Do I have a virus?

  • Thread starter Thread starter Øyvind Granberg
  • Start date Start date
Ã

Øyvind Granberg

Guest
Hi...

There is a virus in my computer. I am convinced about that.
I cannot download anything concerning updates to Ad-Aware or Spybot.
I cannot download anything at all from Microsoft.com like the Outlook
Connector or anything else I've tried.
Neither can I download the afore mentioned files from these sites with FF3,
Google Chrome or Opera 9.26.

When browsing using IE8, I get a message stating that a pop up has been
prenvented. Even on my own web pages where there is no pop up at all.

Something is preventing me from downloading anything that I can use to
remove it!?!?!

I need help...
Running Windows Vista Ultimate with all updates.
AVG 8 Free
Windows Defender
Spybot once a week
UAC disabled
Firewall disabled


Tried Bitdefender's online scanner and even that couldn't update it
definition file.
I have scanned thouroughly twice with AVG 8
So too with Spybot and Windows defender.

What is wrong, and how can I get rid of it?

--

Vennlig hilsen
Øyvind Granberg

tresfjording@live.no
www.tresfjording.com
 
Øyvind Granberg wrote:

> Hi...
>
> There is a virus in my computer. I am convinced about that.
> I cannot download anything concerning updates to Ad-Aware or Spybot.
> I cannot download anything at all from Microsoft.com like the Outlook
> Connector or anything else I've tried.
> Neither can I download the afore mentioned files from these sites with
> FF3, Google Chrome or Opera 9.26.
>
> When browsing using IE8, I get a message stating that a pop up has been
> prenvented. Even on my own web pages where there is no pop up at all.
>
> Something is preventing me from downloading anything that I can use to
> remove it!?!?!
>
> I need help...
> Running Windows Vista Ultimate with all updates.
> AVG 8 Free
> Windows Defender
> Spybot once a week
> UAC disabled
> Firewall disabled
>
>
> Tried Bitdefender's online scanner and even that couldn't update it
> definition file.
> I have scanned thouroughly twice with AVG 8
> So too with Spybot and Windows defender.
>
> What is wrong, and how can I get rid of it?
>

Is Windows Firewall disabled because AVG 8 has a firewall? If not, then you
are most definitely not protected. Also with UAC disabled IE does not run
in protected mode. So you've decided to run your computer at risk.

Your symptoms do sound like the machine is infected, but only a thorough
scanning will tell.

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2....emoving_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://tinyurl.com/yoeru3 - download link and more instructions

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, get guided help. Choose one of the specialty forums
listed at the first link. Register and read its posting FAQ. PLEASE DO NOT
POST LOGS IN THE MS NEWSGROUPS.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ
 
It is something, but it probably is not a *virus*.

"Øyvind Granberg" wrote in message
news:8E324C69-BD20-45A4-96B3-709EB6EF18DF@microsoft.com...
> Hi...
>
> There is a virus in my computer. I am convinced about that.
> I cannot download anything concerning updates to Ad-Aware or Spybot.
> I cannot download anything at all from Microsoft.com like the Outlook
> Connector or anything else I've tried.
> Neither can I download the afore mentioned files from these sites with
> FF3, Google Chrome or Opera 9.26.
>
> When browsing using IE8, I get a message stating that a pop up has been
> prenvented. Even on my own web pages where there is no pop up at all.
>
> Something is preventing me from downloading anything that I can use to
> remove it!?!?!
>
> I need help...
> Running Windows Vista Ultimate with all updates.
> AVG 8 Free
> Windows Defender
> Spybot once a week
> UAC disabled
> Firewall disabled
>
>
> Tried Bitdefender's online scanner and even that couldn't update it
> definition file.
> I have scanned thouroughly twice with AVG 8
> So too with Spybot and Windows defender.
>
> What is wrong, and how can I get rid of it?
>
> --
>
> Vennlig hilsen
> Øyvind Granberg
>
> tresfjording@live.no
> www.tresfjording.com
 
