Re: [CGUYS] STRANGE VIRUS? AGAIN ... and again
HI again ... My son is STILL trying to reformat his HDD and delete the partitions. Can you explain how to do that? How to delete the partitions that is. He's running Windows 7. Would the Ultimate Boot Disk be a good thing or even more confusing for him now? As usual... Many thanks in advance! Gail Miller - Original Message - From: Rev. Stewart Marshall popoz...@earthlink.net To: COMPUTERGUYS-L@LISTSERV.AOL.COM Sent: Thursday, December 24, 2009 11:42 PM Subject: Re: [CGUYS] STRANGE VIRUS? AGAIN That is the one I was looking for thank you Tom. (I could not remember the name of it.) The ultimate Boot disk is FREE for download. It includes all the wonderful utilities I was talking about. Download it and use it. Stewart At 07:25 PM 12/24/2009, you wrote: Yes it would. Scroll back on this thread to where I posted about the Ultimate Boot Disk. I has lots of malware fighting tools including a DOS command line. Or you can keep pissing and moaning with the it can't be done crowd. Rev. Stewart A. Marshall mailto:popoz...@earthlink.net Prince of Peace www.princeofpeaceozark.org Ozark, AL SL 82 * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN ... and again
He must use it and run Fdisk to see and then remove the partitions. Stewart At 02:41 PM 12/27/2009, you wrote: HI again ... My son is STILL trying to reformat his HDD and delete the partitions. Can you explain how to do that? How to delete the partitions that is. He's running Windows 7. Would the Ultimate Boot Disk be a good thing or even more confusing for him now? As usual... Many thanks in advance! Gail Miller - Original Message - From: Rev. Stewart Marshall popoz...@earthlink.net To: COMPUTERGUYS-L@LISTSERV.AOL.COM Sent: Thursday, December 24, 2009 11:42 PM Subject: Re: [CGUYS] STRANGE VIRUS? AGAIN That is the one I was looking for thank you Tom. (I could not remember the name of it.) The ultimate Boot disk is FREE for download. It includes all the wonderful utilities I was talking about. Download it and use it. Stewart At 07:25 PM 12/24/2009, you wrote: Yes it would. Scroll back on this thread to where I posted about the Ultimate Boot Disk. I has lots of malware fighting tools including a DOS command line. Or you can keep pissing and moaning with the it can't be done crowd. Rev. Stewart A. Marshall mailto:popoz...@earthlink.net Prince of Peace www.princeofpeaceozark.org Ozark, AL SL 82 * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN ... and again
Gail, It will be a little faster for you to google the answers to some of the tech questions like how to delete partitions with Windows 7 http://www.google.com/#hl=ensource=hpq=how+to+delete+partitions+with+Windows+7aq=faqi=oq=fp=e8aec8f715611eed and use us for the bigger picture stuff. I myself ... like a few others... would not be limiting the fix to delete partitions, reformat and reinstall.No way Jose! As some of us said... if you do just that and do have a boot sector (pretty common) or BIOS virus (less common) ... you will have completely wasted all of your labor ... because the virus/ trojan whatever will just re-infect your OS in no time flat. And if these procedures are too much for you to execute you might be better off spending $100 or whatever to have a computer repair shop do the comprehensive fix. Or as someone else said... send the computer back while you still can and start over... db Gail Miller wrote: HI again ... My son is STILL trying to reformat his HDD and delete the partitions. Can you explain how to do that? How to delete the partitions that is. He's running Windows 7. Would the Ultimate Boot Disk be a good thing or even more confusing for him now? As usual... Many thanks in advance! Gail Miller - Original Message - From: Rev. Stewart Marshall popoz...@earthlink.net To: COMPUTERGUYS-L@LISTSERV.AOL.COM Sent: Thursday, December 24, 2009 11:42 PM Subject: Re: [CGUYS] STRANGE VIRUS? AGAIN That is the one I was looking for thank you Tom. (I could not remember the name of it.) The ultimate Boot disk is FREE for download. It includes all the wonderful utilities I was talking about. Download it and use it. Stewart At 07:25 PM 12/24/2009, you wrote: Yes it would. Scroll back on this thread to where I posted about the Ultimate Boot Disk. I has lots of malware fighting tools including a DOS command line. Or you can keep pissing and moaning with the it can't be done crowd. Rev. Stewart A. Marshall mailto:popoz...@earthlink.net Prince of Peace www.princeofpeaceozark.org Ozark, AL SL 82 * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN ... and again
Yes, but you and a few others that think boot sector viruses are common are either deluded or just ignorant. Did you even bother to try to find a common Windows 7 boot sector virus before you posted this statement? The shame is that with so much noise in the thread she got totally swamped and missed the few actual helpful answers. I myself ... like a few others... would not be limiting the fix to delete partitions, reformat and reinstall. No way Jose! As some of us said... if you do just that and do have a boot sector (pretty common) * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN ... and again
