About three years ago, I neutered a virus infected machine at my wife's office that McAfee couldn't repair. I tracked down the problem to a HOSTS file in c:\Windows\Drivers\etc that contained all known anti-virus applications and pointed each and every one of them to the same infected IP address. My first try was to simply delete HOSTS, but that didn't work as it came right back. Finally I created an empty HOSTS file and then made it read-only. This neutered the infection and they've been running that machine fine ever since. One of these days, I should go back and see if I can find an actual program that was creating the bad HOSTS file . . .
I wonder if that's the same sort of infection that nailed the AVG anti-virus on your user's machine. If you come across an infected Windoze machine, take a moment to check the HOSTS file (if there is one). Wes On Thu, Mar 10, 2011 at 1:29 PM, Luther Woodrum <[email protected]> wrote: > For a long time I have used tar to back up windows XP directories > and restore them from Linux. Until recently, this did not work with > NTFS partitions, but now it does. You can mount them rw in Linux, > and then they are the same as any other partitions. > > When installing ubuntu on a windows vista system on a second disk, > ubuntu asked me if I wanted to mount the ntfs partition rw, so I said yes. > > The reason I was installing ubuntu was because the user had gotten a virus > and it wouldn't start any more. > > Ubuntu imported all of his user files and directories, browser settings, > bookmarks, and all the other stuff, copying them onto the sdecond disk. > > Then finally, it said I had a windows partition already, and did I maybe > want to boot it too? I chose yes. > > Then, running ubuntu, I asked the user when the problem started, and I > looked for files whose dates were around that time. > > I found a bunch of files with AVG and variations in the name with the > offending range of dates. He said he had downloaded AVG a long time ago > for a free antivrus program. > > Well, the virus was so clever it replaced the real AVG files with its > own, so instead of starting the real avg on boot, it started the virus. > > It was a simple matter to locate all files names in the whole windows > system having avg somewhere and delete them all via rm from ubuntu > on the ntfs partition. > > Rebooting windows then came up normally, with no virus. > Of course, avg was gone. > > There seems to be no problem reading and writing files on a windows > filesystem any more. > > Lex > > _______________________________________________ > Mid-Hudson Valley Linux Users Group http://mhvlug.org > http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug > > Upcoming Meetings (6pm - 8pm) MHVLS Auditorium > Apr 6 - Introduction to IPv6 > May 4 - Inkscape > Jun 1 - Zimbra >
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Apr 6 - Introduction to IPv6 May 4 - Inkscape Jun 1 - Zimbra
