If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#71
|
|||
|
|||
Arrogance Punished -OR- The Scourge of thanatoid -OR- I'm "fooqué" (as they say in Montreal)... IOW... HELP!!!
"PCR" wrote in
: thanatoid wrote: SNIP http://www.virustotal.com/analisis/2...f2c179ae27a789 033fd 3d3425a9b58ed3f9f6076a4e91e9ec3ca0f-1270998638 Yep. That's the first step of the investigation. So, 9 virus detectors seem to flag that file, but know the trojan by various names. MORE interesting is the fact all the rest (including my face ESET) do NOT flag it! That makes me think it's /totally/ a false positive. Too bad none of those was McAfee or Norton, which both would have a big write-up of the trojan (by the name they give it). Then, you could look for tell-tale registry entries or secondary files created or damage done/described symptoms. I've Googled a bit, & there probably is a real trojan going by those various names. But I can't tell whether your file actually has it or just does something legitimately that the trojan would do maliciously. Do you really need to hide icons? Mine are always covered by app windows anyway! Frankly, I don't even really need a computer to begin with! (Well, email and online banking is nice)... I DO use toggle icons a couple of times a month... Cheers. -- Any mental activity is easy if it need not be subjected to reality. |
#72
|
|||
|
|||
Arrogance Punished -OR- The Scourge of thanatoid -OR- I'm "fooqué" (as they say in Montreal)... IOW... HELP!!!
"PCR" wrote in
: thanatoid wrote: SNIP Several of the partition programs I used (I had to use about 5 or 6 different programs to unfubar my clean HD after putting Mint on it, being a little baffled by the ugly GRUB, and being told I would be MUCH better off installing XP BEFORE installing Mint, so I tried to uninstall and you would not even believe the error messages afterwards... The drive being unusable was a distinct possibility... It took two days for the 5 diff. programs to do enough stuff to allow MS's fdisk to properly format the drive in the end. SIGH. Yikes. Scary story, but glad you make backups & glad you've survived. You are a brave one to still consider Linux a viable alternative. NOT on a HD that has Windows on it! Never again! SNIP Actually, I checked. ESET /does/ test RAM and the boot sector. I don't know how many different boot sector viruses there could be. I'd think ESET should have discovered it, then, if it checks, unless, I guess, ESET had been compromised. For a virus to affect both your Win98 & XP partitions, I'd think it had to be a boot sector virus. I really don't see a fleeting .bat doing it to two separate partitions. I have no idea, just like I have np idea WHAThappened a few other times I was in deep trouble. I'm glad it;s over, and thanks /again/ for the help. I doubt the viruses you did discover with Avira (the one that was real especially) were responsible because they weren't also in the XP partition. It was that damn bat file which vaporized after doing its thing. No traces of it - as you may recall, I ran Restoreation and it only found the 3 bat files I wrote myself years ago. I have Restoration, & I know it isn't 100%. I don't see the .bat reaching into the XP partition to deposit a virus there. I'd want to see a write-up somewhere of a virus -- that isn't a boot sector virus -- causing two partitions -- of different OS even -- to become infected with the same symptoms, especially your particular symptoms. I'm still not convinced. It was the bat file - or I accidentally entered a different time=space dimension two weekas ago... And I am still in it... I guess the .bat, instead of depositing a virus, could have searched all partitions for mouse/keyboard drivers & damaged them, both Win98 & XP drivers. But, the symptoms were still there after you restored an Acronis image of the Win98 partition, which wouldn't have been affected. I know, that was the insane part. *THANKS FOR REMINDING ME* ;-] ! I actually FORGOT about that! [] But were you looking in TaskInfo to see whether a .bat launched? Yes, that's how I know it was running! When all hell broke loose, I ran TaskInfo and when it would not let me kill the gerto.bat process, I turned off the modem. (Etc.) I still suspect a legit .bat could be generated/constructed during open/shutdown of major apps, possibly during a stealth update too. I know my own NetZero will occasionally do a stealth update. You need to keep your eye on TaskInfo during normal operation of major apps, but especially during shutting them down & when shutting down Windows. Mmmmmm... I /have/ been doing this for 5-10 hrs a day for the last 15-20 years... And have NEVER seen a bat file on my computers written by anything/anyone except me. SNIP I ran through various control key + mouse button combinations to see what they do because that is how you described the effect of your virus. Ctrl + L.Mouse is perfect to select a paragraph for the spell checker, which otherwise won't work when I middle post. What do you know... It is! I usually use just hold down shift and scan what I want to copy, and then go to Ctl-C and V. In Pagemaker, triple clicking on a paragraph selects the whole paragraph. (Sigh.) -- Any mental activity is easy if it need not be subjected to reality. |
#73
|
|||
|
|||
Arrogance Punished -OR- The Scourge of thanatoid -OR- I'm "fooqué" (as they say in Montreal)... IOW... HELP!!!
