Virus infection on a T60 ==> how best to reinstall WindowsXP? Can I safely still use the special Windows installation partition?
in [Setup and Deployment]
|
Prev: Virus infection on a T60 ==> how best to reinstall WindowsXP? Can I safely still use the special Windows installation partition?
Next: Virus infection on a T60 ==> how best to reinstall WindowsXP?Can I safely still use the special Windows installation partition?
From: David H. Lipman on 20 Jan 2010 15:50 From: "ship" <shiphen(a)gmail.com> < snip > | But as some of you imply, MAYBE there is not need to format the | Windows installation parition. | But just how hard can it be for a virus to write to a hidden | partition? NOT hard I would imagine. | If I was writing a virus that is exactly the sort of thing I would get | it to do to ensure that it | survived a re-formatting of the C: drive... but what do I know? | Ship (OP) There 'ya go again saying "virus" and you still haven't provided that information. So I now repeat... What "viruses" (assuming they were viruses and not plain old trojans) were they ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: ship on 20 Jan 2010 18:47 On Jan 20, 8:50 pm, "David H. Lipman" <DLipman~nosp...(a)Verizon.Net> wrote: > From: "ship" <ship...(a)gmail.com> > > < snip > > > | But as some of you imply, MAYBE there is not need to format the > | Windows installation parition. > | But just how hard can it be for a virus to write to a hidden > | partition? NOT hard I would imagine. > | If I was writing a virus that is exactly the sort of thing I would get > | it to do to ensure that it > | survived a re-formatting of the C: drive... but what do I know? > > | Ship (OP) > > There 'ya go again saying "virus" and you still haven't provided that information. > > So I now repeat... > What "viruses" (assuming they were viruses and not plain old trojans) were they ? > > -- > Davehttp://www.claymania.com/removal-trojan-adware.html > Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp Well here is a selection of what was reported - but the came so thick and fast I didnt take note of them all: AVAST: Win32:Tibs-AFH [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel.msg Win32:Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\The Kiss.msg Win32:Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\The Kiss.msg Win32:Tibs-AGA [Wrm] C:\documents and settings\XXXX\local settings \temp\X1Server\Forever in Love.msg Win32:Tibs-AIE [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\I Would Give you Anything.msg Win32:Tibs-AFH [Trj] MSE: Nuwar.N(a)mm!CME-711 C:\DOCUME~1\ALECST~1\LOCALS~1\Temp\_avast4_ \unp28372.tmp Trojan: Win32/Vxidl.gen!B File:C:\DOCUME~1\ALECST~1\LOCALS~1\Temp \_avast4_\unp69768409.tmp Trojan: Win32/Vxidl.gen!dam File:C:\DOCUME~1\ALECST~1\LOCALS~1\Temp \_avast4_\unp142407802.tmp Win32:Small-JBK [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\Sadam Hussein safe and sound!.msg Win32:Tibs-AFA [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\Happy World Religion Day!.msg Win32:Tibs-AFP [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\I Love Thee.msg Win32:Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\The Kiss.msg Win32:Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\Unmatchable Beauty.msg Win32:Tibs-AGA [Wrm] C:\documents and settings\XXXX\local settings \temp\X1Server\Forever in Love.msg MSE: Backdoor:Win32/Ryknos.BC (Alert level: *Severe") AVAST: Win32:Small-JBK [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\Sadam Hussein safe and sound!.msg Win32:Tibs-AFA [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\Happy World Religion Day!.msg Win32:Tibs-AFP [Trj] C:\documents and settings\XXXX\local settings \temp\X1Server\I Love Thee.msg MSE: Backdoor:Win32/Ryknos.BC (Alert level: *Severe") file:C:\Documents and Settings\XXXX\Local Settings\Temp\ARC70F.tmp Worm:Win32/Mtob.NP(a)mm (Alert level: *Severe") file:C:\Documents and Settings\XXXX\Local Settings\Temp\ARC1405.tmp Description: This program is dangerous and self-propagates over a network connection. Backdoor:Win32/Ryknos.BC [AGAIN] (Alert level: *Severe") file:C: \Documents and Settings\XXXX\Local Settings\Temp\ARC1B59.tmp Worm:Win32/Mtob.NP(a)mm file:C:\Documents and Settings\XXXX\Local Settings\Temp\ARC285D.tmp Does that help? Ship
From: "FromTheRafters" erratic on 20 Jan 2010 19:14 "ship" <shiphen(a)gmail.com> wrote in message news:3ee6f41b-a549-4bcf-a8c9-559c2cf79d34(a)a32g2000yqm.googlegroups.com... Sheesh! After wiping and reinstalling from known clean media, I would even give the *room* it is in a good scrubbing with bleach. :o) Use the EISA partition to restore to factory specifications, then get all the updates installed. Scan any backup data and programs for malware before returning them to the freshly rejuvenated system.
