Vundo Virus. Cannot Start in Safe Mode. Help!

The reason I say that is the bios determines the initial boot sequence before any files are loaded from the hard drive - so for a virus to do that it would have to be in the bios itself

Did you have any problems at all with the CD prior to this ?

No problems at all until realized I had virus due to redirecting of searches. Had McAfee Enterprise and noticed when I ran a scan that it had failed to update; some problem with the engine. I couldn’t get that bug worked out through McAfee so I download Avast, as directed by McAfee rep. (weird I know). I hadn’t loaded any new hardware and do very conservative searches, usually news related or resume/cv searches.

The problem as I see it at the moment if we cannot access either the cd drive or the harddrive, the only other option would be to insert a new harddrive, install windows on that and then recover your data. Unless there is a better answer out there, but I bet a pound to a penny that you will get the same problem with a USB drive.

EDIT : I will ask some techs to see if they have a possible solution

Hi posters in this thread,

Very interesting to know where this thread eventually will be going.
It is like an ongoing chess game almost,
malcreant and eliminator fighting to exclude each other…

polonus

I have had a chat with a few techs and they are of the opinion that either the bios data is corrupted or there may be a problem on the board. One way to check would be to use an old drive (if you have one) and see if that works

But they are bemussed by this problem as well

essexboy-thanks for your efforts and if any other ideas come to mind, I’ll keep checking this post.

polonus-I’m interested to know as well. I’m simply trying to get help for the 2nd time uninterrupted, but have a secondary virus, the cakedoer trojan. I use my pc for work, so no income until up and running.

essexboy, when I screw things up, I like to do it with a bang! I have other old computers, but as easy as it should be, I’m not certain how to do what you suggested. Other than adding RAM or replacing a fan, I never mess with hardware. Let me see if I can find someone who can.

It is fairly straight forward there should be a spare IDE cable in the vicinity of the current hard drive - it is just a matter of plugging that in along with the spare power cable

There are some tutorials here http://compreviews.about.com/od/tutorials/ss/DIYSecHD.htm and here http://askbobrankin.com/add_a_second_hard_drive.html

but if you can change RAM and a card this should not be beyond you

Thanks a million, ;D will look at the tutorial and do it. I’ve gotta feed the kids and take a breather before I start, hope you’re still online when I return.

OK, think I’m up and running!! :-\ Found IT person to work on it, so I’m unable to tell you exactly what he did. Poor guy missed a Christmas party to help me! However, I can tell you there wasn’t a hardware problem or BIOS virus. He was able to start in Last Known Good Configuration, although he was floored it actually worked; nothing else he tried would bring it up either. What I still don’t get is when I went to Boot Sequence, I ended up taking numbers off the 2 options that said “not present” in case it was getting hung up on what wasn’t there. I tried SATA and the CD-ROM, said those weren’t there either! In essence there was no boot sequence to follow. For whatever that’s worth, I thought I’d mention it in case the original infection went that deep.

1.Onboard or USB Floppy (not present) 2.Onboard SATA Hard Drive 3.Onboard IDE Hard Drive (not present) 4.Onboard or USB CD-ROM Drive

He did the reinstall of XP after first deleting atapi file, and others. Avast did a great job though, the warnings popped up like popcorn for each infected file as he was trying to delete them.

Still no idea how infected in first place since I browse virtually nothing, but here’s a link to describe what I believe I had and some alternate removal options. http://forums.avg.com/us-en/avg-free-forum?sec=thread&act=show&id=51637

Thanks essexboy, I sincerely appreciate your help and hopeful won’t need to bother you anymore.

The link was nearly right - however, it did not state that there is another variant that does not infect the file itself but hooks it from another file. In this case you can replace Atapi.sys till the cows come home and it will not remove the infection. You will need to locate the file that is doing the hooking

I am totally surprised that LKG worked, as that is usually the first element to fail

Guy who fixed was totally surprised LKG worked as well. Of course it’s the only option I didn’t try myself. Doesn’t matter, would’ve had _itch of a time making sure all necessary hidden files deleted.

All looks well with the exception of hang time at start up, but is an AVG issue. Trying to uninstall it, keep getting errors. THAT I can figure out.

Thanks again essexboy.

At least I am not alone about LKG ;D