He should be able to do that while re-installing Windows, although I haven't installed Win7 yet. When you boot from the installation CD, read the prompts/instructions carefully. They should give you an option to remove the existing partitions, one or all. Fred Holmes At 03:41 PM 12/27/2009, Gail Miller wrote: HI again ... My son is STILL trying to reformat his HDD and delete the partitions. Can you explain how to do that? How to delete the partitions that is. He's running Windows 7. Would the Ultimate Boot Disk be a good thing or even more confusing for him now? As usual... Many thanks in advance! Gail Miller - Original Message - From: Rev. Stewart Marshall popoz...@earthlink.net To: COMPUTERGUYS-L@LISTSERV.AOL.COM Sent: Thursday, December 24, 2009 11:42 PM Subject: Re: [CGUYS] STRANGE VIRUS? AGAIN That is the one I was looking for thank you Tom. (I could not remember the name of it.) The ultimate Boot disk is FREE for download. It includes all the wonderful utilities I was talking about. Download it and use it. Stewart At 07:25 PM 12/24/2009, you wrote: Yes it would. Scroll back on this thread to where I posted about the Ultimate Boot Disk. I has lots of malware fighting tools including a DOS command line. Or you can keep pissing and moaning with the it can't be done crowd. Rev. Stewart A. Marshall mailto:popoz...@earthlink.net Prince of Peace www.princeofpeaceozark.org Ozark, AL SL 82 * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN ... and again
On Dec 27, 2009, at 3:41 PM, Gail Miller wrote: My son is STILL trying to reformat his HDD and delete the partitions. Can you explain how to do that? How to delete the partitions that is. He's running Windows 7. Would the Ultimate Boot Disk be a good thing or even more confusing for him now? As usual... Many thanks in advance! Booting from the W7 disc should be sufficient, but I can't say for sure as I have only done that with XP. With XP, after booting from the disc you will have an option to erase the hard disk. If you see more than one partition, be sure to zap them all. Then create one new partition and put the OS on that. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
I think the old BIOS is deleted from memory before the new one installs. db katan wrote: On Fri, 25 Dec 2009 01:38:36 -0800, db wrote: If you disconnect the hard drive while you do that it has no place to hide... Except in the BIOS. WHat I'm wondering is, if a BIOS virus can intercept a BIOS update and re-infect the BIOS being updated. I don't know, it seems like maybe it would require more code than would fit in the BIOS (then again, I'm not a programmer, so I don't know). -- R:\katan - SOYLENT GREEN IS PEOPLE!!! * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
One talks of formatting, but one needs to remove all of the partitions as well, so that the disk is clean. Then it would be a good idea to wipe the disk if you have such a utility -- boot from floppy or CD, plugged into a USB port. Make sure the disk is really like-new. If the manufacturer was a good guy, then there should be an installation disc from which a clean install can be made, and it's an OS installer that installs only the OS, and not any junkware that is usually in a manufacturer's as-shipped OS installation. It's quite possible that the installed OS and even the restore partition are infected. They even come that way occasionally. I don't know about the newer Windows OS's, but with the older ones, it's a good idea to do the entire installation disconnected from the Internet, and then first install the Zone Alarm Free firewall (downloaded on another machine and the installer put on a thumb drive), and set it to Ask on everything. as the machine is being set up. Fred Holmes At 12:37 PM 12/23/2009, Tony B wrote: There's no need to send it back; it's not a hardware problem. Now I forget - has he tried formatting the disk and reinstalling the OS? What disks, if any, did he get with the machine (or make himself)? * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
At 11:50 AM 12/24/2009, Reid Katan wrote: Absolutely. What I don't understand is, if you're trying to infect as many computers as possible, why would you write a virus that so screws up a computer that the victim is *sure* to take action. . .and quickly, as in the case of Gail and her son. I'd think you'd want to be more subtle. Coder doesn't know what he is doing? Coder is testing code? If the user leaves his machine turned on, then the bad guy has a high-efficiency spam producer for the duration? * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
At 10:17 PM 12/24/2009, Tony B wrote: Spoken like someone that has never heard of Windows XP, or all subsequent versions of Windows. Do you still have a floppy drive in your computer? :) No but I do have an external USB-attached floppy drive, which works as well as a motherboard-attached one, on modern (last few years) computers. It allows the use of writable media for various utilities that run on the separate OS of the bootable media (bootable floppy disk). And a lot of my legacy utilities are still useful. CMOSSAVE is one of them, although I haven't had CMOS information blown away by some program installation recently. Still, CMOS can still potentially be corrupted. Can one today make a writable utility boot CD, that loads it's own OS and write program? So that one can really move everything to CD discs? What is the program for it? I want writable media so I can easily add additional