|
-
May 13th, 2004, 08:34 PM
#1
Difficulty identifying virus
My client's system, Windows XP Pro, won't boot to the desktop.
As soon as you click on a profile it begins to load and reports that Windows has run out of Virtual Memory then hangs.
I can boot to Safe mode with out a problem. System Restore runs its paces but corrects nothing. NAV will not open. I have run an on-line virus scan by hooking the hard drive up as a slave and found nothing.
I checked the system configuartion utility and this is a quote from the startup group:
td><img src="images/shim.gif" width="1" height="27" border="0"></td>
</tr>
<tr><!-- row 6 -->
<td colspan="3"><a href="04order/04fr.htm" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('document.indexJ','document.indexJ','images/indexJ_2.gif','#932065633520')"><img name="indexJ" src="images/indexJ.gif" width="88" height="29" border="0"></a></td>
<td><img src="images/shim.gif" width="1" height="29" border="0"></td>
</tr>
<tr><!-- row 7 -->
<td rowspan="2"><img name="indexM" src="images/indexM.gif" width="44" height="60" border="0"></td>
<td colspan="3"><a href="05gallery/05fr.htm" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('document.indexK','document.indexK','images/indexK_2.gif','#932065642970')"><img name="indexK" src="images/indexK.gif" width="82" height="28" border="0"></a></td>
<td><img src="images/shim.gif" width="1" height="28" border="0"></td>
</tr>
<tr><!-- row 8 -->
<td colspan="3"><a href="contact/front.htm" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('document.indexL','document.indexL','images/indexL_2.gif','#932065658840')"><img name="indexL" src="images/indexL.gif" width="82" height="32" border="0"></a></td>
<td><img src="images/shim.gif" width="1" height="32" border="0"></td>
<table border="0" cellspacing="0" bordercolor="#111111" cellpadding="0" align="center" width="740" height="323">
<tr>
<td width="35" height="29">
<img border="0" src="images/gifs/child/top_left.gif" width="35" height="29"></td>
<td width="740" height="29" background="images/gifs/child/top_bg.gif">
<p align="center"> </td>
<td width="35" height="29">
<img border="0" src="images/gifs/child/top_right.gif" width="35" height="29"></td>
</tr>
<tr>
<td width="35" height="74" background="images/gifs/child/left_bg.gif">
</td>
<td width="740" height="74" bgcolor="#FFFFFF">
<table border="0" cellspacing="1" style="border-collapse: collapse" bordercolor="#111111" width="100%">
<tr>
<td width="12%">
<a href="site_map.htm">
<img border="0" src="images/gifs/logo_small.gif" width="70" height="70"></a></td>
<td width="76%">
<h1 align="center"><font color="#A80000">Devilish Desserts Sweet and Sexy</font></h1>
</td>
<td width="12%" align="right">
<a href="site_map.htm">
<img border="0" src="images/gifs/logo_small.gif" width="70" height="70"></a></td>
</tr>
</table>
</td>
<td width="35" height="74" background="images/gifs/child/right_bg.gif">
</td>
</tr>
<tr>
<td width="35" height="29" background="images/gifs/child/left_bg.gif">
</td>
<td width="740" height="29" bgcolor="#FFFFFF">
</td>
<td width="35" height="29" background="images/gifs/child/right_bg.gif">
The preceding is repeated several times??!
Of course I recognized immediatley this to be HTML Code so out of curiosity I typed it all out and saved as an .htm file and it reads Devilish Desserts Sweet and Sexy . I cleaned out the RUN Keys from the Registry made sure the startup folder was empty and on rebooting to SAFE MODE the RUN Keys are repopulated with this c**p.
Does anyone recognize this virus from this description?
-
May 14th, 2004, 01:32 AM
#2
bump
On one hand I have resolved the client's issue by backing up data and formatting the drive then reinstalling. Expediency at times is the foremost measure.
On the other hand I' m curious to know which virus behaves this way?
-
May 14th, 2004, 10:17 PM
#3
You are not the only one. Perhaps an error was made, and this should have been an XML file put somewhere else?
-
May 16th, 2004, 10:04 AM
#4
-
May 16th, 2004, 10:14 AM
#5
I'm not sure this is a virus. Spyware maybe? Have you scanned?
-
May 16th, 2004, 11:49 AM
#6
Well yes as matter of fact I did run Adaware, spybot search and destroy, and CW Shredder in addition to AVG and Norton most recent updates. None of the scans revealed a thing. The reason I believe it to be a virus is that after deleting the HTML code out of the RUN Keys in the registry it is put back in after a reboot and prevents either virus scan from running when in safe mode.
-
May 16th, 2004, 11:52 AM
#7
I think its about that time when you need to turn to HijackThis.
-
May 16th, 2004, 12:15 PM
#8
Re: bump
Originally posted by Calpitor
On one hand I have resolved the client's issue by backing up data and formatting the drive then reinstalling. Expediency at times is the foremost measure.
On the other hand I' m curious to know which virus behaves this way?
This was my second post Usil
-
May 16th, 2004, 01:13 PM
#9
Oops. Right. I got carried away 
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