From: David H. Lipman on 20 Jan 2010 19:21 From: "ship" <shiphen(a)gmail.com> | Well here is a selection of what was reported - but the came so thick | and fast I didnt take note of them all: | AVAST: Win32::Tibs-AFH [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\U.S. Secretary of State Condoleezza Rice has kicked | German Chancellor Angela Merkel.msg Win32::Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\The Kiss.msg Win32::Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\The Kiss.msg Win32::Tibs-AGA [Wrm] C:\documents and settings\XXXX\local settings | \temp\X1Server\Forever in Love.msg Win32::Tibs-AIE [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\I Would Give you Anything.msg Win32::Tibs-AFH [Trj] | Nuwar.N(a)mm!CME-711 C:\DOCUME~1\ALECST~1\LOCALS~1\Temp\_avast4_ | \unp28372.tmp | Trojan: Win32/Vxidl.gen!B File:C:\DOCUME~1\ALECST~1\LOCALS~1\Temp | \_avast4_\unp69768409.tmp | Trojan: Win32/Vxidl.gen!dam File:C:\DOCUME~1\ALECST~1\LOCALS~1\Temp | \_avast4_\unp142407802.tmp Win32::Small-JBK [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\Sadam Hussein safe and sound!.msg Win32::Tibs-AFA [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\Happy World Religion Day!.msg Win32::Tibs-AFP [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\I Love Thee.msg Win32::Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\The Kiss.msg Win32::Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\Unmatchable Beauty.msg Win32::Tibs-AGA [Wrm] C:\documents and settings\XXXX\local settings | \temp\X1Server\Forever in Love.msg | Backdoor:Win32/Ryknos.BC (Alert level: *Severe") | AVAST: Win32::Small-JBK [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\Sadam Hussein safe and sound!.msg Win32::Tibs-AFA [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\Happy World Religion Day!.msg Win32::Tibs-AFP [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\I Love Thee.msg | Backdoor:Win32/Ryknos.BC (Alert level: *Severe") file:C:\Documents and | Settings\XXXX\Local Settings\Temp\ARC70F.tmp | Worm:Win32/Mtob.NP(a)mm (Alert level: *Severe") file:C:\Documents and | Settings\XXXX\Local Settings\Temp\ARC1405.tmp Description: This | program is dangerous and self-propagates over a network connection. | Backdoor:Win32/Ryknos.BC [AGAIN] (Alert level: *Severe") file:C: | \Documents and Settings\XXXX\Local Settings\Temp\ARC1B59.tmp | Worm:Win32/Mtob.NP(a)mm file:C:\Documents and Settings\XXXX\Local | Settings\Temp\ARC285D.tmp | Does that help? | Ship No file infecting viruses nor MBR/Disk Sector Infectors were noted. A simple reformat of the HD and re-install of the OS is all that's needed IFF that's how you want to proceed. Interestingly, NONE in the log excerpts your provided were shown to have malware actually in the OS. All were in the TEMP folder. Also interesting was "Trojan: Win32/Vxidl.gen" and "Nuwar mass mailer" found in... %TEMP%\_avast4_\*.tmp files. Where did you get your copy of Avast ? What are teh .MSG file as in "Sadam Hussein safe and sound!.msg" ? Are they email related ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: ship on 21 Jan 2010 07:11 > Also, he made another post > and I'm pretty sure there was no evidence his OS even had an infection; > that is, his AV program found suspect files in the the temp directory > and unopened e-mail attachments. How can I discover *for sure* whether I have an actual infection or whether the above a just viruses that have been lying dormant (e.g. in emails) and which have never actually been exectuted? Ship (OP)
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: Virus infection on a T60 ==> how best to reinstall WindowsXP? Can I safely still use the special Windows installation partition? Next: Virus infection on a T60 ==> how best to reinstall WindowsXP?Can I safely still use the special Windows installation partition? |