utilities, and update virus definitions. Thumb drives seem to be doing it, but not all emergency utility discs seem to be able to make a bootable thumb drive. It's getting there. Most machines still seem to reliably boot from the external USB-attached floppy drive without doing anything (e.g., remembering the keystroke to bring up the boot menu, or going into CMOS to change the boot device ordering). Not so simple with thumb drives in my experience. What is the best generic recovery utility boot device and program these days?? Mine, at the moment, in addition to CMOSSAVE, is a floppy boot disc that will reload a saved disc (partition) image from backup. First thing you do with a new computer is to make a partition image of the as-installed system. Then, immediately, one of the junkware-removed system. Then, immediately, one with all of the basic essential software (that wasn't bundled) installed. Fred Holmes * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
I haven't done a BIOS flash update in a long time, but it used to be that one booted to a boot floppy (some version of DOS or similar OS), and executed a utility on the floppy that wrote the revised code to the BIOS. Presumably today, one downloads a Windows Program that creates/makes a CD disc, instead of a floppy disk, that does the same thing??? The belt and suspenders folks should download this BIOS flash program and data for their current BIOS version, and have it at the ready, if one is afraid of BIOS corruption by a virus. Fred Holmes At 10:39 PM 12/25/2009, katan wrote: Except in the BIOS. WHat I'm wondering is, if a BIOS virus can intercept a BIOS update and re-infect the BIOS being updated. I don't know, it seems like maybe it would require more code than would fit in the BIOS (then again, I'm not a programmer, so I don't know). -- R:\katan * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
On Dec 25, 2009, at 10:39 PM, katan wrote: Except in the BIOS. WHat I'm wondering is, if a BIOS virus can intercept a BIOS update and re-infect the BIOS being updated. Here's a scary story from Tom's Hardware... http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.html In many worst case scenarios, a hard drive wipe is the final solution to ridding a system of an infection. But the absolute worst case scenario is if a virus attacks the BIOS, making detection and cleaning an incredible challenge. Anibal L. Sacco and Alfredo A. Ortego of Core Security Technologies released a presentation detailing the exploit of this “persistent BIOS infection.” Through the use of a 100-line piece of code written in Python, a rootkit could be flashed into the BIOS and be run completely independent of the operating system. Flashing a system’s BIOS requires administrative control, but that could first be obtained through a more ‘innocent’ virus that could reside on the hard disk drive. You would need to reflash the Bios with a system that you know has not been tampered with, he said. But if the rootkit is sophisticated enough it may be necessary to physically remove and replace the Bios chip. There is defense against such an attack, however, as the researchers say that a password or physical lock against BIOS flashes could block the install of the rootkit. If I may. let me point out that to flash the BIOS on a Mac you have to shutdown the computer, then start it up by holding down the start button for several seconds until you hear a tone. I'm surprised that PCs will let any random program flash their BIOS. On second thought, I'm not surprised at all. So typical. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
Actually, if we ignore the old time BIOS viruses that were targeted to specific hardware, the modern (but still only theoretical I think) BIOS virus will likely simply render the machine *dead*. Replacing the BIOS chip would bring it back to life, but realistically nobody would go to all that trouble and instead would simply declare the motherboard dead and replace it. It has been shown in theory that someone could put working code into a BIOS. But AFAIK this has never been done in the wild. Send linkage if you know otherwise. On Sat, Dec 26, 2009 at 9:37 AM, Fred Holmes f...@his.com wrote: I haven't done a BIOS flash update in a long time, but it used to be that one booted to a boot floppy (some version of DOS or similar OS), and executed a utility on the floppy that wrote the revised code to the BIOS. Presumably today, one downloads a Windows Program that creates/makes a CD disc, instead of a floppy disk, that does the same thing??? The belt and suspenders folks should download this BIOS flash program and data for their current BIOS version, and have it at the ready, if one is afraid of BIOS corruption by a virus. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
Huh? So a mac-based Windows machine has this lock? That's nice. Many other companies have various schemes to prevent BIOS flashing as well. I'm sure if this ever becomes a real problem many more will join in. On Sat, Dec 26, 2009 at 12:52 PM, tjpa t...@tjpa.com wrote: If I may. let me point out that to flash the BIOS on a Mac you have to shutdown the computer, then start it up by holding down the start button for several seconds until you hear a tone. I'm surprised that PCs will let any random program flash their BIOS. On second thought, I'm not surprised at all. So typical. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
