Re: Bizzarre pattern
From: Chek (chek_16_at_hootmail.com)
Date: 08/12/04
- Next message: Tom: "Re: Dead computer"
- Previous message: Malke: "Re: Winregs32.exe shhypc.exe Pest Patrol"
- In reply to: Tom Milner-Gulland: "Re: Bizzarre pattern"
- Next in thread: Tom: "Re: Bizzarre pattern"
- Reply: Tom: "Re: Bizzarre pattern"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 12 Aug 2004 20:10:57 +0100
I found this regarding the boot sector virus problem. A nuke 'em tactic but
effective, then boot from floppy or CD for your flavour of Windows.
"You should take all your start-up and other disks to a different system and
scan them for viruses. Boot sector viruses spread by infecting the boot
sectors of any floppy disks that are inserted into the system. Once you have
a known good start-up disk be sure to use the write protect tab on it Then
in your systems bios turn off the virus protection. Many operating systems
will not install correctly when it is on. Then with a clean start-up disk
from the A: prompt type FDISK /MBR Then reboot and type FORMAT C: /S This
should get rid of any boot sector viruses on the hard drive. As long as you
don't use an infected floppy disk you should be able to reload your
operating system again. Was the system running XP before? "
Yes.
The evil .dll infections will usually show up in the R0- R3 section and the
exe files in the 04 section of a HiJack This log.
Please note that the above is very general and should not be taken as a
working guide. Check the tutorial for HJT, and Google any
files that aren't recognisable (but beware - malware will sometimes give
itself proper windows file names, but then you notice they 're in the wrong
folder (Explorer.exe in C:\Windows\sys32 instead of C:\Windows, for
example).
The malware and/or virus and trojan forums at:
http://forums.spywareinfo.com
http://www.bleepingcomputer.com/forums/index.php
http://computercops.biz/
Can give very good guidance.
Hope this helps
Chek
-- Change' boos' to 'bos' in address to email directly "Tom Milner-Gulland" <thomas.milner-gulland@ntlworld.com> wrote in message news:ypOSc.519$TQ3.255@newsfe6-gui.ntli.net... > How do I check for a boot sector virus? There doesn't seem to be the option > available in AVG, Norton etc. > I'll have to have another look at the symantec article, as I do not recall > reading about strange .dlls and registry changes. Are these revealed in > popup information? > Cheers, > Tom > > > > "Chek" <chek_16@hootmail.com> wrote in message > news:uiuBUX7fEHA.3192@tk2msftngp13.phx.gbl... > > Tom, > > What I meant was with the reinstated data back on the PC, and assuming all > > the virus scans seem clear, > > look for the secondary signs of infection (registry changes/strange .dll's > > etc) as detailed in > > the Symantec article, and as revealed by the other tools. > > After a re-format you should have cleared any previous problems. > > (boot sector checked too?) > > > > Chek > > > > > > -- > > Change' boos' to 'bos' in address to email directly > > "Tom" <tmgulland@hotmail.com> wrote in message > > news:prpSc.366$Hw4.245@newsfe6-gui.ntli.net... > > > Thanks, Chek, but surely all my HDD reformatting should have seen to > these > > > kind of problems (I had already seen the Symantec page, BTW). > > > If there's a problem, it's embedded in my data. > > > Cheers, > > > Tom > > > > > > > > > "Chek" <chek_16@hootmail.com> wrote in message > > > news:uaCN$EyfEHA.3412@TK2MSFTNGP11.phx.gbl... > > > > Tom, > > > > Other than scanning, have you looked for other signs of infection as > > > > detailed in: > > > > > http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@mm.html > > > > > > > > > > > > Next - See the information on this site: > > > > http://www.aumha.org/a/parasite.htm > > > > particularly the sections on the correct methods of running: > > > > CWShredder, > > > > Spybot Search&Destroy 1.3 and > > > > Ad Aware 6. > > > > Also read the section on using and interpreting > > > > HiJack This. > > > > NOTE: DO NOT use the fix option on 'HiJack This' without advice. > > > > Everything including necessary system files and settings are included > > > along > > > > with the bad stuff. > > > > Malware is very good at using 'windows-like' file names to complicate > > > > things further for the unwary. > > > > > > > > There are a large selection of other special tools available as well, > > > > (such as a trial download of Trojan Hunter3.9 from > > > > http://www.misec.net/trojanhunter/) > > > > but those first 4 programs are a good way to get started. > > > > > > > > Chek > > > > > > > > -- > > > > Change' boos' to 'bos' in address to email directly > > > > "Tom" <tmgulland@hotmail.com> wrote in message > > > > news:tQaSc.2856$6m.2440@newsfe1-gui.ntli.net... > > > > > Strange that I have posted 4 to this group in the past week or so > and, > > > > while > > > > > posts on either side of mine have got replies, none of mine have. Do > > > mine > > > > > look suspicious or something? > > > > > Incidentally, I took the file that was shown, by one sole scan on > > > > > pandasoftware, to contain the Gibe B Worm, off the CD ROM and > (without > > > > > opening it) put it on my desktop, then ran the pandasoftware scan > and, > > > yet > > > > > again, mysteriously it didn't turn up anything. Was it just that I > had > > > > > opened the file the first time, when the virus was shown to be > > infected > > > 6 > > > > > files, that had prompted the scan to find the virus? Was it a freak > > > error > > > > or > > > > > a freak success? How ought I proceed? > > > > > Thanks, > > > > > Tom > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: Tom: "Re: Dead computer"
- Previous message: Malke: "Re: Winregs32.exe shhypc.exe Pest Patrol"
- In reply to: Tom Milner-Gulland: "Re: Bizzarre pattern"
- Next in thread: Tom: "Re: Bizzarre pattern"
- Reply: Tom: "Re: Bizzarre pattern"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
