Re: Virus in memory? I may be crazy, but....

From: JCB_MCSE_wannabe (JCBMCSEwannabe_at_discussions.microsoft.com)
Date: 06/17/05

Next message: 02befree: "Anyone beat the ISTbar spyware/virus?"

Previous message: David H. Lipman: "Re: Spyware scanner"
In reply to: David H. Lipman: "Re: Virus in memory? I may be crazy, but...."
Next in thread: Juergen Nieveler: "Re: Virus in memory? I may be crazy, but...."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 16 Jun 2005 20:29:01 -0700

Thank you for your detailed reply. It is useful information.

-- 
JCB\1059
"David H. Lipman" wrote:
> From: "JCB_MCSE_wannabe" <JCBMCSEwannabe@discussions.microsoft.com>
> 
> | Recently, a friend's computer (Dell workstation, Win XPPro_sp2 w/Norton AV)
> | apparently received a virus which was consuming the memory resources of his
> | machine.  He suddenly began receiving "insufficient memory" messages in
> | response to just about every command.
> |
> | Can a virus hijack the memory to deny normal system function?
> 
> 
> A virus ?  Could be any malware or a combination of malware that can do this.
> 
> 
> | This problem prevented him from running an AV scan.  Not being an expert in
> | these matters, I was limited in my abilities to help.  Nothing he or I
> | attempted would allow us to reboot the machine normally.
> 
> 
> You should have come here and we could have provided several methods including but not
> limited to slaving the drive on another PC.
> 
> 
> | He decided to attempt a reinstall from the XP installation CD.  A repair
> | attempt and reinstall attempts were not successful.  During the initial XP
> | install phase while system files are being copied, the process suddenly
> | stopped and also yielded an "insufficient memory" message.
> 
> 
> Once infected a repair install is NOT the way to go.  The system must be cleaned.
> 
> 
> | Any one memory stick in his machine had sufficient capacity to meet XP
> | install requirements, yet (for lack of any better idea...) we removed the
> | memory sticks, cleaned the contacts and reinstalled them.
> |
> | After this, the reinstall progressed without incident and the machine has
> | been incident-free since.
> 
> 
> Then you didn't have malware you had a hardware problem !
> 
> 
> | Removing the memory was APPARENTLY the solution, but I lack the knowledge to
> | explain why this could be so or to reproduce/test/verify this behavior.
> |
> | I theorized the virus was actually installed in memory and by physically
> | removing it, the virus was lost without a power supply.  I'm no hardware
> | expert, but I thought upon shutdown, the memory was refreshed anyway - is
> | this not the case?
> 
> 
> Once power is removed from RAM, you would kill any virus and it can not exist in volitile
> RAM once power is not present and and a CPU is not giving it "life".  There is no virus
> installed in RAM as you seem to describe.
> 
> 
> | So......
> |
> | Assuming a virus can be in memory and persistent, did we simply dumb-luck
> | ourselves into the correct solution, or was something else the solution, and
> | we drew an incorrect conclusion
> 
> 
> Faux conclusion...
> 
> 
> | If an in-memory virus is possible, could my friend simply have removed the
> | physical memory AS A FIRST STEP and avoided the wipe/reinstall?
> 
> 
> There was no virus.  You had a hardware problem.
> 
> 
> | Also, the act of removing the memory suggests the virus is volatile - i.e.,
> | no power, no problem.  Does in-memory data persist even when the machine is
> | powered down (relying on the computer's system battery which powers the
> | clock, etc.?)
> 
> 
> The act of removing the memory module proves it NOT to be a virus but a hardware problem.
> 
> 
> | Any thoughts on this problem are appreciated.  My friend thinks I am a
> | 'genius' for fixing his machine, yet I feel very dissatisfied in not REALLY
> | knowing the reason for my "success" in solving the problem.
> |
> | Regards,
> |
> | -- 
> | JCB\1059
> 
> 
> -- 
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
> 
> 
>

Next message: 02befree: "Anyone beat the ISTbar spyware/virus?"

Previous message: David H. Lipman: "Re: Spyware scanner"
In reply to: David H. Lipman: "Re: Virus in memory? I may be crazy, but...."
Next in thread: Juergen Nieveler: "Re: Virus in memory? I may be crazy, but...."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Seeking an explanation or theory
... [about misbehavior in odd circumstances after RAM install] ... PC3200 RAM uses 2.5V. ... SDRAM is not a heavy consumer of power, ... Even if you set the BIOS to skip long memory test, ...
(sci.electronics.repair)
Re: Back to Being a Luddite (Oh Well)
... because of the need for a firewall and virus protection. ... there's really nothing to relate Internet activity with disk ... CD- recorder "helpers" that sit in your system tray consuming memory ... system tray apps don't consume cycles. ...
(comp.dcom.telecom)
Re: Virus in memory? I may be crazy, but....
... | apparently received a virus which was consuming the memory resources of his ... Once infected a repair install is NOT the way to go. ... Once power is removed from RAM, you would kill any virus and it can not exist in volitile ...
(microsoft.public.security.virus)
Re: VIRTUAL MEMORY
... In task manager look at the performance tab and repost the PF Usage ... What virus was ... Hard to know if you dont know about computers I know. ... Are you using one of those memory managers which free up memory. ...
(microsoft.public.windowsxp.perform_maintain)
Re: Upgrading VMS Cluster to DS10 or ES40
... How many internal PCI cards do you need to install? ... ONLY ONE POWER CORD. ... The ES40 has more room for later expansion than you do in the DS10. ... You can install up to 32GB of memory into the ES40 if you have all 3 power ...
(comp.os.vms)