This is symantecs' (Norton anti-virus) instructions on how to eliminate a virus I have called Ripper.

Q1)
Will Vista 32-bit RF make a bootable disk with fdisk on it?

There is no more background info given such as where the Norton av sw (navdx - see step 4) below) comes from to do this- the rescue-type disk I make when install 'nav' the first time? I now only have avg free 7.5, which doesn't fix "Ripper". In orderTo follow these directions to fix a HDD that contains this (destructive 1 in 1000 writes) virus, which resides in or affects the (MBR) master boot record.

Q2)
Will I lose all the data on the HDD? Do I need to empty the HDD files first, or will this procedure remove all the files on the HDD?

1)Shut down Windows, and then turn off the power. Do not simply press the reset button.
2)Wait thirty seconds to clear memory.
3)Insert an uninfected, write-protected, bootable disk that also contains the FDISK program in the floppy disk drive, and then restart the computer.
4)Type the following, and then press Enter:
fdisk /mbr
5)Type the following, and then press Enter:
navdx /a /doallfiles /repair
6)Allow Norton AntiVirus to scan the hard disk. This could take several hours or more. Do not interrupt the process.
7)Remove the floppy disk, and then restart the computer.

from http://www.symantec.com/security_response/writeup.jsp?docid=2000-121809-5135-99&tabid=3

fdisk = format disk
fdisk /mbr probably only formats the master boot record, I'd guess...

Believe it or not I still don't know what that means. I could have written that. It says no where, and this is why I ask, that I need to prepare for the fact there will be nothing left on my HDD after I do this. Do I work on the assumption that all will be lost? I am not clear on what either command line will do in this respect. Could it even just do something to the part of the HDD that doesn't have files and leave the HDD and all data intact and working; I have no idea if this is possible. My QUE DOS6.21 1000pp text doesn't even have a /mbr option under fdisk (maybe 6.22 !?). Then & only then what about the files !? Where the heck is the virus (after question). Only after I understand the consequences of these command actions then I have to get into the (many) specifics of this virus that only one of the top five a-v sw's even cover! A virus probably no one has seen in years! How to delete the virus everywhere, which may include being inside the files (10000s) themselves, how to repair all those files damaged and how to recover any important (lost) files on THIS HDD, and then how to disinfect the virus elsewhere and repair the hundreds of floppies DVDs and other HDDs I have.

I still need more of an answer from someone cuz if you're guessing, I'm f*....d. Thx, but can anyone be more specific??? I think this is quickly becoming a Y or N answer.

This is a destructive virus, meaning it is eating my pooter.

/mbr I thought did everything, EVEN the MBR

All right...did a google on fdisk /mbr.

This will not wipe your hard drive, it only rewrites the master boot sector (which is the first part of your hard drive, needed to load up). This was used back in the DOS/Win95/Win98 days to fix boot sector viruses. It has been superseded by FIXMBR (which you can access from the Windows XP recovery console)

So...what I would do is
1) Find navdx.exe from somewhere and stick it onto a floppy.
1) Insert your XP CD, hit whatever key you need to get into recovery console (it should be shown at the bottom)
2) Use FIXMBR
3) Insert floppy with navdx on it
4) Navigate to floppy and use navdx /a /doallfiles /repair
5) Boot safe mode and do a full scan.


Oh yeah...how did you get owned by this virus? Apparently it first appeared in 1993! :eek: Ancient stuff.

http://support.microsoft.com/kb/314058 under fixmbr says to worry about viruses. I may not have a XP CD. It is Vista HP 32 RF I have installed. I can get NTFS capable floppy boot disks to enter recovery console. However I think the infected HDD is not the os disk & I know that this HDD is IS a FAT32 (not NTFS), so I could use an older set of floppy setup disk that can do handle FAT32 only. This would (may ) have the fdisk \mbr command recc by Norton instead of the slightly different one above. I should read the older disks' sdescription to see if it mentions anyTHING about virii. Wadya think?

I need to do a complete system virus scan for the virus to get detected. It don't show on either HDD if I scan the HDDs individually. I have 3 HDDs - drive C: (2 36.6GB SATA -1 raptors as RAID0 os) and drive D: 80GB 7200 ATA IDE Seagate. I'll -w ell I was gonna disconnect the os drive from the system. No, no, I'll remove the D: from the system and re-scan the entire system. Damn I have to open the case & unplug it, BIOS Disabled and not in Boot Order doesn't work - P5K-E/WiFi-AP. Ok its unplugged (80-pin only) and disabled still BIOS, scan'l take 30 mins. The virus usu shows up in 4 secs! No virus w/o the mp3 D: HDD installed! (so its likely the virus is on that FAT32 HDD (only).

http://pcworld.about.com/gi/dynamic/offsite.htm?site=http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=55820EDB-5039-4955-BCB7-4FED408EA73F

btw what could I do with the Vista Home Premium 32-bit Retail Full os instll (dvd) disk I DO have, eliminating need to get any floppy disk(s), but bringing back up the specific command option syntax questions.

Gonna look for that nav file now. btw I think I could get a (e.g. 15-day free) trial version of just about any (soon after to pay) a-v software. There would be steps to make a floppy I guess (or maybe not w/ free trial).

Thx billions

SIMPLE QUESTION
If I boot up for the 1st time, after I shut down & plug-in the infected HDD, if I run the boot floppy navdx.exe method: will it be able to find the correct (infected) HDD -the D, not os C: , upon first cold boot awakening? Have all the req'd new drives, HDDs recognised, lettered, paths, etc. Would it be wise to have only one HDD (the infected non-boot, non-o/s, currently D: ) attached when booting to the floppy? I don't know what the target HDD is supposed to be, would/could be.


WHEN I
Norton talks about installing the nav gui and creating the navdx.exe floppy on an uninfected computer. I'm just thinking there's advantages to installing the nav GUI & floppy navdx.exe file the std. way, while in Windows; not just picking up the navdx.exe file. I've been using the pc without the mp3 HDD with the Ripper virus HDD (80-pin round-ribbon -daisy chained with the only IDE ATA DVD). The link posts above is Norton's (rather old) instructions to kill the virus, which means booting to a floppy with a version of fdisk and navdx.exe with access to the right switches and virus definitions. I am using Vista HP 32.

I can download the Norton AntiVirus 15 day free trial, which hopefully will allow me to create the navdx.exe floppy too. [I could see what happens if I av scan in nav Vista GUI first, or I could go directly to booting to the floppy.] Either way I will have to power down then plug the infected HDD in. Is it safe to do either: run the windows-nav version with an infected HDD installed now in same pc OR run the floppy navdx.exe with a quick-plugging of the never before seen HDD? By installing the windows-nav & floppy navdx.exe on the pc while the infected HDD is not installed.