"Øyvind Granberg" wrote in message
news:8E324C69-BD20-45A4-96B3-709EB6EF18DF@microsoft.com...
> Hi...
>
> There is a virus in my computer. I am convinced about that.
> I cannot download anything concerning updates to Ad-Aware or Spybot.
> I cannot download anything at all from Microsoft.com like the Outlook
> Connector or anything else I've tried.
> Neither can I download the afore mentioned files from these sites with
> FF3, Google Chrome or Opera 9.26.
>
> When browsing using IE8, I get a message stating that a pop up has been
> prenvented. Even on my own web pages where there is no pop up at all.
>
> Something is preventing me from downloading anything that I can use to
> remove it!?!?!
>
> I need help...
> Running Windows Vista Ultimate with all updates.
> AVG 8 Free
> Windows Defender
> Spybot once a week
> UAC disabled
> Firewall disabled
>
>
> Tried Bitdefender's online scanner and even that couldn't update it
> definition file.
> I have scanned thouroughly twice with AVG 8
> So too with Spybot and Windows defender.
>
> What is wrong, and how can I get rid of it?
>
> --
>
> Vennlig hilsen
> Øyvind Granberg
>
> tresfjording@live.no
> www.tresfjording.com

The only absolutely guaranteed 100% way of resolving a virus problem is to
format the hard disk and re-install Windows, all your software and your user
files - which you previously copied to, say, another hard drive or memory
stick. Not very practical perhaps but at least it has the redeeming feature
of also clearing out all those bits and pieces of software left behind by an
incomplete uninstall.

The next, nearly 100% guaranteed method is to take out the hard drive and
install it in another computer which has antivirus software installed and
updated immediately before and scan for viruses. Doing this gets around
some scanners being crippled by the infection.

The next, less effective method is to update the virus software and scan for
viruses in 'Safe Mode'.

The least effective method is to update the virus software and scan for
viruses in 'Normal Mode'.

Having said that, the most practical way is to work the above list in
reverse order.

Bill Ridgeway
 
Thank you for your advice Bill!

Let me point out that two years ago I formatted and reinstalled XP on a
laptop.
This did not get rid of the virus causing the reinstallation in the first
place.
I had to disconnect from the net, after I downloaded the latest updates from
AVG and the install the OS and the updated viruskiller.

I have managed to update the definition files of Adaware by downloading them
from download.com
You see, I have trouble downloading from the webpages of Microsoft and
Lavasoft.

Adaware found three threats and removed them, but the problem remains.
I will now try teh same in safe mode....

I'll be back, as a famous european once said.

--

Vennlig hilsen
Øyvind Granberg

tresfjording@live.no
www.tresfjording.com

"Bill Ridgeway" skrev i nyhetsmeldingen:
ulXXQVxQJHA.1144@TK2MSFTNGP05.phx.gbl ...
> "Øyvind Granberg" wrote in message
> news:8E324C69-BD20-45A4-96B3-709EB6EF18DF@microsoft.com...
>> Hi...
>>
>> There is a virus in my computer. I am convinced about that.
>> I cannot download anything concerning updates to Ad-Aware or Spybot.
>> I cannot download anything at all from Microsoft.com like the Outlook
>> Connector or anything else I've tried.
>> Neither can I download the afore mentioned files from these sites with
>> FF3, Google Chrome or Opera 9.26.
>>
>> When browsing using IE8, I get a message stating that a pop up has been
>> prenvented. Even on my own web pages where there is no pop up at all.
>>
>> Something is preventing me from downloading anything that I can use to
>> remove it!?!?!
>>
>> I need help...
>> Running Windows Vista Ultimate with all updates.
>> AVG 8 Free
>> Windows Defender
>> Spybot once a week
>> UAC disabled
>> Firewall disabled
>>
>>
>> Tried Bitdefender's online scanner and even that couldn't update it
>> definition file.
>> I have scanned thouroughly twice with AVG 8
>> So too with Spybot and Windows defender.
>>
>> What is wrong, and how can I get rid of it?
>>
>> --
>>
>> Vennlig hilsen
>> Øyvind Granberg
>>
>> tresfjording@live.no
>> www.tresfjording.com
>
> The only absolutely guaranteed 100% way of resolving a virus problem is to
> format the hard disk and re-install Windows, all your software and your
> user files - which you previously copied to, say, another hard drive or
> memory stick. Not very practical perhaps but at least it has the
> redeeming feature of also clearing out all those bits and pieces of
> software left behind by an incomplete uninstall.
>
> The next, nearly 100% guaranteed method is to take out the hard drive and
> install it in another computer which has antivirus software installed and
> updated immediately before and scan for viruses. Doing this gets around
> some scanners being crippled by the infection.
>
> The next, less effective method is to update the virus software and scan
> for viruses in 'Safe Mode'.
>
> The least effective method is to update the virus software and scan for
> viruses in 'Normal Mode'.
>
> Having said that, the most practical way is to work the above list in
> reverse order.
>
> Bill Ridgeway
>
 
