Re: anything to worry about??...

From: Bill Sanderson (Bill_Sanderson_at_msn.com.plugh.org)
Date: 09/01/03 

Date: Mon, 1 Sep 2003 13:12:44 -0400

I can't tell at this distance.

It is possible for a trojan (that is, a piece of software which allows an
outside person to control your machine) to be active and for your antivirus
not to detect it.

Antivirus products differ in their ability to detect trojans, but I don't
have a handle on which one is "best."

If a trojan were involved (and as I said, I really can't tell from your
description--it is one possibility--) a good way to limit its effectiveness
would be to have a firewall in place:

http://www.microsoft.com/security/protect/default.asp

A firewall will both prevent outside communication into your PC, and alert
you to attempts of software (including the trojan) on your PC to connect
out.

"Ty" <abc@hotmail.com> wrote in message
news:004101c36f22$2f271ed0$a601280a@phx.gbl...
> yea at some points when i turn on the computer, it would
> prompt those errors like i explained earlier, however i
> would just manually reboot my computer (pushing the tower
> button) untill the computer would actually log onto my
> computer. it was at this point that my norton antivirus
> prompts me (as it loads) that there is possibly someone or
> something trying to disable my antivirus. i would just
> reinstall norton and everything would work fine and the
> full system scan would prove no virus' are on my machine
> with the latest virus definitions. at this point the
> computer works fine, but the problem persists, not all the
> time, but sometimes, when i start up my computer, but
> eventually i'd be able to log onto the desktop. it's kind
> of hard to explain. i'm just worried that someone outside
> could perhaps compromised my computer, even though the
> antivirus proves there are no malicious virus on my
> computer? i really appreciate your time and effort in
> helping me clarify what's going on. thanks!
> >-----Original Message-----
> >I'm a bit lost here. Last I heard, the machine wasn't
> able to boot to XP,
> >and now you can read the event logs fine?
> >
> >I'm going to do a lookup on this one, but off hand this
> message doesn't
> >sound abnormal.
> >
> >The suggestion to do an sfc /scannow may be a good one
> however.
> >
> >Put the XP CD in the CD drive, go to a Command prompt,
> and type:
> >
> >sfc /scannow <enter>
> >(i.e. hit enter!)
> >
> >
> >"Ty" <abc@hotmail.com> wrote in message
> >news:04d601c36e8d$4c722920$a401280a@phx.gbl...
> >> you've been extremely helpful! i did the system event
> log
> >> and found that at the time of the occurence, the error
> was
> >> a WINDOWS FILE PROTECTION error (EventID64008):
> >>
> >> "The protected system file c:\windows\system32\es.dll
> >> could not be verified as valid because Windows File
> >> Protection is terminating. Use the SFC utility to verify
> >> the integrity of the file at a later time."
> >>
> >> could you explain this to me? thanks
> >>
> >> >-----Original Message-----
> >> >This would appear to be a hardware problem.
> >> >
> >> >Open the case and check all the cables, in particular
> the
> >> power and data
> >> >cables (both ends of the data cable!) that connect the
> >> NTFS main drive to
> >> >the motherboard and power supply.
> >> >
> >> >The machine appears not to be seeing the "main" NTFS
> >> drive.
> >> >
> >> >
> >> >"Ty" <abc@hotmail.com> wrote in message
> >> >news:0b7a01c36e39$78cd7d70$a601280a@phx.gbl...
> >> >> ok thanks! so a virus is ruled out. however, it
> >> actually
> >> >> happened again yesterday. i have two hard drives,
> one
> >> >> formatted with the NTSF format (main) and the second
> >> >> formatted with FAT32 (i took it from my old computer
> >> that
> >> >> booted win98). the computer would boot up, but it
> would
> >> >> take me to a C:\ prompt, stating above that it's
> running
> >> >> windows 98. i checked the DIR of the C:\ drive and
> it
> >> >> only listed items from that second FAT32 harddrive,
> as
> >> if
> >> >> my FAT32 harddrive was the main drive with the OS.
> the
> >> day
> >> >> before, i was able to log onto xp fine, and had not
> >> >> changed or unplugged any cables. could this be
