undetectable "virus".
Oldmrjim_at_aol.com
Date: 01/11/04
- Next message: Lady Layla: "Re: pftw1.pkg, Housecall scan report"
- Previous message: Bill Sanderson: "Re: XP Starts then Shuts down after 30 seconds"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 11 Jan 2004 13:26:34 -0800
A deadly new yet unknown "virus" is destroying Windows XP
PCs in my customer base.
This "virus" surfaced Monday 05, 2004 in the Prattville,
Alabama area. It prevents Windows XP from activating user
accounts, removing the START icon and bar.
The latest Norton (02072004), McAfee and Trend AV did not
detect this "virus." Also used Spybot.
It apparently has various XP symptoms infecting XP Pro and
Home:
Appears to use the DCOM vulnerability to infect the
computer before a user can download the Microsoft updates.
There are NO users in the USERS folder. A USER cannot be
added.
Windows Explorer cannot search for files and folders.
The task bar and start menu disappear.
The Program Files folder become read only.
The administrator cannot access the Services folder. The
result is a blue square in lieu of the expected data.
The network connectivity is halted. One cannot connect by
modem or LAN.
It disables the AV software and prevents it from reloading.
It disables COPY and PASTE and writing to a r/W CD drive
so it is almost impossible to scan the infected software.
As a test, I reloaded one WindowsXP Home machine. I then
ran every conceivable test I could and could not locate
any suspect code. Since I replaced the Windows folder, the
only way it could have reinfected that folder was via
memory or from the Program Files folder. I had also
powered off/on the machine to erase memory. I suspect it
is hiding somewhere in Program Files in a renamed file.
It appears to download and then sequentally perform its
chores.
Various other features do not operate correctly.
The only known cure is to prevent it. So far, I have
received NO worthy response re this code. We believe if
the Microsoft security updates in XP are installed, it
will prevent it. Go to START, and select WINDOWS UPDATE.
Install ALL the security updates.
With 4 PCs infected, we saved one to furthur troubleshoot.
The other three were fixed by formatting the hard drive
and completely reloading all software. The PC MUST be
powered off and then powered ON to remove any suspected
code from memory before reloading. You can save your data
files by various methods before formatting the drive.
I have about 37 years software experience (midframe, large
systems, and PCs) plus about 47 years hardware SO I am no
novice. I knew Bill Gates when he was a "developer" along
with his sidekick.
- Next message: Lady Layla: "Re: pftw1.pkg, Housecall scan report"
- Previous message: Bill Sanderson: "Re: XP Starts then Shuts down after 30 seconds"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