I had a couple PC motherboards that could do this, they had a secondary ROM chip I believe...you could flash the BIOS from these back to default. On Sat, Dec 26, 2009 at 10:52 AM, tjpa t...@tjpa.com wrote: If I may. let me point out that to flash the BIOS on a Mac you have to shutdown the computer, then start it up by holding down the start button for several seconds until you hear a tone. I'm surprised that PCs will let any random program flash their BIOS. On second thought, I'm not surprised at all. So typical. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
In point of fact, I don't think Apple systems have BIOS any longer, they switched to EFI when they went to intel. On Sat, Dec 26, 2009 at 10:52 AM, tjpa t...@tjpa.com wrote: If I may. let me point out that to flash the BIOS on a Mac you have to shutdown the computer, then start it up by holding down the start button for several seconds until you hear a tone. I'm surprised that PCs will let any random program flash their BIOS. On second thought, I'm not surprised at all. So typical. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
On Dec 26, 2009, at 1:39 PM, mike wrote: In point of fact, I don't think Apple systems have BIOS any longer, they switched to EFI when they went to intel. A BIOS by any other name... And W7 eliminated the BSOD (by eliminating the blue background). Ah progress! * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
Not really, but whatever. On Sat, Dec 26, 2009 at 12:26 PM, tjpa t...@tjpa.com wrote: On Dec 26, 2009, at 1:39 PM, mike wrote: In point of fact, I don't think Apple systems have BIOS any longer, they switched to EFI when they went to intel. A BIOS by any other name... * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
The EFI physically resides in a ROM (chip) on the motherboard. If the chip is flashable (writable), then it's vulnerable, n'est ce pas? And EFI extensions are written to the hard/boot drive? So that's vulnerable also. Fred Holmes At 02:54 PM 12/26/2009, mike wrote: Not really, but whatever. On Sat, Dec 26, 2009 at 12:26 PM, tjpa t...@tjpa.com wrote: On Dec 26, 2009, at 1:39 PM, mike wrote: In point of fact, I don't think Apple systems have BIOS any longer, they switched to EFI when they went to intel. A BIOS by any other name... * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
If you disconnect the hard drive while you do that it has no place to hide... db Reid Katan wrote: Quoting Stewart Marshall revsamarsh...@earthlink.net: For BIOS virus download from Dell their updated BIOS and load it. Have fun. I'm guessing if you've got a BIOS virus, you can still get enough control to boot off a CD, but if the virus is *already* in control, couldn't it just take over the BIOS update process and re-infect? My P-III has a setting in the BIOS to turn on BIOS virus protection. Essentially a warning that something is trying to write to the BIOS (or was that the CMOS?). * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
Quoting Stewart Marshall revsamarsh...@earthlink.net: For BIOS virus download from Dell their updated BIOS and load it. Have fun. I'm guessing if you've got a BIOS virus, you can still get enough control to boot off a CD, but if the virus is *already* in control, couldn't it just take over the BIOS update process and re-infect? My P-III has a setting in the BIOS to turn on BIOS virus protection. Essentially a warning that something is trying to write to the BIOS (or was that the CMOS?). * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
If you have a BIOS infection you have really messed up. However these Partition malware's are quite easy. You download it, usually it is an EXE file, you run it. Nothing happens computer will probably lock up, you reboot to start a fresh and viola, the system starts to make its own partition and infect whatever. (It usually will pop up, doing the windows chkdsk routine checking the integrity of your disk, which is of course a cover for it writing itself a partition.) You must boot to a outside source to gain control of the HD back as it will never show itself unless you do this. What some people do for fun huh? Stewart At 07:43 AM 12/24/2009, you wrote: I'm guessing if you've got a BIOS virus, you can still get enough control to boot off a CD, but if the virus is *already* in control, couldn't it just take over the BIOS update process and re-infect? My P-III has a setting in the BIOS to turn on BIOS virus protection. Essentially a warning that something is trying to write to the BIOS (or was that the CMOS?). Rev. Stewart A. Marshall mailto:popoz...@earthlink.net Prince of Peace www.princeofpeaceozark.org Ozark, AL SL 82 * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
Quoting Rev. Stewart Marshall popoz...@earthlink.net: You must boot to a outside source to gain control of the HD back as it will never show itself unless you do this. What some people do for fun huh? Absolutely. What I don't understand is, if you're trying to infect as many computers as possible, why would you write a virus that so screws up a computer that the victim is *sure* to take action. . .and quickly, as in the case of Gail and her son. I'd think you'd want to be more subtle. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
