Re: Can't install anti-virus software. Please help.
From: WinGuy (no_spam_at_nomail.bot)
Date: 07/23/04
- Next message: Keith: "Backdoor.trojan"
- Previous message: shaun: "Java Byte Virus"
- In reply to: Bob Cunningham: "Re: Can't install anti-virus software. Please help."
- Next in thread: Erik Jan: "Re: Can't install anti-virus software. Please help."
- Reply: Erik Jan: "Re: Can't install anti-virus software. Please help."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 23 Jul 2004 14:30:27 GMT
Hello, Bob
Although I've never heard of it happening, it is theoretically possible for
a virus to insert itself into the "electrically erasable programmable
read-only memory" (EEPROM) section of the BIOS. Most BIOS can be "flashed"
this way by version updates supplied by the BIOS manufacture. Removing the
battery for 5 minutes will not change that flash, only another flash will.
Removing the battery only clears the RAM section of BIOS that holds user
configurable BIOS settings (sometimes that requires a jumper change on the
motherboard, too). The solution, if you think you might have a flash by
virus, is to obtain the latest BIOS flash from the manufacture and thereby
reprogram the BIOS. But be aware that if a flash goes terribly wrong for
some reason then the computer will not boot and the BIOS can not be flashed
again to correct the problem and the chip must then be physically replaced,
so a flash is always a very risky procedure.
A virus flashed to BIOS would be difficult to achieve and would also have to
target very specific BIOS types and even their versions in order to properly
modify the code in the BIOS. This makes it very, very unlikely that this has
occurred in your computer. But one targeted against a popular selling and
specific computer model is a theoretical possibility, although it would
affect only those models that use the same BIOS type and, probably, BIOS
version.
Antivirus utilities, if up to date (and some update as fast as 2 hours after
discovering something in the wild), will detect and warn you about "in
memory" processes that are a virus and, if that's the case, the fact that
they can not be terminated from memory. In that case you simply power off
the computer instead of rebooting it after the antivirus has cleaned
everything it can from the HDD. The virus will disappear from RAM when the
power is removed and can only return via the HDD or the network. Stay
physically disconnected from all networks until your machine operates
properly, use CD-R/W's or floppies made on another (clean) computer to move
your anti-vermin software to the machine. Maybe you caught a brand new virus
that hasn't hit on the antivirus vendor radar scopes just yet.
You might have spyware/adware or a trojan or a web browser hijacker, not
technically a virus and maybe not detected by antivirus but detectable by
such things as Adaware-6, and Spybot. Spybot now comes with 2 resident
utilities that forbid registry changes without you interactive permission.
For some reason of late, every single computer that I put Spybot on gets
checksum errors when trying to download its database updates, and I have to
dl them separately from the website and install them that way (it can also
be put on floppy or CD-R/W). This might have to do with DSL problems I've
been having and SBC is working on for me, but I sort of doubt it. The
problem does not take away from the fact that Spybot is a great utility, as
is Adaware-6, and together they solve a lot of problems.
If you use a utility (such as the old fdisk utility) to delete all
partitions from a HDD then almost absolutely nothing exists on that HDD and
it can not even be used at all or formatted until a new partition is
defined. There is almost no possibility of a virus surviving if all
partitions are cleared, but if one was suspected anyway then some HDD
manufactures provide a "low level format" utility of their own that is an
even deeper wipe of HDD content than a partition deletion or a format.
Contact the HDD manufacture if you think you need a low level format utility
from them, and have them provide clear direction on how to use it.
If you have a HDD that was thoroughly wiped clean via a different computer
than the one the HDD will be used in, then the power had to be off when you
installed the HDD again and so nothing could be in RAM and there is no
possibility of any kind of infection unless it exists in BIOS flash code.
Although rare, there have been cases when a copy of an operating system CD
was itself infected, so the infection would be reintroduced using that
vector.
On the other hand, if the XP or 2000 Event Viewer shows nothing weird in the
way of problems but some of your programs work and others do not then you
almost surely do indeed have an infection. The sledge hammer solution is to
check for virus when the HDD is in a different, fully updated & infection
protected computer.
Perhaps this link might be of help, be sure to read all 3 posts as some
procedural corrections appear there.
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=tarDc.3076%243W4.2126%40newssvr27.news.prodigy.com&rnum=3&prev=/groups%3Fq%3Dwinguy%2Bvirus%2
Bspywareblaster%26ie%3DUTF-8%26hl%3Den%26btnG%3DGoogle%2BSearch
- Next message: Keith: "Backdoor.trojan"
- Previous message: shaun: "Java Byte Virus"
- In reply to: Bob Cunningham: "Re: Can't install anti-virus software. Please help."
- Next in thread: Erik Jan: "Re: Can't install anti-virus software. Please help."
- Reply: Erik Jan: "Re: Can't install anti-virus software. Please help."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
