1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Formatting hard drive. How?

Discussion in 'Virus & Other Malware Removal' started by Firehorse66, Dec 11, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Firehorse66

    Firehorse66 Thread Starter

    Joined:
    Nov 26, 2003
    Messages:
    13
    Please can someone tell me step-by-step how to format a hard drive?

    Thanks very much.
     
  2. pyritechips

    pyritechips Gone but Never Forgotten

    Joined:
    Jun 2, 2002
    Messages:
    26,907
    First Name:
    Jim
    Hello:

    That depends on what operating system is now in the computer and what OS you want to install afterwards. I would recommend using the W98se boot disc but that wont work on an NTFS formatted HDD. Let is know what was on it and what you plan to install after formatting.
     
  3. Firehorse66

    Firehorse66 Thread Starter

    Joined:
    Nov 26, 2003
    Messages:
    13
    At the moment windows ME is on the hard drive. There is also a virus and we are doing a virus check to find out which one. The previous virus check with housecall said this one cannot be removed so hence the format. We have the windows me disk but is that all we need to reload? After reformatting, what exactly are you left with? As we need to make sure we can get the pc up and running again.
    Thanks for your help.
     
  4. Firehorse66

    Firehorse66 Thread Starter

    Joined:
    Nov 26, 2003
    Messages:
    13
    We have found out that the virus we have is TROJDLOADER.DZ. Any ideas?
     
  5. pyritechips

    pyritechips Gone but Never Forgotten

    Joined:
    Jun 2, 2002
    Messages:
    26,907
    First Name:
    Jim
    Do not format just yet!

    Trojans are not usually a reason to wipe your drive. Wiping your drive will do just that. Nothing will be left on it. I think the best way to proceed is to download HijackThis, do a scan and generate a log and post it back here. In the mean time I wil request that the moderators have this thread moved to the security forum where it will receive better attention.
     
  6. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    Are you sure you are spelling it correctly? I can't find anything on that name by doing a Google search. Nor anything on Symantec's site.
     
  7. pyritechips

    pyritechips Gone but Never Forgotten

    Joined:
    Jun 2, 2002
    Messages:
    26,907
    First Name:
    Jim
  8. Firehorse66

    Firehorse66 Thread Starter

    Joined:
    Nov 26, 2003
    Messages:
    13
    I have the log here from Hijack This. I hope this helps. Thanks again.

    Logfile of HijackThis v1.97.7
    Scan saved at 11:19:53 PM, on 11/12/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.E

    C:\PROGRAM FILES\CREATIVE\AUDIO\PROGRAM\CTMIX32.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\WINDOWS\SM56HLPR.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\NAVPMC\NAVPMC.EXE
    C:\PROGRAM FILES\E-COLOR\TRUE INTERNET COLOR\TICICON.EXE
    C:\PROGRAM FILES\AOL 7.0\AOLTRAY.EXE
    C:\PROGRAM FILES\CAPLIO RR30\RGATEL.EXE
    C:\WINDOWS\SYSTEM\RES
    C:\PROGRAM FILES\AOL 7.0\WAOL.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\TEMP\TD_0003.DIR\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesten.com/main/sp.php
    R1 - HKCU\Software\Microsoft\In
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesten.com/main/sp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://thesten.com/main/sp.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thesten.com/main/hp.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.topsearcher.com/search.htm

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesten.com/main/sp.php
    F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe hpfsched
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKL
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
    O4 - HKLM\..\Run: [Register MediaRing Ta

    O4 - HKLM\..\Run: [Register MediaRing Talk] C:\Program Files\MediaRing Talk\register.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 -
    O4 - HKCU\..\Run: [cpntmgc] C:\WINDOWS\navpmc\NAVPMC.EXE
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDHTML_1024.dll,InstantAccess
    O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe
    O4 - Startup: SonnReg.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe
    O4 - Startup: Colorific.lnk = C:\Program Files\E-Color\Colorific\hgcctl95.exe
    O4 - Startup: True Internet Color Icon.lnk = C:\Program Files
    O4 - Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
    O4 - Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
    O4 - Startup: RICOH Gate L.lnk = C:\Program Files\Caplio RR30\RGateL.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {D27CDB6E-AE6D
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
     
  9. Firehorse66

    Firehorse66 Thread Starter

    Joined:
    Nov 26, 2003
    Messages:
    13
    By the way...the computer in question (not the one I am writing from) is stuck in 640x480 16 bit colour and so images are difficult to see and the user is unable to change it back for some reason. I don't know if this is related to the problem but it is a problem nonetheless.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/186512

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice