Infection messages?
in [Windows Viruses]
|
From: Daave on 23 Nov 2009 18:40 Robin Bignall wrote: > On Sun, 22 Nov 2009 19:05:42 -0500, "Daave" <daave(a)example.com> wrote: > >> Robin Bignall wrote: >>> On Sun, 22 Nov 2009 11:36:50 -0500, "Daave" <daave(a)example.com> >>> wrote: >>> >>>> Robin Bignall wrote: >>>>> XP Pro SP3 >>>>> During the past few weeks, immediately after the initial Windows >>>>> screen with the blue bar running left right, and before the logon >>>>> screen, I get a blue screen with white messages. There are dozens >>>>> of them, all identical, which say something like: >>>>> Infection: docs and settings my name cookies/index.dat does not >>>>> exist and cannot be removed. (Pause is inoperative and the normal >>>>> logon screen appears immediately after.) >>>> >>>> It is very important that you post back with the exact, complete >>>> message! It's hard to tell at this moment, but it's possible you >>>> have a variation of what is described here: >>>> >>>> http://www.bleepingcomputer.com/virus-removal/anti-virus-1-removal >>>> >>>> Please post back with the complete message. >>>> >>> Difficult. Pause/break stops the screen for a second and then it >>> goes straight to the logon. I just rebooted and all those messages >>> have vanished. None of the virus/malware programs finds anything. >>> I'll post again if those messages reappear. There's nothing in the >>> event log that looks suspicious. >> >> In the menu you get after hitting F8, do you see an option called >> "Disable automatic restart on system failure"? If so, choose it. >> Another way to do this: >> >> http://pcsupport.about.com/od/tipstricks/ht/disautorestart.htm >> >> This way, you will be able to write down these messages. >> > The message is: > infection:documents and settings\robin bignall\cookies\index.dat could > not be removed. file is no longer existent. Googling the above didn't turn up many hits, which already points to malware. I did manage to find a very similar message (with "available" replacing "existent") here: http://translate.google.com/translate?hl=en&sl=fr&u=http://forum.pcastuces.com/infection_indexdat_au_demarrage_xp-f25s51034.htm%3Fpage%3D2&ei=rRsLS5mONc7GlAeuhbGFBA&sa=X&oi=translate&ct=result&resnum=1&ved=0CAgQ7gEwAA&prev=/search%3Fq%3D%2522cookies%255Cindex.dat%2Bcould%2Bnot%2Bbe%2Bremoved%2522%2Bfile%2Bis%2Bno%2Blonger%2Bexistent%26hl%3Den Another possibly relevant hit: http://forums.techguy.org/malware-removal-hijackthis-logs/618659-my-first-virus-help-please.html I'm 99.9999999999999% sure you have malware. :-( This page should help: http://www.elephantboycomputers.com/page2.html#Removing_Malware (also cross-posting to microsoft.public.security.virus )
From: Robin Bignall on 24 Nov 2009 04:57 On Mon, 23 Nov 2009 18:40:34 -0500, "Daave" <daave(a)example.com> wrote: >Robin Bignall wrote: >> On Sun, 22 Nov 2009 19:05:42 -0500, "Daave" <daave(a)example.com> wrote: >> >>> Robin Bignall wrote: >>>> On Sun, 22 Nov 2009 11:36:50 -0500, "Daave" <daave(a)example.com> >>>> wrote: >>>> >>>>> Robin Bignall wrote: >>>>>> XP Pro SP3 >>>>>> During the past few weeks, immediately after the initial Windows >>>>>> screen with the blue bar running left right, and before the logon >>>>>> screen, I get a blue screen with white messages. There are dozens >>>>>> of them, all identical, which say something like: >>>>>> Infection: docs and settings my name cookies/index.dat does not >>>>>> exist and cannot be removed. (Pause is inoperative and the normal >>>>>> logon screen appears immediately after.) >>>>> >>>>> It is very important that you post back with the exact, complete >>>>> message! It's hard to tell at this moment, but it's possible you >>>>> have a variation of what is described here: >>>>> >>>>> http://www.bleepingcomputer.com/virus-removal/anti-virus-1-removal >>>>> >>>>> Please post back with the complete message. >>>>> >>>> Difficult. Pause/break stops the screen for a second and then it >>>> goes straight to the logon. I just rebooted and all those messages >>>> have vanished. None of the virus/malware programs finds anything. >>>> I'll post again if those messages reappear. There's nothing in the >>>> event log that looks suspicious. >>> >>> In the menu you get after hitting F8, do you see an option called >>> "Disable automatic restart on system failure"? If so, choose it. >>> Another way to do this: >>> >>> http://pcsupport.about.com/od/tipstricks/ht/disautorestart.htm >>> >>> This way, you will be able to write down these messages. >>> >> The message is: >> infection:documents and settings\robin bignall\cookies\index.dat could >> not be removed. file is no longer existent. > >Googling the above didn't turn up many hits, which already points to >malware. I did manage to find a very similar message (with "available" >replacing "existent") here: > >http://translate.google.com/translate?hl=en&sl=fr&u=http://forum.pcastuces.com/infection_indexdat_au_demarrage_xp-f25s51034.htm%3Fpage%3D2&ei=rRsLS5mONc7GlAeuhbGFBA&sa=X&oi=translate&ct=result&resnum=1&ved=0CAgQ7gEwAA&prev=/search%3Fq%3D%2522cookies%255Cindex.dat%2Bcould%2Bnot%2Bbe%2Bremoved%2522%2Bfile%2Bis%2Bno%2Blonger%2Bexistent%26hl%3Den > >Another possibly relevant hit: > >http://forums.techguy.org/malware-removal-hijackthis-logs/618659-my-first-virus-help-please.html > >I'm 99.9999999999999% sure you have malware. :-( > >This page should help: > >http://www.elephantboycomputers.com/page2.html#Removing_Malware > >(also cross-posting to microsoft.public.security.virus ) > Thanks for your help. I spent lots of time last night doing full/deep scans using Kaspersky 9, SAS, Asquared and Activescan2. Nothing found. Am now starting MBAM... Will look at your links after breakfast. -- Robin (BrE) Herts, England
From: Daave on 24 Nov 2009 08:53 Robin Bignall wrote: > On Mon, 23 Nov 2009 18:40:34 -0500, "Daave" <daave(a)example.com> wrote: > >> Robin Bignall wrote: >>> The message is: >>> infection:documents and settings\robin bignall\cookies\index.dat >>> could not be removed. file is no longer existent. >> >> Googling the above didn't turn up many hits, which already points to >> malware. I did manage to find a very similar message (with >> "available" replacing "existent") here: >> >> http://translate.google.com/translate?hl=en&sl=fr&u=http://forum.pcastuces.com/infection_indexdat_au_demarrage_xp-f25s51034.htm%3Fpage%3D2&ei=rRsLS5mONc7GlAeuhbGFBA&sa=X&oi=translate&ct=result&resnum=1&ved=0CAgQ7gEwAA&prev=/search%3Fq%3D%2522cookies%255Cindex.dat%2Bcould%2Bnot%2Bbe%2Bremoved%2522%2Bfile%2Bis%2Bno%2Blonger%2Bexistent%26hl%3Den >> >> Another possibly relevant hit: >> >> http://forums.techguy.org/malware-removal-hijackthis-logs/618659-my-first-virus-help-please.html >> >> I'm 99.9999999999999% sure you have malware. :-( >> >> This page should help: >> >> http://www.elephantboycomputers.com/page2.html#Removing_Malware >> >> (also cross-posting to microsoft.public.security.virus ) >> > Thanks for your help. I spent lots of time last night doing full/deep > scans using Kaspersky 9, SAS, Asquared and Activescan2. Nothing > found. Am now starting MBAM... > Will look at your links after breakfast. Sounds like you're on the right track. MBAM is quite good. Sometimes, one needs to boot off a rescue CD. Check out these links for more info: http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/ (This way, the OS is entirely bypassed. Another method is to physically remove your hard drive and slave it to another PC and use the uncompromised PC to perform the scan.)
