Topic: I think I found a new virus that's not notated in ANY database thus far (Read 2071 times)

Dash Jones · « **on:** September 10, 2009, 11:40:21 pm »

I've had multiple people ask me about helping their computers in the past few months, all with the same issue. The results is that initially the computer will start to reboot by itself in admin mode if the trojan/virus strikes there, but if in the simple user account it may just hang. The next time one starts up, it will not be able to find the Hard Drive, giving the user that it's looking for the boot device and typically will be looking for a hard drive but calling it a USB device.

It seems whatever occurs first has attached itself via a bootsector (haven't been able to keep the computers alive long enough to actually do a good disection of what actually is occurring), and seems to hang up the computer upon starting Windows XP/Vista.

Eventually one will either get the BSOD or Driver_IRQL_NOT_Less_or_Equal message and normally a
Stop 0x000000D1 message. The most recent had a (0x00000000,,0x00000000,0x83d91395)

NVSTOR.sys-address 83d1395 base af 83d8d0000
Datestamp 46671a61

Now this wouldn't be a problem I would think, 0x000000D1 errors are typical and not unusual by themselves, but this one doesn't stay put.

After two or three restarts, and reseats of devices and such...the entire motherboard dies. Always, it seems, at least as far as I can tell.

I would be thinking it's actually a motherboard type virus/Bios virus (never heard of such a thing to tell the truth) which attacks the hard drive controller first and then moves onto the rest of the motherboard.

That would explain why it starts being unable to detect controllers or mislabeling the Hard Drive as a USB device. Eventually it starts not being able to recognize the harddrive at all.

I've dealt with 5 computers with this in the past two months. The only similarities that I can see is that they say that sometime before it struck they were all browsing and utilizing a flash movie of some sort. Three of the five admitted it was porn, I suspect the fourth was doing the same (from what I dissected of the hard drive, I have always been able to bring their hard drive info up via slave on my computer when trying to diagnose what went wrong, which further makes me think it's NOT actually something on their harddrive), and one was not.

I KNOW, I KNOW...you'll say, hey, it's a device error...but the commonalities of the coding, what occurs next, and how it happens all are too similar for me to pass it off as coincidence...especially since today when I wasn't browsing porn, it actually finally struck the computer I had been using to diagnose their hard drives (I've been using it for a couple months to do this, so it seems odd it would strike now). I WAS watching a movie via the Flash imbedding at the time however.

Same symptoms, same BSOD, same everything. Yes, I've always tried to restore the system, doesn't work, as I said the hard drive will be seen as a wrong device OR won't even be seen. I'm too the point that the motherboard is starting to freeze at this point so can't even get into the BIOS.

As I said, I think it's actually a virus of some sort and pretty bad one at that, probably would NOT be listed on Virus checkers since it takes down the computer via (my guess is motherboard) key components before anything even has a chance to react.

The only fix I've been able to give ANYONE thus far is to replace the motherboard...I'm not the technical wizard...but that's what I can tell thus far.

Any thoughts.

And...please, I've already tried the reseating of components on all of them, reinstall of OS's, reinstall of different components, reinstall of chipset drivers, setting Bios to vul checks and non-vul checks, open and close ports, and even trying to flash the Bios...whatever this thing is...it's EXTREMELY persistent and ALWAYS kills the motherboard within a few startups...

Thought I'd toss in the things I've already tried on all of them (before typically getting a new MB and putting it in, the ONLY surefire way I've found to get rid of this and overcome it after it hits these guys...and now me) before someone starts suggesting me to do them.

Sirgod · « **Reply #1 on:** September 11, 2009, 11:40:11 am »

I hate bootsector Viruses.

The only thing that comes to mind right off the bat, IS check the CMOS battery?Then again, you might have already done so since you checked the seatings etc of everything else. Might be a long shot, But it is possible you might need a new one.

Outside of that, I have nothing.

Stephen

Dash Jones · « **Reply #2 on:** September 11, 2009, 12:28:06 pm »

Thanks for the thought. Right now installed a new MB and reinstalling the OS currently, seeing if this works. It looks like it's going smoothly. All the same components, just a new MB...I'll probably try some test posts later this evening from my computer.

Bonk · « **Reply #3 on:** September 11, 2009, 02:33:23 pm »

Is this machine setup to dual boot XP and Vista? Are the system disks on separate partions? (should be) Have all software installs been kept to separate disks for each OS?

