I think this is a virus. What is it?

[Jeff B]

I think I got hit by a virus at a free wifi spot. My laptop stated rebooting and nothing would get past the Win XP splash screen before it would reboot. No safe mode. I tried the XP CD and I got as far as trying to repair windows and it restarted. Each time it was faster at restarting. Also the keyboard was scrambled. I then tried a Linux live CD. Same thing it would reboot before I could do anything and it was faster each time I tried. I noticed that if I tried windows it seemed to take longer for the virus to readjust to the diferent OS. Entry into the bios was OK. So I repeatedly got the virus used to XP and then switched back to Linux and quickly installed it before it could be rebooted. Now linux is installed and the keyboard is unscrambled. The laptop is working normally. Is it safe to put XP back in? I haven't got used to linux yet.

[Asyn]

Didn't you already post this..??
asyn

[scythe944]

I'd use Dr.Web Cure IT's live CD to check for any remaining viruses. http://www.freedrweb.com/livecd/

Provided that you installed Linux over your windows partition and don't have windows installed anymore, I'd say that if you did have a virus, it has probably been removed by the linux install.

If you have windows on a second partition or another drive, then it likely that the virus is still there.

You could install clam AV for linux in your linux partition and scan the windows partition with it as well.

Sorry, I'm still unclear as to whether or not you removed the windows install and replaced with linux or just installed linux on another partition.


EDIT: if he did, I didn't know about it.  Please stick to one thread if you did!

Edit again: Yep, sure looks like it. So, how many threads do you want us to respond to Jeff?  You know, it's a lot easier for us to help you if it's all in one place...

[Jeff B]

I did post earlier but never got any replies. I thought it was because I replied to someone elses post so I tried as a new topic.I think Linux repartitioned the hard drive and removed the XP install. I was worried the virus might still be there because once it did reboot while I was in the bios. I wasn't sure if it was because the bios accessed the hard drive or if it flashed the bios.

[scythe944]

I did post earlier but never got any replies. I thought it was because I replied to someone elses post so I tried as a new topic.I think Linux repartitioned the hard drive and removed the XP install. I was worried the virus might still be there because once it did reboot while I was in the bios. I wasn't sure if it was because the bios accessed the hard drive or if it flashed the bios.

If your computer rebooted while in the BIOS thats usually a sign of hardware failure.  I'd be checking the PowerSupply and making sure the computer was clean (physically, by blowing the dust out of it if there is any).

It could also point to a CPU problem or Memory.

The BIOS doesn't usually access the hard drive for anything more than make/model/size/connection type.  It doesn't actually "read" the contents, so it's pretty impossible for a virus to infect the BIOS while you're in the BIOS.

Also, flashing the BIOS can't usually be done while you're in it.  The only way to do that is with motherboards that have flashing utilities built-in, and you'd still have to run that utility before any flashing can take place.

So anyway, if you installed linux over your windows partition/drive/whatever, then you can be pretty sure that it's gone.  I mean, you deleted everything on your computer and installed linux over top of it, so there's nothing left but linux.

If you're super paranoid or you're still not sure if the windows partition exists, try to run the live cd of Dr. Web and do a scan just to make sure.  If it comes up clean, you can format the drive and put windows back on, dual boot with windows, or keep linux on there instead.

[Jeff B]

I did install a second ram chip about a month before. The salesman said it was backward compatible to PC2100 and windows did recognize the increased RAM. I don't think it is a heat issue because once linux was installed it ran a long time while I was trying to learn Linux and it behaved perfectly.

[scythe944]

Yes, most RAM is backwards compatible.  I guess you use a 32-bit version of Windows, which is why it didn't see the increased RAM.

I still worry about why your computer rebooted while in the BIOS.  It should be able to sit there indefinitely provided that it has power.

Maybe the fact that Linux is behaving perfectly is purely a coincidence, I'm not sure.

Anyway, without any known facts about what was downloaded from that wifi hotspot, and since you completely wiped the drive I guess you could mark this one as solved then?

EDIT:

Oh, and just as a helpful resource, you said you spoke to a salesman about your recent RAM purchase?

Next time, don't trust them and use a better resource such as Crucial's memory advisor tool (which can be found on the front page of http://www.crucial.com)

It's a great resource to find out exactly what type of memory you need, how much your computer can physically support, and they have a lifetime guarantee if you purchase your memory there.  I usually don't, but the advisor tool is handy.  I find out what memory I need from them, and look on http://www.newegg.com for the cheapest price.

[Jeff B]

I looked up the pdf files from HP on Presario 3000 and it said it came with 256 of PC2100 so I went to Micro Center and bought a 512 of PC2700 that was supposed to work at PC2100 and XP did see it as 768 Mb of RAM. My boss gave me the laptop when he bought himself a new laptop. He did say it had a virus. At that time I wiped the hard drive and reinstalled XP I think as 32 bit version. The power supply does get very hot  and now you have me thinking I should take a volt meter and measure the voltage. Maybe it does have an intermitant hardware problem and that is why he got a new one. But the symptoms this time were consistant and went away when I got linux in.

[scythe944]

Ah, a laptop eh?

Well, that doesn't have a power supply (well it does, but not onboard).  The battery is likely what feeds power to the laptop while in use, and the transformer just charges the battery.

If you want, you can see if the transformer is putting out strange voltages and / or try using it without the battery to see if it does anything strange.

Since it is a laptop though, I'd be more inclined to say that there is a bunch of dust/hair/smoke (if your boss smoked) on the CPU heatsink that is causing it to overheat.  The only problem is that for laptops, they don't make it easy to get to the heatsink without tearing the whole thing apart and canned air can only do so much from the outside.

Sorry, I misread your post earlier, I thought you said that windows did NOT recognize all of the RAM. My apologies.

[Jeff B]

Yes he is a heeaavvyy smoker and he has 2 dogs that shed. If the canned air doesn't do it I will buy a new one.  I am going to try a dual boot. Maybe 50 Gb for XP and 30 Gb for Linux. While it still works I am going to start saving for a replacement.I thank you for your help.

[scythe944]

Yeah, my dad is a heavy smoker as well and when he gave his old laptop to me I was surprised that it would even turn on by how much crap covered the heatsink.

The smoke creates a sticky coating, and everything else just sticks to that.  It's not a very pretty sight.

If you don't want to buy a replacement just because it's dirty, you might find a local repair shop (a small one, not like geeksquad or whatever) that can open it and give it a good cleaning if you don't feel up to the challenge.
You just might get a few more years out of it.

In the meantime, the dual-boot option sounds good, and you're quite welcome. I just hope it doesn't overheat too bad and fry something else before you get it cleaned/replaced!