Author Topic: Virus symptoms perhaps?  (Read 22452 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32605
  • malware fighter
Re: Virus symptoms perhaps?
« Reply #30 on: May 07, 2005, 09:02:00 PM »
Hi FreewheelinFrank,

Be honest about it. A small virus incident, OK Even some spyware you can take off with a removal tool or a known LSP insert that is not too complicated. OK, you can recover from that easily, and the machine won't be compromised. But a computer in this state of SUSZANNAH's friend, a real druid from the isle of Man couldn't  make it function again if he ever could.  I would not trust this desktop again for the life of me or it must be clean and re-installed. Save all the data from the corrupted one as far as it goes, and then do the inevitable. I know what I am talking about I have been there, won a T-shirt, so to say. After a  klez infection, that  took out 30% of my 'windhose'  files in the good old  days, when providers did not screen your very e-mails. It is a bit of a mourning process to loose a comp installation on an incident like that,  I know, but after one evening of cleaning up, re-installing the OS, getting the drivers back-on, and putting back the data, I could run the un-compromised thingy. Now I have a restore program and back up on DVD regularly, so with one click I go back to the version of 5 minutes before whenever it becomes sloppy to the time it was working perfectly  without the problem, also minus  virus or spyware. RESTORE-IT as a programme it is worth every penny of it, and saved me many a pain in the neck, believe me my friends. My wife gave it to me as a present, and it was the best thing I got.

Keep up the good work, stay clear of viruses,

Yours faithfully,

POLONUS
« Last Edit: May 07, 2005, 09:08:09 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83515
  • No support PMs thanks
Re: Virus symptoms perhaps?
« Reply #31 on: May 07, 2005, 09:17:27 PM »
People often don't learn a lesson until they feel the pain, there is a lot of pain involved in a format and clean install and it is not something I recommend lightly.

Another valuable lesson that they will have learnt is if you don't want to lose it back it up and by far the easiest is a disk image, I do one every week and back up volatile date every day (emails, data files, addressbook, favourites, etc.).

If I ever get in serious trouble I simply install the last image, restore the data files daily back-up, so very little will be lost. I can't remember the last time I had to restore an image but a 10-15 exercise compared to a format and reinstall, no contest.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline SUSZANNAH

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1954
  • There We Are Then
Re: Virus symptoms perhaps?
« Reply #32 on: May 07, 2005, 10:59:44 PM »
Well waiting to see my friend to explain what has happened, in the mean time have tried to get it to run, on F8 safe mode is not an option,  it keeps saying 'Error loading operating system' only options are
Floppy
IDE 0
IDE 1
CD/DVD
tried with cd it lets you install the files, then on reboot comes back with the error message as before, no idea what has gone on as yesterday at least I had the desktop on there, havn't messed with anything regarding settings..........just wondered really why there is no safe mode option......will have to be a shop job......just curious of the error message... ::)

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re: Virus symptoms perhaps?
« Reply #33 on: May 08, 2005, 12:47:00 AM »
although the PC is most probably riddled with malware, this error sounds suspiciously like hardware error, e.g. Harddisk-problems..

have you managed to backup the most important files earlier ?

if so,  try booting with XP-CD and removing/deleting the existing (system/Windows)partition completely, make TWO new partitions, and do a clean install into the first one
(2nd partition is for data and helps keep your data in case of beeding a reinstal in the future)

*

if not, at least boot with XP-CD, then go to repair console ("DOS") and do CHKDSK and (if available) SCANDISK with option of intensive / SURFACE test

 ;)

Offline SUSZANNAH

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1954
  • There We Are Then
Re: Virus symptoms perhaps?
« Reply #34 on: May 08, 2005, 01:07:45 AM »
whocares....have got as far as chkdsk and it says its ok, no option for scandisk...what do I do next?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32605
  • malware fighter
Re: Virus symptoms perhaps?
« Reply #35 on: May 08, 2005, 01:10:16 AM »
Howdy Suszannah,

From what you tell me here, I fear you have cleaned out part of an essential item to run windows. You can be saved by someone with a special mirror disk run  only to burn the data to   
image the contents of the machine, but these are specialists.From what I  hear what you tell us in your posting last, this virus  is a very tricky one. Have you tried the bios settings, can you alter and reset there.. I agree with DadvidR, this is a  hacker's  virus that can land you in big trouble. That is why it is mighty important to always have a copy of the registry and the system files. If a vital component of windows system  is missing, you have the situation at hand you find yourself in now , you cannot start up..no way. There are trojaned viruses, that an internet service provider may let through, because it can hide for the nick of time it  has to slip by, it is like the rogue that puts nylons over his head, you cannot see his face and nail him, but thank  AVAST it will trace  this baddy  later.
But I ask DavidR's opinion if she(they)  can get away without " total recall"?

