Arrogance Punished -OR- The Scour ge of thanatoid -OR- I'm "fooqu�" ( as they say in Montreal)... IOW... HELP!!!
in [Viruses]
|
Prev: Arrogance Punished -OR- The Scourge of thanatoid -OR- I'm "fooqu�" (as they say in Montreal)... IOW... HELP!!!
Next: TT Livescan Database Update Information - 7-31-2010
From: thanatoid on 30 Jul 2010 16:04 "Mumia W." <paduille.4061.mumia.w+nospam(a)earthlink.net> wrote in news:f_WdnSXuiLXIR8_RnZ2dnUVZ_gydnZ2d(a)earthlink.com: <SNIP> >>>>> QUESTION 1. It could not have messed up the processor - >> first, I do not believe that is /possible/, second, DOS >> seems to run fine. > > I still think it's a hardware (mainboard) problem. First of all, allow me to /seriously/ congratulate you on your superior maturity AND being enough of a human being to actually have the right to a place in a tech help NG. Thank you. Yesterday I "burned" LinuxMint9 to a USB stick and unplugged both infected HD cables, and it ran fine. I also (largely to please someone who keeps on insisting that both my mouse and keyboard failed mechanically at the exact same time a bat file out of nowhere was running in my temp directory) switched the 3 computer-end cables of my KVM. Everything works fine. >>>>> QUESTION 2. AFAIK, the level1 and level2 caches clear >>>>> upon a >> reboot, just like RAM does. I considered whether a batch >> file could alter properties of RAM and stay in it ANYWAY, >> but I do NOT believe that is possible. > > It is not. Thank you, I really didn't think so either, but I have learned over 20 years that ANYTHING is possible when it comes to computers. >> Also, there are NO RAM cleaning >> utilities on the Hiren's disk which would lead me to >> believe RAM is irrelevant as long as one reboots. >> >>>>> QUESTION 3. Since I wiped the CMOS/BIOS > > Wholly unnecessary. Other helpful people (ahem) agree, but I like to be thorough. And it is my first virus, and (as above0 - ANYTHING is possible. (I have had stuff happen to me which is absolutely unbelievable.) >> (I still do NOT >> understand the difference between them, although some >> people have tried to explain to me), and have restored (a >> few times) and then /written/ a new MBR, PLUS restored a >> perfect Acronis C: image, I have NO idea where this damn >> thing is living. >> > > It's not living. Your mainboard is dying. With all due respect, really I don't think so. The Compaq EVO series have an impressive built-in testing and error warning capability, plus I have run several hardware diag programs from Hiren's bootsaver. Everything is fine. >>>>> QUESTION 4: >> IF the infected computer /is/ history, and I build a new >> one and using a Linux version which can read FAT32 Windows >> partitions, copy various standard format data from the >> infected HD into Linux - I am risk free, aren't I? > > Yes. /deep sigh of relief/ Thank you. >> Thank you and again, I apologize for the multi-post. > > Even though DOS works, a hardware problem is still most > likely. DOS and Windows have different ways of accessing > the keyboard, so the way DOS accesses it might avoid the > problem whereas Windows might not. Hmm. You do have a point. But it DOES work perfectly under Linux Mint! Frankly, being a slightly nervous type, I think my perception of "problems" running DSL from memory were more of a stress-related semi-hallucination. People helping me in other groups also seem to think so. > Anyway, the fact that the problem exhibits under Linux > means that it's not malware related. See above. If Linux Mint runs perfectly (its design is WAY too similar to WinXP, but life sucks and then you die), then I really think I was wrong about the DSL exhibiting the same behavior. It is VERY easy to get a menu pop to pop just barely touching the mouse button (it's the ORIGINAL MS Mouse from the early 90's and it has light-touch Omron switches which I put in myself since the original lines were a little "not right" due to its age, I presume. I've been using it for about 5 years, and IMHO it remains the best product MS ever created. Thank you /very/ much for your help. Needless to say, I am continuing to work on the problem, and will post with further developments. Cheers.
From: FromTheRafters on 30 Jul 2010 16:46 "thanatoid" <waiting(a)the.exit.invalid> wrote in message news:Xns9DC59947E1C99thanexit(a)188.40.43.230... [...] >>>>>> QUESTION 4: >>> IF the infected computer /is/ history, and I build a new >>> one and using a Linux version which can read FAT32 Windows >>> partitions, copy various standard format data from the >>> infected HD into Linux - I am risk free, aren't I? >> >> Yes. > > /deep sigh of relief/ Thank you. No. [...]
From: thanatoid on 30 Jul 2010 17:00 "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in news:i2vdn1$mni$1(a)news.eternal-september.org: > "thanatoid" <waiting(a)the.exit.invalid> wrote in message > news:Xns9DC59947E1C99thanexit(a)188.40.43.230... > > [...] > >>>>>>> QUESTION 4: >>>> IF the infected computer /is/ history, and I build a new >>>> one and using a Linux version which can read FAT32 Windows >>>> partitions, copy various standard format data from the >>>> infected HD into Linux - I am risk free, aren't I? >>> >>> Yes. >> >> /deep sigh of relief/ Thank you. > > No. Thanks for the somewhat cryptic-yet-usable reply. I have to check all the data with a Linux AV program (or two or three). Right? Or is there /even/ more to it? I am successfully running LinuxMint9 booted from a flashstick, with the infected drive's 2 cables disconnected, on the infected computer. I can get some latest AV software for Linux and test the infected drive. Right?
From: FromTheRafters on 30 Jul 2010 19:58 "thanatoid" <waiting(a)the.exit.invalid> wrote in message news:Xns9DC5A2AB1103Fthanexit(a)188.40.43.230... > "FromTheRafters" <erratic(a)nomail.afraid.org> wrote in > news:i2vdn1$mni$1(a)news.eternal-september.org: > >> "thanatoid" <waiting(a)the.exit.invalid> wrote in message >> news:Xns9DC59947E1C99thanexit(a)188.40.43.230... >> >> [...] >> >>>>>>>> QUESTION 4: >>>>> IF the infected computer /is/ history, and I build a new >>>>> one and using a Linux version which can read FAT32 Windows >>>>> partitions, copy various standard format data from the >>>>> infected HD into Linux - I am risk free, aren't I? >>>> >>>> Yes. >>> >>> /deep sigh of relief/ Thank you. >> >> No. > > Thanks for the somewhat cryptic-yet-usable reply. Well, for the sake of completeness, malformed data is well known to exploit vulnerabilities in application software. Some malware is OS independent and makes use (misuse / abuse) of the environment offered by application software. The underlying OS has little to nothing to do with it. > I have to check all the data with a Linux AV program (or two or > three). Right? Or is there /even/ more to it? One AV is plenty. Bear in mind that the AV running on Linux (or any other OS) isn't there to protect the machine (despite what marketing may tell you), it is there to detect viruses and some other malware types. Protecting the machine is the administrators job. As for how to scan the data, it is entirely up to you. I'm not saying your phantom batchfile is likely to exhibit this behavior, just that your comments and question- answered may have been incomplete. On a side note, it may be wrong to assume that a batchfile or bash script command console window means that the malware is necessarily limited to that environment. An exploit can be the 'foot in the door' that gets a command shell, and building a script file is no biggie once that is accomplished. Executing the script may exploit yet another vulnerability for privilege escalation. > I am successfully running LinuxMint9 booted from a flashstick, > with the infected drive's 2 cables disconnected, on the infected > computer. I can get some latest AV software for Linux and test > the infected drive. Right? Yes, as long as the environment supports it. With no drives, I don't suppose Linux could have much of a swap partition for instance.
From: thanatoid on 30 Jul 2010 23:34
"FromTheRafters" <erratic(a)nomail.afraid.org> wrote in news:i2vovt$5h4$1(a)news.eternal-september.org: > "thanatoid" <waiting(a)the.exit.invalid> wrote in message > news:Xns9DC5A2AB1103Fthanexit(a)188.40.43.230... >> Thanks for the somewhat cryptic-yet-usable reply. > > Well, for the sake of completeness, malformed data is well > known to exploit vulnerabilities in application software. > Some malware is OS independent and makes use (misuse / > abuse) of the environment offered by application software. > The underlying OS has little to nothing to do with it. I'm sorry... the terminology has me a little stumped. I assume "env" means the OS. I don't have ANY applications that run in Linux OR Windows, except from my 5 hrs or so with Linux Mint I see that it appears to read a DOS CD, so it will probably read a FAT32 Windows drive as well. >> I have to check all the data with a Linux AV program (or >> two or three). Right? Or is there /even/ more to it? > > One AV is plenty. Bear in mind that the AV running on Linux > (or any other OS) isn't there to protect the machine > (despite what marketing may tell you), it is there to > detect viruses and some other malware types. That's what I want, just to check the infected drive. > Protecting the > machine is the administrators job. Well, I tried to create myself an admin account in LinuxMint and all that happened is my entire DL folder (I'm giving in... I agree to use that despicable term when talking about Linux... In Windows, it's still *directories*) vaporized. I thought flash sticks SAVED changes? And the reason I needed to be an admin is that I DL'd a couple of Linux AV packages but the system would not let a lowly user install ANYTHING. The reason I DL'd a couple of Linux AV's is that the Linux Avira for Linux boot disk someone else suggested is a ***Windows exe***, and I only have it (HAD IT before trying to become an admin) on a USB stick, and my uninfected Win machine is a 95B with no USB... and 33.6 modem... But I am going to go and DL it anyway... it should only take 8-15 hours... The burner works fine, so I will be able to boot the infected machine from it and check the infected drive. > As for how to scan the > data, it is entirely up to you. I'm not saying your phantom > batchfile is likely to exhibit this behavior, just that > your comments and question- answered may have been > incomplete. Well, aside from taking great offense at my crime of multiposting to 3 semi-live groups and 1 dead-as-the-Gates-of- hell group, the second complaint was that my post was the absolute /opposite/ of incomplete. There is NO pleasing humans, is there. > On a side note, it may be wrong to assume that a batchfile > or bash script command console window means that the > malware is necessarily limited to that environment. An > exploit can be the 'foot in the door' that gets a command > shell, and building a script file is no biggie once that is > accomplished. Executing the script may exploit yet another > vulnerability for privilege escalation. Well, not if you just zap the hard drive...? >> I am successfully running LinuxMint9 booted from a >> flashstick, with the infected drive's 2 cables >> disconnected, on the infected computer. I can get some >> latest AV software for Linux and test the infected drive. >> Right? > > Yes, as long as the environment supports it. With no > drives, I don't suppose Linux could have much of a swap > partition for instance. I /thought/ I could partition the flash stick (it is my first USB device EVER and I got it 3 weeks ago for unrelated reasons - and I /am/ impressed - but I am not sure of anything ATM. I'm not sure why I would need a swap drive when I have 1 GB of memory (I could add the other 1GB stick I have but 98SELite and XP run perfectly with 1 GB) and run everything from a 4GB flash stick. Can I use another USB stick and make it a Linux swap drive? [I know, Manatee Mammaries.. OFF-TOPIC! KF him!] Sigh. Thank you for the clarifications. I'm not sure I am capable of saying much more ATM. |