Do I have a virus?

http://www.elephantboycomputers.com/page2....emoving_Malware

November 9, 2008

Ã˜yvind Granberg wrote:

> Hi...

>

> There is a virus in my computer. I am convinced about that.

> I cannot download anything concerning updates to Ad-Aware or Spybot.

> I cannot download anything at all from Microsoft.com like the Outlook

> Connector or anything else I've tried.

> Neither can I download the afore mentioned files from these sites with

> FF3, Google Chrome or Opera 9.26.

>

> When browsing using IE8, I get a message stating that a pop up has been

> prenvented. Even on my own web pages where there is no pop up at all.

>

> Something is preventing me from downloading anything that I can use to

> remove it!?!?!

>

> I need help...

> Running Windows Vista Ultimate with all updates.

> AVG 8 Free

> Windows Defender

> Spybot once a week

> UAC disabled

> Firewall disabled

>

> Tried Bitdefender's online scanner and even that couldn't update it

> definition file.

> I have scanned thouroughly twice with AVG 8

> So too with Spybot and Windows defender.

>

> What is wrong, and how can I get rid of it?

>

Is Windows Firewall disabled because AVG 8 has a firewall? If not, then you

are most definitely not protected. Also with UAC disabled IE does not run

in protected mode. So you've decided to run your computer at risk.

Your symptoms do sound like the machine is infected, but only a thorough

scanning will tell.

Go through these general malware removal steps systematically -

Include scanning with David Lipman's Multi_AV and follow instructions to do

all scans in Safe Mode. Please see the special Notes regarding using

Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions

http://tinyurl.com/yoeru3 - download link and more instructions

You can also check to see if there are targeted removal steps for your

malware here:

Bleeping Computer removal how-to's -

http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, get guided help. Choose one of the specialty forums

listed at the first link. Register and read its posting FAQ. PLEASE DO NOT

POST LOGS IN THE MS NEWSGROUPS.

Malke

--

MS-MVP

Elephant Boy Computers - Don't Panic!

FAQ - http://www.elephantboycomputers.com/#FAQ

November 9, 2008

It is something, but it probably is not a virus .

"Ã˜yvind Granberg" <tresfjording@live.no> wrote in message

news:8E324C69-BD20-45A4-96B3-709EB6EF18DF@microsoft.com...

> Hi...

>

> There is a virus in my computer. I am convinced about that.

> I cannot download anything concerning updates to Ad-Aware or Spybot.

> I cannot download anything at all from Microsoft.com like the Outlook

> Connector or anything else I've tried.

> Neither can I download the afore mentioned files from these sites with

> FF3, Google Chrome or Opera 9.26.

>

> When browsing using IE8, I get a message stating that a pop up has been

> prenvented. Even on my own web pages where there is no pop up at all.

>

> Something is preventing me from downloading anything that I can use to

> remove it!?!?!

>

> I need help...

> Running Windows Vista Ultimate with all updates.

> AVG 8 Free

> Windows Defender

> Spybot once a week

> UAC disabled

> Firewall disabled

>

> Tried Bitdefender's online scanner and even that couldn't update it

> definition file.

> I have scanned thouroughly twice with AVG 8

> So too with Spybot and Windows defender.

>

> What is wrong, and how can I get rid of it?

>

> --

>

> Vennlig hilsen

> Ã˜yvind Granberg

>

> www.tresfjording.com

November 10, 2008

"Ã˜yvind Granberg" <tresfjording@live.no> wrote in message

news:8E324C69-BD20-45A4-96B3-709EB6EF18DF@microsoft.com...

> Hi...

>

> There is a virus in my computer. I am convinced about that.

> I cannot download anything concerning updates to Ad-Aware or Spybot.

> I cannot download anything at all from Microsoft.com like the Outlook

> Connector or anything else I've tried.

> Neither can I download the afore mentioned files from these sites with

> FF3, Google Chrome or Opera 9.26.

>

> When browsing using IE8, I get a message stating that a pop up has been

> prenvented. Even on my own web pages where there is no pop up at all.

