Eliminating the NoInt virus from the MBR

[Mack]

A friend of mine owns a computer who's C: drive now has the MBR infected
with the NoInt virus ( an oldie but goodie if you will).

I was led to believe that the bootscan program (along with some associated
data files downloadable from McCafee) would enable a cleanup of this virus
from the MBR. One would basically boot from a clean boot floppy (generated
from an uninfected computer) and type the following command:
bootscan C: /boot /clean /nomem

That should then do the trick. Unfortunately the only thing this did was to
indicate that the C: drive was infected by the NoInt virus and that we
should check the partition sector. ????

Is there anyway to clean this virus from the computer? Is my friend going to
be forced to cut his losses, save whatever data is important from the drive
and reformat it?

 

[Buffalo]

From a 'clean' boot disk, I believe the command is fdisk /mbr .
Then I would run a free online virus scanner from one of these:
Online Antivirus scanners:
--------------------------
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.kaspersky.com/remoteviruschk.html
http://security.symantec.com/sscv6/default.asp
http://www.pandasoftware.com/activescan/activescan.asp
http://commandondemand.com/eval/index.cfm
http://www.ravantivirus.com/scan/ [See **]
http://www.bitdefender.com/scan/licence.php
http://www.pcpitstop.com/antivirus/default.asp
http://scan.sygatetech.com/prestealthscan.html

 

[Buffalo]

BEWARE:
I am talking about Win98. I don't know if this applies to other OS's.

From a 'clean' boot disk, I believe the command is fdisk /mbr .
Then I would run a free online virus scanner from one of these:
Online Antivirus scanners:
--------------------------
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.kaspersky.com/remoteviruschk.html
http://security.symantec.com/sscv6/default.asp
http://www.pandasoftware.com/activescan/activescan.asp
http://commandondemand.com/eval/index.cfm
http://www.ravantivirus.com/scan/ [See **]
http://www.bitdefender.com/scan/licence.php
http://www.pcpitstop.com/antivirus/default.asp
http://scan.sygatetech.com/prestealthscan.html

A friend of mine owns a computer who's C: drive now has the MBR infected
with the NoInt virus ( an oldie but goodie if you will).

I was led to believe that the bootscan program (along with some associated
data files downloadable from McCafee) would enable a cleanup of this virus
from the MBR. One would basically boot from a clean boot floppy (generated
from an uninfected computer) and type the following command:
bootscan C: /boot /clean /nomem

That should then do the trick. Unfortunately the only thing this did was to
indicate that the C: drive was infected by the NoInt virus and that we
should check the partition sector. ????

Is there anyway to clean this virus from the computer? Is my friend

going

to
be forced to cut his losses, save whatever data is important from the drive
and reformat it?

 

[Mack]

Thanks for the tip Buffalo.

I forgot to mention that the OS was Windows XP.

Isn't fdisk normally destructive though?

BEWARE:
I am talking about Win98. I don't know if this applies to other OS's.

From a 'clean' boot disk, I believe the command is fdisk /mbr .
Then I would run a free online virus scanner from one of these:
Online Antivirus scanners:
--------------------------
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.kaspersky.com/remoteviruschk.html
http://security.symantec.com/sscv6/default.asp
http://www.pandasoftware.com/activescan/activescan.asp
http://commandondemand.com/eval/index.cfm
http://www.ravantivirus.com/scan/ [See **]
http://www.bitdefender.com/scan/licence.php
http://www.pcpitstop.com/antivirus/default.asp
http://scan.sygatetech.com/prestealthscan.html

A friend of mine owns a computer who's C: drive now has the MBR infected
with the NoInt virus ( an oldie but goodie if you will).

I was led to believe that the bootscan program (along with some associated
data files downloadable from McCafee) would enable a cleanup of this virus
from the MBR. One would basically boot from a clean boot floppy (generated
from an uninfected computer) and type the following command:
bootscan C: /boot /clean /nomem

That should then do the trick. Unfortunately the only thing this did

was
to

indicate that the C: drive was infected by the NoInt virus and that we
should check the partition sector. ????

