I have a virus that seems to defy everything including HD erase and writing zeros, msdos scanners and all. I have narrowed it down to 2 files that are referrenced on my reg file (C:LEXBCE32.LOG + C:LEXBCE..LOG)(I have a lexmark printer) These 2 files are hidden so well I cannot find them, is there a way I can force them into view?
WIN 98 SE
Also everytime I clean these 2 items from my registry on the next boot thyre in the reg again.
Need Virus Help
-
WhiteMountains
- Member
- Posts: 75
- Joined: Sat Mar 08, 2003 10:56 am
- Location: Maine
Need Virus Help
get ure mojo risin
If you have formattted the drive, then you must have a virus in your backup files. Formatting will erase all contents of the drive.
What does the registry have to do with this? You said you erased the drive. If after reinstalling the os, you still have a virus, then possible one of your disks (cd's or floppys) has a virus that loads into the hard drive.
Give exact step by step details of how you came to think you had a virus and then what you did in sequence to try to handle it.
What does the registry have to do with this? You said you erased the drive. If after reinstalling the os, you still have a virus, then possible one of your disks (cd's or floppys) has a virus that loads into the hard drive.
Give exact step by step details of how you came to think you had a virus and then what you did in sequence to try to handle it.
No one has any right to force data on you
and command you to believe it or else.
If it is not true for you, it isn't true.
LRH
and command you to believe it or else.
If it is not true for you, it isn't true.
LRH
-
WhiteMountains
- Member
- Posts: 75
- Joined: Sat Mar 08, 2003 10:56 am
- Location: Maine
Ok, I found the virus by accident. My box seemed to be running rather slo so I did a defrag, that didnt help much. Next I checked my msconfig and found MARCO! on it which has to do with the opr srv worm so I flushed that and thaught it was over but NOT. A few days later I found the slammer virus and flushed that (i had to do these erasures manually because downloaded virus scanners could not find them). Now I really started digging!! I run what you might call an average home pc but I find a lot of things loading in my reg like windows NT, scsi drive D:., remote startup, and a lot of .exe files that point to "Open As_Run D..."
I downloaded Maxtor max blast on a clean box and did a complete erasure then did a complete O print to the disk, affraid of a mem virus, I then pulled the harness off the HD, shut the box down, pulled the extension cord and drained the capacitors, reset CMOS and reinstalled windows. I still get a message that drive O = SCSI drive and drive 1 = windows but if I try to boot from drive 1 I get OS not found.
I downloaded Maxtor max blast on a clean box and did a complete erasure then did a complete O print to the disk, affraid of a mem virus, I then pulled the harness off the HD, shut the box down, pulled the extension cord and drained the capacitors, reset CMOS and reinstalled windows. I still get a message that drive O = SCSI drive and drive 1 = windows but if I try to boot from drive 1 I get OS not found.
get ure mojo risin
-
ghettoside
- SG Elite
- Posts: 5134
- Joined: Thu Mar 13, 2003 5:18 pm
- Location: At Large in the US
what did you use to overwrite the HD? I have seen a virus that defied format-but it didn't survive wipe. if you really overwrote every cluster, then I agree, you must be using infected floppy or CD.
Norm has a killer boot sector wiper, you gotta get it from him, and I've got an effective wipe utility for the entire HD. That free one mentioned in the other post ought to do the job, but you better get it from a clean machine and do like Tony said.
Norm has a killer boot sector wiper, you gotta get it from him, and I've got an effective wipe utility for the entire HD. That free one mentioned in the other post ought to do the job, but you better get it from a clean machine and do like Tony said.
-
WhiteMountains
- Member
- Posts: 75
- Joined: Sat Mar 08, 2003 10:56 am
- Location: Maine
I used the maxtor max blast program to zero it out. I think I got some of it out but not all because when I reinstalled windows it kept searching for files it could not find on my windows disk. I think I have it contained now , I removed 175 bad bad entries in the registry with reg first aid then I wrote in an arseload of security lines using wingate tweak manager then I installed a lot of advanced ruling on my sygate firewall. Im 99% sure that its not reaching the net nemore but Im also 99% sure that its lurking in the background. I wish I knew more about trace routing I would love to let this thing loose and see if I could trace it out. I dream of putting my hands around the little bastards neck who wrote this thing. 
< me him > 
< me him > get ure mojo risin
-
ghettoside
- SG Elite
- Posts: 5134
- Joined: Thu Mar 13, 2003 5:18 pm
- Location: At Large in the US
how do you know he's little? maybe it's someone who's dreaming of putting his hands around your neck.
seriously though, I can understand your aggravation. But from what I read in your post, you have not wiped your drive, so its likely to continue until you do so. you yourself said you're 99% sure its lurking in the background. I wouldn't tolerate that. good luck with your registry hacking. no firewall is foolproof. spybot's found a new one that auto clicks the yes button granting itself access in zone alarm, and it happens so fast the user most often doesn't see it happen.
if it doesn't work out, let me know if you need a real wiper.
seriously though, I can understand your aggravation. But from what I read in your post, you have not wiped your drive, so its likely to continue until you do so. you yourself said you're 99% sure its lurking in the background. I wouldn't tolerate that. good luck with your registry hacking. no firewall is foolproof. spybot's found a new one that auto clicks the yes button granting itself access in zone alarm, and it happens so fast the user most often doesn't see it happen.
if it doesn't work out, let me know if you need a real wiper.
I don't know how a virus could survive through clearing CMOS, and wiping the HD. It doesn't make sense unless you are connected to a network. It is possible to jump across a network, and like Tony said, it could be one of your disks that keeps reinfecting you.
If you follow the logical steps, it should be gone for good.
Unplug from network
Shut down, and clear CMOS
Boot to a clean floppy, and clear bootsector and mbr (wipe the drive too)
create primary partition (fdisk)
format HD
install windows (from legit clean CD)
install anti vi, firewall etc and update
reboot
plug into network
If you follow the logical steps, it should be gone for good.
Unplug from network
Shut down, and clear CMOS
Boot to a clean floppy, and clear bootsector and mbr (wipe the drive too)
create primary partition (fdisk)
format HD
install windows (from legit clean CD)
install anti vi, firewall etc and update
reboot
plug into network
-
ghettoside
- SG Elite
- Posts: 5134
- Joined: Thu Mar 13, 2003 5:18 pm
- Location: At Large in the US
-
WhiteMountains
- Member
- Posts: 75
- Joined: Sat Mar 08, 2003 10:56 am
- Location: Maine