There is what appears to be a real nasty new virus out there thats similar to the ONE-HALF VIRUS,
I have posted to Symantec and with their help hopefully got rid of it,
the way it works,
when system crashes it steal about 1 or 2 megs of hard drive space so you don't notice it at first,
Norton Anti virus 5 Gold addition can't pick it up http://www.sysopt.com/forum/frown.gif
when you scan with NAV5 it corrupts the Nav5 files so Nav5 can't use all the defs.
tried running NAV5 from original Emer. disk
after it had run scan and repair got .2 gig back but NAV5 corrupted again. http://www.sysopt.com/forum/frown.gif
ended up formating drive from Windows boot disk with FDISK/MBR and full re instal of OS
As I said I have left a report back with Symantec Tech support as I wasn't able to isolate the virus, waiting on their answer,
In the mean time I am hoping I have Killed it.
( this mother took .7 of a gig before I noticed it)
when you run scan disk from windows it report the drive as the size that the virus allows you to access, if you run scan disk from DOS you get the true size of your hard drive, it's a good way ofpicking it up, if the two scan come back with dif size drive.
I don't know what the final payload of this is, as I hope I got rid of it before it has got to that point.
A very unhappy http://www.sysopt.com/forum/frown.gif
WW
smokin1
12-19-1999, 07:01 AM
Thanks WW...
that is truly a bummer http://www.sysopt.com/forum/frown.gif
any idea where it came from?
socalgal
12-19-1999, 07:45 AM
Thanks for the warning, WW, and the tip to check thru DOS. Sorry to hear this happened. http://www.sysopt.com/forum/frown.gif
Yes, if you know the name of the virus and how it came on your system, please let us know.
Mntsnow
12-19-1999, 08:23 AM
http://www.sysopt.com/forum/frown.gif Man that stinks! I feel for ya
Mntsnow
pickel
12-19-1999, 09:17 AM
Sorry to hear the bad news,WW. Thanks for posting .I'd rather have my computer catch it than my daughter's new one. Hope all goes well down there. be out most of the day, check in with ya'll later
thepickel http://www.sysopt.com/forum/frown.gif
xtremsabu
12-19-1999, 10:41 AM
I use avp best anti virus program i ever used.Never had a virus come thorough
welsh wizard
12-19-1999, 02:43 PM
This one looks like its targeted at Norton Anti V, seems it works on an area that NAV can't auto fix, you have to do manually, but this appearded to have been modified to disable Norton scan so it can stay in the sytem, http://www.sysopt.com/forum/frown.gif
The chap at Norton who is helping is Kevin Guderjahn.
the link to the posts is
( it seems that I need somthing to get to post that has been left of in reinstall, requested a link from Kevin at symantec, let you know when I get it)
better safe than sorry.
WW
[This message has been edited by welsh wizard (edited 12-19-1999).]
smokin1
12-19-1999, 02:48 PM
That link doesn't work for me here WW...is it just me?
http://www.sysopt.com/forum/frown.gif
welsh wizard
12-19-1999, 06:40 PM
Not you when I reinstalled I forgot to back up all the files some cookies work some don't, I can't get back to my post, with tech support at symantec either at the moment, waiting on an e-mail reply from them, not sure yet But I think the little B****** is still there I noticed at start up virus scan couldn't find def again, so reinstalled Anti Virus to scan system, still comes back clean, but it looks like it's there, so I am removing the drive and putting a new one in, once thats up and running I will put the old one as slave and try formatting it then partition it see if I can clean it up that way, I not throwing a 3 month old 6.4 away with out a fight.
WW
PS just as well I got more than one sys to get online. http://www.sysopt.com/forum/smile.gif
As to how I got it, this I am not sure of,system went funny about a week ago, windows crashing more than normal, only used 3 CD ROMs on this system don't allow floppies or zip's for any installation, so this either came over the net or from one of those three CD's, the one I took back "The Mummy ll " found out when I tried to run it was not legal version, go money back, man there was no way that it looked pirated, Screen work on it was first rate, the guy who sold it is real P****d of about it two, looks like the complaints are going down a long line of suppiers and some one will get nail for it,( the guy I got it from I quite often get hardware from and it was the first time he had carried any VCD's and DVD's)
the hard thing about this one is Norton doesn't seem to be able to find the virus, but have now heard of some one in Honk Kong that is cracking codes and trying to go for Symantec as the target http://www.sysopt.com/forum/frown.gif
I will most certainly tell all when we find the way it got in.
