Trojan? Worm? AVG rescue disk; [newbie questions...]

Discussion in 'malware problems & news' started by SteelyDon, Dec 2, 2004.

Thread Status:
Not open for further replies.
  1. SteelyDon

    SteelyDon Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    81
    Location:
    Southern Ontario
    I read the General Cleaning instructions, and thank you.

    On this computer beside me, I seem to have a bug. It first made some changes to Firefox, then disabled every programme I run, each programme suddenly coming up with a different excuse not to run. (Bad short cut, missing dll, etc. etc..) One thing which WAS allowed to run was my dialler! HAH!! It wants me to connect to the internet, the little swine.

    I shut down, and after booting up again, all productivity programmes work, but when I tried (W9:cool: Scandisk, and Defrag, I got an error message saying that some "utility" had put a lock on the C drive, and that it was not available to be worked on.

    Well, it's there, I don't know why (I'm a clean surfer) and it hasn't reproduced itself into cyberspace yet.

    So, I will follow the cleaning instructions, but I have an AVG7 rescue disk, which I made a few days prior to this happening. *Would the disk be helpful, beyond the general cleaning instructions? *Where would I look to identify the bug, and what would I look for, once I get to Safe Mode or DOS? I figure that if I can identify it, that's half the battle, as I can get a specific removal tool.

    (Do these programmes referred to in General Cleaning fit on a floppy?)

    [I've just downloaded NOD32 on my other machine.]

    Waiting anxiously for the benefit of your collective wisdom,

    Steely Don o_O
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    My pleasure.


    Due to you not knowing how the rescue disk works, I would just boot into Safe Mode and run AVG that way.


    They fit on a CDR or CDRW ;) :D

    If you are comfortable with a screwdriver, you could remove the infected Hard Drive, make sure you mark which way the cable comes off. Unplug your CDROM on your Internet machine that has Nod32 (make sure it is up to date FULLY) and then run a scan on the slaved drive, it will probably come up as D or E Drive. You can also run the majority of tests from General Cleaning at the same time...

    Let us know how you go…

    Cheers :D
     
  3. SteelyDon

    SteelyDon Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    81
    Location:
    Southern Ontario
    Thanks for that.

    As a matter of fact, ironically, I just bought an external drive enclosure (NexStar 2) to make a backup system, and never got it done. I suppose I could pull the infected drive and run it as the external drive off the safe computer, but I would be terrified of infecting THAT one too, in which case you would never hear of me on this forum again, or anywhere else.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    You won't, Nod32 will protect your system and clean the 2nd drive, I'd also run all of the other programs mentioned, just point them to that drive instead of your C Drive.

    Cheers :D
     
  5. SteelyDon

    SteelyDon Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    81
    Location:
    Southern Ontario
    OK, I have an external drive enclosure, I'll put the infected drive into it.
    DO I then have to do the safe mode stuff on the control machine (or whatever you call the active box) or can I leave it in active Windows?
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    No, as Windows is not running on the infected drive while it is slaved, you can run ALL scans with ALL of the software mention in the General Cleaning thread while Windows is running normally on the clean machine.

    Hope this helps...

    Let us know how you go.

    Cheers :D
     
Loading...
Thread Status:
Not open for further replies.