PDA

View Full Version : Virus? NTLDR missing, OE folders empty, DOC's gone



grambo
03-12-2003, 01:08 PM
I suspect my clients PC has just been wiped out by a virus but we cannot identify which one. System is running Win XP Home, NAV (up to date as of Sat 29/11/03).
When booting up yesterday morning 1/12/03 had message "NTLDR is missing". Have since booted okay from floppy. Now he has a system with;
Most desktop icons gone, Start Menu items gone (Menu/Sub Menu still there), NAV disabled (NVMain has disappeared), OE mail folders empty, most document type files gone.
NAV cannot be reinstalled, CD has been misplaced.
Ran virus scan with AVG 6.? and also MCAFEE online utility. No virus detected.
Something is very wrong with this system. Any suggestions would be appreciated.
Cheers
Graham

antmannz
03-12-2003, 02:03 PM
Delete the Windows or WinNT folder and reinstall.

somebody
03-12-2003, 02:06 PM
Try looking up the Virus Encyclopaedia on Symantec's website (securityresponse.symantec.com from memory).

whiskeytangofoxtrot
03-12-2003, 02:31 PM
I hope you aren't getting paid for this.

grambo
03-12-2003, 02:32 PM
A slightly heavy handed approach at the moment. Exactly what I would do if it was one of my systems, but not the case this time. Thanks for the response.

Pheonix
03-12-2003, 02:57 PM
Sounds like you have come in a a new user profile. Depends if you used NTFS or FAT32 to what you can do. FAT32 is a lot easier to recover from than NTFS.
I hear that booting up using the PC world CD that had Knoppix on it, will enable you to see the different folders in NTFS.

mark.p
03-12-2003, 03:20 PM
The filerecovery disk at http://bootdisk.com/bootdisk.htm may help you just want a gander at the hdd setup.

Chilling_Silently
03-12-2003, 04:00 PM
Chances are somebody was browsing the C: drive and saw the files.. DIdnt know what they were and removed them. Chances are you just need a replacement!

You can nick any ntldr from an XP machine and it should suffice if yours has gone missing.

Linux can now read and write to NTFS drives too!
See http://linux.warcry.com for some info.

Hope this helps


Chill.

Chilling_Silently
03-12-2003, 04:11 PM
Chances are somebody was browsing the C: drive and saw the files.. DIdnt know what they were and removed them. Chances are you just need a replacement!

You can nick any ntldr from an XP machine and it should suffice if yours has gone missing.

Linux can now read and write to NTFS drives too!
See http://linux.warcry.com for some info.

Hope this helps


Chill.

grambo
03-12-2003, 05:55 PM
Thanks for the replies so far.
I should of included a bit more information in the original post.
1. Booted from floppy containing ntldr, ntdetect & boot.ini
2. Copied these to C:\ and can now boot from HDD
The main concern now is;
1. NAV has been nuked (NVMain gone).
2. Document type files have gone. All folders still exist but are empty.
3. OE folders are empty.
Seems to be a virus but unable to identify so far. Symantec virus encyclopedia no immediate help because I do not have the virus name.
I know what damage it can cause, well some of it at least! Of course
the another option is a carbon based virus but I can't really believe anyone could actually do that much damage on their own system.

Pheonix
03-12-2003, 06:06 PM
How about trying to recover those files lost to view (but never forgotten?)

A couple of good ones are disk investigator (http://www.theabsolute.net/sware/dskinv.html) and PC inspector (http://www.webattack.com/get/pcinspector.shtml)

Chilling_Silently
03-12-2003, 06:07 PM
Scan with http://www.housecall.antivirus.com
Or goto:
http://www.my-etrust.com/microsoft/

Free for a year :-)

Jen C
03-12-2003, 06:13 PM
>the another option is a carbon based virus

What a great description of the human contribution to computer problems :^O

Have you considered trojans? Not all antiviral software program will detect them. Try one of these:

Swat It (http://swatit.org/download.html)

Simply Super - Trojan remover (http://www.simplysup.com/tremover/download.html)

whiskeytangofoxtrot
04-12-2003, 09:49 AM
So if this is your "client" you are working for, do all the people posting here get a cut of whatever you're charging?

After all they are providing the fix for you...

Chilling_Silently
04-12-2003, 10:04 AM
> So if this is your "client" you are working for, do
> all the people posting here get a cut of whatever
> you're charging?

Oooh.. Goody!

Do I get extra coz I posted x3?

]:)

grambo
04-12-2003, 12:19 PM
You're on to it. I was beginning to wonder why you have done some many posts. The cheque is in the mail!
Yes I do get paid sometimes for the work I do. I mow lawns, paint fences, refurbish school furniture, fix PC's, almost anything for a few bucks. My company, (established in 2003) will be providing Accounting services for small businesses in 2004 when I have completed the setup.
If I was getting paid for a job and used a resource on the internet to complete that job, should I feel any obligation to share that remuneration with the original source of that information. I think not! Not quite, there would be a few exceptions.
Back to the problem, yes it was a Trojan. The Win XP is almost totally trashed and the 'client' (doh! ...friend) has got recent backups so I have recommended a full reinstall. Ooops, I owe someone some money for that because it was suggested in an earlier post in this thread.
Thanks to everyone who posted. My payment to you is that I will also contribute to PressF1 when I feel I have something 'useful' to post.

antmannz
04-12-2003, 01:29 PM
Ahem ..... "Hello" <smiles and waves> :) :) :)

grambo
04-12-2003, 01:55 PM
Point taken Ant...