WW
[This message has been edited by welsh wizard (edited 12-19-1999).]
Right sorry about the long winded way to get to site
1 goto symantec.com
2 goto service support
3 select Norton antivirus in box 1
4 select 5.0 for Windows in box 2
5 press go
6 click Contact Technical Support(ask symantec
7 goto contact options and click Ask Symantec
8 choose GeneralTechnical Questions and press go
my query was posted at 10.06PM Dec 18th
you will find some related info there.
As I said it was long winded.
WW
Power-B
12-19-1999, 09:28 PM
Do you think it's possible that the virus companies themselves are producing the viruses? Very good for business!!
Just stirring the pot...
[This message has been edited by Power-B (edited 12-19-1999).]
welsh wizard
12-20-1999, 01:59 AM
Yep it's still their,interesting development with it now, when you switch on and monitor cpu usage with out any thing running except Windows and monitor program, CPU shows 49% in use, also drive become fragmented in a few hours,if you leave system switched on.
Well it looks like the drives heading for a slave position, http://www.sysopt.com/forum/frown.gif
I ain't beaten yet.
Man I wish I had one of those old Atari utilities that allowed me to check a drive one bit at a time, http://www.sysopt.com/forum/smile.gif
WW
BEOR999
12-20-1999, 03:35 AM
Be extra carefull over the "critical Y2K period" I expect we will see a lot of time/date activated viruses.
Visit SARC's Year 2000 Awareness Center for all the information you'll need to protect your computer environment from Y2K virus threats.
http://www.symantec.com/avcenter/index.html
socalgal
12-20-1999, 07:21 AM
How goes it WW?
I checked out your letter at the NAV site. Maybe it's the way I read it, but NAV tech support seemed a little blase about this? Kind of sounded like 'Well, you're on your own...' Hmm.
There's a download Trial Version of the AVP Platinum Toolkit Pro http://www.avp.com/
I have all three (inc. NAV) since I figure what one may not catch, another will...
[This message has been edited by socalgal (edited 12-20-1999).]
welsh wizard
12-20-1999, 10:51 PM
Just to bring you up to date with this one, I installed Partition Magic extra strength, I figured if this little b*****s hiding in a partition that is transparent, I find it,
Partition Magic extra strength reported the drive as only having 7 meg of free space and one partition, go figure that one, Norton utilities disk space shows 2 gig, MS prog shows 4.2 gig, and I only got win 98 , anti virus 5 gold with updates , Norton Utilities, and partition magic on there, so some thing is reacting dif to each program that probs it.
Any way I am pulling the drive and trying a new one, finding an old mobo that can handle a 6.4 which you can't flash the bios with, and use that to format it, I ain't beaten yet, and TG this ain't my only system to connect with.
BTW thanks Socalgal will try those sites, I am thinking that if this is targeted at NAV then one of the other Virus people might have catch it, so that they can say Norton didn't find it but we did ,so why noy buy ours instead http://www.sysopt.com/forum/wink.gif
As for the lastest comment from Symantec,
"this is a very interesting case, let us know how you get on." well there the last one's that would get the drive now, if I fix it you will know how, so if it turns up on your system you, will know how to cure it, even if it is the drastic way, as for NAV they have to pay for the info. http://www.sysopt.com/forum/smile.gif
WW
dawgtuff
12-21-1999, 12:25 AM
Perhaps you could send the HD to Symantec.If this virus is targeted for NAV.They "should" be very interested....Good luck,mate!......DawgTuff.
BBA
12-21-1999, 12:48 AM
You can examine the drive partitions 100% accurately by booting it to a floppy disk that has GHOST.EXE on it and then running ghost. I think you could also use partition magic to actually reclaim the partition space, provided the virus is not PM aware. I know it's not a real fix but can provide a temporary virus combat until a real fix is available.
BBA
Axel
12-21-1999, 12:50 AM
Aw - you're dealing with the Symantec techs too new to have enough seniority to be off at this time of year....... They'll be plenty concerned - hey - might be a compeditor that wrote the code - it'll beef up their sales if Norton has a major break like a virus which eats their code and the system it's on..... - But that is, admittedly, idle speculation.
Sorry about the system WW - Entropy seems to come in waves like that.... Best to just turn it off an mail in the hard drive if Symantec will accept it. You'd be doing them and the rest of us a huge favor.
welsh wizard
12-21-1999, 08:27 AM
Update.
went into dos found some nasties there,
1 found explore.exe so deleted it and all files I could find *** to it.
