Re: virus-help!
From: Ozgirl (news_onlyxx_at_hotmail.com)
Date: 10/09/03
- Next message: Ozgirl: "Re: how effective is it?"
- Previous message: Andrew Z Carpenter [now with added MVP!]: "Re: Unavailable Web Page"
- In reply to: Deanne: "virus-help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 10 Oct 2003 05:13:33 +1000
"Deanne" <dn@yahoo.com> wrote in message
news:0b1a01c38e3e$57a7ff10$a101280a@phx.gbl...
> It started happening shortly after I
> downloaded the latest security patches for windows though
> I am on Windows Me. Some strange windows help screens
> kept popping up and I couldn't get rid of them fast
> enough, My Norton Internet Security program kept popping
> up saying it was blocking inbound from "wwview" or
> something like that and also "couponsandoffers"... It
> wouldn't let me on IE and Norton AV ran clean. When I
> tried to run liveupdate it froze and the computer
> crashed. When it came back I lost all controls for Norton
> (said I wasn't a supervisor and therefor couldn't change
> settings) my firewall worked ok for a while, kept
> detecting "virus-like" activity where the user (male
> symbol) was trying to reformat drive (male symbol) then
> asked if I wanted to stop or continue which I kept
> stopping. All this stopped when I disconnected the cable
> modem, though even my firewall is gone now (I'm on a
> different computer). I've tried all the obvious
> things, tried the stinger from mcafee and the bugbear and
> klez fixes with no help... never even detected anything.
> And yes I went into safe mode and disabled system
> restore. I don't know what to do, at first I thought it
> was just spyware but why would it try to reformat my
> drives? The only drive I have access to is my A drive
> which Ive been using but the spyware products are too
> large to fit into a floppy even with the zip utility!
> Even in normal mode my cd drives freeze up. Someone
> please help I am fairly useless when it comes to this
> stuff.
>
> Oh and I can't create a rescue disc on this computer
> because I'm running on XP. I applied the latest patches
> and norton updates on this machine with no problems.
Sounds like you have both a virus and some spyware (the couponsoffer thing).
Can you remember opening any attachment very recently that looked like it
could be an update from Microsoft for Windows or Outlook Express etc? Have
you tried to run msconfig? Start button>Run>type msconfig. Check the
Startup to see what is loading. Check your autoexec.bat from there too and
paste it in a message here. Do a ctl alt del to bring up task manager and
see if there are some unusual processes running. If you do that regularly
you get to know what should be in there. Have you tried uninstalling the
last patch you loaded?
Could you download a WinME boot disk from the internet to floppy from the XP
machine (make sure it is one that includes universal CD rom drivers). That
may get your cd drive working on the ME machine to enable you to install
spyware programs and run them or insert the ME cd to repair. Or perhaps
using the XP machine you can somehow creat an ME boot disk from the ME cd.
If you can still connect to the internet on the ME machine could you try to
run an online scan from one of the free online virus scanners (you didn't
mention when you last updated Norton before you lost control of it).
You say you have all the security updates from Microsoft, how did you get
those? Off the website or by opening an attachment on a (bogus) Microsoft
letter? I also notice you are running an old version of IE/Outlook Express,
if you are up to date with all your updates you would be running version 6.0
not 5.5. Lots of holes to exploit in your system. Speaking of firewalls,
Zone Alarm is the only freeby I have found that passes total stealth testing
of ports. Open ports or ports showing closed rather than stealthed still
leave your computer open to attack. Another thing also, even with a
firewall, when ever the firewall alerts you of someone trying to access a
port don't give permission to let a program act as a server unless you are
totally sure it is a genuine request, i.e. a trusted program like Outlook
Express etc. Wouldn't matter how many security patches you had if you are
going to unwittingly give your firewall permission to open ports.
Another thing to think about is getting a trojan scanner, sometimes they
pick up things the advanced virus scanners miss, easy to get a trojan if you
use IRC or other messaging programs where the program either probes your
ports regularly or you swap pictures with people, even accessing a website
from a url typed at you in a messaging program. I think it is easier to get
a virus this way than by email, we are so geared to be careful of
attachments these days in email that we forget about other areas of the
computer, especially when told to download this that or the other MS
security patch, it all still boils down to us being vigil and learning about
security for ourselves.
- Next message: Ozgirl: "Re: how effective is it?"
- Previous message: Andrew Z Carpenter [now with added MVP!]: "Re: Unavailable Web Page"
- In reply to: Deanne: "virus-help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