"Bill Ridgeway" wrote in message
news:ulXXQVxQJHA.1144@TK2MSFTNGP05.phx.gbl...
> The only absolutely guaranteed 100% way of resolving a virus problem is to
> format the hard disk and re-install Windows, all your software and your
> user files - which you previously copied to, say, another hard drive or
> memory stick.

This is sometimes the *only* solution, and sometimes no solution
at all. Much depends on exactly what malware is involved. Think
about the fact that you could be reinstalling the malware, or the
vector the malware used to gain access initially, by reinstalling the
OS and backed up user programs and data.

> Not very practical perhaps but at least it has the redeeming feature of
> also clearing out all those bits and pieces of software left behind by an
> incomplete uninstall.

Entirely practical if the malware contains "unknowns" such as a
downloader that may have downloaded another, undetected as
yet, malware program.

> The next, nearly 100% guaranteed method is to take out the hard drive and
> install it in another computer which has antivirus software installed and
> updated immediately before and scan for viruses. Doing this gets around
> some scanners being crippled by the infection.

Not always a good idea.

> The next, less effective method is to update the virus software and scan
> for viruses in 'Safe Mode'.
>
> The least effective method is to update the virus software and scan for
> viruses in 'Normal Mode'.
>
> Having said that, the most practical way is to work the above list in
> reverse order.

Or take it to a professional.

From a post by Kayman in m.p.s. newsgroup

http://www.microsoft.com/emea/spotlight/se...spx?videoid=359
 
"FromTheRafters" wrote in message
news:%23olZ78yQJHA.4776@TK2MSFTNGP05.phx.gbl...
> From a post by Kayman in m.p.s. newsgroup
>
> http://www.microsoft.com/emea/spotlight/se...spx?videoid=359
>

I'd like to watch the video, FTR - but I get this message when I try to
install Silverlight
http://www.microsoft.com/silverlight/resou...px?errorID=1503

Are you (or anyone else here) aware of any other way to access the video -
might it be on YouTube for example? I wouldn't have a clue what to search
for in this instance!

Dave
 
On 11/10/2008 02:31 AM, Øyvind Granberg sent:
> Thank you for your advice Bill!
>
> Let me point out that two years ago I formatted and reinstalled XP on a
> laptop.
>
> This did not get rid of the virus causing the reinstallation in the
> first place.

Hello Øyvind:

By and of itself, this is counter to industry best practices and
conventional wisdom. After a proper reformat, installation from known
good media is the best possible guarantee of a clean system. Surely a
flaw has entered the procedure.

Since the malware in question has yet to be identified, perhaps a new
stance should be considered. The instant an unprotected system is
allowed to "see" the internet, it has become the proverbial "Honey pot".
Ergo, all patches, service packs, updates, upgrades, Ad nauseam, must
introduced in the most protected environment you can provide, before the
system is allowed to see the Internet.