Thanatoid
CMOS/BIOS Basic Input/Output System (BIOS) PC software is built into the PC, and is the first code run by a PC when powered on ('boot firmware'). Complementary Metal-Oxide-Semiconductor (CMOS) powered by a small battery when system power was off. If the small battery is low or bad the PC software (BIOS) will reset is self to the default settings in the (CMOS) RAM. CMOS = HOME or RAM BIOS = is the software that live in the CMOS or the ('boot firmware') in the RAM! On the XP you need IE8 and get Yahoo! Toolbar and Run Anti-Spy it will do the job for you and stop the virus activity! http://help.yahoo.com/l/us/yahoo/too...ntispy-05.html |
#74
|
|||
|
|||
Arrogance Punished -OR- The Scourge of thanatoid -OR- I'm "fooqué" (as they say in Montreal)... IOW... HELP!!!
"Hot-Text" wrote in message ... Thanatoid CMOS/BIOS Basic Input/Output System (BIOS) PC software is built into the PC, and is the first code run by a PC when powered on ('boot firmware'). Complementary Metal-Oxide-Semiconductor (CMOS) powered by a small battery when system power was off. If the small battery is low or bad the PC software (BIOS) will reset is self to the default settings in the (CMOS) RAM. CMOS = HOME or RAM BIOS = is the software that live in the CMOS or the ('boot firmware') in the RAM! Use a needle to put a small hole in the egg, then place yur lips ob\er the hole and suck. On the XP you need IE8 and get Yahoo! Toolbar and Run Anti-Spy it will do the job for you and stop the virus activity! http://help.yahoo.com/l/us/yahoo/too...ntispy-05.html "Need" IE8 and Yahoo tool bar = Bull**** |
#75
|
|||
|
|||
Arrogance Punished -OR- The Scourge of thanatoid -OR- I'm "fooqué" (as they say in Montreal)... IOW... HELP!!!
thanatoid wrote:
"PCR" wrote in : thanatoid wrote: SNIP http://www.virustotal.com/analisis/2...f2c179ae27a789 033fd 3d3425a9b58ed3f9f6076a4e91e9ec3ca0f-1270998638 Yep. That's the first step of the investigation. So, 9 virus detectors seem to flag that file, but know the trojan by various names. MORE interesting is the fact all the rest (including my face ESET) do NOT flag it! That makes me think it's /totally/ a false positive. Two versions of my own avast! do flag it. Too bad none of those was McAfee or Norton, which both would have a big write-up of the trojan (by the name they give it). Then, you could look for tell-tale registry entries or secondary files created or damage done/described symptoms. I've Googled a bit, & there probably is a real trojan going by those various names. But I can't tell whether your file actually has it or just does something legitimately that the trojan would do maliciously. Do you really need to hide icons? Mine are always covered by app windows anyway! Frankly, I don't even really need a computer to begin with! (Well, email and online banking is nice)... I DO use toggle icons a couple of times a month... Cheers. OK. Chances are you are fine. I can't easily find on Google a specific mention of that file to be linked with a virus/trojan, &, as you say, various major virus detectors don't flag it. End of topic. (I, personally, would likely pursue the matter, because two versions of my own avast! did flag the thing at VirusTotal.) -- Thanks or Good Luck, There may be humor in this post, and, Naturally, you will not sue, Should things get worse after this, PCR |
#76
|
|||
|
|||
Arrogance Punished -OR- The Scourge of thanatoid -OR- I'm "fooqué" (as they say in Montreal)... IOW... HELP!!!
