Frankenstein virus getting to you?

Question

My computer does not allow me sign on it says needs a password. I never had a password on it. I've been told it was infected with a Franensteing virus that goes in and changes or creates a password that was not there. Have you ever heard of this virus? Do you know what I can do to get into my computer?

Answer

This question was answered on December 11, 2004. Much of the information contained herein may have changed since posting.

Frankenstein is a destructive, stealth, encrypting, memory resident, Master Boot Record (MBR)/Boot Sector infecting virus.

Upon infection, Frankenstein becomes memory resident The virus hooks interrupts 8, 12 and 13 in memory

Frankenstein encrypts the MBR This virus also erases disk sectors.

Frankenstein contains the following text string:

"Frankenstein's Magic"

The only way to infect a computer with an MBR/Boot Sector infector is to attempt to boot from an infected floppy diskette The boot sector of the diskette has the code to determine if the diskette is bootable, and to display the "Non-system disk or disk error" message It is this code that harbors the infection By the time the non-system disk error message comes up, the infection has occurred

Once the virus is executed, it will infect the hard drive's MBR and may become memory resident With every subsequent boot, the virus will be loaded into memory and will attempt to infect floppy diskettes accessed by the machine

Windows 95/98:

Note for Windows 9x systems - during the boot process a Windows95 created boot disk will access the hard drive for information Because of this an image of the virus may be in memory but not active

To remove the virus, follow the following steps:

- If you use the McAfee emergency disk, hit F8 at the starting Windows 95 message, and select Step-by-step Configuration Say yes to everything except processing the autoexec.bat file.

- At the a:, type

BOOTSCAN C: /BOOT /CLEAN /NOMEM

BOOTSCAN.EXE is available for download from http://vil.nai.com/vil/virus-4e.asp

Windows NT/2000:

Shut down the PC and turn the power off Obtain or create a virus free boot disk and scan disk After booting, at the A:\ prompt, execute the following command:

BOOTSCAN C: /boot /clean

Once the virus has been removed, remove all floppy diskettes from the computer and reboot from the hard drive.

This will also clean an NTFS Master Boot Record and allow Windows NT to successfully reboot from the hard disk drive VirusScan for DOS will not be able to read the rest of the NTFS partition After starting Windows, execute VirusScan or NetShield to detect and clean Windows NT file infections which may exist.

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by cristina of Katharine Gibbs School - New York on December 11, 2004