Re: Possible new virus?

From: Sebastian Schneider (ses_at_straightliners.de)
Date: 09/10/03

  • Next message: Chris Berry: "{Spam?} Re: FTP Replacement (SSH?)" 
    To: security-basics@securityfocus.com
Date: Wed, 10 Sep 2003 19:58:15 +0200

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Seems like being a boot sector/mbr virus. On that 98 machine, when is that
    message actually coming up ? before the message "Starting Windows 98..."
    shows up or after. What happens if you place a empty floppy into your drive
    trying to boot from that one. Does that message appears anyways?

    Win98 is in that way easier to analyze, since its boot process is quite
    simple.

    Sebastian

    On Tuesday 09 September 2003 17:01, Wirefire Systems Administrator wrote:
    > Hey all,
    >
    > I've had a computer tech calling me about a very strange symptom.
    >
    > One operating system was XP, one was 98, and another was unknown. The
    > symptom was an error while still in text mode before booting:
    >
    > cpu cooling fan is malfunctioning
    >
    > Accompanying this is a high-pitched tone from the PC speaker. mem /c/p
    > doesn't reveal anything out of the ordinary. There is nothing suspicious in
    > autoexec.bat or config.sys... I wouldn't think twice if it hadn't happened
    > to 3 computers from 3 different vendors in 2 days.
    > I've done some looking in google, and that phrase doesn't even occur in the
    > google database, which leads me to believe this is something new.
    >
    > Any ideas?

    - --

    Sebastian Schneider
    straightLiners IT Consulting & Services
    Metzer Str. 12
    13595 Berlin
    Germany

    Fon: +49-30-3510-6168
    Fax: +49-30-3510-6169
    www.straightliners.de
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.2 (GNU/Linux)

    iD8DBQE/X2Y3Q7mOWZBxbPcRAgz9AKDJHlgx509iYQsemJVz7OJriGp3PACdERwY
    kgkhHi+OBKmPHTUk4hqiZeA=
    =0bkB
    -----END PGP SIGNATURE-----

    ---------------------------------------------------------------------------
    Captus Networks
    Are you prepared for the next Sobig & Blaster?
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Precisely Define and Implement Network Security
     - Automatically Control P2P, IM and Spam Traffic
    FIND OUT NOW - FREE Vulnerability Assessment Toolkit
    http://www.captusnetworks.com/ads/42.htm
    ----------------------------------------------------------------------------

  • Next message: Chris Berry: "{Spam?} Re: FTP Replacement (SSH?)"

    Relevant Pages

    • Re: Possible new virus?
      ... Wirefire Systems Administrator wrote: ... >I've had a computer tech calling me about a very strange symptom. ... >google database, which leads me to believe this is something new. ... Captus Networks ...
      (Security-Basics)
    • Re: Windows Server 2003 - Not secure from my test but OSX from Mac is secure from the start
      ... It seems to me that if you boot up a linux CD or even a floppy, no OS is safe ... it is easy to boot from a CD ... > Captus Networks ...
      (Security-Basics)
    • Re: Possible new virus?
      ... > Seems like being a boot sector/mbr virus. ... >> the google database, which leads me to believe this is something new. ... > Sebastian Schneider ... Precisely Define and Implement Network Security ...
      (Security-Basics)
    • Re: Possible new virus?
      ... Wirefire Systems Administrator wrote: ... >I've had a computer tech calling me about a very strange symptom. ... >google database, which leads me to believe this is something new. ... Captus Networks ...
      (Security-Basics)