Hi ... Well I had to get my son to come over here and type out what actually
happens with this "virus" because he didn't want to send it to me in an
email. So, here's what he told me.
Hope you can make out what it is that's going on --- and better yet -- what
he might do to fix it.
Worst case -- do you think Dell will take it back so we can start over or is
it likely beyond that point now?
Strange Virus Explained:
What this Virus does
It apparently sets itself up in both windows\system32 and also in
windows\sonfig
Irt uses worpad (I suspect because wordpad can be saved as .XML, and the
"controlers" use Windows Shell and RPC, remote procedure call, as well as
API, wich I'm not sure what that is, but along with a lot of other things,
it changes the registry, sets up user accounts, with high level authority,
it creates virtual UPC buses, virtual wireless adapters, virtual network
adapters, virtual monitors, even virtual processors....and takes control of
your computer, making even the administrator have about as much authority on
his own computer as a low level user would have, makes tons of network
connections using Media Player, and lots of other things, and downloads tons
more things onto your computer, and uploads tons of things to places unknown
too.
It sees when you're trying to disable it for intstance using mmc, an
advanced feature in Windows Fire Wall, which has snap ins to create rules
for incoming and outgoing connections, and it changes whatever rules you
make without changing what the settings are on the console, and then makes
the controls disappear, or not "clickable" meaning it has removed your level
of access even when you sign on as an administrator (which being the sole
user and owner of this computer I'm already an administrator, but due to the
way Windows 7 makes you less than an admnistrator unitl you need to use the
privilege, is the way it works)
It uses BCD alot, I don't know if that's a program it downloaded or if
that's Microsoft's software, but it stands I think for boot control device,
and it alters the boot manager so that evereytime it boots, it gets loaded
first, and also apparently alters the system BIOS to make it so that unless
onboard BIOS legacy is enabled, it can't find the operating system and it
won't boot..which also means that even now that the new Windows installation
and a supposedly "clean" disk I probably STILL have it. I wiped the entire
hard drive using a DOS program called "Kill Disk"..which makes one pass, and
creates zeros on every byte on the partition you select, I did that to every
partition
It had first partition 100Mb, with no label or volume, then one 149Gb, with
a W something 4 character string, then a dash - then 4 more characters (all
numeric if I remember correctly. Then it had another partition, not labeled,
it was something like
200,000 sectors big, but had no data....I'm thinking this is a virtual
partition, and it was super hard to get rid of using DOS, DiskPart....in
fact due to my inexperience using that utility, I didn't remove it until I
let Windows delete a partition upon set up.
I think I'm wrong about some of the things but that's the best of my
recollection right now. I had used a DOS util. called Isasld.....and got a
list of users and permissions assigned for everyone on the computer. But, I
wasn't able to print it because the driver for the printer which I
downloaded was "intercepted" by the virus and changed into something else,
so when the window popped up to change my permissions to administrator,
thinking I was downloading and installing a driver from DELL.....it was
something from HELL instead!
Thanks so much everyone!!
Gail Miller
----- Original Message -----
From: "mike" <[email protected]>
To: <[email protected]>
Sent: Tuesday, December 22, 2009 6:09 PM
Subject: Re: [CGUYS] STRANGE VIRUS? AGAIN
Not sure if Gail got run off or got busy.
But, there are still a few who had questions that may have been lost in
the
maze of the thread that started this..so
What exactly is the computer doing that you think it has a virus? I've
seen
bad hardware behave strangely, this may be the issue this time also.
*************************************************************************
** List info, subscription management, list rules, archives, privacy **
** policy, calmness, a member map, and more at http://www.cguys.org/ **
*************************************************************************
*************************************************************************
** List info, subscription management, list rules, archives, privacy **
** policy, calmness, a member map, and more at http://www.cguys.org/ **
*************************************************************************
