Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!elroy.jpl.nasa.gov!decwrl!netcomsv!mcafee From: mcafee@netcom.COM (McAfee Associates) Newsgroups: comp.sys.ibm.pc.misc Subject: Re: Is this a virus??? Keywords: virus Message-ID: <1991Jun28.083926.13624@netcom.COM> Date: 28 Jun 91 08:39:26 GMT References: <1991Jun28.042703.16945@cse.uta.edu> Sender: Aryeh Goretsky Distribution: usa Organization: McAfee Associates Lines: 69 In article <1991Jun28.042703.16945@cse.uta.edu> mcgee@cse.uta.edu (Robert M. McGee) writes: >I had a strange event occur with my pc the other day. I do not know if >it has anything to do with a virus, so I'm asking if anyone knows of a >virus with these characteristics. Here's what happened: > >I exited Procomm and got a error reading drive c: message. >Then I pressed the reset button and after all the ROM diagnostics had >completed I got a disk boot failure error. Hmm... do you recall the exact message? Was it something like "HDD Controller Failure" , "Error Loading Operating System" , "Non-System Disk or Disk Error. Replace and Strike a key..." or "Bad or Missing COMMAND.COM" ? Most people report one of those as a boot failure, and they all have different meanings. > >The next thing I did was to boot off a floppy and run Nortons disk >test program which told me I had dozens of cluster read errors that >were unmarked and could be used or were already being used by files. Okay, the NUMBER ONE reason I get calls from people asking about lost allocation units is disk-caching software. There are a lot of disk cache programs that buffer disk writes, that is, they allow the user to make a bunch of little writes to disk, hold them in RAM until they fill up a buffer, and then flush the buffer to disk (perform all the small disk writes at once). This speeds up disk I/O, but it you reboot your machine or power down while there is still stuff in the cache, then >POOF< it's gone. This is particularly bad if there was only a partially completed disk write in the cache, i.e., a file was left open on the disk, or a file was saved to disk. > >I turned the power off to the machine for about 20 sec. And it booted >normally when powered up. >I ran the Norton program again and got no errors. I also ran a >(older version) virus check on all the drives and found nothing. Have you tried cold booting off a DOS Boot Disk and checking with the Norton Disk Test program? If the disk errors appear then, it could be that you might have a "stealth" type virus that hides itself when loaded in from the hard disk (unlikely, but a possibility). Make sure that the DOS Boot Disk you boot from has a w/p tab on it. And you may wish to get a newer virus checking program. Fridrik Skulason has just recently released a new version of F-PROT and Ross Greenburg recently released a new version of t the VIREX-PC Demo Version (detects but doesn't remov. Some other anti-viral companies have recently released new versions of their software, too. > >I haven't had any problems since. Wierd. I agree. Weird. > >mcgee@cse.uta.edu > > >-- >_________________________________________________________________________ > | Mark McGee > | News System Manager > | The University of Texas at Arlington Aryeh Goretsky McAfee Associates Technical Support -- McAfee Associates | Voice (408) 988-3832 | mcafee@netcom.com 4423 Cheeney Street | FAX (408) 970-9727 | (Aryeh Goretsky) Santa Clara, California | BBS (408) 988-4004 | 95054-0253 USA | v.32 (408) 988-5190 | mrs@netcom.com ViruScan/CleanUp/VShield | HST (408) 988-5138 | (Morgan Schweers)