POLONUS
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline SUSZANNAH

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1954
  • There We Are Then
Re: Virus symptoms perhaps?
« Reply #36 on: May 08, 2005, 01:13:55 AM »
Thank you .....at least I can get as far as the DOS prompt, but from there I am lost........but I have tried, I am ok at following instructions, but at a loss without them.........she hadn't finished saving her documents....does this mean that the disks she has saved are also infected?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32605
  • malware fighter
Re: Virus symptoms perhaps?
« Reply #37 on: May 08, 2005, 01:23:18 AM »
Dear Suszannah,

That may not be the case. But educate her to do this next time around, no one can live without a CD or DVD with essential data of their comps nowadays. If what whocares says is true it can be the feed that can take the harddisk down, an accumulation of dust can cause that. People have to open up their computers or turn their keyboards once a year to have the dust out. But what I hear from what you tell in this thread that is not the case. The machine then must hum a different tune, you must hear it tick. No it is definitely a virus or a combination of malware and virus, or I must be very wrong. Hang in there try to push very swiftly alternating between  the upward and downward arrows on your keyboard console, and tell us what happens there....

Good luck,

POLONUS
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Virus symptoms perhaps?
« Reply #38 on: May 08, 2005, 09:29:09 AM »
Hi Polonus,

Check my first post in this thread and you will find I said the same thing.

However there are people who don't have the option of reinstalling the OS. There seem to be plenty of people who can't find the CD's that came with their computer. I have cleaned a few computers in this situation which have been without any anti-virus or firewall and have been infested with just about every item of spyware, virus, worm, bot and Trojan known to man.

(Leaving with a warning not to use that computer for internet shopping or storing confidential info. etc. of course!)

I did feel as though I was doing battle with the hoards of Mordor, although I wasn't the wizard, it was the people who wrote the many excellent anti-malware programs available. All I had to do was to wander the battlefield afterwards and stab a few remaining Orcs.

It's definitely not recommended: 'nuke and pave' (reinstalling the original operating system) is the only way to guarantee 100% security after a malware attack. But if the computer is only used for casual web browsing or gaming, it can be worth a try. It's a case of weighing up the risks. (And it's also an interesting real life test of anti-malware programs.)

Suszannah, you haven't said if your friend is using a wireless keyboard?

If not, then it probably is time to find those restore CD's that came with the computer.

If your friend has important information still on the hard disk, a virus expert may be able to boot from a special CD and recover the information, or to remove the hard disk, run it as a slave and if not repair any virus damage, then recover important files.

     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline SUSZANNAH

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1954
  • There We Are Then
Re: Virus symptoms perhaps?
« Reply #39 on: May 08, 2005, 02:40:21 PM »
No she has a wired keyboard, after following whocares's advice managed to get it do do chkdsk which came out as ok....but no option at the dos prompt to run scandisk.....I havn't deleted anythng so no idea how part of windows could be missing, the only disk here is the xp installation disk........

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re: Virus symptoms perhaps?
« Reply #40 on: May 08, 2005, 04:05:49 PM »
Whether it's a virus or not is imho unimportant at this stage, as the most urgent item is to get a backup of the data

Enter the BIOS while booting, do auto-detecting of hard disk(s): confirm&note the offered settings

Boot with the XP-Setup-CD, got to repair -> Console
then enter:

Fixmbr [ENTER]
fixboot [Enter]

(maybe you have to search the CD first to see where these tools are located, i.e. path/folder)

then try reinstalling WIN into the existing partition (NO deleting/repartitioning, nor formatting)

What happens exactly ?

any error messages or "success" messages during fixing or installing ?


Offline SUSZANNAH

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1954
  • There We Are Then
Re: Virus symptoms perhaps?
« Reply #41 on: May 08, 2005, 06:36:05 PM »
Fixmbr:

Caution
This computer appears to have  non-standard or invalid master boot record.

FIXMBR may damage your partition tables if you proceed.

This could cause all the partitions on the current hard disk to become inaccessible.
Are you sure you want to write a new MBR?

said no....as I have no idea what it is..... ::)

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re: Virus symptoms perhaps?
« Reply #42 on: May 08, 2005, 07:53:11 PM »
ask her, if the data is really worth backing up:

if so,
- get Knoppix or
- as said above, plug the harddisk as slave in another PC and
backup her data

if not, go ahead.. Risk of data loss !!

*

do you know if she indeed has an unusual/non-Standard MBR/partitioning ?
Bootloaders, multiboot-system ?


or try Bootable AV-media, e.g. BART-CD or AV-Bootdisks (see below)
those need to be made on a clean PC, of course..

maybe they'll find an MBR/Bootvirus




Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Virus symptoms perhaps?
« Reply #43 on: May 08, 2005, 08:06:33 PM »
Your AV boot disk link is dead. :'(
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline SUSZANNAH

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1954
  • There We Are Then
Re: Virus symptoms perhaps?
« Reply #44 on: May 09, 2005, 12:48:54 AM »
Things are getting a little too technical for me now...think it's time to concede.....and leave it to the experts to sort out,,,,but it was fun trying.... ::)

Do not understand the partioning message.....as far as I know all was a standard setup with this pc..... :)
« Last Edit: May 09, 2005, 01:22:42 AM by SUSZANNAH »