AuthorTopic: virus/trojan or some such *&*&^  (Read 672 times)

0 Members and 1 Guest are viewing this topic.

Offline dave_2A_2.25Turbo

  • Posts: 811
  • Attack: 100
    Defense: 100
    Attack Member
  • Karma: +0/-0
  • Referrals: 0
virus/trojan or some such *&*&^
« on: April 16, 2006, 22:52:53 »
Here's one for the PC gurus....

My dear daughter has b***d her PC -

Symptoms are:

Firewall is down, no access to it to re-install.

IE keeps crashing as soon as you try to run an online virus scan  (eg Trend Micro)  or visit Microsoft for the malicious software removal tool.

It reports  a problem with IE add-ons

So far:

AVG reports no virus
AdAware reports no probs
All add-ons have been disabled.
Tried starting in Safe Mode and then running the above

Result:

Still does it.

Suggestions on a Postcard please.....

(other than a can of petol & a match)

Edit:

AVG reports reading error on Partition Table (MBR) and on Boot SEcvtion of disc
Dave
1963 S2A
1992 Disco 200TDi
Sankey Widetrack

Offline Damonski

  • Posts: 1081
  • Attack: 100
    Defense: 100
    Attack Member
  • Karma: +0/-0
  • Cheshire :)
  • Referrals: 0
virus/trojan or some such *&*&^
« Reply #1 on: April 16, 2006, 22:59:58 »
Reformat and install Linux  :D
--

Damian

Range Rover Classic 2.4TD  | Disco 300 Mpi | Citroen Xantia Activa
plus other rainy day projects....

Facebook Me

Offline dave_2A_2.25Turbo

  • Posts: 811
  • Attack: 100
    Defense: 100
    Attack Member
  • Karma: +0/-0
  • Referrals: 0
virus/trojan or some such *&*&^
« Reply #2 on: April 16, 2006, 23:02:00 »
Dave blows a rather large raspberry at Damo   :)
Dave
1963 S2A
1992 Disco 200TDi
Sankey Widetrack

Offline datalas

  • Administrator
  • *****
  • Posts: 2727
  • Attack: 100
    Defense: 100
    Attack Member
  • Karma: +0/-0
  • Referrals: 0
Re: virus/trojan or some such *&*&^
« Reply #3 on: April 16, 2006, 23:08:12 »
Quote from: "dave_2A_2.25Turbo"

IE keeps crashing as soon as you try to run an online virus scan  (eg Trend Micro)  or visit Microsoft for the malicious software removal tool.
AVG reports reading error on Partition Table (MBR) and on Boot SEcvtion of disc


If IE only crashes going to *those* sites then I would be sceptical about the integrity of the installation.

however, problems with the MBR and boot sector could possibly indicate a problem with the drive itself, if it is dead then it could theoretically take windows out with it, as windows tends to be near the start of the disk.

it shoudl be noted that trouble with the MBR could also lead to viral activity, although recent viruses have tended to leave the MBR alone ..

however, formatting it with a vengenece would be a reasonable approach to take in both of those cases ...

alternatively, as damo suggests if you are aware of how to do it you could boot it off a linux rescue disk and run fsck
--


Offline dave_2A_2.25Turbo

  • Posts: 811
  • Attack: 100
    Defense: 100
    Attack Member
  • Karma: +0/-0
  • Referrals: 0
virus/trojan or some such *&*&^
« Reply #4 on: April 16, 2006, 23:46:37 »
I tend to think it's software rather than hardware, as I'm also unable to update AVG - I know there were files floating around at one time that would switch off firewalls and Antivirus software
Dave
1963 S2A
1992 Disco 200TDi
Sankey Widetrack

Offline Rocketman

  • Posts: 29
  • Attack: 100
    Defense: 100
    Attack Member
  • Karma: +0/-0
  • Referrals: 0
virus/trojan or some such *&*&^
« Reply #5 on: April 16, 2006, 23:49:03 »
try pandascan. It is a free internet based service. First scan takes about 1 hour or so but it finds things that AGV, Norton and Macafee all miss.


http://www.pandasoftware.com/activescan/activescan/ascan_1.asp
Every event should go with a bang!!!

RAV 4 2.0 P1 LKB
Suzuki Vitara JLX 1.6 K909NNJ (soon to be for sale)
Vauxhaul Frontera 2.2 V116 NFM
Latest Toy
Daewoo Musso 2.9 GTE

Offline strapping young lad

  • Posts: 3326
  • Attack: 100
    Defense: 100
    Attack Member
  • Karma: +0/-0
  • Referrals: 0
virus/trojan or some such *&*&^
« Reply #6 on: April 16, 2006, 23:51:04 »
do you have the means to backup anything off that machine onto cd?

if so, do so then rebuild from scratch, but DO NOT put the backup stuff on until ALL windows updates and service packs have been done and your antivirus and firewalls are running peachy

from personal experience i use mcafee as it actively monitors website for malicious content and will report and remove any dodgy content that might mess your machine up.

secondly

create proper accounts on that pc and ensure each account has a password and give your daughter a normal account, not admin one...

thinking about it, do you only have one login for xp? if so create another and try to replicate the issue you have with this one..

i had an issue with an account and created another as the account was corrupted.

worth a shot i suppose.

Offline Sharpshooter

  • Posts: 1484
  • Attack: 100
    Defense: 100
    Attack Member
  • Karma: +0/-0
  • Referrals: 0
virus/trojan or some such *&*&^
« Reply #7 on: April 16, 2006, 23:53:26 »
Have just updated AVG no probs.

