BTW have you disabled the virus protection in the BIOS? If you are trying to install an os or even a OS upgrade the BIOS virus protection will cause you grief. try that!

GL
Mntsnow http://www.sysopt.com/forum/smile.gif

HI, everybody! You may have a defective memory module. When you try to install windows, it trashes the hard drive. Replace the memory module and try to install windows.

Cpu virus protection is turned off in bios.

When you start up 95 and run virusscan it keeps telling me i have some virus called junkie in ram and that it has removed it from the ram.Only catch is it keeps coming back and my harddrive is clean so i've no idea where it's hiding.

Ok. What brand is your HD? You need to go to that website and get the LLF utility (Low level format). This takes some skill. There are viruses that stay in the bootsector until post finishes, then load into memory. They are begun with the powering on of the system, and are very hard to get rid off. A friend on www.tweakit.com 's board informed me of a way to get them off. Whether you have this or not, im not sure. He got rid of them by doing the following:

1) Make a bootdisk with the llf utility on it, and any necessary boot files. Test it on a different computer to see if it is bootable.
2) Disconnect the power from the hd, but leave everything else on. Then boot up the system. NO hd, no ability for it to boot into memory. This is the key. Have the floppy in, and it should boot to the floppy. Then begin the LLF utility, the last step before you LLF the drive, plug the power in.
3) Complete the LLF utility, and see if it works.

This worked for thie friend. I dont think it will hurt the drive.

Brushfire

A friend of mine got hold of a motherboard and chip from a friend of a friend's friend so it's been around a bit http://www.sysopt.com/forum/smile.gif

When i went to install windows the command.com and the boot sectors of the floopy's kept getting infected with junkie virus.
I cleaned out the hard drives and the floppies but the virus is still getting detected in ram every time the systen is booted.Any idea where the virus is hiding and how i get rid of it?

Seagate makes a good, quick low-level formatting utility that can work on many drives, but it is always best to get the one from your drive manufacturer. Low-level formatting can also ruin a drive, be sure to follow all directions.

Remember, if you are really dealing with a virus here then any write enabled disks that you have used on the system may now be infected.

Hurt, here's what Symantec has to say about the junkie virus:

Junkie is a virus that infects .COM files, the DOS boot sector on floppies, and the master boot record (MBR) on the first physical hard disk (drive 80h, the C: drive). The file form of Junkie does not become memory-resident. It simply checks the MBR or floppy boot sector for infection. If the sector is not infected, the virus infects the drive and returns control to the infected host file. The file form of the virus also contains code to target and remove the anti-virus TSR (VSafe), shipped with MS-DOS 6.x, from memory. The virus code is two sectors in length and reserves 3K of memory. Thus, on a 640k machine, MEM would report 637K and CHKDSK would report 652,288 bytes of free memory.

The virus body is stored and encrypted on 2 sectors, starting at side 0, cylinder 0, sector 4 of the hard drive.

When the system is booted from an infected drive, Junkie loads into the top of memory and decrypts itself. From memory the virus infects .COM files as they are executed or loaded. It contains code to bypass virus monitoring software.

Infected files grow by a variable length just over 1K. Since Junkie has neither intermediate nor advanced stealth capability, file growth is clearly visible. File times and dates are not changed.

Junkie contains two messages, which are encrypted along with the virus body and thus not visible in files or disk sectors.

They are, however visible in memory:


Dr White - Sweden 1994
Junkie Virus - Written in Malmo

The virus decryptor is not polymorphic. It does contain four variable data bytes. These variables are two words: One represents the location to start decryption. The other is a variable key.

http://www.symantec.com/avcenter/venc/data/junkie.html

Due to what that says, I agree that low level formatting is your best bet. That sucks, I know from experience. I got the stoned empire monkey virus before...

Ryan VanderMeulen
rvand@sirus.com

It appears what i have said above is somewhat correct. Just make the bootdisk on a different computer, and put the little switch on the floppy to write protect, then go at it. Kill that sucker. Post with results.

Btw, there is a LLF utility within most bios', however i strongly reccomend not using it with any IDE hd. It was designed for Older SCSI drives, and can really screw your drive. Can you say RMA#?? Anyways, any LLF utility that you get from the drive manufacturer should NOT screw up the drive. If it does, you have the complete right to get angry with them. http://www.sysopt.com/forum/smile.gif

Feel free to email me if you need some more help.

Brushfire
b54321@hotmail.com

[This message has been edited by Brushfire (edited 04-18-99).]

Sounds exactly like what it is.

Thanks.