"PCR" wrote in
: thanatoid wrote: SNIP http://www.virustotal.com/analisis/2...22f2c179ae27a7 89 033fd 3d3425a9b58ed3f9f6076a4e91e9ec3ca0f-1270998638 Yep. That's the first step of the investigation. So, 9 virus detectors seem to flag that file, but know the trojan by various names. MORE interesting is the fact all the rest (including my face faVE ESET) do NOT flag it! That makes me think it's /totally/ a false positive. Two versions of my own avast! do flag it. ESET is better. SNIP OK. Chances are you are fine. I can't easily find on Google a specific mention of that file to be linked with a virus/trojan, &, as you say, various major virus detectors don't flag it. End of topic. (I, personally, would likely pursue the matter, because two versions of my own avast! did flag the thing at VirusTotal.) Thanks again for all the help. -- Any mental activity is easy if it need not be subjected to reality. |
#77
|
|||
|
|||
Arrogance Punished -OR- The Scourge of thanatoid -OR- I'm "fooqué" (as they say in Montreal)... IOW... HELP!!!
In message , PCR
writes: [LONG conversation snipped!] The huge majority of those files are Win98 files. The only ones I actually recognize to be XP files are BOOT.INI, ntdetect.com & ntldr. But I'm unsure of the .dos files -- I have none, but I think they are not XP. ISTR that one of those - I think it's ntldr - _is_ found in some flavours of '9x; I always wondered what it was doing there. -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf She will never, ever be middle-aged. She wouldn't know how. (Polly Toynbee on Janet Stree-Porter, in Radio Times, August 1998.) |
#78
|
|||
|
|||
Arrogance Punished -OR- The Scourge of thanatoid -OR- I'm "fooqué" (as they say in Montreal)... IOW... HELP!!!
In message , thanatoid
writes: "PCR" wrote in : [] Yes, i'm sure it does take a lot longer using compression, and the reason I never tried it is that I would rather divide a file (TC has a built-in file splitter/combiner and if it didn't, there are plenty of free utils) to fit onto several CD's than compress it to fit onto one CD. I /do/ believe the /possibility/ of errors increases - but OTOH, I have never seen a complaint related to Acronis compression. So, who knows... Unless it compresses each file individually, I'd avoid it. I remember the compression - eventually Microsoft, though may have started as someone else's - in which you appeared to be using drive C:, which was the compressed one, with IIRR drive H: as the small amount that wasn't compressed. When I found - I think by booting from floppy or something - that the compressed "drive" was actually one humongous file on what was really drive C:, I was aghast: it seemed such an easy thing to corrupt, and you'd lose everything! [] I kept all my partitions under 8 GB for the 4 KB cluster sizes, which are said to be more efficient for ScanDisk/Defrag. They are more efficient because they limit wasted disk space - a 2KB text file takes up whatever your cluster size happens to be, up to 32 (IIRC) KB. So, 30 KB wasted. 10 of those - 300 KB wasted - 35 of those - over a MB wasted. Etc. My partitions are between 1.5 and 11 GB and they all have 4 KB clusters. I didn't go smaller, because it seemed I had so much space available with one 40 GB Maxtor & one 20 GB WD. Now, the WD is dead to join the 20 Gb Quantum that went in '01. Obviously there is some absolute limit because of the finite size of the variables in which these OSs keep the number of clusters, but (and you two probably know this) the _default_ cluster sizes that go with certain partition sizes can be overridden; I forget how, it's either some (possibly undocumented) switches to something (fdisk?), or a third-party utility (which nevertheless makes partitions that work with the default OS). I bought a Quantum (/maybe/ it was a Seagate, I can't remember...) "LCT" (low cost technology) drive around that time - it died within a year ("low time technology" ?). I hear WD's are made in the former East Germany now. This may or may not be I rather fear it's mostly pot luck these days: fortunately the majority of HDs do seem to work well and longly (?). The last lot there seems to be evidence of unreliability for that seemed to be more than just rumour was a batch of somebody's - I think it might have been IBM - that were made in their factory in Hungary, but even that's some years ago now. I recently helped out someone whose system (Vista - yeuch) was working less and less well: while I was there it got to the stage it would reliably boot into safe mode (Vista has a "safe mode with networking"), but that only lasted about a day. This turned out eventually to be the hard disc, but there wasn't really any obvious indication of this: whether this is due to Vista self-repairing and thus hiding, or the self-repairing (sector swapping etc.) of modern HDs, I don't know. FWIW, it was a Toshiba HD in a Toshiba laptop (big one, 17"); when I looked, the Toshiba website said their HDs when sold as part of something else _don't_ have a separate g'tee. And he'd had the laptop about a year and a month, as he had the original receipt - which said on the back