GSteven said:
Vanguard,
See answers below....
I've tried looking for fw update to no avail. It seems the drive is
old enough to be hard to find anything on.
This is true but highly coincidental and suspicious that it chose
to do so at the moment of infection.
yes, attempts to spin up 5 times then stops.
yes
Since the CD-ROM drive works mechanically and is reported in the BIOS
POST mass storage device table, it is most peculiar that you cannot boot
with it assuming that you truly used a bootable CD to test it. No
operating system is loaded at that point so nothing infected within it
would be affecting the use of your CD-ROM drive as a bootable device.
You sure the BIOS has the CD-ROM drive listed in the boot drive sequence
(drive A:, CD-ROM, hard drive)? There is the possibility that you have
a virus in the MBR's bootstrap code (first 460 bytes of the first sector
of the first physical hard drive detected by the BIOS). In that case,
boot using the CD-ROM drive, if possible, since the MBR bootstrap code
won't get ran, using the Windows XP install CD and go into Recovery
Console mode (the first Repair option) to run FIXMBR. There are hazards
with using FIXMBR (the boot virus might reposition and alter the format
of the partition table in the MBR), especially if you are infected, so
save a drive image first of your OS and data partition(s). If the
problem is a boot sector virus (infects the first sector of the active
primary partition usually used to load an OS) then run FIXBOOT to
overwrite the partition's boot sector. Obviously you want to use
Windows XP's FIXBOOT only on the partition where Windows XP is the
controlling OS.
Maybe this is a really old system (over 4-5 years) which doesn't support
booting from the CD-ROM drive. In that case, you will need to use a DOS
bootable floppy that loads the CD-ROM driver in config.sys and
mscdex.exe in autoexec.bat so the ATAPI device gets supported by its
driver. You can get bootable DOS images at
http://www.bootdisk.com/
which, I believe, include generic drivers for CD-ROM drives.
Also, please configure AVG to *not* append its promotional signature
onto your posts. It is considered spam. Since you shouldn't be
appending attachments to your posts (or can't because the NNTP server
will then discard your post), your use of an anti-virus program in a
non-binary newsgroup is irrelevant and considered spamming of AVG. You
want to look like you are some affiliate of theirs promoting their
product?
As far as it being coincidental that the CD-ROM drive failed when the
virus hit, that would really only apply if the problem was trying to use
the CD-ROM drive when you actually had loaded the infected OS or used
the infected file(s) under that OS. Not being able to boot from the
CD-ROM drive is a hardware failure, a BIOS setup misconfiguration if
booting from CD-ROM drive is supported, or an "update" of its firmware
since nothing of the OS or infected files would be loaded when trying to
boot from the CD-ROM drive.
Also, sometimes friends, family, and coworkers really do not tell you
the whole story, either. Maybe the CD-ROM drive failure occurred at the
same time as the virus detection (but remember that your friend didn't
know about the infection until sometime AFTER getting infected, and why
is your friend getting infected?). Maybe your friend really didn't
install any new software as they claim between when it worked and when
it failed. I've had lots of users claiming their system was just like
before but then I find lots of changes and they'll respond, "Oh, yeah,
that. I forgot or it shouldn't matter." Getting the real story
requires digging past their egos or prodding their memories, or you
digging inside to see what really changed since then.