Before an OS reinstall this might be worth a try:
http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/

or if an XP only system an "fdisk /fixmbr" ought to wipe the bootsector.

It is possible that a virus has gotten into the BIOS, as BIOS is not BIOS anymore, they call it extensible firmware interface (EFI) now and it resides on a hidden partition that any virus could write to. Really bad idea this EFI I tell you. Horribly bad idea. I just cant describe ust how awful an idea that is.... BIOS on the hard disk? WTF? That is retarded. It's almost as if malware writers payed off hardware manufacturers to make it easier for them to hijack systems... not only that but is consumes one of the four possible primary partitions complicating any multi-OS setup considerably.

Dash Jones · « **Reply #4 on:** September 11, 2009, 04:10:25 pm »

Already reinstalled the OS. I did check out the harddrive and the partitions were still there however. That EFI idea COULD BE the reason however, I don't actually know al ot oabout it. I think the Bios that I'm using is on the MB however, as the MB works fine now. In fact this is my first forum post/test to see how well the new stuff works...it's still open on the table beside me, but appears that everything is working fine now.

I haven't tried the fdisk/fixmbr before...how do you get the bootsector back after wiping it if you do that?

Bonk · « **Reply #5 on:** September 11, 2009, 04:19:11 pm »

Oops actually it's fdisk /mbr and here's the scoop: http://support.microsoft.com/kb/69013

If it is an older machine and XP, then it probably does not use EFI. Sounds like you might have had a wonky/tired mainboard from the sound of it. (ok with new MB)

Dash Jones · « **Reply #6 on:** September 11, 2009, 04:27:28 pm »

I might think that if the MB was older the two months and hadn't seen this same thing happen with other people's computers quite a bit with the same symptoms so much recently. It could have just been wierd odd chance though. I'm glad to be back on my desktop instead of my portable netbook though. I only have to hold out two or three more months before I start residency and interestingly enough when Win7 comes out to get a top of the line computer...so as long as this hunk of junk lasts me till then...

Sirgod · « **Reply #7 on:** September 13, 2009, 08:37:44 pm »

Hadn't heard anything since you last posted on the 11th. Is the MB still running ok Dash?

Stephen

Dash Jones · « **Reply #8 on:** September 14, 2009, 12:54:08 am »

Everything is running great, sometimes just don't have much to say. I DID do something different recently, another person I know had their hard drive die. So I froze it tentatively for a few hours, but it was REALLY dead. The stick couldn't find what it needed to start up so the HD was simply spinning with the clicks going crazy. So, I did my first successful (I've done a few unsuccessful) hard drive transplant, since this guy really really wanted his HD running. Got a clean room (or as clean as I could get it), clean hands, and doctor's fingers to carefully remove the disk from one and put it in another cover. Held my breath, and ran some tests on it this weekend and it's actually working! First time for everything. Hardest part is trying to remove the disk and putting it in another case without disrupting the spindle...that's hard as heck. Hit the spindle, you destroy the casing. Mess the disk, and you can destroy any info. It was a last shot on my part, shocked that it worked...but glad to see it actually can be done (by the way, if you do this it automatically voids any warranty and hope for any thing dealing with the hard drive).

On a separate note, I have been wondering which type of drives are longer lasting and can take more. Obviously I'm talking about the normal HD now, not the solid state ones they have. Sata I think appears to be more fragile from the ones that I've opened up, without as many anchors to hold the disk in...but they are far easier to plug in...though overall I would think they would be the same inside...different companies have different specs on them. The Toshiba one I did a number on only had ONE anchor for it's Sata which made it unusually weak.

Sirgod · « **Reply #9 on:** September 14, 2009, 03:03:31 am »

Good question. I've only done the disk swap ting on a few IDE drives, and A long long long time ago on MDF? Drives? Those big old half a shoebox looking things with two ribbons running to them.

Stephen

Javora · « **Reply #10 on:** September 14, 2009, 03:21:44 pm »

Seagate has five year warranties on their drives. Not sure if this means that the drives are actually better but... *Shrug*

Dash Jones · « **Reply #11 on:** September 14, 2009, 03:52:31 pm »

Hmm, Seagates could be good, I'm thinking from what I've seen that IDE may be better overall, but that's just the general way I'm leaning. Of course Seagates have SATA as well as external USB...but with a 5 year warranty they must be pretty certain they'll last. I don't think I've ever had a hard drive able to withstand 5 years of abuse from me!

News: