Virus help

PE SPACES.1445
PE CIH.1003

THese are the viruses found on my computer. How do I remove them? Thanks in advance.

BTW I use
www.housecall.antivirus.com

 

See this

 

PE SPACES.1445
This destructive Windows virus destroys the Master Boot Record (MBR) of the system hard disk if the current system date is June 1. Due to this, the virus also causes boot-up failure. It is memory resident and is capable of infecting both Windows 9x and Windows NT 4.0 systems.
See here or here.

PE CIH.1003
This destructive file infector inserts itself into the free space at the end of a PE file and in between the file as well. The change in file size is not noticeable. Once the virus is triggered, it overwrites the hard drive and destroys FLASH BIOS. The virus has three variants and each is triggered on a separate date. CIH V1.2 is triggered on April 26, CIH v1.3 is triggered on June 26 and CIH v1.4 is triggered when the current system date is 26. A system infected with PE_CIH v1.2, a message is displayed upon reboot. This virus only infects Windows 95/98 systems and does not affect Windows NT/2000 systems.
See here.

In short.....you're hooped. Are you having a hard time believing what is reccommended in your last post?

Daizy

 

Daizy - maybe just trouble understanding some of the jargon. If so,

KrAzXn your computer has been made inoperative and I wouldn't trust it to work reliably again until it is redone. Further repair attempts will just be a waste of your time and effort IMO.

Some data recovery MIGHT be possible. Some programs MIGHT work. If you were an expert and had very valuable data on there, it MIGHT be worth while trying to salvage. As it is, if you must have stuff from the system, I'd recommend paying a pro to recover what he/she could after warning about the infections you've been dealing with.

Otherwise, you must start from the beginning as follows (assuming you are going to reload 95/98/ME):

1. CIH has destroyed your BIOS chip. Gone. Zapped. Trashed. Must be replaced by a new chip before you do anything else. Either order one from the location given in your previous post (see brett's link for quick access to it) or take the PC to a good repair ship and tell them you were ruined by a CIH virus.

After completing this, move on to the next step.

2. SPACES has ruined your master boot record. The MBR is now infected and will remain so unless you:

a. Get a boot floppy made on a computer you know is not infected. 98/ME to match the OS you plan to load. Make sure it has support for your CD-ROM drive, format, and fdisk available.

b. Set the floppy's write protect tab/slide so it cannot be written to.

c. Boot from the floppy and run
fdisk /mbr
which should force a new, clean master boot record onto the hard drive. DO NOT reboot at this point. DO NOT.

d. fdisk again and partition the disk to suit yourself. I would for sure repartition even if the end result is identical to what you have now.

e. Reboot now and format your hard drive. Then load the OS normally.

f. Destroy (or disinfect if you prefer but I wouldn't mess with it unless there was critical data) your current floppy disks except the write-protected one you booted from. Don't try to copy the data from them to anywhere unless the anywhere has current AntiVirus software running. Even then, you will get uninfected/disinfected files copied to the hard disk but they may well have been trashed already and be useless.

 

Uh oh!
I certainly didn't mean my comments maliciously. I just wondered if KrAzXn was trying to seek other opinions. Terribly sorry if I worded that poorly.

Daizy

 

I will say one thing here folks.

I sure have learned A LOT from being involved here.

But at the same time hope that I never have to use what I have learned.

BillyBob

 

Perhaps KrAzXn got double lucky and the virus payload hadn't triggered yet. (26th of the month bug) and also maybe he doesn't have flash bios. Then the spaces bug is a June 1 thing, so with a good ration of double luck, he may have just detected them in the dormant state.

At any rate, he's probably busy trying to get it back in shape and that may explain why he hasn't been back.

We wish him the best and look forward to a progress report.