From: Robin Bignall on 24 Nov 2009 09:42 On Tue, 24 Nov 2009 08:53:29 -0500, "Daave" <daave(a)example.com> wrote: > >Robin Bignall wrote: >> On Mon, 23 Nov 2009 18:40:34 -0500, "Daave" <daave(a)example.com> wrote: >> >>> Robin Bignall wrote: > >>>> The message is: >>>> infection:documents and settings\robin bignall\cookies\index.dat >>>> could not be removed. file is no longer existent. >>> >>> Googling the above didn't turn up many hits, which already points to >>> malware. I did manage to find a very similar message (with >>> "available" replacing "existent") here: >>> >>> http://translate.google.com/translate?hl=en&sl=fr&u=http://forum.pcastuces.com/infection_indexdat_au_demarrage_xp-f25s51034.htm%3Fpage%3D2&ei=rRsLS5mONc7GlAeuhbGFBA&sa=X&oi=translate&ct=result&resnum=1&ved=0CAgQ7gEwAA&prev=/search%3Fq%3D%2522cookies%255Cindex.dat%2Bcould%2Bnot%2Bbe%2Bremoved%2522%2Bfile%2Bis%2Bno%2Blonger%2Bexistent%26hl%3Den >>> >>> Another possibly relevant hit: >>> >>> http://forums.techguy.org/malware-removal-hijackthis-logs/618659-my-first-virus-help-please.html >>> >>> I'm 99.9999999999999% sure you have malware. :-( >>> >>> This page should help: >>> >>> http://www.elephantboycomputers.com/page2.html#Removing_Malware >>> >>> (also cross-posting to microsoft.public.security.virus ) >>> >> Thanks for your help. I spent lots of time last night doing full/deep >> scans using Kaspersky 9, SAS, Asquared and Activescan2. Nothing >> found. Am now starting MBAM... >> Will look at your links after breakfast. > >Sounds like you're on the right track. MBAM is quite good. > >Sometimes, one needs to boot off a rescue CD. Check out these links for >more info: > >http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html > >http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/ > >(This way, the OS is entirely bypassed. Another method is to physically >remove your hard drive and slave it to another PC and use the >uncompromised PC to perform the scan.) > MBAM was clean. I'm now going to run everything in safe mode to check. -- Robin (BrE) Herts, England
From: Robin Bignall on 24 Nov 2009 10:52
On Tue, 24 Nov 2009 14:42:04 +0000, Robin Bignall <docrobin(a)ntlworld.com> wrote: >On Tue, 24 Nov 2009 08:53:29 -0500, "Daave" <daave(a)example.com> wrote: > >> >>Robin Bignall wrote: >>> On Mon, 23 Nov 2009 18:40:34 -0500, "Daave" <daave(a)example.com> wrote: >>> >>>> Robin Bignall wrote: >> >>>>> The message is: >>>>> infection:documents and settings\robin bignall\cookies\index.dat >>>>> could not be removed. file is no longer existent. >>>> >>>> Googling the above didn't turn up many hits, which already points to >>>> malware. I did manage to find a very similar message (with >>>> "available" replacing "existent") here: >>>> >>>> http://translate.google.com/translate?hl=en&sl=fr&u=http://forum.pcastuces.com/infection_indexdat_au_demarrage_xp-f25s51034.htm%3Fpage%3D2&ei=rRsLS5mONc7GlAeuhbGFBA&sa=X&oi=translate&ct=result&resnum=1&ved=0CAgQ7gEwAA&prev=/search%3Fq%3D%2522cookies%255Cindex.dat%2Bcould%2Bnot%2Bbe%2Bremoved%2522%2Bfile%2Bis%2Bno%2Blonger%2Bexistent%26hl%3Den >>>> >>>> Another possibly relevant hit: >>>> >>>> http://forums.techguy.org/malware-removal-hijackthis-logs/618659-my-first-virus-help-please.html >>>> >>>> I'm 99.9999999999999% sure you have malware. :-( >>>> >>>> This page should help: >>>> >>>> http://www.elephantboycomputers.com/page2.html#Removing_Malware >>>> >>>> (also cross-posting to microsoft.public.security.virus ) >>>> >>> Thanks for your help. I spent lots of time last night doing full/deep >>> scans using Kaspersky 9, SAS, Asquared and Activescan2. Nothing >>> found. Am now starting MBAM... >>> Will look at your links after breakfast. >> >>Sounds like you're on the right track. MBAM is quite good. >> >>Sometimes, one needs to boot off a rescue CD. Check out these links for >>more info: >> >>http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html >> >>http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/ >> >>(This way, the OS is entirely bypassed. Another method is to physically >>remove your hard drive and slave it to another PC and use the >>uncompromised PC to perform the scan.) >> >MBAM was clean. I'm now going to run everything in safe mode to >check. Just ran MBAM, SAS and Kaspersky full scans in safe mode. Nothing reported. On reboot all "infection" messages had vanished. Weird, huh? -- Robin (BrE) Herts, England |