Prev: SQL backup corrupted or unreadable
Next: The area for the questions is blank
From: John John - MVP on 9 Jul 2010 15:15
You're welcome.

John

Russ wrote:
> Thanks folks.
>
>
>
> On Fri, 09 Jul 2010 16:06:40 -0300, John John - MVP
> <audetweld(a)nbnet.nb.ca> wrote:
>
>> Russ wrote:
>>> I managed to pick up a nasty Cryptic trojan horse and all my attempts
>>> to scan the drive with updated software have failed. I think this
>>> thing has got my internet connx locked up pretty well. I figured I
>>> would format my C drive after saving most of my data. Now when I give
>>> the command to format via Win Explorer or My Computer, I get the
>>> following msg:
>>>
>>> Windows cannot format this drive. Quit any disk utilities or other
>>> programs that are using this drive, and make sure that no window is
>>> displaying the contents of the drive. Then try formatting again.
>>>
>>> I tried to stop any programs using task manager, but then lost my
>>> other icons so I could not start up Win Expl or My Computer. Any help
>>> would be appreciated.
>> You are asking Windows to commit suicide... it won't do it! Boot the
>> computer with your Windows XP CD and select to install Windows, when at
>> the disk and partition selection screen you will be offered the
>> opportunity to format the drive.
>>
>> John
From: Paul on 9 Jul 2010 15:33
Russ wrote:
> I managed to pick up a nasty Cryptic trojan horse and all my attempts
> to scan the drive with updated software have failed. I think this
> thing has got my internet connx locked up pretty well. I figured I
> would format my C drive after saving most of my data. Now when I give
> the command to format via Win Explorer or My Computer, I get the
> following msg:
>
> Windows cannot format this drive. Quit any disk utilities or other
> programs that are using this drive, and make sure that no window is
> displaying the contents of the drive. Then try formatting again.
>
> I tried to stop any programs using task manager, but then lost my
> other icons so I could not start up Win Expl or My Computer. Any help
> would be appreciated.

It's going to be pretty difficult, to format the partition that the
OS is currently running from. Is that what you're trying to do ?

If you want to erase the disk, you can use some other stand-alone tools
for that. DBAN from dban.org will erase an *entire* drive. You can also use
a Linux LiveCD and just erase the MBR sector, and that would
effectively destroy *all* partitions at the same time, on that
disk.

Before following any of that advice, what is your situation ?
Do you want to "format C:", while preserving D:, E: which are
still on the same physical disk ? That is a different issue,
than finding a way to erase the entire disk. If there is data
to be preserved, you'd have to be more selective in the tool
used.

But if the thing you're attempting to format, is the partition
you're booted from, I would expect the OS to complain about
that :-)

Tools like GParted, can function like a standalone partitioning
tool. There is a LiveCD version available. I'm not completely
comfortable with this tool, due to some of the things it prints
in its status screen, but it is an alternative. Because it boots
its own OS, it isn't dependent on WinXP at all. It can handle
FAT32 or NTFS. I could probably manage to format a single
partition with this, using their LiveCD.

http://gparted.sourceforge.net/screenshots.php

*******

Also, just for fun, you can use an offline scanning tool, to avoid
the issue of the malware beating you. If you have a tool for
burning ISO9660 files to make a bootable CD (like Nero, Imgburn etc),
you can prepare a scanning CD with this file. When this CD boots
on your computer, it'll use DHCP to get an IP address from your
high speed ADSL or cable modem, then connect to Kaspersky and
get ~10MB of virus updates. (Make sure your high speed modem
is already running and logged in, because the scanning CD has
no browser for you to use, to control networking equipment. It
won't be able to get virus updates, unless it can reach the
Internet after it boots.)

Then, it will offer to scan your partitions. The drive lettering
shown in the menu, aren't real "drive letters". If you cannot figure
out which partition is C:, just tick all of them. (Unplugging any
extraneous data disks, before booting this CD, will cut down on
the amount of stuff you'd need to scan.)

http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk10/

I've tested that tool, and it detects the "EICAR test file" I
copied to C:, but since I don't have any real malware on here
(at least, none I'm aware of), I haven't had a chance to see
how it responds to a real threat. The advantage of the offline
scanning tool, is WinXP is not running at the time, so the
malware cannot upset operation of any tools as a result. The
above CD might use Linux Gentoo as the boot OS, and that is
what is running while the scan is taking place.

http://en.wikipedia.org/wiki/EICAR_test_file

One danger with such scanning tools, is what happens when the
tool "quarantines" a virus file. In some cases, tools like this
have been known to move the file to a RAM disk the Linux OS is using.
And then, when you reboot the computer, the quarantine folder is
lost. That can be an issue, if later you need to restore a
file that should not have been quarantined in the first place.

Paul
From: PA Bear [MS MVP] on 9 Jul 2010 16:42
See...

Cleaning a Compromised System
http://technet.microsoft.com/en-us/library/cc700813.aspx

Back-up any personal data (none of which should be considered 100%
trustworthy at this point) then format the HDD & do a clean install of
Windows. Please note that a Repair Install (AKA in-place upgrade) will NOT
fix this!