Reid these are designed to be destructive, not money making. They are made to do as much damage and as much inconvenience as possible. They are done for fun. This is what is so frustrating about them. The ones to make money seem to be much easier to take care of and fix. Such is the humor of some folks who just want to have fun. Stewart At 10:50 AM 12/24/2009, you wrote: Absolutely. What I don't understand is, if you're trying to infect as many computers as possible, why would you write a virus that so screws up a computer that the victim is *sure* to take action. . .and quickly, as in the case of Gail and her son. I'd think you'd want to be more subtle. Rev. Stewart A. Marshall mailto:popoz...@earthlink.net Prince of Peace www.princeofpeaceozark.org Ozark, AL SL 82 * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
Quoting Rev. Stewart Marshall popoz...@earthlink.net: Reid these are designed to be destructive, not money making. They are made to do as much damage and as much inconvenience as possible. They are done for fun. I know, but you'd think they write the virus to hang out and spread itself for a while before killing its host. The ones to make money seem to be much easier to take care of and fix. Ironical. Isn't it. Those are the ones you'd think would want to hide in all the good hiding places. Such is the humor of some folks who just want to have fun. Maybe they could get into the artificial intelligence field. (-: * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
On Dec 23, 2009, at 12:46 PM, Stewart Marshall wrote: The old utility Fdisk would really come in handy here. He has to wipe out all partitions, seen and unseen (that is why Fdisk) to get rid of this monster. Yes it would. Scroll back on this thread to where I posted about the Ultimate Boot Disk. I has lots of malware fighting tools including a DOS command line. Or you can keep pissing and moaning with the it can't be done crowd. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
Fdisk was rendered unneeded long ago. Since WinXP (or maybe Win2k?) the Windows install routine allows you to do all the partitioning you want. Without floppies or a floppy drive. A bit cumbersome, but it does the job. Gail, I hope you're ignoring 90% of what you're reading here. They're agonizing over old and nonexistant problems. Just reinstall the OS, doing a full format if it makes you feel better. On Thu, Dec 24, 2009 at 8:25 PM, t.piwowar t...@tjpa.com wrote: On Dec 23, 2009, at 12:46 PM, Stewart Marshall wrote: The old utility Fdisk would really come in handy here. He has to wipe out all partitions, seen and unseen (that is why Fdisk) to get rid of this monster. Yes it would. Scroll back on this thread to where I posted about the Ultimate Boot Disk. I has lots of malware fighting tools including a DOS command line. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
I beg to differ, fdisk /mbr is still used all the time to fix the Master Boot Record. I agree when it comes to doing disk partitioning - few would rely on fdisk for that any more. On Thu, Dec 24, 2009 at 9:05 PM, Tony B ton...@gmail.com wrote: Fdisk was rendered unneeded long ago. Since WinXP (or maybe Win2k?) the Windows install routine allows you to do all the partitioning you want. Without floppies or a floppy drive. A bit cumbersome, but it does the job. Gail, I hope you're ignoring 90% of what you're reading here. They're agonizing over old and nonexistant problems. Just reinstall the OS, doing a full format if it makes you feel better. On Thu, Dec 24, 2009 at 8:25 PM, t.piwowar t...@tjpa.com wrote: On Dec 23, 2009, at 12:46 PM, Stewart Marshall wrote: The old utility Fdisk would really come in handy here. He has to wipe out all partitions, seen and unseen (that is why Fdisk) to get rid of this monster. Yes it would. Scroll back on this thread to where I posted about the Ultimate Boot Disk. I has lots of malware fighting tools including a DOS command line. -- John DeCarlo, My Views Are My Own * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
Spoken like someone that has never heard of Windows XP, or all subsequent versions of Windows. Do you still have a floppy drive in your computer? :) http://tinyurl.com/ot3wc On Thu, Dec 24, 2009 at 10:01 PM, John DeCarlo johndeca...@gmail.com wrote: I beg to differ, fdisk /mbr is still used all the time to fix the Master Boot Record. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
That is the one I was looking for thank you Tom. (I could not remember the name of it.) The ultimate Boot disk is FREE for download. It includes all the wonderful utilities I was talking about. Download it and use it. Stewart At 07:25 PM 12/24/2009, you wrote: Yes it would. Scroll back on this thread to where I posted about the Ultimate Boot Disk. I has lots of malware fighting tools including a DOS command line. Or you can keep pissing and moaning with the it can't be done crowd. Rev. Stewart A. Marshall mailto:popoz...@earthlink.net Prince of Peace www.princeofpeaceozark.org Ozark, AL SL 82 * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
