General discussion

How to remove Polyboot-B* virus?

Windows XP Pro SP1a - most critical update - NTFS (are there any differences if using FAT32? --- in term of removing the virus...)

Someone said, I should run Fdisk /mbr, but somewhere in MS site said something about NOT using Fdisk /mbr.

What should I do to remove the virus?


Thank You

Discussion is locked
Follow
Reply to: How to remove Polyboot-B* virus?
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: How to remove Polyboot-B* virus?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Re:How to remove Polyboot-B* virus?

Hi Gakada,

Go to http://www.pandasoftware.com/products/activescan/
Polyboot.B should be handled by Panda ActiveScan Happy

Polyboot.b - is a boot virus that does not have any destructive effects, which infects the boot sector of hard disks (Master Boot Record or MBR) and floppy disks (Boot).

Polyboot.B goes memory resident in order to infect the MBR of the hard disks in the infected computer and the Boot of the floppy disks used.

Once the computer is infected, Polyboot.B infects all floppy disks used in the computer, provided that they are not write-protected.

Visible Symptoms

The only indication that Polyboot.B has infected a computer is that it has problems starting.

http://www.virusportal.com/com/virusinfo/encyclopedia/overview.aspx?lst=sol&idvirus=36608

If Panda ActiveScan or your antivirus detects Ptakks.216 during the scan, it will automatically offer you the option of deleting it.

Make sure System Restore if temporarily disable.

- Collapse -
[NT] Thank you Donna, I'll try the online scan...

.

- Collapse -
Here is also a write-up from Trend Micro
- Collapse -
[NT] Thank You Marianna.. have a nice week end ... to all of you.

.

- Collapse -
(NT)Gakada - Thanks - GOOD LUCK !

.

- Collapse -
Dear Gakada - We spoke in February - good to see you back. Tell me...

where are your travels taking you and how are you doing?

Best you reply to me (if you would like to) in the Speakeasy Forum, as a matter of protocol. Look forward to hearing from you.

Regards
Mo

- Collapse -
Re:How to remove Polyboot-B* virus?

Regarding, NTFS (are there any differences if using FAT32? --- in term of removing the virus...)

It is recommended by MS to use NTFS - reliable and more secure but you might want to read this --> http://www.claymania.com/virus-ntfs.html or http://www.ists.dartmouth.edu/text/IRIA/knowledge_base/NTFS_advisory.php

Not new story but it looks like some virus scanner failed to handle such.

This article http://www.f-secure.com/v-descs/afcore_q.shtml mention about Afcore.q - a backdoor and its dropper incorporate the novel feature of using a particular mode of storing data, provided by the NTFS file system. It also says "F-Secure Anti-Virus will detect the backdoor when the file/stream is accessed, but might not be able to delete it if it's in use." so I think File System (NTFS or FAT32) does not matter (IMHO).

What matter is the AV that we are using has the GOOD and up-to-date component to remove known malicious code whether the system is FAT or NTFS.

HTH

CNET Forums