> >> associated
> >> >> with the hardware issue you referred to as the main
> >> cause
> >> >> of this problem? thanks greatly!
> >> >>
> >> >> >-----Original Message-----
> >> >> >I'm not worried about viruses, then. The problem
> you
> >> >> describe could
> >> >> >definitely be a hardware issue, or perhaps a
> software
> >> >> conflict of some sort.
> >> >> >
> >> >> >Event log: Right-click My Computer, and choose
> Manage.
> >> >> >Click the Plus in front of Event Viewer, and then
> click
> >> >> on System
> >> >> >
> >> >> >Look through the system events for ones surrounding
> the
> >> >> time that you saw
> >> >> >the blue-screen error.
> >> >> >Look at items with a Red X Error type, or yellow
> >> triangle
> >> >> Warning type.
> >> >> >
> >> >> >I haven't got a crash-type event in my own log to
> look
> >> at-
> >> >> -but you will see
> >> >> >a typical pattern of events at boot time, so maybe
> find
> >> >> the boot after the
> >> >> >crash, and look backwards to see if anything useful
> was
> >> >> recorded.
> >> >> >
> >> >> >Sometimes the driver or system file involved in the
> >> crash
> >> >> will be recorded
> >> >> >in the blue-screen message, which may also make it
> to
> >> the
> >> >> system log
> >> >> >depending on the kind of crash--(i.e. whether the
> >> system
> >> >> was able to do the
> >> >> >recording!)
> >> >> >
> >> >> >"Ty" <abc@hotmail.com> wrote in message
> >> >> >news:0d0501c36cdc$98af8330$a001280a@phx.gbl...
> >> >> >> thanks for the reply. how would i go about
> checking
> >> my
> >> >> >> system event log? and what should i be looking
> for in
> >> >> it?
> >> >> >> i used liveupdate to update the virus definitions
> >> (the
> >> >> >> latest one was 8/20/03) and then scanned my whole
> >> entire
> >> >> >> computer which gave word that there were no
> errors.
> >> >> >>
> >> >> >>
> >> >> >> >-----Original Message-----
> >> >> >> >This isn't typical of Blaster, FWIW.
> >> >> >> >
> >> >> >> >When you get those blue screen errors, it is a
> good
> >> >> idea
> >> >> >> to record at least
> >> >> >> >the first few lines of what's on there.
> >> >> >> >
> >> >> >> >You may find the details in your system event
> log,
> >> >> though.
> >> >> >> >
> >> >> >> >Are your Norton virus signatures up to date?
> >> >> >> >
> >> >> >> >You might want to scan with an alternative online
> >> >> >> scanner, just for a second
> >> >> >> >opinion:
> >> >> >> >
> >> >> >> >http://housecall.antivirus.com
> >> >> >> >
> >> >> >> >"Ty" <abc@hotmail.com> wrote in message
> >> >> >> >news:068c01c36c64$4b3a7ec0$a601280a@phx.gbl...
> >> >> >> >> well, i turned on my computer today (for the
> >> second
> >> >> time
> >> >> >> >> today..the first time everything went fine) and
> >> >> realized
> >> >> >> >> that it is not booting up. i have xp and it
> went
> >> >> >> through
> >> >> >> >> the data check (stage 1, 2, and 3 checks) and
> it
> >> >> finds
> >> >> >> >> numerous errors...it the pops up a blue screen
> >> >> giving me
> >> >> >> >> some error..well, i reboot, and then everything
> >> works
> >> >> >> fine
> >> >> >> >> until it pops up another error: "invalid
> boot.ini
> >> >> file
> >> >> >> >> booting from C:\windows" and it reboots. the
> >> thing
> >> >> is
> >> >> >> it
> >> >> >> >> keeps doing this (rebooting). is this what the
> >> >> blaster
> >> >> >> >> worm virus does? because i wasn't sure. well,
> >> after
> >> >> a
> >> >> >> few
> >> >> >> >> more hours of this, i finally get the computer
> to
> >> log
> >> >> >> onto
> >> >> >> >> my desktop, however my norton antivirus
> prompts me
> >> >> that
> >> >> >> it
> >> >> >> >> is possible that an attacker might be trying to
> >> >> disable
> >> >> >> my
> >> >> >> >> antivirus...so i did what symantec.com said to
> do
> >> and
> >> >> >> >> everytihng is fine..now that norton works fine
> >> (as it
> >> >> >> >> seems), i scanned my whole comp and there were
> no
> >> >> >> viruses.
> >> >> >> >> does this mean that there are no virus? and
> that i
> >> >> >> >> shouldn't worry? any info would be greatly
> >> >> appreciated!!
> >> >> >> >
> >> >> >> >
> >> >> >> >.
> >> >> >> >
> >> >> >
> >> >> >
> >> >> >.
> >> >> >
> >> >
> >> >
> >> >.
> >> >
> >
> >
> >.
> >