Please Help - I have been infected!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

unkellsam

Thread Starter
Joined
Jan 13, 2006
Messages
8
Hi,

The other night I when I left my computer on overnight and checked it in the morning the screen was blank, meaning that it crashed on its own. when I restarted the computer it would not log on to windows and after "verifying DMI pool where it should be displaying the windows bootscreen it's now locking up and displaying "Y∞Y∞" on screen.

I don't know much about boot sectors and all but I'm guessing that this is some kind of virus that messed with my MBR. I luckily have 2 HDs so I am logged on to windows through my secondary one and have checked the damaged HD and all of the files all still there.

I have scanned both hard drives with Norton, NOD32, and PC-Cillin, all with the latest updates, and none of them found anything of significance. I have also used the XP CD to run FIXBOOT and FIXMBR - neither of those fixed the problem. I have also tried to reinstall windows but that will not work since the installation needs to restart the computer after preparing the files, and when it does I am greeted by the "Y∞Y∞" and the setup, therefore, cannot continue. I have also run CHKDSK on the drive and set it to repair problems but I get the same result when I try to boot from that harddrive.

The closest virus description I have found to mine is the YOYO.1271 which is given the following description:

It is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are accessed. On accessing to the files with name extension: TXT, DOC, 1ST, ME?, the virus appends to the end of file 50 data bytes.

From 3rd till 8th of January the virus calls trojan subroutine. It writes trojan code to the MBR sector of hard drive and "hang up" the computer. The trojan code in MBR sector on next reboot erases the CMOS memory, decrypts and displays the message:
I and the public know What schoolchildern learn Those to whom evil is done Do evil in return

Although the message displayed on my computer is different from the description, The date the crash took place matches exactly - January 8 or 9.

I have also heard of YOYO.1271-B which is a boot virus and YOYO.1271-C but I could not fid any descriptions of the symptoms. I found two cases of the same problem posted:

http://www.betabulletinboard.com/forum/index.php?showtopic=2964

http://p216.ezboard.com/fclanbobforumsfrm19.showMessage?topicID=198.topic

neither of them are very helpful.

There must be a virus for the computer to be acting this way and for the same exact symptoms to have occured to others, but why have the virus scanners not found it?

I am wondering if any computer expert has any knowledge on how to solve this problem without formatting as I have heard that formatting is often a poor method for solving an infection. It would be very diffucult for me to start everything all over because I have tons of files built up over the years and many different kinds of Audio production software that have little plugins in different locations that are all linked through projects and must be in the folders they are in otherwise the projects will not work properly....its messy. Thanks in advanced to anyone who has any advise.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top