Re: virus? hacked?
From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 12/18/02
- Next message: Karl Levinson [x y] mvp: "Re: IPsecpol and DNS lookup question"
- Previous message: Erwin Blonk: "Re: lock mode"
- In reply to: Lok: "virus? hacked?"
- Next in thread: Lok: "Re: virus? hacked?"
- Reply: Lok: "Re: virus? hacked?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <levinson_k@excite.com> Date: Wed, 18 Dec 2002 09:26:12 -0500
Well, if you're concerned it might be a virus, run a virus scan after COLD
booting using a write-protected DOS or Windows98 boot floppy that was
created on a known virus-free computer. F-prot has a free DOS scanner from
www.f-prot.com/products and there are others. Make sure the antivirus
product you use has the latest updates for this week / month. The
difference in conventional memory is not always an indicator of a virus, it
could also be a hardware driver that loads early on in the boot process.
After you confirm it's not a virus, run a full scandisk from safe mode,
allowing it to look for bad sectors.
If you think it might be hacking, here are some ways to look for signs of
hacking:
http://securityadmin.info/faq.htm#hacked
http://securityadmin.info/faq.htm#re-secure
http://securityadmin.info/faq.htm#harden
... starting first with Startup Cop and also a search for files on the
computer that have changed in the past day. You could also try using
Startup Cop to disable absolutely everything and see if Windows will boot up
then.
These things will probably only show you an actual intrusion into the
computer. If someone was able to send a denial of service packet somehow
that locked up all four computers, that probably wouldn't show here but
might show on your firewall [you do have a firewall, right?] I've never
heard of something like this happening before, though. I suppose if all
four computers downloaded a faulty antivirus update at the same time, this
could happen. I suppose it could be a virus. There is a new NetBIOS worm
for one going around that is still being added to antivirus scanner
definitions, probably Norton will start detecting it sometime today.
Most importantly, what are the symptoms when it tries to boot up in regular
mode? Any error messages?
"Lok" <lokhsze@hotmail.com> wrote in message
news:epAURmlpCHA.2064@TK2MSFTNGP12...
> My company has several computers (4) suddenly died. Here are the symptons:
> - The computers suddenly halted at the same time while they're working.
> - And after reboot, the windows 98 cannot be loaded. Can enter as safe
mode
> only.
> - Furthermore, the hardware configuration in windows was changed.
> (they don't have a cdrom, but the configuration shows it has)
> (IRQ configuration were changed)
> - Conventional memory was under 655360
>
> what I have tried to do is to reconfigure the hardware configuration in
> windows, but it isn't work.
> Also, I tried to re-install windows 98 (overwriting the original one), but
> still can't help.
>
> All the computers hardware are different, but all are in windows 98.
> can anyone help?
>
>
- Next message: Karl Levinson [x y] mvp: "Re: IPsecpol and DNS lookup question"
- Previous message: Erwin Blonk: "Re: lock mode"
- In reply to: Lok: "virus? hacked?"
- Next in thread: Lok: "Re: virus? hacked?"
- Reply: Lok: "Re: virus? hacked?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
