PDA

View Full Version : VIRUS..a sombre story



susanwells
26th February 2004, 23:09
Before Christmas I treated myself to a new laptop, an ACER Travelmate, Centrino processor, all bells and whistles.. I installed the latest Norton anti-voirus and a firewall and I keep my Norton up to date, also the microsoft patches...
on friday night I turned it off and all was wlel. On Saturday morning it went beserk.. kept re-booting, wouldn`t connect to the internet etc etcTook it into very good small computer shop we use..
they rang just now.. whole thing has had to be wiped clean and everything re-installed...
virus..
ah, I said, it cannot be, I have Norton and firewall and..
the guy says the latest virus is actually programmed to attack those very things.. Norton and firewalls... so in a way I`d have been better off without them..in a way..
thought you`d like to hear the sad tale... cost is a week of borrowing the daughter`s, which means I will owe her big time in expensive boutiques, and about £100...and a lot of hassle.
:hearty

jollyjayne
27th February 2004, 00:33
Hi Susan,
Sorry to hear about your PC troubles, but may be a useful reminder for other forum users to back up data regularly coz when you have spent months updating work, whether for college, Uni, work of personal fun - that`s when your PC will die.

Bit like a smoke alarm, you know it`s there, assume it is OK, but when you need it, will it work ???

susanwells
27th February 2004, 00:49
You are SO right JJ... at the end of every writing day I now not only save my work, I send the day`s work to my daughter and my husband`s work computer and his home computer.. so that is belt, braces and strong knicker elastic too...
in the stone age we used to save things onto floppy disc of course...
I also print out every 3 days.. so if all else fails..
yes, and the smoke alarms.. just check them occasionally..we had a fire here 2 years ago which destroyed my then office, in the barn... fortunately I was in the house.. but the men working on a wall below heard smoke alarms going off like crazy...
another thing, while we`re on these subjs is a bit of good advice I lerned from a friend years ago...
ALWAYS have pinned or propped near your phone the tel. number of your doctor and any other vital numbers you don`t use often enough to have in your memory but won`t be able to find them if you`re in a panic ... you may not quite need 999 but you could still need the doc in a hurry..
cheerful aren`t we ? I get my computer back tomorrow, DV.. oh and another thing, always put the re-installation discs in a place where you can find them.. took me best part of an hour tonight !!

plater
27th February 2004, 08:30
Hi Susan, probably no consolation now but I think the shop may have been a bit off with their findings, the blaster worm & variants do what you said (Reboot) but you can clean it from the system without the need for formatting, there are a lot of others that do the same sort of thing, but there are also some that destroy the boot sector of the HDD if it was one of those I suspect it you would not have been able to boot into windows at all (But I'm no expert).

Maybe we ought to start a thread in the PC-help advice with all the tips and tricks for removal of these damn things, we can all have the nessasary firewall AV software in place but with the click of the mouse on the wrong file and it's ::swear ::swear ::swear .

I did a Google just now and found the following ...., but then you would need the fixblast download on disc to finish the job. also you have to turn off system restore.

Terminating the virus Program

To stop your windows XP machine rebooting

1. Select Start -> Run
2. type shutdown -a in the box and press Ok.
3. This will stop the reboot at least for a few useful minutes while you disinfect.

This procedure terminates the running virus process from memory.

(1)Open Windows Task Manager and click the Processes tab.
(2)In the list of running programs, locate the process:
MSBLAST.EXE

(3)Select the process, then press the End Process button.
(4)To check if the process has been terminated, close Task Manager, and then open it again.
(5)If the process is still running then continue anyway
(6)Close Task Manager.


Removing Autostart Entries from the Registry

(1)Removing autostart entries from the registry prevents the malware from executing during startup.

(2)Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Run
(3)In the right panel, locate and delete the entry: "windows auto update" = MSBLAST.EXE
(4)Close Registry Editor.

Cheers Plater

bigcumba
27th February 2004, 09:11
Hi Susan, probably no consolation now but I think the shop may have been a bit off with their findings, the blaster worm & variants do what you said (Reboot) but you can clean it from the system without the need for formatting, there are a lot of others that do the same sort of thing, but there are also some that destroy the boot sector of the HDD if it was one of those I suspect it you would not have been able to boot into windows at all (But I'm no expert).

Expert enough Plater, mate! That's exactly what happened to my laptop a few months back, not a fun experience! The shop (as they always do) have definitely been too quick to format without further checking. I know one of the big chain stores have a reputation for 'if in doubt - format it' sort of attitiude.

Good luck anyway Susan

Win2Win
27th February 2004, 09:16
This gets me, the shops are supposed to be 'experts' but I forever say on this forum, 99% of the time you DO NOT format the HD, as it is only magnetic data and can be removed in parts without wiping the lot. NEVER format a hard drive no matter who tells you as their is always another way. You could have just installed a fresh copy of XP. This would ignore the virus on boot, keep all your previous data, and then run Norton to get rid of the old one, or as Plater points out, their are many fixes out there.

