I first noticed that WinXP had virus days ago. The desktop did not respond and the screen had some color bands. I found NTFS partition had an “X” label with GPARTED. It recommended me using chkdsk/F to repair it. Unfortunately, the chkdsk procedure only finished 50% and halted. I ran the second times chkdsk. It did not finished either. Then, GPARTED told me Windows XP partition was OK, no “X” label anymore.
But WinXP still halted after running some time. Worse, OPENSUSE(11.4) was also virus affected now.
Could you help me on how to identify the virus, how to remove it?
I have a lot of files on Windows XP. If only reinstall OPENSUSE can remove the virus is the best for me.
>
> freerjw;2401106 Wrote:
>> Hi,
>>
>> OPENSUSE(11.4) was also virus affected now.
>>
>>
>
> I go a bit further than Caf4926: IMPOSSIBLE !!! And not a bit
> impossible, completely impossible.
>
>
What I can imagine is, that the OP copied one or more infected files from
the windows installation to one of the openSUSE partititions and if you then
run a antivirus CD (there are several linux based out there which can also
scan the linux partitions) it will of course tell you correctly that it
found infected files in your openSUSE. Of course that does not mean that the
GNU/Linux system itself is infected but can easily lead to misunderstandings
for someone who is new to that.
–
PC: oS 11.4 64 bit | Intel Core i7-2600@3.40GHz | KDE 4.6.0 | GeForce GT 420
| 16GB Ram
Eee PC 1201n: oS 12.1 RC2 64 bit | Intel Atom 330@1.60GHz | KDE 4.7.2 |
nVidia ION | 3GB Ram
Hi,
Thanks. It also surprises me. Could you help me on these facts?
There has been two times that GPARTED halted before arriving at hard disk scan.
One time OPENSUSE halted with spread color rectangle on screen.
The deskptop was totally dead. The keyboard did not respond, including CAPS and Num key.
These never happens before.
On XP, I once tried to restore system. (This HP PC has a reserved hard disk space making several restore points in case of system reversal). The bizzarre thing is that there was no prior restore points! I clearly remember I have made a restore point month ago. It desactive restore function at a check box option. When active the restore option, it only has one hour prior restore. This is absolutely strange to me.
Now even though I modify hard disk with GPARTED to dual boot. The boot menu does not show up. It directly goes to Windows XP. That is, I cannot go to OPENSUSE. I don’t know what happens to the system. Thanks.
One thing that occurs to me is that this might be early warning symptoms of hardware failure if you’re having system freezes on both openSUSE and XP. How old is your system, and are the two operating systems on the same hard drive?
You might consider using a live disk like Parted Magic and running some system tests. Your hard drives and ram are both two good places to start. Just running a live disk can help determine if it’s hardware or software issues.
Before I do the hardware test, I would like to tell you the new phenonminon. Although I use GPARTED set hard disk ext partition as boot, it always boots from Windows XP. Then, I see that both Windows XP and hard disk ext (lba) labeled as boot. This never happens before. Only one of Windows XP or lba can be boot.
It used to display BIOS text after cold start. Now it shows some TEXT, simple color HP and Intel logos (I did not see these logos never before), then directly goes to XP or safe mode select. No dual boot menu.
This PC is 6 years old, PC3200 SDRAM 2.5GB, 3.2GHz Intel CPU Pentium 4. It runs good before this problem appears.
On 06/11/11 22:56, freerjw wrote:
>
> Hi,
>
> Now even though I modify hard disk with GPARTED to dual boot. The boot
> menu does not show up. It directly goes to Windows XP. That is, I cannot
> go to OPENSUSE. I don’t know what happens to the system. Thanks.
>
>
It occurs to me that you don’t actually know what you are doing.
And in common with other players here, I concur with their suggestion
that your hardware may be on the blink.
Backup what you can now to an external HD, using a Live CD.
And then start your messing with it
On 2011-11-07 02:36, freerjw wrote:
> Before I do the hardware test, I would like to tell you the new
> phenonminon. Although I use GPARTED set hard disk ext partition as boot,
> it always boots from Windows XP. Then, I see that both Windows XP and
> hard disk ext (lba) labeled as boot. This never happens before. Only one
> of Windows XP or lba can be boot.
Try leaving only the extended partition as bootable. Any good partitioner
can do that.
–
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)
This is neither a phenomenon nor is it in any way surprising. Not being in front of you machine I cannot check for everything but the following suggestions apply:
**First: **Probably you have a HP PC with a hidden “restore function” for your boot sector of XP. This was eventually triggered by you (do not know if you did any alterations on the BIOS). If this is the case, you may also set ext as boot partition, but this will be ignored because the routine of the HP restore program did remove every reference to grub (did run probably something like “FIXMBR” in Xp) the only boot manager you see now is the one of XP. Therefore, XP does not support nor recognize ext3 or ext4 partitions. Consequence: XP boots normally, openSUSE although there, is not “seen” any more by the system. If you wish to restore this you will have to restore GRUB boot manager. NOT a virus problem. You can also boot into an openSUSE system without working grub.