that the g'tee was a year. Ho hum. Another friend, a few years ago now, had a ('98) system that just went slower and slower, eventually taking about a quarter of an hour to boot, but never actually gave any error messages at all, nor, I think, ever suffered file corruption; it was only when I noticed that it worked fast when you were doing anything that didn't involve HD access that we suspected the HD, and sure enough, giving it a new one perked it up no end. I guess in both these cases SMART reporting tools would have possibly told us something. (Any particular SMART tool the two of you - or anyone else still left here (-:! - particularly like? I found one that seemed comprehensive and fairly easy to use, but must have found it from some route other than its home page http://www.disk-monitor.com/, as I hadn't realised it's a time-limited trial one, which if I'd realised I wouldn't have got.) true. Every NEW drive I've seen for /some time/ now is Chinese except for Samsungs - which a LOT of people SWEAR by. Nice to hear as (unsurprisingly) that's what's in this Samsung netbook. (Above prog. says it's been running 8 months 8 days 10 hours (5962 hours), and is 98% healthy, which seems to be based on worst of several parameters - in this case Reallocated sector count, which is 98, raw 16 worst 98 threshold 10, whatever that means [I think the last means if it ever gets down to 10 I should worry]. It also gives a nice temperature graph and gauge - showing it's fairly steady at around 39C [102F] too. I might even buy this prog. when it runs out, though will look at what you guys recommend first!) (I tried to install it - the SMART monitoring tool - on the dying laptop before we went to buy a new one [a WD with 3 year warranty, since that was only marginally above the unbranded {well "the tech-guys" which is PCWorld's in-house brand} one], since I still wasn't absolutely sure it was the HD at fault and didn't want him to waste his money, but the laptop wouldn't work long enough for me to do so. Unfortunately it - the SMART monitoring tool - wouldn't work via the cheap external USB housing we bought to help transfer [the old disc didn't die completely], so I don't know how bad it actually was; I must run a scandisk on it just out of curiosity, assuming _that_ will work via USB. Fortunately, he'd made the recovery disc [2 DVDs] his computer had told him to: unfortunately, this was only a restore-you-to-factory-settings one. Fortunately, all he did with the computer, more or less, was web and email, and I was able to restore his Firefox and Thunderbird. Fortunately, the recovery disc seemed to have no problem restoring to an HD of twice the size [now 320G] - it made two partitions as before, just twice the size. [He'd only used a tiny amount of both.]) You can check out a rather interesting thread I have got going with "Homer" in comp.os.linux.setup. Better than [] I usually like to stay in just one NG. They DO take up a lot of time... You're not kidding (-:! (I spend most of my time in UMRA, one nominally about a certain radio programme, but in fact full of people I've come to see as friends over the years - and only a proportion of the posts are actually about the programme. We tend to go there for everything - including technical queries, such as how do you do this in Thunderbird!) [] -- J. P. Gilliver. UMRA: 1960/1985 MB++G.5AL-IS-P--Ch++(p)Ar@T0H+Sh0!:`)DNAf She will never, ever be middle-aged. She wouldn't know how. (Polly Toynbee on Janet Stree-Porter, in Radio Times, August 1998.) |
#79
|
|||
|
|||
Arrogance Punished -OR- The Scourge of thanatoid -OR- I'm "fooqué" (as they say in Montreal)... IOW... HELP!!!
On 8/13/2010 21:37, PCR wrote:
thanatoid wrote: AUTOEXEC.DOS 0 09/26/2009 5:24pm HSA BOOT.INI 161 08/09/2010 9:06pm HSA BOOTLOG.PRV 62,366 06/13/2009 12:55pm HSA BOOTLOG.TXT 42,687 09/04/2009 8:54pm HSA BOOTSECT.DOS 512 08/05/2010 10:18am HSA COMMAND.COM 93,890 04/23/1999 10:22pm HSA COMMAND.DOS 93,890 04/23/1999 10:22pm HSA CONFIG.DOS 0 09/26/2009 5:24pm HSA DETLOG.TXT 76,943 08/06/2010 2:42pm HSA DRVSPACE.BIN 68,871 04/23/1999 10:22pm RHSA IO.SYS 222,390 04/23/1999 10:22pm RHSA logo.sys 129,078 03/09/2009 4:07am HSA MSDOS.--- 22 04/02/2009 10:43pm HSA MSDOS.SYS 1,719 08/05/2010 11:11am RHSA NETLOG.TXT 6,064 04/02/2009 11:00pm HSA ntdetect.com 47,564 04/14/2008 11:00am RHSA ntldr 250,048 04/14/2008 11:00am RHSA SETUPLOG.OLD 1,812 04/02/2009 10:22pm HSA SETUPLOG.TXT 112,886 04/02/2009 11:00pm HSA SUHDLOG.DAT 13,064 04/02/2009 10:55pm HSA SYSTEM.1ST 430,112 04/02/2009 10:55pm HSA VIDEOROM.BIN 44,032 04/02/2009 11:01pm HSA 22 files; 1,698,111 bytes The huge majority of those files are Win98 files. The only ones I actually recognize to be XP files are BOOT.INI, ntdetect.com& ntldr. But I'm unsure of the .dos files -- I have none, but I think they are not XP. Bootsect.dos is the 9x boot sector that was copied off when XP installed its boot sector code. When you choose to boot 9x, bootsect.dos is loaded into memory and jumped into. |
#80
|
|||
|
|||
Arrogance Punished -OR- The Scourge of thanatoid -OR- I'm "fooqué" (as they say in Montreal)... IOW... HELP!!!