Is there anyway to clean this virus from the computer? Is my friend

going

to
be forced to cut his losses, save whatever data is important from the drive
and reformat it?

 

[Mack]

Sorry, I forgot to mention that the OS in question was Windows XP. I don't
think that fdisk is even present under this OS.

BEWARE:
I am talking about Win98. I don't know if this applies to other OS's.

From a 'clean' boot disk, I believe the command is fdisk /mbr .
Then I would run a free online virus scanner from one of these:
Online Antivirus scanners:
--------------------------
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.kaspersky.com/remoteviruschk.html
http://security.symantec.com/sscv6/default.asp
http://www.pandasoftware.com/activescan/activescan.asp
http://commandondemand.com/eval/index.cfm
http://www.ravantivirus.com/scan/ [See **]
http://www.bitdefender.com/scan/licence.php
http://www.pcpitstop.com/antivirus/default.asp
http://scan.sygatetech.com/prestealthscan.html

A friend of mine owns a computer who's C: drive now has the MBR infected
with the NoInt virus ( an oldie but goodie if you will).

I was led to believe that the bootscan program (along with some associated
data files downloadable from McCafee) would enable a cleanup of this virus
from the MBR. One would basically boot from a clean boot floppy (generated
from an uninfected computer) and type the following command:
bootscan C: /boot /clean /nomem

That should then do the trick. Unfortunately the only thing this did

was
to

indicate that the C: drive was infected by the NoInt virus and that we
should check the partition sector. ????

Is there anyway to clean this virus from the computer? Is my friend

going

to
be forced to cut his losses, save whatever data is important from the drive
and reformat it?

 

[Zvi Netiv]

Thanks for the tip Buffalo.

I forgot to mention that the OS was Windows XP.

Isn't fdisk normally destructive though?

NoInt is based on Stoned and is a really old boot infector (I think it's the
first one that used stealth). NoInt never got widespread which is why I would
suspect a false alarm. Especially since it's McAfee that claims finding that
virus, and on an XP from all platforms! That product is known for its BSI false
alarms.

Tell your friend to download IVINIT from www.invircible.com/iv_tools.php. When
on that page, he should also take the FreeDOS boot disk producer. He should run
IVINIT after booting of the FreeDOS boot disk.

If IVINIT does not find a virus then there is none and the alert is a false
alarm. If there is a virus in the MBR, then IVINIT will fix it.

Regards, Zvi

BEWARE:
I am talking about Win98. I don't know if this applies to other OS's.

From a 'clean' boot disk, I believe the command is fdisk /mbr .
Then I would run a free online virus scanner from one of these:
Online Antivirus scanners:
--------------------------
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.kaspersky.com/remoteviruschk.html
http://security.symantec.com/sscv6/default.asp
http://www.pandasoftware.com/activescan/activescan.asp
http://commandondemand.com/eval/index.cfm
http://www.ravantivirus.com/scan/ [See **]
http://www.bitdefender.com/scan/licence.php
http://www.pcpitstop.com/antivirus/default.asp
http://scan.sygatetech.com/prestealthscan.html

A friend of mine owns a computer who's C: drive now has the MBR infected
with the NoInt virus ( an oldie but goodie if you will).

I was led to believe that the bootscan program (along with some associated
data files downloadable from McCafee) would enable a cleanup of this virus
from the MBR. One would basically boot from a clean boot floppy (generated
from an uninfected computer) and type the following command:
bootscan C: /boot /clean /nomem

That should then do the trick. Unfortunately the only thing this did was to
indicate that the C: drive was infected by the NoInt virus and that we
should check the partition sector. ????

Is there anyway to clean this virus from the computer? Is my friend going to
be forced to cut his losses, save whatever data is important from the drive
and reformat it?