Author Topic: Boot Sector Virus  (Read 4537 times)

0 Members and 1 Guest are viewing this topic.

TXP

  • Guest
Boot Sector Virus
« on: February 12, 2004, 07:14:12 PM »
Hi!

I need some help here. The thing is that I have a boot sector virus. When I enable my bios virus system it says that I have a boot sector virus and when I run a virus scan (Avast) it can't find it? Now I get the same massage on my second harddrive.

I had some virus the first time I installed win2000 but Avast deleted them.

OS: win2000 and win98

Need some help here please!

TXP

whocares

  • Guest
Re:Boot Sector Virus
« Reply #1 on: February 12, 2004, 07:58:06 PM »
Hi,

du you have Win98 and Win2000 on the same PC ?
You have a multi-Boot-System/Bootmanager ?

Then that's probably why the Bios virus protection complains, because the MBR was changed ..

you might want to try other scanners, e.g. OnlineScanners from Trendmicro (see below my sig) or www.ravantivirus.com or AV-Bootdisks from F-Prot

if those don't find anything, then just switch the Bios virus protection OFF


 ;)

TXP

  • Guest
Re:Boot Sector Virus
« Reply #2 on: February 12, 2004, 10:38:27 PM »
Hi I did as you toldme to do. And here's the result I got from RAV antivirus.

C:\WINNT\system32\winhlpp32.exe - Win32/HLLW.Gaobot.BQ -> Infected
F:\WINDOWS\Temporary Internet Files\Content.IE5\8D6FGXAF\dialer[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
F:\WINDOWS\Temporary Internet Files\Content.IE5\8D6FGXAF\dialer[2].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
F:\WINDOWS\Temporary Internet Files\Content.IE5\8D6FGXAF\dialer[3].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
F:\WINDOWS\Temporary Internet Files\Content.IE5\0LA7CHE7\dialer[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
F:\WINDOWS\Temporary Internet Files\Content.IE5\4XIF01AN\dialer[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
F:\WINDOWS\Temporary Internet Files\Content.IE5\SLE3052F\dialer[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected

Scanned
============================
   Objects: 27258
   Directories: 2160
   Archives: 996
   Size(Kb): 1144200
   Infected files: 7

Found
============================
   Viruses found: 2
   Suspicious files: 0
   Disinfected files: 0
   Mail files: 593

So does anyone know how to remove this virus?

TXP

PS: txh for the help


whocares

  • Guest
Re:Boot Sector Virus
« Reply #3 on: February 12, 2004, 11:36:37 PM »
C:\WINNT\system32\winhlpp32.exe - Win32/HLLW.Gaobot.BQ -> Infected

Hi,
avast didn't detect this ? is your avast uptodate ?? did you do a full thorough system scan ?

if so, please send in this file to :
virus at asw dot cz

as RAV offers no description for this specific gaobot-variant, try a scan with Trendmicro, look up the name in their virusinfo and follow the instructions (you might have to adjust the filenames a bit to the ones found infected on your system)

Quote
F:\WINDOWS\Temporary Internet Files\Content.IE5\8D6FGXAF\dialer[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
F:\WINDOWS\Temporary Internet Files\Content.IE5\8D6FGXAF\dialer[2].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
F:\WINDOWS\Temporary Internet Files\Content.IE5\8D6FGXAF\dialer[3].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
F:\WINDOWS\Temporary Internet Files\Content.IE5\0LA7CHE7\dialer[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
F:\WINDOWS\Temporary Internet Files\Content.IE5\4XIF01AN\dialer[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
F:\WINDOWS\Temporary Internet Files\Content.IE5\SLE3052F\dialer[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected


that'S easy: just delete (IE-Extras-options) your Temp-Internet files, including offline files, and they will be gone ;) ;)
« Last Edit: February 12, 2004, 11:39:37 PM by whocares »

whocares

  • Guest
Re:Boot Sector Virus
« Reply #4 on: February 12, 2004, 11:41:47 PM »
Applying ALL Windowsupdates
and scanning with ad-aware, spybot & cwshredder is also advised
Links & Details via "Search"
 ;)

if you still don't get rid of it:

post a logfile of hijackthis here ;)