is this the most undetectable virus???

Discussion in 'malware problems & news' started by adiel, May 7, 2003.

Thread Status:
Not open for further replies.
  1. adiel

    adiel Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    37
    It is the most strangest variant if it is a virus.
    its a long story,pls read it i REALLY need help,i don't even know wether i'll be able to post it or not.

    well about 3 days ago i tried to extract a program from my cd i burnt a few days ago,this cd had no problems before,but at that time i got "archive corrupted" msg,i was puzzled but i tried another one,same msg,suddenly my whole cd was corrupted.

    i then checked other cd's and found out i could'nt extract/install any program,so my cd's were right,something wrong with computer.

    my first thought...virus.

    now i have never been hit by any big virus,i always thought i had veru tight security settings.
    kaspersky avp
    avast
    avg
    pc-cillin
    f-prot for dos
    tds-3
    ad aware
    spybot
    spyware blaster
    zonealarm

    but none of my antivirus/trojans found anything unusual.

    after hours of scanning and no benefit,i suddenly saw an old copy of mcafee for dos,which was about 6 or 7 months old.

    i booted my pc from this bootable cd and scanned,surprisingly this old dos antivirus found two unknown "Win32 new variant" in 2 of the kazaa files(damn kazaa)

    i deleted these right away,i thought later that i should have kept them so i could send them for testing.but i was confused.

    well every thing went fine for about 2 hours then again same thing started.
    to cut this part short,i formatted my hard drive.

    after that it went fine for 1 day,but today all the hell broke loose,i am getting errors,explorer has done an illegal operation,opera has done an illegal operation,this has done and that has done an illegal operation,blue screen of death,and a strange msg on a black screen sometimes when i restatrt my computer

    windows protection error you need to restart your computer

    press any key to contineou


    or

    windows protection error you need to restart your computer

    due to stack overflow this section is halted

    press any key to contineou

    although nothing happens if i press any key


    so i am lost.

    i did an online scan by mcafee,nothing found.i have searched registry for suspicious entries,checked every possible autostart entry,there is nothing.

    i am seriously thinking that either

    1. a root kit has been installed on my system,thats why no anti virus is detecting it.i don't know much about root kits,but i know a little bit about there functionality thats why i am saying this.whatever is this it invisible.

    2.its not a virus,its something else,some other problem,but i had formatted,then why nowo_O

    can a root kit survive a formato_O

    i have win98,1.2ghz processor,192 mb RAM

    PLS HELP ME.
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    People will always talk about how it is possible for a virus to survive a format, and sure, it is possible - a lot of things are possible, but, it really is highly unlikely.

    A more important point is how exactly did you rebuild Windows. Did you fdisk and format and then load Windows 98 fresh, or did you just have the CD restore the Windows directories? If you did a full, clean format, what did you do about restoring all your programs and personal files? Could you have carried something bad over? What if the malware was on some of your more recent CDs?

    More likely than a virus surviving a format is perhaps some hardware problem, or the initial problem could have been a virus or some form of corruption, and following the reformat, you now might need to update some patches or drivers that were on your system before the format, but are needed again following it. The current behavior problems could be conflicts...

    If your system is unstable now, you should probably start again with a clean format and installation of Windows - then all patches and driver updates, as needed. Then, reinstallation of application software from absolutely clean sources.
     
  3. xor

    xor Guest

    * Always boot with a clean DOS Disk
    * If you use FDisk then use a other size for the first primary partition as before let's says at least 4096 KB ( 4 MB ) more or less.
    Because if you use fdisk with the same parameters it can happen that nothing get's "destroyed".
    * In difficult cases use Binary-Zero-Writer (Direct Disk Access Writer - in Blockmode ) this will erase *really all* from a DOS Bootdisk
    * FDisk /MRB can help (in the most cases) but not for all Viruses.
    * some viruses do alive with a only "Format C:", but they do not have a chance if you repartitionize without accessing the harddisk on boot and format after this.
    * Be careful with Bootvirus Dropper - they can come in a normal exe file
    if you run this file the virus comes back.
     
  4. adiel

    adiel Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    37
    HI..
    all mycd's are clean,i have been using most of them for a long time,about 3 weeks ago i burnt about 8 cd's,which were clean as i never had any problem,then i repartitioned my drive.

    but its really fustrating,i can't find anything to cure this problem.
    i installed everything from clean cd's,but this virus(if its a virus) must have come through kazaa.

    after that i formatted my drive,not fdisk,but just simple format,and a clean windows install from the cd i always use.

    now i don't know what to do. :doubt:
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Well, follow xor's advice on the repartitioning (size change) to ensure you've killed everything, then reinstall, update patches (and drivers if needed), and just put on the most necessary applications and run that way for a few days to see what happens.

    Sometimes less is more, when trying to debug an issue! Especially if it's actually just a conflict that is behind this problem. What if it turns out that it was actually a recent update of one of the AVs that simply caused a conflict?

    If I had to recommend what to install, I'd say just: avp, tds-3, zone alarm, spybot and spywareblaster. Keep it simple. As for non-security software, keep that list down to just what you want/need to use in the next few days. Introduce other apps slowly until you see the problem start - if it comes back.

    There may be other debugging approaches to take, but a "step at a time" has always helped me to identify a problem. Otherwise, I'm not sure what to do. Maybe - take it to a shop for in-depth diagnostics? But, that's money!
     
