properly after successfully "repairing" it. I did not have any important data on it so I just formatted it and re-installed Windows XP. On my second boot drive (SATA), I tried to get it into the Windows operating system, but it would not work. I tried to do a Windows XP installation repair function, but I kept getting the "blue screen of death". I finally gave up and simply installed a clean copy of Windows 7. On the boot drive for my third computer (SATA), I did not bother trying to run it. Instead, I just wiped it out and installed a fresh copy of Windows XP. On all three computers, I had the data backed up from the process above. In addition, my backup data was available on my cleaned USB hard drive. I had to re-install the applications, but at least I got my drives and my data back.
