dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
456
GdotMikeL
join:2001-04-23
West Chicago, IL

GdotMikeL

Member

Can't get rid of Stoned.D.2

I downloaded and ran AVG anti-virus program and it detected "Stoned.D.2" virus. I rebooted with my restore CD, in DOS I ran the AVG rescue disk and selected "Test and Clean". In this test it did not detect the Stoned virus and so did not clean it. Any suggestions on how to get rid of this virus?
System

Anon


The virus you have infects the master boot sector
on your computer also can infect diskettes so
I hope the diskette you had was write protected.
If you have no success with antivirus software
the easiest way to get rid of it is to delete your
partition and install a fresh copy of Windows.
robot75
join:2000-12-31
Pearl City, HI

robot75 to GdotMikeL

Member

to GdotMikeL
Before you delete your partition, try this simple solution I used the last time I had the 'stoned' virus. Reboot your computer with your write protected bootable diskette, then issue this DOS command: 'fdisk /mbr'. This command will rewrite the 'master boot record' and wipe out any boot sector viruses contained within.

FutureMon
Dude Whats mine say?

join:2000-10-05
Marina, CA

FutureMon to GdotMikeL

to GdotMikeL
I've got that sucka on a floppy.

Man that thing is hard to kill.

Kept it as a reminder to all the heinous things that can happen to the masses. Plus cause I couldn't bring myself to get rid of it just because I couldn't kill it (a long time ago). On an aptly labeled floppy I must add...

Surprised it's back again. You must have run something that came from a while back to get that thing.

The older scan programs should detect it no problem.

The real problem is finding one that still has it in the library. Correct me if I'm wrong anyone but I haven't seen or heard of this virus in at least 10 years...

- FutureMan
FutureMon

FutureMon to robot75

to robot75
..HAHA Just remember to NOT MAKE THE BOOTABLE FLOPPY FROM THE INFECTED SYSTEM. Otherwise, you end up with an infected bootable floppy which will happily infect the system it boots upon over and over and over again....

Hence the post you see immediatley above this one hahaha

- FutureMan
GdotMikeL
join:2001-04-23
West Chicago, IL

GdotMikeL to robot75

Member

to robot75
fdisk /mbr did not help, but I have Norton AV 5.0 on my other PC. I installed NAV on this PC and it took care of it- no more virus. Thanks for your help.

DrKatz
I'M Listening
join:2001-01-30
Ramsey, NJ

DrKatz to FutureMon

Member

to FutureMon
said by FutureMan:
Man that thing is hard to kill.
....
Correct me if I'm wrong anyone but I haven't seen or heard of this virus in at least 10 years...

Yeah, it's a bad virus. We had an outbreak at work in '94-'95 which took months to completely eradicate. It just kept popping up every few weeks.

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

TheJoker

MVM

The reason that the virus kept "popping up" every few weeks was you had one or more infected floppies. Stoned and its variants are MBR and floppy boot record infectors. After you cleaned your system, every time you left an infected floppy in the system and powered down, the next time you powered up, as soon as you got a non-bootable disk error message (assuming it was a non-bootable floppy), your hard disk was reinfected. The reason that some antivirus programs have the option to scan floppy disks at shutdown is to prevent what happened to you, being reinfected when you leave an infected floppy in your drive.

Now that you have your hard disk disinfected, you also have to scan all your floppies to find and clean all the infected floppies to prevent it from happening again. While you were infected, the virus infected every floppy you accessed. You aren't finished. Until you find and clean all those infected floppies, you remain at risk of being reinfected.

BTW, using FDISK/MBR can remove boot sector viruses, but it can also leave the data on your hard disk inaccessible with some viruses that relocate and/or encrypt the original MBR (like some variants of the stoned virus). Its best to remove the virus with a good, up-to-date, antivirus program unless you are very certain of what you are doing, and you have positive identification of the virus, and you know its not one that moves or encrypts the original MBR (one of the most common viruses that does this is the variations of stoned.monkey). For that reason, you should never ever suggest to someone to try to remove a MBR virus using FDISK/MBR unless you are absolutely, positively, 100% certain that the virus they have doesn't play games with the original MBR. You are playing Russian Roulette with their entire hard disk contents.
[text was edited by author 2001-08-01 22:10:45]

[text was edited by author 2001-08-01 22:12:09]

Ryan
Premium Member
join:2001-03-03
Boston, MA

Ryan to GdotMikeL

Premium Member

to GdotMikeL
AVG had very bad reviews on virusbtn at erasing virus. It can detetect them but it doesnt do a good job of erasing them which is why I wont use it.