Offline dave_2A_2.25Turbo

  • Posts: 811
  • Attack: 100
    Defense: 100
    Attack Member
  • Karma: +0/-0
  • Referrals: 0
virus/trojan or some such *&*&^
« Reply #8 on: April 17, 2006, 00:16:55 »
Loaded spybot S&D onto  her PC, and it found a couple of instances of Torpig - I can now access the windows malic... tool and update AVG, but still no Firewall (there is one in the Router though). Just running the Windows mal tool
Dave
1963 S2A
1992 Disco 200TDi
Sankey Widetrack

Offline Devon-Rover

  • Posts: 748
  • Attack: 100
    Defense: 100
    Attack Member
  • Karma: +0/-0
    • Tavistock
  • Referrals: 0
virus/trojan or some such *&*&^
« Reply #9 on: April 17, 2006, 02:02:31 »
Have you tried the Kerio firewall to see if there is any suspicious Activites whilst connected to the internet. might pick up something?
Rowan.

"Jemima" 2.25 Petrol SWB, ACR rear Silencer, 235/85 Macho's, MAP Capstan & HD Bumper, Tweeked suspension, CB, Light Bar.
"Baker" 2.6 Petrol LWB (former Tow Truck)
"Lizi" 4.2 V8i Discovery, Gone but not forgotten.
"Kate" 1985 Ninety 4.2 V8 Auto, Stainless exhaust, Ashcroft Tunnel, Mud console, Polmar Venus CB, HD Steering bars, Terrafirma Steering damper, D44 Winch Bumper, Superwinch EP9.5, Superwinch Wireless controls, QT Diff Guards. 'More toys to come'


Vorsprung Duch Ducktape. My website Searle Safari Info source.

Offline strapping young lad

  • Posts: 3326
  • Attack: 100
    Defense: 100
    Attack Member
  • Karma: +0/-0
  • Referrals: 0
virus/trojan or some such *&*&^
« Reply #10 on: April 17, 2006, 08:23:04 »
yes kerio is very very good at it imho, windows stf firewall is not

remember avg is only as good as the creator wants something free to be, you get what you pay for.

Offline Hightower

  • Moderator
  • ***
  • Posts: 1112
  • Attack: 100
    Defense: 100
    Attack Member
  • Karma: +0/-0
  • Referrals: 0
virus/trojan or some such *&*&^
« Reply #11 on: April 17, 2006, 08:57:33 »
Dave,

I had the same problem a while back.  The only free online scan that would load was the one from Trend http://housecall.trendmicro.com/

This picked summat up and started the PC on it's way to recovery.  You will need to remove and then reinstall your firewall and antivrus stuff as part of fixing this problem.
Simon
1998 Disco Series II Td5 - Not standard
1972 88" Series 3 - The project

Macmillan 4x4 UK Challenge
1st Overall - 2011, 2010, 2009, 2008, 2006, 2005
3rd Overall - 2007

Offline Evilgoat

  • Posts: 2786
  • Attack: 100
    Defense: 100
    Attack Member
  • Karma: +0/-0
  • Referrals: 0
virus/trojan or some such *&*&^
« Reply #12 on: April 17, 2006, 09:43:39 »
You shouldnt rely on on-line virus scans, there are some things they just cant do.

And because its free it doesnt mean its no good. We are working on AV software at work right now and against a scan of 1900 Known virusess AVG outperformed two of the major players but about 100 hits.

As Dtalas says, flakiness and issues with the boot sector are more commonly issues with the drive nowadays. Its still possibly a virus issue but not likely. Also anything replacing the MBR on a Windows XP system will tend to kill it.

Its possible that you have more than one issue here, our record whislt working for Novatech was 130 different issues with Virii and Scumware.

Run Spybot SD and update it THEN scan
Same with Ad-Aware
Same with AVG

go to start and click run. then type msconfig. Look through the startup section for things that just look plain wrong. Anything you arent sure about google for or leave alone.

Its possible the two files that windows uses to create the profile for your user has been toasted. In this case if you havent set a password, reboot the machine in safe mode, login as administrator and create a new limited account. If you did set an Admin password press CTRL+ALT+DEL at the welcome screen and login as administrator and do the same.

If you decide to nuke the machine then do it properly. Back up only what you need, no programs. Make sure you get your favourites and any eamil (normally missed) Wipe the disk and remove the partition. Boot from a dos disk with Fdisk and take out everything and then reboot, then do fdisk /mbr. Then Re-Install XP. Make sure you are behind a firewall and do all the updates, it'll take about 4/5 reboots depending on your version of XP. Then put your anti-spyware stuff on and anti-virus and only then start moving stuff back over.

If you have it or can spare the money, get everything bang on excluding your software and data. Create any users and then use Norton Ghost to make a recovery image. This will stoip you needing to do this again, you'll only need to do the updates.

User security in XP is pants. Technically you should make everyone a limited user but in reality the restrictions on XP are draconian. You can edit the permissions a little but this doesnt help an awful lot. XP is a Home OS and was never designed to be secure, if you want the user levels go for 2k or 2K3
I must confess the the activities of the UK governments for the past couple of years have been watched with frank admiration and amazement by Lord Vetinari. Outright theft as a policy had never occured to him.

-- (Terry Pratchett, alt.fan.pratchett)

EX HK Police Mitsubishi Pajero 2.8TD
Audi S2 Avant 360bhp
Transit LWB 2.5di (The Shed)


 






SimplePortal 2.3.5 © 2008-2012, SimplePortal