Re: Bizzarre pattern
From: Tom (nilreply_at_ntlworld.com)
Date: 08/12/04
- Next message: David H. Lipman: "Re: CD-TRAY"
- Previous message: Alan Andrew: "shhypc.exe and winregs32.exe and Pest Patrol"
- In reply to: Chek: "Re: Bizzarre pattern"
- Next in thread: hadit: "Bizzarre pattern"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 12 Aug 2004 21:10:27 GMT
That's a very full response; thankyou.
Tom
"Chek" <chek_16@hootmail.com> wrote in message
news:OWgpaAKgEHA.3428@TK2MSFTNGP10.phx.gbl...
>
> I found this regarding the boot sector virus problem. A nuke 'em tactic
but
> effective, then boot from floppy or CD for your flavour of Windows.
>
> "You should take all your start-up and other disks to a different system
and
> scan them for viruses. Boot sector viruses spread by infecting the boot
> sectors of any floppy disks that are inserted into the system. Once you
have
> a known good start-up disk be sure to use the write protect tab on it Then
> in your systems bios turn off the virus protection. Many operating systems
> will not install correctly when it is on. Then with a clean start-up disk
> from the A: prompt type FDISK /MBR Then reboot and type FORMAT C: /S This
> should get rid of any boot sector viruses on the hard drive. As long as
you
> don't use an infected floppy disk you should be able to reload your
> operating system again. Was the system running XP before? "
> Yes.
>
> The evil .dll infections will usually show up in the R0- R3 section and
the
> exe files in the 04 section of a HiJack This log.
> Please note that the above is very general and should not be taken as a
> working guide. Check the tutorial for HJT, and Google any
> files that aren't recognisable (but beware - malware will sometimes give
> itself proper windows file names, but then you notice they 're in the
wrong
> folder (Explorer.exe in C:\Windows\sys32 instead of C:\Windows, for
> example).
>
> The malware and/or virus and trojan forums at:
> http://forums.spywareinfo.com
> http://www.bleepingcomputer.com/forums/index.php
> http://computercops.biz/
>
> Can give very good guidance.
>
> Hope this helps
> Chek
>
> --
> Change' boos' to 'bos' in address to email directly
> "Tom Milner-Gulland" <thomas.milner-gulland@ntlworld.com> wrote in message
> news:ypOSc.519$TQ3.255@newsfe6-gui.ntli.net...
> > How do I check for a boot sector virus? There doesn't seem to be the
> option
> > available in AVG, Norton etc.
> > I'll have to have another look at the symantec article, as I do not
> recall
> > reading about strange .dlls and registry changes. Are these revealed in
> > popup information?
> > Cheers,
> > Tom
> >
> >
> >
> > "Chek" <chek_16@hootmail.com> wrote in message
> > news:uiuBUX7fEHA.3192@tk2msftngp13.phx.gbl...
> > > Tom,
> > > What I meant was with the reinstated data back on the PC, and assuming
> all
> > > the virus scans seem clear,
> > > look for the secondary signs of infection (registry changes/strange
> .dll's
> > > etc) as detailed in
> > > the Symantec article, and as revealed by the other tools.
> > > After a re-format you should have cleared any previous problems.
> > > (boot sector checked too?)
> > >
> > > Chek
> > >
> > >
> > > --
> > > Change' boos' to 'bos' in address to email directly
> > > "Tom" <tmgulland@hotmail.com> wrote in message
> > > news:prpSc.366$Hw4.245@newsfe6-gui.ntli.net...
> > > > Thanks, Chek, but surely all my HDD reformatting should have seen to
> > these
> > > > kind of problems (I had already seen the Symantec page, BTW).
> > > > If there's a problem, it's embedded in my data.
> > > > Cheers,
> > > > Tom
> > > >
> > > >
> > > > "Chek" <chek_16@hootmail.com> wrote in message
> > > > news:uaCN$EyfEHA.3412@TK2MSFTNGP11.phx.gbl...
> > > > > Tom,
> > > > > Other than scanning, have you looked for other signs of infection
as
> > > > > detailed in:
> > > > >
> > http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@mm.html
> > > > >
> > > > >
> > > > > Next - See the information on this site:
> > > > > http://www.aumha.org/a/parasite.htm
> > > > > particularly the sections on the correct methods of running:
> > > > > CWShredder,
> > > > > Spybot Search&Destroy 1.3 and
> > > > > Ad Aware 6.
> > > > > Also read the section on using and interpreting
> > > > > HiJack This.
> > > > > NOTE: DO NOT use the fix option on 'HiJack This' without advice.
> > > > > Everything including necessary system files and settings are
> included
> > > > along
> > > > > with the bad stuff.
> > > > > Malware is very good at using 'windows-like' file names to
> complicate
> > > > > things further for the unwary.
> > > > >
> > > > > There are a large selection of other special tools available as
> well,
> > > > > (such as a trial download of Trojan Hunter3.9 from
> > > > > http://www.misec.net/trojanhunter/)
> > > > > but those first 4 programs are a good way to get started.
> > > > >
> > > > > Chek
> > > > >
> > > > > --
> > > > > Change' boos' to 'bos' in address to email directly
> > > > > "Tom" <tmgulland@hotmail.com> wrote in message
> > > > > news:tQaSc.2856$6m.2440@newsfe1-gui.ntli.net...
> > > > > > Strange that I have posted 4 to this group in the past week or
so
> > and,
> > > > > while
> > > > > > posts on either side of mine have got replies, none of mine
have.
> Do
> > > > mine
> > > > > > look suspicious or something?
> > > > > > Incidentally, I took the file that was shown, by one sole scan
> on
> > > > > > pandasoftware, to contain the Gibe B Worm, off the CD ROM and
> > (without
> > > > > > opening it) put it on my desktop, then ran the pandasoftware
scan
> > and,
> > > > yet
> > > > > > again, mysteriously it didn't turn up anything. Was it just that
I
> > had
> > > > > > opened the file the first time, when the virus was shown to be
> > > infected
> > > > 6
> > > > > > files, that had prompted the scan to find the virus? Was it a
> freak
> > > > error
> > > > > or
> > > > > > a freak success? How ought I proceed?
> > > > > > Thanks,
> > > > > > Tom
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: David H. Lipman: "Re: CD-TRAY"
- Previous message: Alan Andrew: "shhypc.exe and winregs32.exe and Pest Patrol"
- In reply to: Chek: "Re: Bizzarre pattern"
- Next in thread: hadit: "Bizzarre pattern"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