The above must include good security templates, security settings, and
good updated malware protection that has already been vetted. For some,
this is a hardship as few casual users have taken the necessary steps to
create perfect installation sources.

> I had to disconnect from the net, after I downloaded the latest updates
> from AVG and the install the OS and the updated viruskiller.
>
> I have managed to update the definition files of Adaware by downloading
> them from download.com
> You see, I have trouble downloading from the webpages of Microsoft and
> Lavasoft.
>
> Adaware found three threats and removed them, but the problem remains.
> I will now try teh same in safe mode....
>
> I'll be back, as a famous european once said.
>

Everything I've said above is conveyed with great respect. I DO so wish
you well.

--
1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
 
"FromTheRafters" wrote

Is this a 'real' problem? Re-installing from the original source (CD / DVD)
software which, until the malware, worked OK there shouldn't be a
possibility of re-installing malware. However, downloading / installing may
be of a later version and a risk of installing malware. To guard against
this possibility I have a copy of downloaded files which can be used to
re-install later if necessary.

Of course, having installed Windows and a virus checker, updated same and
scanned for any malware which may have crept in the window of vulnerability
whilst updating the computer is then just as vulnerable as before. I have
(and update regularly) a clone of my hard disk drive. If, therefore, the
hard disk drive fails (or is heavily infected) I can swap drives, copy my
user files and update software and I have a working computer in a very short
time subject to scanning for malware.

By the way, use of the phrase 'backed up user programs' is a bit ambiguous.
You cannot (perhaps there are some small exceptions) install from a back-up
which will have installed by the software. You can, however, install
downloaded files (which may be found on a backup). Sorry to be pedantic!

Regards.

Bill Ridgeway

"FromTheRafters" wrote in message
news:%23olZ78yQJHA.4776@TK2MSFTNGP05.phx.gbl...
>
> "Bill Ridgeway" wrote in message
> news:ulXXQVxQJHA.1144@TK2MSFTNGP05.phx.gbl...
>> The only absolutely guaranteed 100% way of resolving a virus problem is
>> to format the hard disk and re-install Windows, all your software and
>> your user files - which you previously copied to, say, another hard drive
>> or memory stick.
>
> This is sometimes the *only* solution, and sometimes no solution
> at all. Much depends on exactly what malware is involved. Think
> about the fact that you could be reinstalling the malware, or the
> vector the malware used to gain access initially, by reinstalling the
> OS and backed up user programs and data.
>
>> Not very practical perhaps but at least it has the redeeming feature of
>> also clearing out all those bits and pieces of software left behind by an
>> incomplete uninstall.
>
> Entirely practical if the malware contains "unknowns" such as a
> downloader that may have downloaded another, undetected as
> yet, malware program.
>
>> The next, nearly 100% guaranteed method is to take out the hard drive and
>> install it in another computer which has antivirus software installed and
>> updated immediately before and scan for viruses. Doing this gets around
>> some scanners being crippled by the infection.
>
> Not always a good idea.
>
>> The next, less effective method is to update the virus software and scan
>> for viruses in 'Safe Mode'.
>>
>> The least effective method is to update the virus software and scan for
>> viruses in 'Normal Mode'.
>>
>> Having said that, the most practical way is to work the above list in
>> reverse order.
>
> Or take it to a professional.
>
> From a post by Kayman in m.p.s. newsgroup
>
> http://www.microsoft.com/emea/spotlight/se...spx?videoid=359
>
 
"Bill Ridgeway" wrote in message
news:%23zT3GC2QJHA.3384@TK2MSFTNGP05.phx.gbl...
> "FromTheRafters" wrote initially, by reinstalling the OS and backed up user programs and data.>>
>
> Is this a 'real' problem? Re-installing from the original source (CD /
> DVD) software which, until the malware, worked OK there shouldn't be a
> possibility of re-installing malware.