I've used these to fix the MBR more than once on vista...the windows rescue disk is useless in most cases. On Thu, Dec 24, 2009 at 8:17 PM, Tony B ton...@gmail.com wrote: Spoken like someone that has never heard of Windows XP, or all subsequent versions of Windows. Do you still have a floppy drive in your computer? :) http://tinyurl.com/ot3wc On Thu, Dec 24, 2009 at 10:01 PM, John DeCarlo johndeca...@gmail.com wrote: I beg to differ, fdisk /mbr is still used all the time to fix the Master Boot Record. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
Hi ... Well I had to get my son to come over here and type out what actually happens with this virus because he didn't want to send it to me in an email. So, here's what he told me. Hope you can make out what it is that's going on --- and better yet -- what he might do to fix it. Worst case -- do you think Dell will take it back so we can start over or is it likely beyond that point now? Strange Virus Explained: What this Virus does It apparently sets itself up in both windows\system32 and also in windows\sonfig Irt uses worpad (I suspect because wordpad can be saved as .XML, and the controlers use Windows Shell and RPC, remote procedure call, as well as API, wich I'm not sure what that is, but along with a lot of other things, it changes the registry, sets up user accounts, with high level authority, it creates virtual UPC buses, virtual wireless adapters, virtual network adapters, virtual monitors, even virtual processorsand takes control of your computer, making even the administrator have about as much authority on his own computer as a low level user would have, makes tons of network connections using Media Player, and lots of other things, and downloads tons more things onto your computer, and uploads tons of things to places unknown too. It sees when you're trying to disable it for intstance using mmc, an advanced feature in Windows Fire Wall, which has snap ins to create rules for incoming and outgoing connections, and it changes whatever rules you make without changing what the settings are on the console, and then makes the controls disappear, or not clickable meaning it has removed your level of access even when you sign on as an administrator (which being the sole user and owner of this computer I'm already an administrator, but due to the way Windows 7 makes you less than an admnistrator unitl you need to use the privilege, is the way it works) It uses BCD alot, I don't know if that's a program it downloaded or if that's Microsoft's software, but it stands I think for boot control device, and it alters the boot manager so that evereytime it boots, it gets loaded first, and also apparently alters the system BIOS to make it so that unless onboard BIOS legacy is enabled, it can't find the operating system and it won't boot..which also means that even now that the new Windows installation and a supposedly clean disk I probably STILL have it. I wiped the entire hard drive using a DOS program called Kill Disk..which makes one pass, and creates zeros on every byte on the partition you select, I did that to every partition It had first partition 100Mb, with no label or volume, then one 149Gb, with a W something 4 character string, then a dash - then 4 more characters (all numeric if I remember correctly. Then it had another partition, not labeled, it was something like 200,000 sectors big, but had no dataI'm thinking this is a virtual partition, and it was super hard to get rid of using DOS, DiskPartin fact due to my inexperience using that utility, I didn't remove it until I let Windows delete a partition upon set up. I think I'm wrong about some of the things but that's the best of my recollection right now. I had used a DOS util. called Isasld.and got a list of users and permissions assigned for everyone on the computer. But, I wasn't able to print it because the driver for the printer which I downloaded was intercepted by the virus and changed into something else, so when the window popped up to change my permissions to administrator, thinking I was downloading and installing a driver from DELL.it was something from HELL instead! Thanks so much everyone!! Gail Miller - Original Message - From: mike xha...@gmail.com To: COMPUTERGUYS-L@LISTSERV.AOL.COM Sent: Tuesday, December 22, 2009 6:09 PM Subject: Re: [CGUYS] STRANGE VIRUS? AGAIN Not sure if Gail got run off or got busy. But, there are still a few who had questions that may have been lost in the maze of the thread that started this..so What exactly is the computer doing that you think it has a virus? I've seen bad hardware behave strangely, this may be the issue this time also. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
OK Gail this machine got infected by a lot misdeeds. First stop, get an external CD/DVD and boot to the Windows CD. Wipe out all partitions, and if he needs to go to a Linux root disk (These are a couple of sites where he can get theses with a bunch of basic DOS tools on them- someone help me here I can see it but cant remember the name of it.) He needs to physically wipe out the partitions each and every one of them. What he is installing is installing onto a extended disk partition that does not get seen on boot up and gets taken over by a master boot partition. This is an insidious type of infection and many at this point pull the drive and get a new one and put it in. I would have to ask what he is getting into to get this type of infection. (I know parent mode) He needs to practice safe computering. Stewart At 11:12 AM 12/23/2009, you wrote: Hi ... Well I had to get my