|
-
April 26th, 2002, 03:57 AM
#1
A virus so new we don't even know its name
We've had a number of calls lately with the same issue. Windows boots to the desktop with a pop up window 'Login chooser ****' this popup opens until the system is out of memory and you have to shutdown. Here is the strange part it doesn't open in Safe Mode so if you disable everything in MSConfig you think it won't come up right? Wrong!! If you boot to DOS and rename Autoexec.bat, Config.sys, Win.ini, System.ini it still comes up....
Different models different OS (98, Me, XP) same symptom. Can't find anything anywhere in Safe Mode that is out of place or seems the least bit suspicious. Out of the five we saw today only common factor is that they use Hotmail. Anyone think this sounds familiar?
------------------
Smile..... from here on out life only gets shorter
-
April 26th, 2002, 08:29 AM
#2
check around in the registry a little - sometimes there are things in there that aren't listed in msconfig.
however, it does sound a little wierd. keep an eye out for DAT updated from your virus protector
~evan
------------------
- yes, fdisk is a valid form of virus removal
- I drive way too fast to worry about cholesterol
- yes, fdisk is a valid form of virus removal
- I drive way too fast to worry about cholesterol
-
April 26th, 2002, 09:31 AM
#3
On one of your Win9x boxes, download and run Startup Log and post the contents back here. I'm sure we can track down where it is starting from.
http://home.earthlink.net/~rmbox/Reticulated/Toys.html
-
April 26th, 2002, 11:34 AM
#4
Has anyone heard anymore on this virus? I booted over to Linux to check my Hotmail account. Not a word on Hotmail concerning this virus.
------------------
If first you don't succeed-visit the DR.
The true test of character is not how much we
know how to do, but how we behave when we don't know what to do
-
April 26th, 2002, 02:44 PM
#5
Search files and folders for lopsearch.exe This darned thing installed itself on my computer yesterday without any prompting on my part. I went to lunch, no one came into my office, got back, and had all kinds of wierdness going on. Probably not lopsearch, but ya never know.
------------------
The omnibus onion
The Omnibus Onion________
Asus something or other, xp2600+, 768ddr, ti 4400, winXP.....
Kenwood ts-180, carolina windom; instant messaging via f-layer propogation
-
April 26th, 2002, 03:49 PM
#6
Hi
I use hotmail and was not happy to read this post!
For goodness sake don't store anything you don't know and trust on your own drive - leave anything unknown on the hotmail server - better still if you don't recognise it - delete it without opening it! Sorry about that but I know hotmail accounts are getting hit with loads of junk at the moment so you need to be extra cautious. Remember that the msn messenger uses a send and receive file system to your hard drive too - these days it's not safe to accept anything except stuff from your own personal friends!
(try telling that to teenage daughters getting chatted up via msn everyday!?!)
Sorry about those already infected - I hope not to join you!
VP
------------------
Never be afraid to try something new, remember that amateurs built the Ark, professionals built the Titanic!
[This message has been edited by Virtual Patient (edited 04-26-2002).]
[This message has been edited by Virtual Patient (edited 04-26-2002).]
-
April 26th, 2002, 04:34 PM
#7
I was not trying to give the impression that it was cominmg from Hotmail. All I said was that this is the only common thread. I think my previous post my have beena little scan ina few places: Windows boots to the desktop with a pop up window 'Login chooser ****'the last name changes from one window to the rext. I did search each entry in Autoexec.bat, Config.sys Win.ini, Ssystem.ini, scan the registry for anything called Login, chooser, or both no hits that didn't belong there. An online scan is out of the question because the system has run out of memory right off the bat it is a sad lesson to learn about not updating your DAT files.
I don't dislike the neophytes, lazy or complete idiots they are job secutiry 
------------------
Smile..... from here on out life only gets shorter
-
April 26th, 2002, 06:28 PM
#8
I might suggest getting or updating AdAware and run it, but not if you're losing all memory to this thing. Do you have a rescue disk from your A/V? If so boot with it & hope it can find the problem & nullify/quarantine it so you can get back into windows. If not, most of the A/V sites offer fixit disks like AVG & PC-Cillin.
------------------
If you want to email me, or anyone, about a problem, please include a description of your system and a reference to VrDr / your post. Thanks. _Junker :>
Illegitemi Non Carborundum - don't let the bastards grind you down...
"While there is a chance of the world getting through its troubles, I hold
that a reasonable man has to behave as though he were sure of it. If at the end your cheerfulness is not justified, at any rate you will have been cheerful." - H. G. Wells _Junker :>)
-
April 26th, 2002, 06:38 PM
#9
Sometimes spyware will run from a tmp file planted in your C:\windows\system. Do a search of that folder for *.tmp.
-
April 26th, 2002, 10:19 PM
#10
Not that I want to push, but why are you not receptive to doing this?
If necessary, it will run in safe mode.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
