|
-
June 26th, 2000, 09:27 PM
#1
This smacks of a virus
Have a client that has a gateway computer
Last week their tech support had her reformat & reload the hard drive using the restore cd for an IE problem. It didnt need to be formatted at all
I went over there & got her scanner, printer IP & email working among other things
All appeared happy
Win 98 SE OE & IE 5
I tested everything including email & know it worked.
She uses the same IP as me. She emailed me a day or 2 later to say that it is changing her email addy randomly & it sure as heck was.
Virus I thought.
She also said she had a master boot record problem once or twice
OK simple stuff, or so I though
Everything appears to work fine
I ran Norton antivirus on the dos level from disks I made on my system using current definition files, nothing
If I run fdisk from the C prompt it shows the hard drive partition as primary dos
If I boot to a 98 or 95 boot disk it says it cant find a valid fat32 partition & shows the partition as non-dos
If I try to rebuild the MBR it says "write protect error writing fixed disk"
Im perplexed with this. It has virus written all over it
any ideas??
In the beginning there was the command line
-
June 26th, 2000, 09:37 PM
#2
Hi eyesee...you may be able to confirm your suspicions with a chkdsk command in true DOS. The total bytes memory reading should be 655,360. Anything less and there's a boot sector virus in there.
-
June 26th, 2000, 10:06 PM
#3
655360 roger that HK
checked that already
Im thinking about debugging the hard drive & reloading it all the way I normally do
I hate those restore cd's. They load the HDD up with a bunch of worthless crap
I can tech it for 3 hours or I can wipe it, reload it, & be totally done in 3
This smells of virii!
Maybe the restore cd is contaminated. Who knows? Stranger things have happened!
------------------
Formerly known as Eyesee, see?
This is an awesome site!
In the beginning there was the command line
-
June 26th, 2000, 10:29 PM
#4
Hmmm...curiouser and curiouser. Just in case there is a worm or trojan on the system that is evading Norton, try running one of rmbox's "toys". It looks at all the startup locations for trojans and generates a text file.
http://home.earthlink.net/~rmbox/Ret...d/StartLog.zip
-
June 26th, 2000, 10:51 PM
#5
Hum, reaks of a Eco2 Virus (part of the Bleah family), but Norton should of picked it up. It infects the MBR.
Zeroing out best bet, if data loose isn't a concern.
If FDISK is reporting a non-dos partition, not to be smarta.., but when you checked fdisk, was C: active, did you view all partitions to make sure there wasn't a non-dos one?
------------------
Murf
My Win95 Help Page
Murphy's Law- It will go wrong, but we can fix it!!
But if it ain't broke - "Break It" - So we can help fix it!
-
June 26th, 2000, 11:02 PM
#6
FYI, from CAI:
ECO (Also known as Bleah.C)
This is a boot sector virus infecting DOS boot sectors on floppies and Master Boot Record on hard disks. The virus uses stealth techniques so that while resident in memory, it controls access to infected boot sectors and returns a copy of the clean, original boot sector when a user tries to read the
actual contents of the infected boot sector.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
