Re: strange new virus



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thumb drives usually cannot infect a computer just inserting them (at
least I never heard of that) but they can contain infected files that
you can open and run.

I don't think Trend Micro can do anything to help you unless you provide
them some infected files.

Try to check if any unusual process is running in the background, check
in the registry, configuration files and the startup folder for every
executable file run at startup.

The small boxes and other odd characters may be a message in a language
your computer windows doesn't support (probably East Asian or Cyrillic).

It may also be possible that you executed a program that completely
messed up your system, installed programs, libraries or drivers in a
foreign language and deleted some of your files including it-self.

Given the level of damage, if I were you, I would format the hard disk
and reinstall everything. It's the only way to be sure your computer is
clean. Of course, you may still have copies of the virus in thumb
drives, diskettes, memory cards, etc.

If you really want to find out about this you can contact an anti virus
company (Doesn't need to be Trend Micro) and ship them your hard disk.


Regards,


Paolo.


novovida@xxxxxxxxxxx wrote:
VAR in Honolulu has a previously squeaky clean XP system now infected with sonmething strange:
Symptom list:
1) All desktop icons disappeared
2) When recreated by hand, some days later they all were rendered un-runnable because they had all been renamed with an additional .lnk suffix.
3) On every boot, after the XP splash screen, but before User Login (2 profiles), there is a 4" x 5" screen with an Exit and an OK button. The screen shows a black background which overlays the XP blue login screen; it looks like a VB screen. The name in the top bar changes on every boot, such as c:\windows\system32\mup.sys, or i20mgr.sys, etc. This full file name is preceded by usually 8 small box characters. Inside the white body of the screen there are a few special characters: [\} and a character that looks like an inverse equal sign, standing vertically.
4) CTRL-ALT-DEL at this point shows you flashes of blue underneath
5) The Outlook .PST file is missing
6) My antivirus and all other SYSTRAY items are gone
7) IE6 or IE7 won't connect to home page, instead Internet Properties opwns on the General Tab
8)Trend Micro PC-Cillin 2006 sees nothing, same with their Housecall and WinSIC, or SYSCLEAN utilities.
9) MS RootkitRevealer finds nothing.

Infection route: while it could have been web browsing, or email, I really think it came from an odd incident when a client came in with CAD files to print on a thumb drive. Trend says thumbdrives don't infect PCs, though I've looked at the U3.com software available for a SanDisk Cruzer (and several other makes)and it seems like there's a CPU in it, because you can scan a new PC for viruses using Avast from the thumb drive.



AT one point they sent me a tool to fix the associations with applications, so that now Start Programs run most apps.

However, I've lost my email. This case has been open at Trend for more than a month, and now they are telling me it is not a virus and don't worry.

Not only that, when I call Trend Tech support, they hang up on me repeatedly, or put my call back in the queue, or promise to work the next day with me, and then don't. They want me to go away, but I think this is a serious threat.

CAN a thumbdrive infect a system?
Has anyone seen anything like this, or know how to respond to it and recover my email (besides backup)?

Thanks for any leads.

That can't be correct, is it?

---------------------------------------------------------------------------
---------------------------------------------------------------------------



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFFf9RjqAaEpZvj+VMRApInAJ94rp8BCdLdTvQNVC5KS4Ro5P8BBgCgiTfZ
H+T47silMGuwdHy6zKjHTcM=
=A3Mv
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
---------------------------------------------------------------------------



Relevant Pages

  • Re: Can someone external reset my Autorun on a WinXP machine?
    ... I use Trend Micro PC-illian and I'm getting all the latest downloads ... After I removed those infected files, I ran the AV scan again, turning ... Why isn't my AV software finding more ... active malware at the Trend Micro site) about this malware ...
    (alt.computer.security)
  • Attn: Rock
    ... virus program wont remove" and it didn't work. ... The 5 infected files are still present and my antivirus ... Then boot back into normal mode, turn system restore, ... Trend Micro Signature File ...
    (microsoft.public.windowsxp.general)
  • Virus detection - now my system is unstable
    ... I scanned with Trend Micro and it detected ... 189 infected files which I was advised to delete. ... Halfway through installing the anti-virus my pc blocked. ...
    (microsoft.public.security.virus)
  • Re: New virus - VERY DANGEROUS!
    ... | This virus replaces nearly ALL of the exe files on a machine with virus ... Do tou know if Trend Micro detects it? ...
    (alt.comp.anti-virus)
  • Two Files infected-Cant find them!
    ... online virus scan two infected files are found. ... Trend Micro cant delete them. ...
    (microsoft.public.security.virus)