|
|
#1
September 21st, 2003, 06:08 AM
|
|||
|
|||
Unknown Virus
Hi
My computer has a boot virus that is not detected by any virus scanner. My bios virus protection detects a boot virus but can fix it or identify it. It puts different coloured blocks of colour all through parts of the screen during load up, and will randomly shut down, and freeze. It also stuffs up directx games and programs in windows. My other partion of linux gets no effects. I believe this virus travels by disk, because the disk drive lights come on at unusal times. I cant find any unusual files on my harddisk or any odd things in the sis ini and wiin ini files so i cant send nod a sample of the virus. I also I believe i have had this virus for alot longer than it has been doing very noticable things and that it survived a format by placing itself in my graphics card memory,(winfast A380 geforce 4 ti4200 chipset) i tried doing a graphics bios flash and reseting the memory of the card but no such luck, and this virus is really restricting my computer in alot of ways. It sometimes takes up to 20 reboots before i can get it into windows successfully. I would appreciate any help. Thank you. |
|
#2
September 21st, 2003, 06:40 AM
|
||||
|
||||
|
Re:Unknown Virus
Hi Kym,
Try the Blaster removal tool, the things you mentioned are very similair how Blaster is acting. Tool for Blaster: http://securityresponse.symantec.com...r/FixBlast.exe I advice to run the tool from a disk in Dos mode. Let us know how things go. rgds, Martin
__________________
Thanks, Martin My software never has bugs ~ It just develops random features |
|
#3
September 21st, 2003, 06:52 AM
|
||||
|
||||
|
Re:Unknown Virus
We'd like to have a closer look. Please do the following:
Go to http://tomcoyote.org/hjt/ , and download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log somewhere, and please show us its contents. Most of what it lists will be harmless or even required, so do NOT fix anything yet. Someone here will be happy to help you analyze the results.
__________________
Tony < > CLSID List - A Collection of Autostart Locations |
|
#4
September 21st, 2003, 02:33 PM
|
||||
|
||||
|
Re:Unknown Virus
Hi Kym,
In addition to the other points/suggestions made above, I think you should consider the possibility that the BIOS virus protection on the systemboard is preventing your scanner from detecting/diagnosing/cleaning the virus. I have always felt that these Motherboard BIOS Virus protection arrangements were far more trouble than they are worth. I would recommend that you go into the BIOS setup and disable the Virus Protection (don't change anything else!) and save your change and when you boot into Windows give your scanner another chance to deal with it. If you are unsure how to get into the BIOS setup, gracefully shut down your system so it is completely powered off and then when you turn on the power look for some text indicating the keys to press to enter the BIOS (It might be one of the following; F1 or F2 or F10 or a sequence like Alt+A or just about anything else, you need to press that sequence repeatedly before the monitor shows the windows GUI starting to come up
__________________
"Whan alle tresors arn tried, Treuthe is the beste." Piers Plowman (William Langland) |
|
#5
September 22nd, 2003, 06:06 AM
|
||||
|
||||
|
Re:Unknown Virus
Hi Kym,
I agree with Dan, turn off the BIOS virus protection. One of the most common entries into the BIOS is by continually pressing "Delete" on your keyboard while your system boots up. Hope this helps Cheers 
__________________
"Illegitimis non carborundum"
translation: "Don't let the bastards grind you down" U.S. General Joseph W. "Vinegar Joe" Stilwell (1883-1946) Two Photographers |
|
#7
September 24th, 2003, 05:45 AM
|
|||
|
|||
|
Re:Unknown Virus
Hi its me again, i tried the blaster worm fix and it has not found anything, but i will place the hijack log below.
Logfile of HijackThis v1.97.2 Scan saved at 7:44:12 PM, on 24/09/03 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\ptsnoop.exe C:\PROGRAM FILES\DAP\DAP.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWS\SYSTEM\MDM.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PRONGS\DOWNLOAD\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcuser.com.au/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcuser.com.au R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PC User R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.pcuser.com.au/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O4 - HKLM\..\Run: [CountrySelection] pctptt.exe O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O10 - Broken Internet access because of LSP provider 'imon.dll' missing O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.pcuser.com.au O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37870.1031365741 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab Also at the moment i have a bit of a problem with nod32, just a missing dll whic h i can fix, so i will post my nod32 log when i have fixed that. Thanks |
|
#8
September 24th, 2003, 05:50 AM
|
||||
|
||||
|
Re:Unknown Virus
Hi Kym,
Check the item below in HijackThis, close all windows except HijackThis and click Fix checked: O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) Then reboot. At least I got one orphaned registry entry out of your system.  Regards, Pieter
__________________
Regards, Pieter It´s nice to be important, but it´s more important to be nice. It's human to make mistakes. It's even more so to blame the computer for it. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