>

> Something is preventing me from downloading anything that I can use to

> remove it!?!?!

>

> I need help...

> Running Windows Vista Ultimate with all updates.

> AVG 8 Free

> Windows Defender

> Spybot once a week

> UAC disabled

> Firewall disabled

>

> Tried Bitdefender's online scanner and even that couldn't update it

> definition file.

> I have scanned thouroughly twice with AVG 8

> So too with Spybot and Windows defender.

>

> What is wrong, and how can I get rid of it?

>

> --

>

> Vennlig hilsen

> Ã˜yvind Granberg

>

> www.tresfjording.com

The only absolutely guaranteed 100% way of resolving a virus problem is to

format the hard disk and re-install Windows, all your software and your user

files - which you previously copied to, say, another hard drive or memory

stick. Not very practical perhaps but at least it has the redeeming feature

of also clearing out all those bits and pieces of software left behind by an

incomplete uninstall.

The next, nearly 100% guaranteed method is to take out the hard drive and

install it in another computer which has antivirus software installed and

updated immediately before and scan for viruses. Doing this gets around

some scanners being crippled by the infection.

The next, less effective method is to update the virus software and scan for

viruses in 'Safe Mode'.

The least effective method is to update the virus software and scan for

viruses in 'Normal Mode'.

Having said that, the most practical way is to work the above list in

reverse order.

Bill Ridgeway

November 10, 2008

Thank you for your advice Bill!

Let me point out that two years ago I formatted and reinstalled XP on a

laptop.

This did not get rid of the virus causing the reinstallation in the first

place.

I had to disconnect from the net, after I downloaded the latest updates from

AVG and the install the OS and the updated viruskiller.

I have managed to update the definition files of Adaware by downloading them

from download.com

You see, I have trouble downloading from the webpages of Microsoft and

Lavasoft.

Adaware found three threats and removed them, but the problem remains.

I will now try teh same in safe mode....

I'll be back, as a famous european once said.

--

Vennlig hilsen

Ã˜yvind Granberg

http://www.microsoft.com/emea/spotlight/se...spx?videoid=359

"Bill Ridgeway" <info@1001solutions.co.uk> skrev i nyhetsmeldingen:

ulXXQVxQJHA.1144@TK2MSFTNGP05.phx.gbl ...

> "Ã˜yvind Granberg" <tresfjording@live.no> wrote in message

> news:8E324C69-BD20-45A4-96B3-709EB6EF18DF@microsoft.com...

>> Hi...

>>

>> There is a virus in my computer. I am convinced about that.

>> I cannot download anything concerning updates to Ad-Aware or Spybot.

>> I cannot download anything at all from Microsoft.com like the Outlook

>> Connector or anything else I've tried.

>> Neither can I download the afore mentioned files from these sites with

>> FF3, Google Chrome or Opera 9.26.

>>

>> When browsing using IE8, I get a message stating that a pop up has been

>> prenvented. Even on my own web pages where there is no pop up at all.

>>

>> Something is preventing me from downloading anything that I can use to

>> remove it!?!?!

>>

>> I need help...

>> Running Windows Vista Ultimate with all updates.

>> AVG 8 Free

>> Windows Defender

>> Spybot once a week

>> UAC disabled

>> Firewall disabled

>>

>> Tried Bitdefender's online scanner and even that couldn't update it

>> definition file.

>> I have scanned thouroughly twice with AVG 8

>> So too with Spybot and Windows defender.

>>

>> What is wrong, and how can I get rid of it?

>>

>> --

>>

>> Vennlig hilsen

>> Ã˜yvind Granberg

>>

>> tresfjording@live.no

>> www.tresfjording.com

>

> The only absolutely guaranteed 100% way of resolving a virus problem is to

> format the hard disk and re-install Windows, all your software and your

> user files - which you previously copied to, say, another hard drive or

> memory stick. Not very practical perhaps but at least it has the

> redeeming feature of also clearing out all those bits and pieces of

> software left behind by an incomplete uninstall.

