AntiCMOS Virus on 2000 System 4

[rocmills]

When running the weekly virus scan on my bosses computer, it found the virus AntiCMOS.A. I followed the software directions for cleaning the virus, but it didn't work. I then went online and found various directions for removing the virus, but they all included making a "boot disk" for 2000.

I went to the 2000 Setup CD, found the directory BOOTDISK and ran the MAKEBOOT program. This was a long and tedious process that created a 4 disk set of supposedly bootable disks for Windows 2000.

When I booted to these floppies, another long and tedious process, instead of being left at the command prompt (which is where all the removal directions said i needed to be) or being given any option that might facilitate the virus removal, these boot disks tried to reinstall W2K.

What am I doing wrong and how do I get this virus off the bosses computer?

Thank you very much for any help you may offer...

--Roc

 

[CharlieJax]

The problem is those floppies are used to reinstall Windows 2000, not boot to a C prompt. (As you have learned).

If you are using a FAT drive use:

http://www.tvtservices.com/boot98sc.exe

If you are using an NTFS drive use:

http://support.microsoft.com/default.aspx?scid=kb;en-us;311073

CJ

Don't drink and post, save that for driving home!

 

[wolluf]

You need a win98 style boot disk (or an Anti-virus software set of rescue disks) which can access the filestore from outside 2k (so if its ntfs filestore, win98 bootdisk on its own won't do - if its fat32, should be ok). Some here say that Norton AV install CD, for example, is bootable and can run AV software from it.

 

[rocmills]

Charlie and wolluf:

Thanks for the tip. I will try making a bootdisk from the link Charlie provided and let you know how it goes from there!

And thank you both for the prompt replies!

--Roc

 

[rocmills]

Argh!

Okay, I made the boot disk and it does boot... but the directions I found for removal of the AntiCMOS virus didn't work. The directions in questions said "at the command prompt, type 'SCAN C: /boot /clean' " - but when I typed that (without the quotation marks) it said BAD COMMAND.

So... how the heck do I remove this danged virus?!?

--Roc

 

[JPLWU]

With Windows 2000 you can go into the bios usually with f1, f2, delete...it should tell you how on startup...after that change the boot order to boot from cd in the first position..put in your win2k install cd, and there is a repair utility on that as well...its gonna ask you if you want to format or repair..choose r for repair..then it will ask if you want to use the repair console, or another option, which requires you to press "r" or "c"..use option c. This should bring up a Dos prompt..eventually...that requires your password..then after you enter the admin password you should be able to enter commands, in which case you need a new master boot record so type help..that should display all your commands..look for one with fdisk/mbr or fix mbr or mbr /fix..thats the one you need..type in that command and press enter..do not be afraid..Microsoft will freak out and give you tons of warnings..after that update your virus definitions and run a full system scan..that should get rid of anything extra...(my research comes from symantec.com)

 

[rocmills]

JPLWU,

Thanks for the advice. Reassure me, though, please... I have typed FIXMBR and gotten all the warnings. They imply that continuing the operation *may* destroy all partitions on the drive and thus lose all data. Say it isn't so. This computer is not backed up in any way and I think my boss would throw himself (and me!) in front of a train if I lost the drive altogether.

Thanks again to everyone for all the help!

--Roc

 

[rocmills]

Never mind the request for reassurance, I went ahead and did it - FIXMBR. However, that did absolutely nothing to get rid of the virus! It is still there.

So again I ask - how do I get rid of this blasted AntiCMOS virus?

--Roc

 

[madonnac]

BOOTSCAN.EXE is available for download from

http://vil.nai.com/vil/virus-4e.asp

put this file on your boot floppy, and the steps you took before should work

 

[wolluf]

rocmills - did you use the boot98sc.exe - its only a normal 98 boot floppy, so if your filestore is ntfs, no virus scanning software will work (as I said before - you haven't said what your filestore is) - but should be ok if fat32.

If ntfs - consider mounting drive as slave in another machine & running AV software in host system?

Otherwise - don't know if this

http://harakiri.dyndns.org:2080/trk-howto.htm

link is any use.

 

[rocmills]

HOORAY!

Victory is mine!

The file system was/is FAT32 on all our drives. I downloaded the BOOTSCAN.EXE which madonnac recommended and everything worked from there! It wouldn't fit on my bootable floppy (which was a 98se disk), but I put it on a separate write-protected disk and played the disk swapping game.

In addition to antiCMOS, it also found the Stoned virus (gosh, i haven't seen that virus in *years*)... however, the computer is now booted normally and a full virus scan has been run... the system is CLEAN!

Thanks so much to all of you for your help, I couldn't have done it without you!