"J. P. Gilliver (John)" wrote in
: In message , thanatoid writes: SNIP - that the compressed "drive" was actually one humongous file on what was really drive C:, I was aghast: it seemed such an easy thing to corrupt, and you'd lose everything! It USED to happen a LOT - I heard MANY horror stories in the mid 90s'. I /never/ used compression on /anything/ (except for zip or rar stuff, of course). Fortunately, due to the size of HD's, USB sticks (I am still basking in the delight of having discovering them, only a decade late), and the fact I am probably the only person in the world who does NOT own a DVD burner, it is basically no longer of any relevance. SNIP I rather fear it's mostly pot luck these days: fortunately the majority of HDs do seem to work well and longly (?). No, there is NO such word ;-] SNIP only lasted about a day. This turned out eventually to be the hard disc disC - CD, DVD, BluRay, LP, 45s etc. disK - floppy, hard. Maybe something else. (Any particular SMART tool the two of you - or anyone else still left here (-:! - particularly like? I found one that seemed comprehensive and fairly easy to use, but must have found it from some route other than its home page http://www.disk-monitor.com/, as I hadn't realised it's a time-limited trial one, which if I'd realised I wouldn't have got.) Speedfan. WONDERFUL. Has a SMART tab, and everythg else you could imagine. Complex, READ whatever info you can find. Do /not/ mess with settings he warns you about! Depending on MB, the CPU temperature may be identified as "ambient", etc. - but he addresses that and there is no way he can test EVERY machine on the marker - a few hundred new ones come out every week, I imagine. SNIP it's fairly steady at around 39C [102F] too. I might even buy this prog. when it runs out, though will look at what you guys recommend first!) Speedfan is free and the best I've seen. For major problems, testdisk (also free) rules, but having a copy of Hiren's Bootsaver is a good idea. It even has DOS USB drivers! And several (if not all) of its partition tools allow resizing clusters, etc. (I tried to install it - the SMART monitoring tool - on the dying laptop before we went to buy a new one [a WD with 3 SNIP restoring to an HD of twice the size [now 320G] - it made two partitions as before, just twice the size. [He'd only used a tiny amount of both.]) Are you trying to beat me in post length? But it's a good lesson for me, now I know JUST how you guys feel reading my stuff! You can check out a rather interesting thread I have got going with "Homer" in comp.os.linux.setup. Better than [] I usually like to stay in just one NG. They DO take up a lot of time... You're not kidding (-:! (I spend most of my time in UMRA, one nominally about a certain radio programme, but in fact full of people I've come to see as friends over the years - and only a proportion of the posts are actually about the programme. We tend to go there for everything - including technical queries, such as how do you do this in Thunderbird!) [] TBird sucks. IMHO. -- Any mental activity is easy if it need not be subjected to reality. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Shutting off Keyboard Language Icon "EN" in systray "Internat.exe" | Dr. Dos | Disk Drives | 2 | July 11th 08 05:44 PM |
Networking Card 3Com "3C905B-TX": File "el90xbc5.sys" not found | MB[_2_] | Internet | 11 | August 10th 07 06:18 PM |
"Himem.sys fehlt", "Steuerung der A20-Leitung nicht möglich!!" - und dann nichts gewesen? | Alex Wenzel | General | 7 | March 8th 06 07:01 PM |
"Initial" Track on CD Rom Disk (Physical Stop or "Seek") | Brad | Disk Drives | 1 | February 28th 06 06:27 PM |
PDF File "NOT Valid win32 Application" for" My Documents" Double C | Dr. H.Mak | General | 12 | October 26th 05 07:50 PM |