>

> The next, nearly 100% guaranteed method is to take out the hard drive and

> install it in another computer which has antivirus software installed and

> updated immediately before and scan for viruses. Doing this gets around

> some scanners being crippled by the infection.

>

> The next, less effective method is to update the virus software and scan

> for viruses in 'Safe Mode'.

>

> The least effective method is to update the virus software and scan for

> viruses in 'Normal Mode'.

>

> Having said that, the most practical way is to work the above list in

> reverse order.

>

> Bill Ridgeway

>

November 10, 2008

"Bill Ridgeway" <info@1001solutions.co.uk> wrote in message

news:ulXXQVxQJHA.1144@TK2MSFTNGP05.phx.gbl...

> The only absolutely guaranteed 100% way of resolving a virus problem is to

> format the hard disk and re-install Windows, all your software and your

> user files - which you previously copied to, say, another hard drive or

> memory stick.

This is sometimes the only solution, and sometimes no solution

at all. Much depends on exactly what malware is involved. Think

about the fact that you could be reinstalling the malware, or the

vector the malware used to gain access initially, by reinstalling the

OS and backed up user programs and data.

> Not very practical perhaps but at least it has the redeeming feature of

> also clearing out all those bits and pieces of software left behind by an

> incomplete uninstall.

Entirely practical if the malware contains "unknowns" such as a

downloader that may have downloaded another, undetected as

yet, malware program.

> The next, nearly 100% guaranteed method is to take out the hard drive and

> install it in another computer which has antivirus software installed and

> updated immediately before and scan for viruses. Doing this gets around

> some scanners being crippled by the infection.

Not always a good idea.

> The next, less effective method is to update the virus software and scan

> for viruses in 'Safe Mode'.

>

> The least effective method is to update the virus software and scan for

> viruses in 'Normal Mode'.

>

> Having said that, the most practical way is to work the above list in

> reverse order.

Or take it to a professional.

From a post by Kayman in m.p.s. newsgroup

November 10, 2008

"FromTheRafters" <erratic@nomail.afraid.org> wrote in message

news:%23olZ78yQJHA.4776@TK2MSFTNGP05.phx.gbl...

> From a post by Kayman in m.p.s. newsgroup

>

> http://www.microsoft.com/emea/spotlight/se...spx?videoid=359

>

I'd like to watch the video, FTR - but I get this message when I try to

install Silverlight

http://www.microsoft.com/silverlight/resou...px?errorID=1503

Are you (or anyone else here) aware of any other way to access the video -

might it be on YouTube for example? I wouldn't have a clue what to search

for in this instance!

Dave

November 10, 2008

On 11/10/2008 02:31 AM, Ã˜yvind Granberg sent:

> Thank you for your advice Bill!

>

> Let me point out that two years ago I formatted and reinstalled XP on a

> laptop.

>

> This did not get rid of the virus causing the reinstallation in the

> first place.

Hello Ã˜yvind:

By and of itself, this is counter to industry best practices and

conventional wisdom. After a proper reformat, installation from known

good media is the best possible guarantee of a clean system. Surely a

flaw has entered the procedure.

Since the malware in question has yet to be identified, perhaps a new

stance should be considered. The instant an unprotected system is

allowed to "see" the internet, it has become the proverbial "Honey pot".

Ergo, all patches, service packs, updates, upgrades, Ad nauseam, must

introduced in the most protected environment you can provide, before the

system is allowed to see the Internet.

The above must include good security templates, security settings, and

good updated malware protection that has already been vetted. For some,

this is a hardship as few casual users have taken the necessary steps to

create perfect installation sources.

> I had to disconnect from the net, after I downloaded the latest updates

> from AVG and the install the OS and the updated viruskiller.

>

> I have managed to update the definition files of Adaware by downloading

> them from download.com

> You see, I have trouble downloading from the webpages of Microsoft and

> Lavasoft.

>

> Adaware found three threats and removed them, but the problem remains.