  6. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi adiel,

    there's another possibility as well to all the above mentioned. Do a low level format with your harddisk. Further information about that you'll find on the homepage of your harddisk producer. Like that, nothing will survive. :D

    I'm not sure, but perhaps you got some sort of virus which attacked your BIOS. Then I could explain me the things which are happening to you... :doubt: But this is just a guess. Perhaps you should install the latest version of your BIOS (if you haven't done so til now) or "rebuild" it as well.

    Best regards,

    Patrice
     
  7. xor

    xor Guest

    Be careful with such hints - some systems using so called "On-Track-Loader" to be able to access a large disk on older systems.
    If you destroy this as a normal home user you will not be able to access this disk again without installing this On-Track-Loader manualy.
     
  8. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi xor,

    yeah, you're definitely right about what you are saying. But if you follow the steps of your harddisk company, you will be on the safe side. I had to do that several times already... But yeah, a harddisk is never 100% sure. There can always happen some strange things on it...

    Best regards,

    Patrice
     
  9. xor

    xor Guest

    a low level format should be really the last way to get rid of such things ;)
    It does of course work ;)
     
  10. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi xor,

    if I read the above mentioned statements I think time has come for the last way. Don't you think like that as well? ;)

    Regards,

    Patrice
     
  11. adiel

    adiel Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    37
    Thanks all of you for the help
    i have formatted my hard drive again,everything is working fine till now.

    i hope it stays this way.
     
  12. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    My first thought: Heat problem.

    That's weird!

    From your description, it *may* be a virus, but the random "stuff" you're getting might also point to hardware failure, as well.

    Check to make sure the heatsink on your cpu is firmly attached and the fan is doing it's thing, because symptoms like you describe are very similar those exhibited by an overheating cpu/chipset/system.

    Good luck!
    ;)
     
  13. adiel

    adiel Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    37
    Hi JimIT...from what you say i think you can be right,i am hearing some strange noises by the fan.

    but i am not so good at hardware problems,can you pls tell me more about what should i do?

    my pc is about 6-7 months old,and hardware failure is a very scary word for me.

    are ther any specific utilities that can assist me??

    Thanks
     
  14. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Hi Adiel,

    Personally, I wouldn't worry about utilities at this point. ;)

    1. Can you tell me what brand CPU you have? (Intel or AMD) If it's an AMD chip in particular, try to limit the time the pc is powered up to avoid damaging the CPU (if that proves to be the problem)
    2. Which fan is making noise? The fan on the CPU, or the fan in your power supply? (couldn't tell from your post)

    Frankly, if your computer is still under warranty, I would suggest contacting the manufacturer/place of purchase to get help diagnosing/fixing the problem. If not, then we can help here, I'm sure--right guys and gals? :)
     
  15. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Right.

    I still follow the first law of Jerry Pournelle (once of Byte magazine): 'First check cables' (yeah, it's in my signature on another forum :) )

    Reading this post, I would also suspect the cdwriter...
     
  16. adiel

    adiel Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    37
    @JimIT

    I have Intel,and the problem fan is the one with power supply.
    Yes i can change this pc,but my problems are getting few,now the only problem i am facing is that sometimes when i install or copy something from the cd,i get a "corrupt archive/installation" message,but after restarting everything works fine.

    the second problem is "gdi.exe",almost all the illegal operations point to something wrong with gdi.exe.

    any idea?
     
  17. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Adiel,

    Strange indeed......you might consider winzip as an indicator for some kind of viruses as CIH....as for all of compressed files....CIH is a very bad going into BIOS....it might not be CIH but the cure is found at grc.com.
    I wish you find out the problem.



    Ari
     
  18. adiel

    adiel Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    37
    Thanks for the tip,i have this tool from grc.com,but never tried it,i will try this one now.
     
  19. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    You do not have a virus or any problem on your system that was a security explotation now or even when you started this thread. so for you there is no most undetectable virus.

    ;)

    Start thinking along these lines and it is too bad you spent all that time to reformat... :(



    It sometimes happens when installing from a CD that one or more files on the CD is corrupted, so will not be installed -- leaving you with broken dependencies.


    All of your problems may be characteristic of a poor medium. I strongly suggest that you consider using a write-once blank instead of an erasable. If you need fixed-length packets, then use a medium which reads reliably.

    Your problems are unlikely to be related to your hardware (except to the extent that it's unhappy with the medium) or to your software.


    The sure but tedious workaround that I often recommend if and when that happens is to go into dselect and deselect the package that failed and everything it depends on, then choose the option "Remove unwanted software" to get them off of the system. Then give it another go-round, watching the display for error messages.
    If you find a corrupted archive message going by at a hundred miles an hour, do the deselect/remove process again.

    I would not use an RW so often because, they're slow, the drivers for packet writing can be unstable (in my experience), CD-RWs can get scratches on them, you can write on them too much (over 1000 times but probably less).

    You also might want to take a look at this link

    http://www.indiana.edu/~elegans/Deconv/CDArchive.html


    Fixed URL by adding tags
     
  20. adiel

    adiel Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    37
    I don't know what it was,a virus,hardware problem or cd problem,but its gone now.

    And i hope it will not come back.that was the strangest problem i ever faced.

    A big thanks to all of you for the help.
     
Loading...
Thread Status:
Not open for further replies.