Virus infection on a T60 ==> how best to reinstall WindowsXP? Can I safely still use the special Windows installation partition?
in [Windows Viruses]
|
From: "FromTheRafters" erratic on 20 Jan 2010 19:14 "ship" <shiphen(a)gmail.com> wrote in message news:3ee6f41b-a549-4bcf-a8c9-559c2cf79d34(a)a32g2000yqm.googlegroups.com... Sheesh! After wiping and reinstalling from known clean media, I would even give the *room* it is in a good scrubbing with bleach. :o) Use the EISA partition to restore to factory specifications, then get all the updates installed. Scan any backup data and programs for malware before returning them to the freshly rejuvenated system.
From: David H. Lipman on 20 Jan 2010 19:21 From: "ship" <shiphen(a)gmail.com> | Well here is a selection of what was reported - but the came so thick | and fast I didnt take note of them all: | AVAST: Win32::Tibs-AFH [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\U.S. Secretary of State Condoleezza Rice has kicked | German Chancellor Angela Merkel.msg Win32::Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\The Kiss.msg Win32::Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\The Kiss.msg Win32::Tibs-AGA [Wrm] C:\documents and settings\XXXX\local settings | \temp\X1Server\Forever in Love.msg Win32::Tibs-AIE [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\I Would Give you Anything.msg Win32::Tibs-AFH [Trj] | Nuwar.N(a)mm!CME-711 C:\DOCUME~1\ALECST~1\LOCALS~1\Temp\_avast4_ | \unp28372.tmp | Trojan: Win32/Vxidl.gen!B File:C:\DOCUME~1\ALECST~1\LOCALS~1\Temp | \_avast4_\unp69768409.tmp | Trojan: Win32/Vxidl.gen!dam File:C:\DOCUME~1\ALECST~1\LOCALS~1\Temp | \_avast4_\unp142407802.tmp Win32::Small-JBK [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\Sadam Hussein safe and sound!.msg Win32::Tibs-AFA [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\Happy World Religion Day!.msg Win32::Tibs-AFP [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\I Love Thee.msg Win32::Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\The Kiss.msg Win32::Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\Unmatchable Beauty.msg Win32::Tibs-AGA [Wrm] C:\documents and settings\XXXX\local settings | \temp\X1Server\Forever in Love.msg | Backdoor:Win32/Ryknos.BC (Alert level: *Severe") | AVAST: Win32::Small-JBK [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\Sadam Hussein safe and sound!.msg Win32::Tibs-AFA [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\Happy World Religion Day!.msg Win32::Tibs-AFP [Trj] C:\documents and settings\XXXX\local settings | \temp\X1Server\I Love Thee.msg | Backdoor:Win32/Ryknos.BC (Alert level: *Severe") file:C:\Documents and | Settings\XXXX\Local Settings\Temp\ARC70F.tmp | Worm:Win32/Mtob.NP(a)mm (Alert level: *Severe") file:C:\Documents and | Settings\XXXX\Local Settings\Temp\ARC1405.tmp Description: This | program is dangerous and self-propagates over a network connection. | Backdoor:Win32/Ryknos.BC [AGAIN] (Alert level: *Severe") file:C: | \Documents and Settings\XXXX\Local Settings\Temp\ARC1B59.tmp | Worm:Win32/Mtob.NP(a)mm file:C:\Documents and Settings\XXXX\Local | Settings\Temp\ARC285D.tmp | Does that help? | Ship No file infecting viruses nor MBR/Disk Sector Infectors were noted. A simple reformat of the HD and re-install of the OS is all that's needed IFF that's how you want to proceed. Interestingly, NONE in the log excerpts your provided were shown to have malware actually in the OS. All were in the TEMP folder. Also interesting was "Trojan: Win32/Vxidl.gen" and "Nuwar mass mailer" found in... %TEMP%\_avast4_\*.tmp files. Where did you get your copy of Avast ? What are teh .MSG file as in "Sadam Hussein safe and sound!.msg" ? Are they email related ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: ship on 21 Jan 2010 07:11 > Also, he made another post > and I'm pretty sure there was no evidence his OS even had an infection; > that is, his AV program found suspect files in the the temp directory > and unopened e-mail attachments. How can I discover *for sure* whether I have an actual infection or whether the above a just viruses that have been lying dormant (e.g. in emails) and which have never actually been exectuted? Ship (OP)
From: ship on 21 Jan 2010 07:43 From carmel: > It has some information that might prove useful to you. You might be > interested in: DriverMax <http://www.innovative-sol.com/drivermax/> > also. It could save you a lot of time. Prior to running it, do insure > that you have the latest drivers installed. Driver max sounds like it allows you to upload your current drivers onto their website and then download them again into your freshly formatted computer. But surely this is extremely dangerous in my case where I have been infected, because a virus could burn itself into one of my drivers and would then be unwittingly re-installed, no? Ship
From: "FromTheRafters" erratic on 21 Jan 2010 07:48 "ship" <shiphen(a)gmail.com> wrote in message news:f75bd367-13c9-4a0b-8bc3-a07f31d4d3e6(a)14g2000yqp.googlegroups.com... >> Also, he made another post >> and I'm pretty sure there was no evidence his OS even had an >> infection; >> that is, his AV program found suspect files in the the temp directory >> and unopened e-mail attachments. > > How can I discover *for sure* whether I have an actual infection or > whether > the above a just viruses that have been lying dormant (e.g. in emails) > and which have never > actually been exectuted? The fact that they reside in temp files is no guarantee that they don't exist elsewhere as well. You can attempt to fix your computer by using the various antimalware programs available, but if you want to feel confident about the results it is best to restore to factory specifications and rebuild from there. My gut feeling, in view of how many things were reportedly found, is that safe practices were not in place on this computer - all the more reason to flatten and rebuild at this point. The lying thief "The Real Truth MVP" (even its moniker is a lie) may be right about the temp files. If you clear the temp files out, a subsequent scan may come up clean. If you are happy with that as a result, then so be it. Personally, I feel that you should familiarize yourself with the use of the restore partition and getting the updates installed.
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: ATDMT cookie problem solved Next: Internet Security 2010 Virus |