> I will now try teh same in safe mode....

>

> I'll be back, as a famous european once said.

>

Everything I've said above is conveyed with great respect. I DO so wish

you well.

--

1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

November 10, 2008

"FromTheRafters" wrote <<Think about the fact that you could be reinstalling

the malware, or the vector the malware used to gain access initially, by

reinstalling the OS and backed up user programs and data.>>

Is this a 'real' problem? Re-installing from the original source (CD / DVD)

software which, until the malware, worked OK there shouldn't be a

possibility of re-installing malware. However, downloading / installing may

be of a later version and a risk of installing malware. To guard against

this possibility I have a copy of downloaded files which can be used to

re-install later if necessary.

Of course, having installed Windows and a virus checker, updated same and

scanned for any malware which may have crept in the window of vulnerability

whilst updating the computer is then just as vulnerable as before. I have

(and update regularly) a clone of my hard disk drive. If, therefore, the

hard disk drive fails (or is heavily infected) I can swap drives, copy my

user files and update software and I have a working computer in a very short

time subject to scanning for malware.

By the way, use of the phrase 'backed up user programs' is a bit ambiguous.

You cannot (perhaps there are some small exceptions) install from a back-up

which will have installed by the software. You can, however, install

downloaded files (which may be found on a backup). Sorry to be pedantic!

Regards.

Bill Ridgeway

"FromTheRafters" <erratic@nomail.afraid.org> wrote in message

news:%23olZ78yQJHA.4776@TK2MSFTNGP05.phx.gbl...

>

> "Bill Ridgeway" <info@1001solutions.co.uk> wrote in message

> news:ulXXQVxQJHA.1144@TK2MSFTNGP05.phx.gbl...

>> The only absolutely guaranteed 100% way of resolving a virus problem is

>> to format the hard disk and re-install Windows, all your software and

>> your user files - which you previously copied to, say, another hard drive

>> or memory stick.

>

> This is sometimes the only solution, and sometimes no solution

> at all. Much depends on exactly what malware is involved. Think

> about the fact that you could be reinstalling the malware, or the

> vector the malware used to gain access initially, by reinstalling the

> OS and backed up user programs and data.

>

>> Not very practical perhaps but at least it has the redeeming feature of

>> also clearing out all those bits and pieces of software left behind by an

>> incomplete uninstall.

>

> Entirely practical if the malware contains "unknowns" such as a

> downloader that may have downloaded another, undetected as

> yet, malware program.

>

>> The next, nearly 100% guaranteed method is to take out the hard drive and

>> install it in another computer which has antivirus software installed and

>> updated immediately before and scan for viruses. Doing this gets around

>> some scanners being crippled by the infection.

>

> Not always a good idea.

>

>> The next, less effective method is to update the virus software and scan

>> for viruses in 'Safe Mode'.

>>

>> The least effective method is to update the virus software and scan for

>> viruses in 'Normal Mode'.

>>

>> Having said that, the most practical way is to work the above list in

>> reverse order.

>

> Or take it to a professional.

>

> From a post by Kayman in m.p.s. newsgroup

>

> http://www.microsoft.com/emea/spotlight/se...spx?videoid=359

>

November 10, 2008

"Bill Ridgeway" <info@1001solutions.co.uk> wrote in message

news:%23zT3GC2QJHA.3384@TK2MSFTNGP05.phx.gbl...

> "FromTheRafters" wrote <<Think about the fact that you could be

> reinstalling the malware, or the vector the malware used to gain access

> initially, by reinstalling the OS and backed up user programs and data.>>

>

> Is this a 'real' problem? Re-installing from the original source (CD /

> DVD) software which, until the malware, worked OK there shouldn't be a

> possibility of re-installing malware.

True, but the flaw used by the malware to infest the system may very

well be reintroduced. Other flaws, since corrected by patches, might

be reintroduced as well. Flattening and rebuilding XP after certain worm

attacks would result in reinfestation within minutes of reconnecting to the

internet.