True, but the flaw used by the malware to infest the system may very
well be reintroduced. Other flaws, since corrected by patches, might
be reintroduced as well. Flattening and rebuilding XP after certain worm
attacks would result in reinfestation within minutes of reconnecting to the
internet.

> However, downloading / installing may be of a later version and a risk of
> installing malware. To guard against this possibility I have a copy of
> downloaded files which can be used to re-install later if necessary.

Same as the above applies if the replacing involves retrograding the
patch level of the affected software. Plus, for the amount of time the
program was stored in a read/write environment, it could have been
infected. Executing an infected file may reinfest the system.

> Of course, having installed Windows and a virus checker, updated same and
> scanned for any malware which may have crept in the window of
> vulnerability whilst updating the computer is then just as vulnerable as
> before. I have (and update regularly) a clone of my hard disk drive. If,
> therefore, the hard disk drive fails (or is heavily infected) I can swap
> drives, copy my user files and update software and I have a working
> computer in a very short time subject to scanning for malware.

I use a similar method with disk images in files on external drives - plus
the more conventional full and incremental backups.

> By the way, use of the phrase 'backed up user programs' is a bit
> ambiguous.

How so?

> You cannot (perhaps there are some small exceptions) install from a
> back-up which will have installed by the software.

???

> You can, however, install downloaded files (which may be found on a
> backup). Sorry to be pedantic!

A full backup, followed by incremental backups, gives you backed up programs
as well as backed up user data. Such can be reintroduced when restoring from
backup after wiping the disk.

[snip]
 
> Hello 1PW
>
> By and of itself, this is counter to industry best practices and
> conventional wisdom. After a proper reformat, installation from known
> good media is the best possible guarantee of a clean system. Surely a
> flaw has entered the procedure.
Perhaps you are right about that. I am a bit flumsy sometimes. hehe

> Since the malware in question has yet to be identified, perhaps a new
> stance should be considered. The instant an unprotected system is
> allowed to "see" the internet, it has become the proverbial "Honey pot".
> Ergo, all patches, service packs, updates, upgrades, Ad nauseam, must
> introduced in the most protected environment you can provide, before the
> system is allowed to see the Internet.
I hva now doubled my RAM to 4GB and will resurrect my use of a firewall.
The reason I do not use a firewall is because they tend to make problems for
me when relatives are calling upon the family nerd/geek to fix their pc's.
Can I bill Bill for that? Twenty years of local support?

> The above must include good security templates, security settings, and
> good updated malware protection that has already been vetted. For some,
> this is a hardship as few casual users have taken the necessary steps to
> create perfect installation sources.
I use AVG 8, and Windows Defender. Plus I run Spybot and Adaware once a
week.
In addition to that I will now run the os integrated firewall....
There... it's activated!!

How can I identify this virus/malware?

--ØG--
 
>
> Or take it to a professional.
>
> From a post by Kayman in m.p.s. newsgroup

I will NOT! The "professionals" around here is not much of profesionals.
hehe... don't mean to brag!


Vennlig hilsen
Øyvind Granberg

tresfjording@live.no
www.tresfjording.com
 
What about this?
If you reinstall from your original cd things still can get wrong.
Some viruses are writing themselves to the boot sector, I think they are
called MBF-viruses, and to the memory.
If you delete the one on the harddisk, it rewrites it self down on the
harddisk immidiately from a copy in RAM.
Think about it:
A virus is in both the memory and on the harddisk.
You turn off the computer.
During shut down the virus secure a copy of it self on the harddisk.
You put in the original OS cd and boot on that.
The virus is then activated i the same instance the OS is reaching for the
HDD and reproduce it self again into the RAM.
As a result you format the harddisk with the virus active i memory.
After reformatting, and many reboots, forcing the virus to rewrite it self
to memory and HDD many times, you still have an infected computer.
I addition to this I think it don't have to be the virus itself, maybe a
trojan holding the backdoor open to a certain virus.