**Second: **
The “pictures” you see at bios startup is a setting in the bios. Maybe (and only maybe) you had a virus that damaged the flash bios overwriting it. Then maybe (maybe!) that triggered a “spare” bios that comes up if the first failes. This is normally thought to be done when you as a user perform a BIOS update and fail (not to leave you with a dead machine). In this case HP default settings apply. One of these is “full screen LOGO show” or similar. It tells the BIOS to hide the routines running (a lot of users of HP and other PCs think their PC is a washing machine and are “troubled” to see routines and RAM counts. It is a commercial thing to make people think "my good PC showed HP so a good PC - IS - an HP). If you feel comfortable with BIOS setting change you may enter your BIOS and change the “full screen logo show” on disabled. DO NOT DO THIS IF YOU ARE NOT SURE WHAT YOU ARE DOING!!!
**Third: **So, if your BIOS did revert to default setting and your machine in the meantime changed in RAM, Video card and other aspects, these setting will now fail. Because these settings refer to the original status, not to the machine as of today.
Your Opensuse partition is to a 99.999 percent probability perfect, virus free and safe. The 0.001 percent resting refers to you having installed software from uncontrolled sources outside of the repos.
A rootkit could be therefore the cause of your XP problem or a compromised flash BIOS. Run an offline antivirus from CD on boot (that is e.g. GDATA, F-Secure, Kasperskij, Bitdefender. Practically all these are written in Linux (just to make you understand why we think the machine is clean on the Linux side.
But the most important cause of a reversion to default setting is … a short circuit. If you have an intermittent short on your main board (like for a cold solder) then what happens is similar as if you set the jumper for “BIOS reset” to short. So it will revert to default settings. 6 years is a good time to think about a hardware change if this reproduces once everything is restored and checked. Also in this case, no virus there.
**Forth: **Once restored the Windows-data (you may clean, then backup the windows data you have, backup the Linux data you have) then you may erase the whole thing and do a new setup. Maybe it would be a good idea to choose openSUSE as main system and virtualise with KVM or Virtualbox the XP partition. Your do several clones of XP if you have the space and stay clean by installing new software first on the clone, proving it, and after a quarantaine to copy it on the XP system.
With the aspects of backup of the Linux data we can help you here if you use a life CD as Knoppix or Parted-Magic (which is a tool-CD even more complete than the Gparted one).
Conclusions:
don’t panic. Breath, think, only then…act
do a backup of your valuable data. The operating systems are available all times on CD / DVD. Your photos and emails or your beloved ones, your documents and contracts …not.
ask for help in backing up. We will try our best to help you here.
run an antivirus booting from CD / DVD - offline. Use a good one. If you have to create a DVD because you didn’t do it before, go to a friends PC with a known “clean system” there. Create it there, not on your PC.
ask who did sell you the PC if he/she it changed BIOS setting. Restore the original settings following the indications of who did this. Write up by hand what you are doing before doing it! Everything, EVERY TIME.
Have the original handbook for your BIOS ready BEFORE you begin to work.
run a test on your system RAM. Faulty ram can damage your OS and may trigger a virus like behavior. Don’t forget to touch the outer hull of your PC if you “have a look inside” to avoid static discharge.
Currently I do not see even a sure indication that you have a virus. Seems a flash BIOS problem or a RAM problem. If you are not comfortable in handling hardware problems and you find RAM is faulty on test, seek someone who has sound hardware experience…or pay for professional help.
Good luck, we are here to help in case of further questions.
While your advice may be of the utmost interest to any MicroSoft Operating Systems user, these Forums are not about those users. When you carefuly read this thread you posted in, you will see that we try to understand and help the OP with what is going on on his system from the openSUSE side of his installation. I guess he is aware of the fact that by having also XP on his system, he is threatened by many insecurities. I guess he is also aware that for doing something about his XP security, he should go elsewhere.
In any case, we see any advice on ho to manage an XP system, how usefull they may be, as off topic on these Forums.
You are of course welcome to contibute here with you knowledge and/or questions about Linux in general and openSUSE in particular (though your Avatar is a bit of a challenge )
if there is nothing u can do at that moment, use livecd copy all ur documets, music, whatever u need and do a low-lever-format than install everything again. But these time do backup o it will save ur time later on …
Good Luck!
Again, no hard feellings. But we (that is caf4929 and others) think that it is as usefull as Seatbelts in an Airplane. Recommended by professionals, but having no connection at all with what these Forums are for.
>
>Thanks for your advice.
>
>Before I do the hardware test, I would like to tell you the new
>phenonminon. Although I use GPARTED set hard disk ext partition as boot,
>it always boots from Windows XP. Then, I see that both Windows XP and
>hard disk ext (lba) labeled as boot. This never happens before. Only one
>of Windows XP or lba can be boot.
>
>It used to display BIOS text after cold start. Now it shows some TEXT,
>simple color HP and Intel logos (I did not see these logos never
>before), then directly goes to XP or safe mode select. No dual boot
>menu.
>
>This PC is 6 years old, PC3200 SDRAM 2.5GB, 3.2GHz Intel CPU Pentium 4.
>It runs good before this problem appears.
>
>
>Thanks again.
BIOS corruption?! Yikes!! You need another machine to diagnose the
pieces of the infected/damaged one. Remove every hard disk and individually do {
install them in and external case, scrub them all with clam av
run fsck on every partition, no exceptions (use a Parted Magic live CD
as necessary).
repeat until clean. } enddo
Before installing the hard disks, reflash BIOS from floppy if you can.
Test RAM thoroughly, say 24 hours of memtest.
When you have clean results from all the above re-assemble and test.
