Re: I need help as I am growing tired and weary
From: cquirke (MVP Win9x) (cquirkenews_at_nospam.mvps.org)
Date: 09/04/04
- Next message: Bruce Chambers: "Re: FOR VIRUS PROGRAMS"
- Previous message: Don Taylor: "Re: Telnet, Ping and Port 1025"
- In reply to: C ya: "I need help as I am growing tired and weary"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 04 Sep 2004 15:30:31 +0200
On Thu, 2 Sep 2004 11:49:09 -0700, "C ya"
>I am having an insane time trying to get rid of whatever
>is on my machine. I started with files losing their icons,
> and moving around my desktop.
If icons move away from the mouse, then it's one of two things:
- a joke program that does this
- Magistr, which is a destructive Win32PE intrafile code virus
If icons snap to grid, lining up on the left of the desktop, then that
is less worrying; it's just the desktop re-defaulting itself. That
can happen in a number of circumstances, inclusing a setting to force
auto-arrange icons, etc.
>files are dropped to my protected recycle bin one after another
More on that? Done a formal virus scan yet?
>I installed XP home....it started again. I then used
>fdisk to format, bought XP pro, and installed it. Again,
>the same problem.
Questions:
- are you using FATxx or NTFS?
- are you always installing/restoring something off CDR/1.44M?
- do you turn on or add a firewall before connecting to 'net?
- if not, do you patch RPC and LSASS before connecting?
NTFS has its own nooks and crannies that can make it harder to find
and kill malware - aside from the fact you can't formally scan it from
a DOS mode diskette boot, of course.
http://cquirke.mvps.org/whatmos.htm refers.
You may be re-infecting each fresh install from an infected 1.44M,
CDR, or even a counterfeit CD-ROM.
If you don't firewall, or patch RPC and LSASS subsystems, you will be
immediately attacked and likely infected as soon as you connect to an
infected network - and the Internet is the mother of all infected
networks! Some RATs use these holes, e.g. SDBot.RPC, and if there is
a record of your IP somewhere, the infection may be re-asserted.
>I opened the file "ntldr" with notepad
Bad idea - NEVER use an editor to "open" arbitrary files! Editors can
save changes, that's why they aren't safe viewers.
>with windowsxp they show the 80GB as 74GB and the 160GB
>as 149GB.
That's "marketing megabytes" syndrome. 1G = 1k x 1M, 1M = 1k x 1k,
and in binary, 1k = 1024, not 1000 as it is in decimal. When folks
use the "wrong" k multiplier, they get different values.
Check your BIOS supports > 137G limit.
>The strangest thing about this whole ordeal
>is that it seems to follow me around to every machine
>I go through....
That's why I asked about 1.44M or CDRs you always install?
Several counterfeit CD-ROMs have been found to contain viruses such as
CIH or Magistr; in fact, even magazine cover disks and shareware
compilation CD-ROMs have been affected.
>-------------- ---- --- -- - - - -
"I think it's time we took our
friendship to the next level"
'What, gender roles and abuse?'
>-------------- ---- --- -- - - - -
- Next message: Bruce Chambers: "Re: FOR VIRUS PROGRAMS"
- Previous message: Don Taylor: "Re: Telnet, Ping and Port 1025"
- In reply to: C ya: "I need help as I am growing tired and weary"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