son to come over here and type out what actually happens with this virus because he didn't want to send it to me in an email. So, here's what he told me. Hope you can make out what it is that's going on --- and better yet -- what he might do to fix it. Worst case -- do you think Dell will take it back so we can start over or is it likely beyond that point now? Strange Virus Explained: What this Virus does It apparently sets itself up in both windows\system32 and also in windows\sonfig Irt uses worpad (I suspect because wordpad can be saved as .XML, and the controlers use Windows Shell and RPC, remote procedure call, as well as API, wich I'm not sure what that is, but along with a lot of other things, it changes the registry, sets up user accounts, with high level authority, it creates virtual UPC buses, virtual wireless adapters, virtual network adapters, virtual monitors, even virtual processorsand takes control of your computer, making even the administrator have about as much authority on his own computer as a low level user would have, makes tons of network connections using Media Player, and lots of other things, and downloads tons more things onto your computer, and uploads tons of things to places unknown too. It sees when you're trying to disable it for intstance using mmc, an advanced feature in Windows Fire Wall, which has snap ins to create rules for incoming and outgoing connections, and it changes whatever rules you make without changing what the settings are on the console, and then makes the controls disappear, or not clickable meaning it has removed your level of access even when you sign on as an administrator (which being the sole user and owner of this computer I'm already an administrator, but due to the way Windows 7 makes you less than an admnistrator unitl you need to use the privilege, is the way it works) It uses BCD alot, I don't know if that's a program it downloaded or if that's Microsoft's software, but it stands I think for boot control device, and it alters the boot manager so that evereytime it boots, it gets loaded first, and also apparently alters the system BIOS to make it so that unless onboard BIOS legacy is enabled, it can't find the operating system and it won't boot..which also means that even now that the new Windows installation and a supposedly clean disk I probably STILL have it. I wiped the entire hard drive using a DOS program called Kill Disk..which makes one pass, and creates zeros on every byte on the partition you select, I did that to every partition It had first partition 100Mb, with no label or volume, then one 149Gb, with a W something 4 character string, then a dash - then 4 more characters (all numeric if I remember correctly. Then it had another partition, not labeled, it was something like 200,000 sectors big, but had no dataI'm thinking this is a virtual partition, and it was super hard to get rid of using DOS, DiskPartin fact due to my inexperience using that utility, I didn't remove it until I let Windows delete a partition upon set up. I think I'm wrong about some of the things but that's the best of my recollection right now. I had used a DOS util. called Isasld.and got a list of users and permissions assigned for everyone on the computer. But, I wasn't able to print it because the driver for the printer which I downloaded was intercepted by the virus and changed into something else, so when the window popped up to change my permissions to administrator, thinking I was downloading and installing a driver from DELL.it was something from HELL instead! Thanks so much everyone!! Gail Miller - Original Message - From: mike xha...@gmail.com To: COMPUTERGUYS-L@LISTSERV.AOL.COM Sent: Tuesday, December 22, 2009 6:09 PM Subject: Re: [CGUYS] STRANGE VIRUS? AGAIN Not sure if Gail got run off or got busy. But, there are still a few who had questions that may have been lost in the maze of the thread that started this..so What exactly
Re: [CGUYS] STRANGE VIRUS? AGAIN
There's no need to send it back; it's not a hardware problem. Now I forget - has he tried formatting the disk and reinstalling the OS? What disks, if any, did he get with the machine (or make himself)? It really doesn't sound like any virus I'm familiar with. I mean, creating partitions and changing users? That right away puts a user on notice that there's a problem - just what today's viruses try to avoid. makes tons of network connections using Media Player This may be the giveaway that it's not a virus per se, but rather malware that was invited in at some point. Which leads back to the bcd search results. Anyway, a format and OS reinstall is the thing to do. He may need to order disks from Dell if he doesn't have any. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