HOW TO do a clean install of WinXP: See
http://michaelstevenstech.com/cleanxpinstall.html#steps and/or Method 1 in
http://support.microsoft.com/kb/978307

After the clean install, you will have the equivalent of a "new computer" so
take care of everything on the following page before otherwise connecting
the machine to the internet or a local network (i.e., other computers) and
before using a flash drive or SDCard that isn't brand-new or hasn't been
freshly formatted:

4 steps to help protect your new computer before you go online
http://www.microsoft.com/security/pypc.aspx

Other helpful references include:

HOW TO get a computer running WinXP Gold (no Service Packs) fully patched
(after a clean install)
http://groups.google.com/group/microsoft.public.windowsupdate/msg/3f5afa8ed33e121c

HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a
clean install)
http://groups.google.com/group/microsoft.public.windowsxp.general/msg/a066ae41add7dd2b

Tip: After getting the computer fully-patched, download/install KB971029
manually: http://support.microsoft.com/kb/971029

NB: Any Norton or McAfee free-trial that came preinstalled on the computer
when you bought it will be reinstalled (but invalid) when Windows is
reinstalled. You MUST uninstall the free-trial AND download/run the
appropriate removal tool BEFORE installing any updates, Windows Service
Packs or IE upgrades AND BEFORE installing your new anti-virus application
(which will require WinXP SP3 to be installed).

Norton Removal Tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

McAfee Consumer Products Removal Tool
http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002


Russ wrote:
> I managed to pick up a nasty Cryptic trojan horse and all my attempts
> to scan the drive with updated software have failed. I think this
> thing has got my internet connx locked up pretty well. I figured I
> would format my C drive after saving most of my data. Now when I give
> the command to format via Win Explorer or My Computer, I get the
> following msg:
>
> Windows cannot format this drive. Quit any disk utilities or other
> programs that are using this drive, and make sure that no window is
> displaying the contents of the drive. Then try formatting again.
>
> I tried to stop any programs using task manager, but then lost my
> other icons so I could not start up Win Expl or My Computer. Any help
> would be appreciated.

From: Ben Stevenson on 11 Jul 2010 03:21
I believe first the HD has to be wiped clean. How to do that?

Thanks

"John John - MVP" <audetweld(a)nbnet.nb.ca> wrote in message
news:ubcDZn5HLHA.1016(a)TK2MSFTNGP06.phx.gbl...
> Russ wrote:
>> I managed to pick up a nasty Cryptic trojan horse and all my attempts
>> to scan the drive with updated software have failed. I think this
>> thing has got my internet connx locked up pretty well. I figured I
>> would format my C drive after saving most of my data. Now when I give
>> the command to format via Win Explorer or My Computer, I get the
>> following msg:
>>
>> Windows cannot format this drive. Quit any disk utilities or other
>> programs that are using this drive, and make sure that no window is
>> displaying the contents of the drive. Then try formatting again.
>>
>> I tried to stop any programs using task manager, but then lost my
>> other icons so I could not start up Win Expl or My Computer. Any help
>> would be appreciated.
>
> You are asking Windows to commit suicide... it won't do it! Boot the
> computer with your Windows XP CD and select to install Windows, when at
> the disk and partition selection screen you will be offered the
> opportunity to format the drive.
>
> John

From: Paul on 11 Jul 2010 04:06
Ben Stevenson wrote:
> I believe first the HD has to be wiped clean. How to do that?
>
> Thanks

I'm not going to test this right now, but you could try the
following, while Windows is running.

http://www.chrysocome.net/dd

dd if=/dev/zero of=\\?\Device\Harddisk0\Partition0 bs=512 count=1

and that would overwrite the MBR with zeros. Now your disk is "clean"
in the "no longer has partitions" sense. Is that what you want ?

You use the "dd --list" command first, to get the names of the partitions,
and select partition0 to be able to access the entire raw disk. Based
on the response from the --list option, you can tell whether you have
permission to do it or not. I can't overwrite my C: partition (I can tell
from the --list output that I'll get permission denied), but it
does look like I can blow away the MBR, because the entire raw disk
is accessible.

If you know how to run arbitrary programs from the command prompt, this'll
take no time at all to test. Erasing the MBR only takes a fraction of a
second. And yes, I've actually had to do this at least once, to get
a Windows installer disk to work. And it all worked fine, after the
MBR was erased.

The importance of the MBR, is why some users actually back up that
sector, in case of emergencies.

The program "TestDisk", can reconstruct the primary partition info,
and you could use "FixMBR" to put back the Windows boot code. So
in principle, you can also repair the damage I just did with the
dd command above. But using TestDisk, the operator has to judge
whether the answer coming back, makes sense or not. If you know
there are three partitions on the disk, and TestDisk
says there are four, then you know it didn't work right. So
using TestDisk to do repairs, works best if you know roughly
how the thing used to look.

If we don't hear from you, then I guess you managed to erase C: :-)

The only reason I'm suggesting this option, is the runtime for
DBAN is much longer, and it wouldn't be as much fun.

Paul

>
> "John John - MVP" <audetweld(a)nbnet.nb.ca> wrote in message
> news:ubcDZn5HLHA.1016(a)TK2MSFTNGP06.phx.gbl...
>> Russ wrote:
>>> I managed to pick up a nasty Cryptic trojan horse and all my attempts
>>> to scan the drive with updated software have failed. I think this
>>> thing has got my internet connx locked up pretty well. I figured I
>>> would format my C drive after saving most of my data. Now when I give
>>> the command to format via Win Explorer or My Computer, I get the
>>> following msg:
>>>
>>> Windows cannot format this drive. Quit any disk utilities or other
>>> programs that are using this drive, and make sure that no window is
>>> displaying the contents of the drive. Then try formatting again.
>>>
>>> I tried to stop any programs using task manager, but then lost my
>>> other icons so I could not start up Win Expl or My Computer. Any help
>>> would be appreciated.
>>
>> You are asking Windows to commit suicide... it won't do it! Boot the
>> computer with your Windows XP CD and select to install Windows, when
>> at the disk and partition selection screen you will be offered the
>> opportunity to format the drive.
>>
>> John
>
First  |  Prev  |  Next  |  Last
Pages: 1 2 3
Prev: SQL backup corrupted or unreadable
Next: The area for the questions is blank