2 found some thing not listed as virus but deleted it any way called "iexplor"nailed as many of these as I could find so far,
both of these were not picked up by Norton,
it was the AVP site that put me onto explore.exe they have it listed on there info page to watch out for if you do a find in windows, the correct version ie gen MS should be explorer.exe so watch out for it,if 2 have got htrough I am not sure if I have more to find yet http://www.sysopt.com/forum/frown.gif
the little B*****s haven't beaten me yet, so I try until Can have a clean boot,interesting thing both of these above reinstalled themselves after a format of the hard drive seem they can read into mem before format takes place then write themselves back to the newly formated drive.
WW
WW
Bob-NB
12-21-1999, 09:02 AM
WW, Is this maybe what you have? W32.NewApt.Worm
You can see what symatec has done about it: Click Here (http://www.symantec.com/avcenter/venc/data/worm.newapt.html)
You can read about it in this thread at NoWonder (http://www.nowonder.com/ultimate/Forum2/HTML/006436.html)
It was also addressed in a virus alert from Mcafee here:
If the worm is run, the following dummy error message
appears:
The dinamic link library giface.dll could not be found in
the specified path (list of directory names)
Note the misspelling of the word "dynamic".
If the worm detects that Outlook Express is installed, it
will search for messages received and build a list of
addresses. The next time Windows is booted, the worm waits
an unspecified amount of time and then attempts to send
itself to one of the addresses in its list, using the
format described above.
Note: If you are using McAfee Clinic, please click here to
update Active Shield(TM).
http://clinic.mcafee.com/clinic/virusscan/activeshield/start.asp
Find out more about this virus. Click here to go to the
W32/NewApt.worm Help Center.
http://www.mcafee.com/viruses/newapt
Check if your system is infected, click here to use
VirusScan Online.
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=1122
Purchase the latest copy of VirusScan, please click here.
http://store.mcafee.com/category.asp?CatID=3&CategoryLevel=1&rfr=VSCALRT
Upgrade to the latest VirusScan. Purchase the VirusScan
Maintenance Plan which entitles you to 12 months of
upgrades, click here.
http://store.mcafee.com/category.asp?CatID=18&CategoryLevel=1&rfr=VRSPLN
Download the latest DAT files, click here.
http://download.mcafee.com/updates/updates.asp
If this message has been passed on to you by a friend and
you would like to subscribe to the
McAfee.com Dispatch, click here.
http://www.mcafee.com/subscribe/beginI.asp?s=22
Unsubscribe: If you do not want receive the McAfee.com
Dispatch in the future, click here.
http://www.mcafee.com/unsubscribe
This Virus Alert has been issued by the Network Associates
Anti-Virus Emergency Response Team (AVERT). McAfee.com is a
wholly owned subsidiary of Network Associates.
Copyright 1999 McAfee.com / All Rights Reserved.
This message was sent by McAfee.com using Responsys Interact.
To view our permission marketing policy: <A HREF="http://www.rsvp0.net (http://www.rsvp0.net)" TARGET=_blank>www.rsvp0.net[/url]</A>
It's also discussed in this thread NoWonder (http://www.nowonder.com/ultimate/Forum13/HTML/000955.html)
If this isn't it, may this serve as warning to others of another recently released virus.
[This message has been edited by Bob-NB (edited 12-21-1999).]
CMonster
12-21-1999, 09:23 AM
You could try booting from a Linux CDROM, partitioning the drive using Linux fdisk or Disk Druid and them format the entire thing, install Linux and LILO in the MBR, then boot form a clean Windows boot disk, fdisk, delete the non-dos partitions and start all over again. I do believe that Linux Disk Druid should see any partitions, and after Linux has initialized (formatted) the disk the little bugger should be dead.
welsh wizard
12-22-1999, 01:43 AM
tried putting new drive in, put op sys on , then infected drive as slave, formated slave, showed as clean, then being not to trusting checked new drive with search, found " iexplor " now on this drive this was in a system that booted into windows setup from win 98 CDRom ( gen cd, not any rubbish pirated stuff)
it was only an old 1gig that had some how missed being installed before.
so I put 6.4 to master and ran Linux instal it found 350meg partition that did show with any MS so deleted it and installed linux now Fidsk insist the drive is one big bad sector after the first 10% and lilo won't let me in with the password entered and user logon http://www.sysopt.com/forum/frown.gif
so it looks like itd going to have to be zero fill for two drives now. still don't know how the little b***** infected the other drive when I was only formating it as a slave http://www.sysopt.com/forum/frown.gif.
as for norton NAV5 G it set to update every two weeks but I quite often ask for update sooner if I here of one before as for any e-mail attachments that have to be opened as attached file, I save those to Zip disk and scan before opening,
this one definatly turns off NAV def's some how.
