Junkie virus

Discussion in 'NOD32 version 2 Forum' started by UncleFester, Jul 12, 2005.

Thread Status:
Not open for further replies.
  1. UncleFester

    UncleFester Registered Member

    Joined:
    Jul 12, 2005
    Posts:
    6
    Longtime NOD32 user, first time poster

    Have Maxtor 80Gb HD, 1 partition, only HD. XP Home, SP2.
    NOD32 tells me "MBR sector of the 1. physical disk contains virus Junkie."
    I'm aware that Junkie affects .com & .exe files, but until I remove it from the MBR, there's no point re-installing. After much Googling I'm none the wiser. Please help.

    Regards Greg
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Greg, welcome to Wilders.

    With this issue can you please send an email to support@nod32.com and place a link to this thread.

    We would appreciate if you could keep us in the loop with your progress, as we all learn this way…

    Cheers :D
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    To remove viruses from the boot and MBR sectors, you'll need to use NOD32 for DOS.
     
  4. UncleFester

    UncleFester Registered Member

    Joined:
    Jul 12, 2005
    Posts:
    6
    Hey Mark
    I re-booted to "Safe Mode with Command Prompt", upacked & installed "noddosen", ran NOD32DOS with various /s+, /scanboot+, /scanmem+, /doboots, but it keeps coming up with the line "MBR and boot sector - not tested on WinNT/2000 platform" and continues with the file scan. Is there something in the WINXP or Nod32DOS setup that I'm doing wrong?

    Regards Greg






    On Wed, 13 Jul 2005 00:50:01 +1000, Marek <zeman@eset.sk> wrote:

    Hi Greg,

    since Windows denies access to crucial system areas, it's necessary to boot
    to DOS and use NOD32 for DOS to clean the MBR sector of your disk.





    Best regards,

    Mark


    Eset
    Technical Support
    Slovakia

    Web: www.eset.com
    Email: support@eset.com

    =========================================
    NOD32 ... protecting digital worlds!
    =========================================
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You'll need to create a bootable Win9x diskette and boot from it. It's not possible to use NOD32 for DOS to clean the boot / MBR sectors in Safe mode.
     
  6. UncleFester

    UncleFester Registered Member

    Joined:
    Jul 12, 2005
    Posts:
    6
    I cold-started with the WIN98 boot-disk from my other machine & it doesn't
    see the NTFS HD (C in WIN98 boot is a RAMdrive) Without re-learning
    config.sys & autoexec.bat (which I don't want to do) the only way I can see
    to fix the problem is to re-format & install WINXP. Any ideas?

    Regards Greg
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I reckon there are command fixboot and fixmbr available in the Windows XP recovery console. Have you tried that?
     
  8. UncleFester

    UncleFester Registered Member

    Joined:
    Jul 12, 2005
    Posts:
    6
    Sorry, have WINXP Home, not PRO
     
  9. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    That's OK. You can still get to the WinXP Recovery Console with WinXP Home. The procedure is the same for Home and Professional...

    Boot to the WinXP CD. After it loads, you will be given the option to repair using the Recovery Console. Hit "R", and you will be taken to a black command line environment. It will ask for your Administrator password. If you do not have one, just hit Enter.

    Once you get there, you can type in help for a list of the available commands. If you want help on a particular command, just follow it with "/?"; for example, fixmbr /? .
     
  10. UncleFester

    UncleFester Registered Member

    Joined:
    Jul 12, 2005
    Posts:
    6
    Hey Alglove

    Your detailed instructions seemed to have worked! I did the windows
    recovery thing (fixmbr) & shut the machine down, to clear RAM. Started
    it up again & ran NOD32 & it came up clean. I then ran several other
    programs one at a time (in between shutdowns) to see if they had been infected and they came up clean too! Thank you very much.
    Regards also to Marcos, Marek (same guy?) & Blackspear for making my transition from ignorance to knowledge an easier path.

    Regards Greg

    ps If the virus rears it's ugly head again, I'll be back
    pps Wilders is now happily bookmarked
     
  11. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    Yes, same guy... :D
     
Thread Status:
Not open for further replies.