Discussion in 'Spyware' started by Chuck, Dec 1, 2004.

  1. Chuck

    Chuck Guest

    @if exist C:\WININSTO.400\SuWarn.bat call C:\WININSTO.400\SuWarn.bat
    @if exist C:\WININSTO.400\SuWarn.bat del C:\WININSTO.400\SuWarn.bat

    These 2 lines were found as the first 2 lines in an autoexec.bat file of a
    computer that would not boot. Error message "Invalid system disk, replace and
    push any key".

    Norton antivirus, Ad-Aware, SpyBot and scandisk including full surface check
    did not find any problems on the disk.

    Boot with floppy and run sys C:

    Computer boots but has many problems. ZoneAlarm not running properly. Norton
    antivirus says major problem and to uninstall and reinstal and update.

    Does anyone have any idea what SuWarn.bat might have been, where it came from,
    and what it did? Virus, Spy, Worm?

    Any help will be greatly appreciated.

    Chuck, Dec 1, 2004
    1. Advertisements

  2. Google turns up a number of pages, including this one:

    It appears it is not viral, or spyware...
    Beauregard T. Shagnasty, Dec 1, 2004
    1. Advertisements

  3. Chuck

    Chuck Guest

    Thanks for the link. I used to use Google a lot - now I forget it's there. A
    senior thing I guess.

    I'm running Windows ME and was not trying to install or reinstal it.
    I booted from a floppy and ran sys c:
    The machine tried to boot. There was a major problem in Zone Alarm,
    reinstalled ZA and then there was a major problem with Norton Antivirus.
    Uninstalled NAV and the machine would no longer boot normal. Booted into safe
    mode but couldn't reinstall NAV. Now the computer wont boot from that disk at
    all. When connected as a slave drive, the computer does not recognize that a
    slave drive exists. I'm not sure it's worth trying to salvage.

    I'm now running on my backup disk. I did not lose any data. I routinely clone
    to an external backup HD connected by Fire Wire. That disk is now the internal
    drive. I have already installed a new drive in the external inclosure to
    become the new backup drive.

    Chuck, Dec 2, 2004
  4. Chuck,
    What floppy did you boot from? If it was a "system restore" floppy
    or one created during an install of Windows, it probably had an
    autotexec.bat that was setup to attempt to recover an interrupted
    When you ran "sys c:", it rewrote the boot sector on the drive which
    includes the MBR (master boot record). Depending on the version of
    NAV, it may have recorded the MBR to detect alterations of the MBR and
    became unhappy with the MBR that the boot floppy wrote......
    When you uninstalled NAV, it must have done something funky with the
    sequence...although it should have just died there, instead of letting
    PC boot again.
    It seems to me here that your old drive had the MBR for the drive and
    the partition table blown up. The telling point there is that it
    recognize the drive at all. I'm not that up on what kind of recovery
    there are available for analysis that deep, but there may be something
    around that could analyze the disk and rebuild the partition table. It
    may not be worth the time/money, however. If you're familiar with the
    line tools, you can try running FDISK on it. (***IMPORTANT*** don't do
    that if you're not ABSOLUTELY SURE what you're doing...it can FUBAR you
    quick!) The other option would be to download a setup utility from the
    maker of the disk drive; that should recognize the drive and let you
    partition and format it without doing the wrong drive. If it's a newer
    drive, it should have SMART capability which the drive utilities can
    to see if there's a mechanical/electronic problem that the SMART
    is picking up....
    Very good! I've been burned by having a drive crap out on me a couple
    times and I'm still not being real diligent about a backup program. I
    applaud you for the time taken to do the backups.
    Frank Schickel, Dec 2, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.