> However, downloading / installing may be of a later version and a risk of

> installing malware. To guard against this possibility I have a copy of

> downloaded files which can be used to re-install later if necessary.

Same as the above applies if the replacing involves retrograding the

patch level of the affected software. Plus, for the amount of time the

program was stored in a read/write environment, it could have been

infected. Executing an infected file may reinfest the system.

> Of course, having installed Windows and a virus checker, updated same and

> scanned for any malware which may have crept in the window of

> vulnerability whilst updating the computer is then just as vulnerable as

> before. I have (and update regularly) a clone of my hard disk drive. If,

> therefore, the hard disk drive fails (or is heavily infected) I can swap

> drives, copy my user files and update software and I have a working

> computer in a very short time subject to scanning for malware.

I use a similar method with disk images in files on external drives - plus

the more conventional full and incremental backups.

> By the way, use of the phrase 'backed up user programs' is a bit

> ambiguous.

How so?

> You cannot (perhaps there are some small exceptions) install from a

> back-up which will have installed by the software.

???

> You can, however, install downloaded files (which may be found on a

> backup). Sorry to be pedantic!

A full backup, followed by incremental backups, gives you backed up programs

as well as backed up user data. Such can be reintroduced when restoring from

backup after wiping the disk.

[snip]

November 10, 2008

> Hello 1PW

>

> By and of itself, this is counter to industry best practices and

> conventional wisdom. After a proper reformat, installation from known

> good media is the best possible guarantee of a clean system. Surely a

> flaw has entered the procedure.

Perhaps you are right about that. I am a bit flumsy sometimes. hehe

> Since the malware in question has yet to be identified, perhaps a new

> stance should be considered. The instant an unprotected system is

> allowed to "see" the internet, it has become the proverbial "Honey pot".

> Ergo, all patches, service packs, updates, upgrades, Ad nauseam, must

> introduced in the most protected environment you can provide, before the

> system is allowed to see the Internet.

I hva now doubled my RAM to 4GB and will resurrect my use of a firewall.

The reason I do not use a firewall is because they tend to make problems for

me when relatives are calling upon the family nerd/geek to fix their pc's.

Can I bill Bill for that? Twenty years of local support?

> The above must include good security templates, security settings, and

> good updated malware protection that has already been vetted. For some,

> this is a hardship as few casual users have taken the necessary steps to

> create perfect installation sources.

I use AVG 8, and Windows Defender. Plus I run Spybot and Adaware once a

week.

In addition to that I will now run the os integrated firewall....

There... it's activated!!

How can I identify this virus/malware?

--Ã˜G--

November 10, 2008

>

> Or take it to a professional.

>

> From a post by Kayman in m.p.s. newsgroup

I will NOT! The "professionals" around here is not much of profesionals.

hehe... don't mean to brag!

Vennlig hilsen

Ã˜yvind Granberg

November 10, 2008

What about this?

If you reinstall from your original cd things still can get wrong.

Some viruses are writing themselves to the boot sector, I think they are

called MBF-viruses, and to the memory.

If you delete the one on the harddisk, it rewrites it self down on the

harddisk immidiately from a copy in RAM.

Think about it:

A virus is in both the memory and on the harddisk.

You turn off the computer.

During shut down the virus secure a copy of it self on the harddisk.

You put in the original OS cd and boot on that.

The virus is then activated i the same instance the OS is reaching for the

HDD and reproduce it self again into the RAM.

As a result you format the harddisk with the virus active i memory.

After reformatting, and many reboots, forcing the virus to rewrite it self

to memory and HDD many times, you still have an infected computer.

I addition to this I think it don't have to be the virus itself, maybe a

trojan holding the backdoor open to a certain virus.

Am I right?

--

Vennlig hilsen

Ã˜yvind Granberg

"Bill Ridgeway" <info@1001solutions.co.uk> skrev i nyhetsmeldingen:

#zT3GC2QJHA.3384@TK2MSFTNGP05.phx.gbl ...