Am I right?

--

Vennlig hilsen
Øyvind Granberg

tresfjording@live.no
www.tresfjording.com

"Bill Ridgeway" skrev i nyhetsmeldingen:
#zT3GC2QJHA.3384@TK2MSFTNGP05.phx.gbl ...
> "FromTheRafters" wrote initially, by reinstalling the OS and backed up user programs and data.>>
>
> Is this a 'real' problem? Re-installing from the original source (CD /
> DVD) software which, until the malware, worked OK there shouldn't be a
> possibility of re-installing malware. However, downloading / installing
> may be of a later version and a risk of installing malware. To guard
> against this possibility I have a copy of downloaded files which can be
> used to
 
"Øyvind Granberg" wrote in message
news:96EF4CC2-190A-43F8-A87D-C37324F0AABE@microsoft.com...
> What about this?
> If you reinstall from your original cd things still can get wrong.
> Some viruses are writing themselves to the boot sector, I think they are
> called MBF-viruses,

BSI (Boot Sector Infector) viruses are not very common these
days. You are thinking of MBR (Master Boot Record) viruses
which are one type of BSI virus.

There are malware programs that use boot sector code to operate
and increase their "stickiness" (persistence). I am not aware of any
that have used this method to regenerate after reformatting though.

> and to the memory.
> If you delete the one on the harddisk, it rewrites it self down on the
> harddisk immidiately from a copy in RAM.

Yeah, some programs operate as guardian programs for other ones.
Makes removal attempts seem like swatting flies or stomping ants.

> Think about it:
> A virus is in both the memory and on the harddisk.
> You turn off the computer.
> During shut down the virus secure a copy of it self on the harddisk.
> You put in the original OS cd and boot on that.

If the malware relies on HDD boot sector code to activate itself,
then booting from CD will keep it from being active at this point.

> The virus is then activated i the same instance the OS is reaching for the
> HDD and reproduce it self again into the RAM.

Accessing the HDD now is from within the filesystem as the boot
was from the CD there is no other MBR code to be used. The
code can still be reached, but there is no reason for legitimate OS
loading functions from the CD's produced operating environment
to do so.

> As a result you format the harddisk with the virus active i memory.
> After reformatting, and many reboots, forcing the virus to rewrite it self
> to memory and HDD many times, you still have an infected computer.
> I addition to this I think it don't have to be the virus itself, maybe a
> trojan holding the backdoor open to a certain virus.
>
>
> Am I right?

There was a malware program (a virus IIRC) that faked a format when
the user tried to get rid of it that way. I can't remember which one though.

> Vennlig hilsen
> Øyvind Granberg
>
> tresfjording@live.no
> www.tresfjording.com
>
> "Bill Ridgeway" skrev i nyhetsmeldingen:
> #zT3GC2QJHA.3384@TK2MSFTNGP05.phx.gbl ...
>> "FromTheRafters" wrote reinstalling the malware, or the vector the malware used to gain access
>> initially, by reinstalling the OS and backed up user programs and data.>>
>>
>> Is this a 'real' problem? Re-installing from the original source (CD /
>> DVD) software which, until the malware, worked OK there shouldn't be a
>> possibility of re-installing malware. However, downloading / installing
>> may be of a later version and a risk of installing malware. To guard
>> against this possibility I have a copy of downloaded files which can be
>> used to
>
>
 
From: "Øyvind Granberg"

>> Hello 1PW

>> By and of itself, this is counter to industry best practices and
>> conventional wisdom. After a proper reformat, installation from known
>> good media is the best possible guarantee of a clean system. Surely a
>> flaw has entered the procedure.
| Perhaps you are right about that. I am a bit flumsy sometimes. hehe

>> Since the malware in question has yet to be identified, perhaps a new
>> stance should be considered. The instant an unprotected system is
>> allowed to "see" the internet, it has become the proverbial "Honey pot".
>> Ergo, all patches, service packs, updates, upgrades, Ad nauseam, must
>> introduced in the most protected environment you can provide, before the
>> system is allowed to see the Internet.
| I hva now doubled my RAM to 4GB and will resurrect my use of a firewall.
| The reason I do not use a firewall is because they tend to make problems for
| me when relatives are calling upon the family nerd/geek to fix their pc's.
| Can I bill Bill for that? Twenty years of local support?