It really annoys me when these people seem to think destroying everything is in your best interests.

If I was you I would go back to the shop and point out you have a number of fixes for the virus, so why did they delete all your important files without your permission? Tell them you are going to see a lawyer, about compensation, and aski if they wish to make an offer their and then. If they don't send them a soliciors letter, it'll only cost about £40, threating them with every legal thing under the Sun, and I bet they offer you money.

People in this country don't kick up enough trouble when something goes wrong. You should have asked on this forum before going to the shop, as their are more experts here, and it's FREE.

I'm always suing someone, and it's always settled out of court, regardless how trivial it might be. People do not walk over me.

susanwells
27th February 2004, 09:45
Goodness me ..
in fact this is an excellent SMALL independent shop run by three chaps who have spent hours of thier time for nothing sorting out my ( asnd husband`s) computer probs.. their tech guy had tried every which way for 3 days including everything you suggested... he says he only ever wipes as a last resort. win2win I think the trouble with this sue everyone for everything all the time attitude, apart from doing your blood pressure no good, is that it is simply putting up the cost of insurance to ridiculous heights for everyone... sue when it was maliciously meant and serious and has caused you serious harm.
I wouldn`t dream of marching into this shop run by good honest hardworking chaps in that tone of voice..
sorry to straight talk but I feel as strongly as you obviously so.. :hearty

Win2Win
27th February 2004, 10:01
I only sue those who do wrong, and need to be corrected in order to protect future customers, otherwise companies will continue to get away with what ever they want.

Fot the amounts I deal with, it wouldn't even be an isurance claim.

Good people or not, it doesn't give them the right to make expensive mistakes and get away with it, I've be building/programming computers for 20 years now, and they did make a wrong call. The OS had the problem, not the DATA, which could have been at the very least backed up by them through AV software to be put back after a format, and for that they can't be that honest.

Not getting at you Susan, just trying to protect members from things that shouldn't happen. PC World is the worst, and should be avoided at all costs.

susanwells
27th February 2004, 11:08
For anyone interested in this one here is an update. Plater, I read your e-mail out to the tech at the shop and he said that was of course the first thing he did.. easy to stop the machine re-booting.. but in order to go further he has to get onto the internet/get at Norton etc and the virus is DOS - makes a Denial of Service.. he has tried every way and he has NOT yet wiped anything. This is the last resort and he says he never does this without customer`s permission.. and it is very rare forf him to have to do it. But apparently the virus which has afected my laptop is one of thed 164,000 out there and is not one of the best known ones... the ones which deny service are the worst to try and disinfect as you can`t get at them
thanks anyway Plater and I would normally come to this forum but this one looks as if it`s beyond most forum helpers...
I`ll keep you posted and thanks for the advic.e
:hearty

Win2Win
27th February 2004, 11:34
Reinstalling the OS in anew directory, would override the DOS virus. It's just a case of transfering the old data to the new user directories, but after running a couple of AV's to clear the system.

You don't think your laptop is one of the ones in the loop stopping bookmakers from operating for blackmail do you? That's how the criminals do it.

As far as I'm aware the latest DOS virus is Mydoom.F , and a fix is available.

TheOldhamWhisper
27th February 2004, 13:21
....but in order to go further he has to get onto the internet/get at Norton etc and the virus is DOS - makes a Denial of Service...

If he has not yet deleted the data, you might want to suggest they download all the relevant removal tools onto another machine with a CD writer and make a bootable CD. As has been mentioned before, there is absolutely no reason whatsoever to format ANY hard drive unless the boot sector is damaged beyond repair (and there are very few viruses that can cause this sort of damage these days). As the preogression of this incident points to the fact that the machine is bootable, the boot sector is unaffected and simply identifying the virus and renaming the files using good old Dos (the operating system - not denial of service) will fix the problem well enough to allow anti virus software to do its job.

Sorry Susan, but as much as you like these people, this time they are wrong.

silax
27th February 2004, 13:42
this may be wrong bot might be worth asking can you not just hook up the infected hard drive to another pc as a secondary and transfer all the data yuo want to keep over to the other hard drive.
then stamp on it and buy another hard drive to replace the old one.i'm sure there are better ways but this one will make you feel better

Bulldog
27th February 2004, 18:20
this may be wrong bot might be worth asking can you not just hook up the infected hard drive to another pc as a secondary and transfer all the data yuo want to keep over to the other hard drive.
then stamp on it and buy another hard drive to replace the old one.i'm sure there are better ways but this one will make you feel better
Well done Silax. The James Brown "I Feel Good" school of technology. Right up my street. :D