> "FromTheRafters" wrote <<Think about the fact that you could be

> reinstalling the malware, or the vector the malware used to gain access

> initially, by reinstalling the OS and backed up user programs and data.>>

>

> Is this a 'real' problem? Re-installing from the original source (CD /

> DVD) software which, until the malware, worked OK there shouldn't be a

> possibility of re-installing malware. However, downloading / installing

> may be of a later version and a risk of installing malware. To guard

> against this possibility I have a copy of downloaded files which can be

> used to

November 10, 2008

"Ã˜yvind Granberg" <tresfjording@live.no> wrote in message

news:96EF4CC2-190A-43F8-A87D-C37324F0AABE@microsoft.com...

> What about this?

> If you reinstall from your original cd things still can get wrong.

> Some viruses are writing themselves to the boot sector, I think they are

> called MBF-viruses,

BSI (Boot Sector Infector) viruses are not very common these

days. You are thinking of MBR (Master Boot Record) viruses

which are one type of BSI virus.

There are malware programs that use boot sector code to operate

and increase their "stickiness" (persistence). I am not aware of any

that have used this method to regenerate after reformatting though.

> and to the memory.

> If you delete the one on the harddisk, it rewrites it self down on the

> harddisk immidiately from a copy in RAM.

Yeah, some programs operate as guardian programs for other ones.

Makes removal attempts seem like swatting flies or stomping ants.

> Think about it:

> A virus is in both the memory and on the harddisk.

> You turn off the computer.

> During shut down the virus secure a copy of it self on the harddisk.

> You put in the original OS cd and boot on that.

If the malware relies on HDD boot sector code to activate itself,

then booting from CD will keep it from being active at this point.

> The virus is then activated i the same instance the OS is reaching for the

> HDD and reproduce it self again into the RAM.

Accessing the HDD now is from within the filesystem as the boot

was from the CD there is no other MBR code to be used. The

code can still be reached, but there is no reason for legitimate OS

loading functions from the CD's produced operating environment

to do so.

> As a result you format the harddisk with the virus active i memory.

> After reformatting, and many reboots, forcing the virus to rewrite it self

> to memory and HDD many times, you still have an infected computer.

> I addition to this I think it don't have to be the virus itself, maybe a

> trojan holding the backdoor open to a certain virus.

>

> Am I right?

There was a malware program (a virus IIRC) that faked a format when

the user tried to get rid of it that way. I can't remember which one though.

> Vennlig hilsen

> Ã˜yvind Granberg

>

http://www.claymania.com/removal-trojan-adware.html

> www.tresfjording.com

>

> "Bill Ridgeway" <info@1001solutions.co.uk> skrev i nyhetsmeldingen:

> #zT3GC2QJHA.3384@TK2MSFTNGP05.phx.gbl ...

>> "FromTheRafters" wrote <<Think about the fact that you could be

>> reinstalling the malware, or the vector the malware used to gain access

>> initially, by reinstalling the OS and backed up user programs and data.>>

>>

>> Is this a 'real' problem? Re-installing from the original source (CD /

>> DVD) software which, until the malware, worked OK there shouldn't be a

>> possibility of re-installing malware. However, downloading / installing

>> may be of a later version and a risk of installing malware. To guard

>> against this possibility I have a copy of downloaded files which can be

>> used to

>

>

November 10, 2008

From: "Ã˜yvind Granberg" <tresfjording@live.no>

>> Hello 1PW

>> By and of itself, this is counter to industry best practices and

>> conventional wisdom. After a proper reformat, installation from known

>> good media is the best possible guarantee of a clean system. Surely a

>> flaw has entered the procedure.

| Perhaps you are right about that. I am a bit flumsy sometimes. hehe

>> Since the malware in question has yet to be identified, perhaps a new

>> stance should be considered. The instant an unprotected system is

>> allowed to "see" the internet, it has become the proverbial "Honey pot".