>> The above must include good security templates, security settings, and
>> good updated malware protection that has already been vetted. For some,
>> this is a hardship as few casual users have taken the necessary steps to
>> create perfect installation sources.
| I use AVG 8, and Windows Defender. Plus I run Spybot and Adaware once a
| week.
| In addition to that I will now run the os integrated firewall....
| There... it's activated!!

| How can I identify this virus/malware?

| --ØG--


I gave you a set of directions to post in an Expert Forum -- Have you ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
"Øyvind Granberg" wrote in message
news:DEE0539B-CF6F-4CEA-9F5D-79A64D2E7B53@microsoft.com...
> >
>> Or take it to a professional.
>>
>> From a post by Kayman in m.p.s. newsgroup
>
> I will NOT! The "professionals" around here is not much of profesionals.
> hehe... don't mean to brag!

ohmy.gif
)

Your choice. If you are the best around - then you are the logical
choice. If I were you, I would follow the advice offered by Malke.

Are you running as admin and with UAC disabled?

Maybe "flatten & rebuild" is the best choice - and learn to live with
UAC and limited user rights.
 
*I* think you ARE right, OG!
smile.gif


Maybe you should ask the experts about this at http://aumha.net/index.php

Dave

--


"Øyvind Granberg" wrote in message
news:96EF4CC2-190A-43F8-A87D-C37324F0AABE@microsoft.com...
> What about this?
> If you reinstall from your original cd things still can get wrong.
> Some viruses are writing themselves to the boot sector, I think they are
> called MBF-viruses, and to the memory.
> If you delete the one on the harddisk, it rewrites it self down on the
> harddisk immidiately from a copy in RAM.
> Think about it:
> A virus is in both the memory and on the harddisk.
> You turn off the computer.
> During shut down the virus secure a copy of it self on the harddisk.
> You put in the original OS cd and boot on that.
> The virus is then activated i the same instance the OS is reaching for the
> HDD and reproduce it self again into the RAM.
> As a result you format the harddisk with the virus active i memory.
> After reformatting, and many reboots, forcing the virus to rewrite it self
> to memory and HDD many times, you still have an infected computer.
> I addition to this I think it don't have to be the virus itself, maybe a
> trojan holding the backdoor open to a certain virus.
>
>
> Am I right?
>
> --
>
> Vennlig hilsen
> Øyvind Granberg
>
> tresfjording@live.no
> www.tresfjording.com
 
On Mon, 10 Nov 2008 22:40:28 +0100, Øyvind Granberg wrote:

>>
>> Or take it to a professional.
>>
>> From a post by Kayman in m.p.s. newsgroup
>
> I will NOT! The "professionals" around here is not much of profesionals.
> hehe... don't mean to brag!
>
Get your facts right! I never posted this comment!
 
On 11/10/2008 01:37 PM, Øyvind Granberg sent:

Snip, snip...

>
> How can I identify this virus/malware?
>
> --ØG--

Hello ØG:

If after two years of using various anti-malware applications something
hasn't been identified, then perhaps you aren't experiencing malware.

Please follow David H. Lipman's post and let us know what you find.

Best wishes to you.

--
1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
 
Yes, I have disabled UAC!
I'm like most people; Don't read what's on screen before clicking yes...
hehe



>
> Are you running as admin and with UAC disabled?
>
> Maybe "flatten & rebuild" is the best choice - and learn to live with
> UAC and limited user rights.
>
 
You must log in or register to reply here.
Back
Top