Strange Virus?

Discussion in 'malware problems & news' started by richrf, Oct 5, 2004.

Thread Status:
Not open for further replies.
  1. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi guys,

    I am getting the strangest set of symptoms and I think it may be a virus.

    First, something happened to my system which seemed to infect my system clock. I was able to re-boot but my NAV AV was temporarily shutdown.

    Then I noticed on my first splash screen during bootup, I have a strange Intel splash screen that looks like a overly elongated Intel symbol on the lower left hand corner of the the screen.

    I also have defrag starting up and consuming 98% of resources and unable to complete.

    Where can I start to figure out whether there is a virus. I have NAV, TDS-3. Thanks for any help.

    Rich
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Richrf, can you please follow the steps located here, just use your NAV instead of Nod32 and TDS instead of Ewido.

    Hope this helps...

    Lets us know how you go...

    Cheers :D
     
  3. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Blackspear,

    I went through all the steps ... with one more. I noticed something suspicious when running Process Guard. At startup, a program called symlcsv1.exe was being executed from \document and settings\user name\local\temp\symlcsv1.exe just prior to the core engine of NAV symlcsvc was being executed. When I tried to block symlcsvc through PG, it went into a loop that I couldn't get out of so I gave it one time permission.

    I then checked symlcsvc.exe and saw that it was recently modified on my machine but not on the other machine in my home. I then completely uninstalled NAV, but noticed that there were still remaining folders so I deleted all Symantex folders in Program Files\Common and Program Files\Symantec. With everything clean, I re-installed Norton SystemsWorks. When I rebooted, there was no longer this request for symlcsv1.exe.

    If the core module was replaced somehow, is there a way of preventing this in the future? Thanks for all of your help.

    Rich
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Now that your system is clean take a look here for further discussion on security and how to make your system that much stronger, and here for more discussions.

    As well I would suggest looking at Process Guard 3, I’m about to purchase it myself…


    My pleasure.

    Hope this helps…

    Let us know what security products you end up choosing to protect your system…

    Cheers :D
     
  5. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Blackspear et al,

    I am not sure the system is out of trouble yet. Two anomalies still exist that I am trying to figure out. Any help is very much appreciated.

    1) When I start up my Dell computer, the very first screen has a logo on the bottom right that should read Intel/Pentium 4. However, on my machine the logo is distorted (this is something new) and the lower part of the logo is completed cut off, while the upper part shows this kind of elongated distortion. When the problem first began on my system, there was a "shut-down" followed by some problem which brought me to a message that indicated that there was a problem with the drive that Dell was recovering, followed by a problem with the system time/date. So, something may still be on the system.

    2) The other problem is when the system goes pops into its screen saver mode (something I cannot figure out how to turn off), sometimes the system locks (it happened twice today and several times yesterday) and I cannot bring it back to the logon screen. Yesterday, I know it was happening when Defrag was running and took over the machine. Today, I was not at the machine when it happened both times, so it could be Defrag or it could be something else. I have ProcessGuard running now (it wasn't on the machine yesterday) so it could be ProcessGuard now that is locking up the machine. I am going to try to catch it and see what is going on.

    In the meantime, the distorted logo and the fact that something reset the date/time still causes me some concern.

    Any ideas about how I may attack this problem, would be greatly appreciated. Thanks everyone for all of your help so far. I really appreciate people taking time out from their own lives to help me out.

    Best,
    Rich
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    This sounds more like a Video Card/Driver problem.

    Can you try updating your VC driver.

    Let us know how you go...

    Cheers :D
     
  7. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Richrf,

    I had something kind of similar a while ago with a Gigabyte motherboard. Details are a little fuzzy, and I had tried a lot of things but it had something to do with one of these:

    1. updating the motherboard bios. This also fixed a minor SATA issue I was having.
    2. Updating the video card BIOS.
    3. It also may have been a minor conflict between the way the mobo displays the logo and the video card. I think I disabled, in the mobo BIOS, one of the Gigabyte logos. It took a lot of tinkering and rebooting.

    For me, suspend (sleep mode) has only caused problems since Windows 98. XP has gotten a little better, but I turn it off. Also, the energy star mode (with the screen saver settings) caused problems during video editing.

    Hope that helps.
     
  8. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Devinco and all,

    Thanks for your suggestions. Since there are two isolated abnormalities at this time (the distorted logo and the system hanging when it goes into sleep mode), I am trying to find a very conservative approach that may allow me to track down the root cause of the problem - which may or may not have been caused by a virus.

    Do you know of another forum where BIOS/Hardware guys hangout who may be able to help me construct such a plan? Maybe something similar to Wilders but specializing in OS/Hardware issues. I would like to avoid BIOS and Video upgrades at the moment (unless I have lost something during the initial crash) since everything was working a few days ago. Thanks for any recommendations.

    Rich
     
  9. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    From what was mentioned in your other thread, I would also check the CMOS battery. Especially since the time/date was changed.
    Check if it is seated properly (with the power switch on the power supply turned off!). How old is the computer? I had an older laptop that would "forget" its bios settings and time when it was unplugged and shut off. When the BIOS was reset (caused by the dead CMOS battery) it changed some BIOS settings. This changed setting could possibly cause the stretched logo.
    In the BIOS there are other settings that relate to hibernation/energy star/etc.
    For me, The Definitive Guide to Optimizing the BIOS over at Adrian's Rojak Pot was extremely useful in learning all the different BIOS settings. They have a forum too, although I haven't been there. I'd disable all the BIOS controlled energy star settings as well.

    Here are some other hardware related forums:
    Tomshardware forum
    Hard Forum
    Anandtech Forum
     
    Last edited: Oct 8, 2004
Loading...
Thread Status:
Not open for further replies.