I am cleaning up a computer for a client computer who got hit hard with the virus: w32.magistr.39921. I loaded the drive in a spare virus protected computer. The partitions had been deleted.

Before doing any of this, The virus protection was enabled in the spare system's bios. Following this, the partition was restored. Some 45000 files were deleted. Many of these were important files such as OS, .DOC, .XLS etc... All files containing the first letter and all files not containing a preceeding tilde (~) were undeleted. The drive was then scanned with an up to date version of McAfee and infected files deleted.

My problem is this:

Whenever the infected drive is attached to the spare computer, bios warns of a virus but if the drive is detached, there is no warning. The virus warning appears while Windows is loading, when loading if javasup.vxd is accepted. (The warning allows yes or no to continue and no is selected). Windows then continues loading and no apparent problem occurs. During scanning however, McAfee hangs if the boot sector verification is included in the scan, whether scanning of the clean drive or the infected one. Scanning does not fail on this option if the drive is not installed.

The client has another computer whose drive was only partially infected and doesn't generate the boot virus warning or the boot scan freeze behaviour when attached to the spare computer and/or scanned.

I would like to understand whether this is really a virus or if Windows is simply trying to setup for the additional drive. Even if it is just a normal Windows thing, why would a bios write be necessary? So it's got to be a virus.

Unfortunately, I don't think any anti virus TSR is active at this point in the loading. McAfee does a scan at startup but is probably not resident by Windows yet.

If this is a virus, where is it on the drive?

TIA