Please elaborate. Is there a defect in the Win7 install routine? Linkage? On Wed, Dec 23, 2009 at 12:46 PM, Stewart Marshall revsamarsh...@earthlink.net wrote: A simple format and reinstall will not solve it. Yes it is malware, but he will never be able to wipe it out unless he totally resets the HD. The old utility Fdisk would really come in handy here. He has to wipe out all partitions, seen and unseen (that is why Fdisk) to get rid of this monster. Stewart At 11:37 AM 12/23/2009, you wrote: There's no need to send it back; it's not a hardware problem. Now I forget - has he tried formatting the disk and reinstalling the OS? What disks, if any, did he get with the machine (or make himself)? It really doesn't sound like any virus I'm familiar with. I mean, creating partitions and changing users? That right away puts a user on notice that there's a problem - just what today's viruses try to avoid. makes tons of network connections using Media Player This may be the giveaway that it's not a virus per se, but rather malware that was invited in at some point. Which leads back to the bcd search results. Anyway, a format and OS reinstall is the thing to do. He may need to order disks from Dell if he doesn't have any. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
The idea is there is a block of HD space that's been taken over and a normal install isn't wiping it out. Although that /kill disk utility should have wiped it. I have no experience with this type of problem though so... On Wed, Dec 23, 2009 at 11:03 AM, Tony B ton...@gmail.com wrote: Please elaborate. Is there a defect in the Win7 install routine? Linkage? On Wed, Dec 23, 2009 at 12:46 PM, Stewart Marshall revsamarsh...@earthlink.net wrote: A simple format and reinstall will not solve it. Yes it is malware, but he will never be able to wipe it out unless he totally resets the HD. The old utility Fdisk would really come in handy here. He has to wipe out all partitions, seen and unseen (that is why Fdisk) to get rid of this monster. Stewart At 11:37 AM 12/23/2009, you wrote: There's no need to send it back; it's not a hardware problem. Now I forget - has he tried formatting the disk and reinstalling the OS? What disks, if any, did he get with the machine (or make himself)? It really doesn't sound like any virus I'm familiar with. I mean, creating partitions and changing users? That right away puts a user on notice that there's a problem - just what today's viruses try to avoid. makes tons of network connections using Media Player This may be the giveaway that it's not a virus per se, but rather malware that was invited in at some point. Which leads back to the bcd search results. Anyway, a format and OS reinstall is the thing to do. He may need to order disks from Dell if he doesn't have any. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
The partitions that are causing problems are hidden. The normal Win7 DVD will not see it, the malware designed it this way. A normal Dell machine has a Hidden (EISA) partition for recovery purposes. You never see it unless you boot to the Dell recovery Disk. It runs the recovery operation off of this recovery portion. What this malware has done is install another partition (hidden) which happened when he rebooted the machine. It looked like it was doing its normal but the subroutine wrote another partition that will take over anything installed. (every time he has installed since it is on the shown partition which gets taken over immediately upon boot up.) I have seen it before and even did it to myself when I did a real stupid thing, so I know what is happening. If he boots to a DOS type of disk, and runs an Fdisk program he will see a few other partitions. it may be too late to save the Dell recovery partition, but if he had CDs/DVDs come with the machine he should be fine. Wipe them all out as any one of them could reinfect your machine by taking over any partition you create, because it will never be the main partition, but an extended partition on a logical disk running under this infected malware created partition. I am not sure if Win 7 even includes an Fdisk routine on it. The last ones to do this was I think WinME (which I am not sure even did.) Stewart At 12:03 PM 12/23/2009, you wrote: Please elaborate. Is there a defect in the Win7 install routine? Linkage? On Wed, Dec 23, 2009 at 12:46 PM, Stewart Marshall revsamarsh...@earthlink.net wrote: A simple format and reinstall will not solve it. Yes it is malware, but he will never be able to wipe it out unless he totally resets the HD. The old utility Fdisk would really come in handy here. He has to wipe out all partitions, seen and unseen (that is why Fdisk) to get rid of this monster. Stewart At 11:37 AM 12/23/2009, you wrote: There's no need to send it back; it's not a hardware problem. Now I forget - has he tried formatting the disk and reinstalling the OS? What disks, if any, did he get with the machine (or make himself)? It really doesn't sound like any virus I'm familiar with. I mean, creating partitions and changing users? That right away puts a user on notice that there's a problem - just what today's viruses try to avoid. makes tons of network connections using Media Player This may be the giveaway that it's not a virus per se, but rather malware that was invited in at some point. Which leads back to the bcd search results. Anyway, a format and OS reinstall is the thing to do. He may need to order disks from Dell if he doesn't have any. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] STRANGE VIRUS? AGAIN
Not sure if Gail got run off or got busy. But, there are still a few who had questions that may have been lost in the maze of the thread that started this..so What exactly is the computer doing that you think it has a virus? I've seen bad hardware behave strangely, this may be the issue this time also. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