>> Ergo, all patches, service packs, updates, upgrades, Ad nauseam, must

>> introduced in the most protected environment you can provide, before the

>> system is allowed to see the Internet.

| I hva now doubled my RAM to 4GB and will resurrect my use of a firewall.

| The reason I do not use a firewall is because they tend to make problems for

| me when relatives are calling upon the family nerd/geek to fix their pc's.

| Can I bill Bill for that? Twenty years of local support?

>> The above must include good security templates, security settings, and

>> good updated malware protection that has already been vetted. For some,

>> this is a hardship as few casual users have taken the necessary steps to

>> create perfect installation sources.

| I use AVG 8, and Windows Defender. Plus I run Spybot and Adaware once a

| week.

| In addition to that I will now run the os integrated firewall....

| There... it's activated!!

| How can I identify this virus/malware?

| --Ã˜G--

I gave you a set of directions to post in an Expert Forum -- Have you ?

--

Dave

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

November 10, 2008

"Ã˜yvind Granberg" <tresfjording@live.no> wrote in message

news:DEE0539B-CF6F-4CEA-9F5D-79A64D2E7B53@microsoft.com...

> >

>> Or take it to a professional.

>>

>> From a post by Kayman in m.p.s. newsgroup

>

> I will NOT! The "professionals" around here is not much of profesionals.

> hehe... don't mean to brag!

style_emoticons/)

Your choice. If you are the best around - then you are the logical

choice. If I were you, I would follow the advice offered by Malke.

Are you running as admin and with UAC disabled?

Maybe "flatten & rebuild" is the best choice - and learn to live with

UAC and limited user rights.

November 11, 2008

I think you ARE right, OG! style_emoticons/

Maybe you should ask the experts about this at http://aumha.net/index.php

Dave

--

"Ã˜yvind Granberg" <tresfjording@live.no> wrote in message

news:96EF4CC2-190A-43F8-A87D-C37324F0AABE@microsoft.com...

> What about this?

> If you reinstall from your original cd things still can get wrong.

> Some viruses are writing themselves to the boot sector, I think they are

> called MBF-viruses, and to the memory.

> If you delete the one on the harddisk, it rewrites it self down on the

> harddisk immidiately from a copy in RAM.

> Think about it:

> A virus is in both the memory and on the harddisk.

> You turn off the computer.

> During shut down the virus secure a copy of it self on the harddisk.

> You put in the original OS cd and boot on that.

> The virus is then activated i the same instance the OS is reaching for the

> HDD and reproduce it self again into the RAM.

> As a result you format the harddisk with the virus active i memory.

> After reformatting, and many reboots, forcing the virus to rewrite it self

> to memory and HDD many times, you still have an infected computer.

> I addition to this I think it don't have to be the virus itself, maybe a

> trojan holding the backdoor open to a certain virus.

>

> Am I right?

>

> --

>

> Vennlig hilsen

> Ã˜yvind Granberg

>

> www.tresfjording.com

November 11, 2008

On Mon, 10 Nov 2008 22:40:28 +0100, Ã˜yvind Granberg wrote:

>>

>> Or take it to a professional.

>>

>> From a post by Kayman in m.p.s. newsgroup

>

> I will NOT! The "professionals" around here is not much of profesionals.

> hehe... don't mean to brag!

>

Get your facts right! I never posted this comment!

November 11, 2008

On 11/10/2008 01:37 PM, Ã˜yvind Granberg sent:

Snip, snip...

>

> How can I identify this virus/malware?

>

> --Ã˜G--

Hello Ã˜G:

If after two years of using various anti-malware applications something

hasn't been identified, then perhaps you aren't experiencing malware.

Please follow David H. Lipman's post and let us know what you find.

Best wishes to you.

--

1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

November 11, 2008

Yes, I have disabled UAC!

I'm like most people; Don't read what's on screen before clicking yes...

hehe

>

> Are you running as admin and with UAC disabled?

>

> Maybe "flatten & rebuild" is the best choice - and learn to live with

> UAC and limited user rights.

>

November 11, 2008

Sorry....!

Some snipping went wrong...

--

Vennlig hilsen

Ã˜yvind Granberg