WW
cyphen
12-22-1999, 11:27 AM
yep, that was gonna be my suggestion - low level format. sounds like a helluva virus! also sounds like it infects to boot sector. i had a virus on my mac (yuk!) at work that copied itself to every drive that mounted - floppies, zips jaz, hd's all of them - then every half hour it would cause disk activity for about a minute or so while it randomly wrote over data files. obviously this is much different than what you are experiencing, but the transmission seems similar... anyway, be wary of any floppies you may have used, and zips too - they may be carriers.
CMonster
12-22-1999, 11:43 AM
I am sorry to hear about your failure, but it does sound as though the virus/trojan infected the "clean" drive when Windows mounted it - if in fact an infection has occured.
I was going to suggest that you boot from a Linux CD and fdisk/format/install the suspect drive - don't forget to fdisk the master boot record - and cold reboot each time after fdisk and format (hopefully to kill the bugger in memory)- do not continue install after format unless you reboot first. It would be one sophisticated mother of a virus if it could copy between FAT and Linux file system and still execute, but I guess anything is possible.
no "iexplor" on anything of mine.
beck
12-22-1999, 06:32 PM
WW, I'm having much the same problems as you are. However, I've changed from Norton because it can't SEE any viruses on this system. It's just deaf, blind and dumb. My copy with latest defs also can't see a "test" virus.
http://www.mijenix.com/viruslabFAQ.asp#Q4
I've "captured" the two files I got Vir and backdoor in to a floppy. Took them to another machine with Norton and latest defs and had it scan them. Nothing. McAfee and PC-cillin both bleat all over. I made the disk with Linux, so hopefully I didn't infect that machine, but since Norton seems stupid there too, what's the diff?
I don't know if the other system is all infected too, but it seems like there is something out there that just puts Norton to sleep for everything. http://www.sysopt.com/forum/frown.gif
I'm going to try out a couple of other virus scanners. If I have two virus things, I probably have more, since I shouldn't have had them in the first place.
Oh, and the One Half virus/trojan? I'm alpha testing a new linux tool and it found an extra partition on my second ide. Ask it to look at this strange partition and it crashes. Good test for alpha software, no? http://www.sysopt.com/forum/biggrin.gif DOS fdisk and PM don't even show this partition. http://www.sysopt.com/forum/frown.gif However, I am missing that much space on the drive.
Good luck and keep us updated!
welsh wizard
12-23-1999, 05:26 AM
Yeh the D*** thing turn virus def off when you scan, AS for NAV 5 G I am begging to think they don't give a D999 about it, all I can say is I hope their mainframe gets it then they may do some thing about it. all systems that were connected to net have been replace with either brand new drives or complete new system, and they are staying off line and are no longer networked which is a pain but that way it's harder for them to cross over systems,
will keep you up to date If and when I find a cure. http://www.sysopt.com/forum/smile.gif
WW
socalgal
12-23-1999, 07:32 AM
Well, this is something else! You have spent alot of time and effort on this. http://www.sysopt.com/forum/frown.gif
Have you been able to try the AVP or F-Secure AV programs yet? Maybe these companies would be interested in knowing about this, it would be worth a try to send them a disabled drive (if you have no valuable info you want to lost) perhaps they could nail down at least a definition of this thing? Sorry, not much experience on this (well.. not that sorry!)
beck, thanks for the test virus, I'm going there to look and perhaps run it through the paces on my 3 AV progs.
Do you guys have the latest inline patch for Norton AV 5 installed? You must get it from the site, it doesn't come thru Live UpDate.
beck
12-23-1999, 01:49 PM
socalgal, yes, I kept Norton up to date from the web site and then downloaded updates all the time. I think I've pretty much tried all the AV stuff you can trial download now. Norton is history. I like PC-cillin the best right now, but it's not immune to whatever this is. They all say that everything is clean now http://www.sysopt.com/forum/redface.gif
Anyway, on to more strange things happening here. Took out the drive with the extra partition. I've cleaned and looked at registries, files, etc etc. But I have another backdoor type trojan that nothing is seeing. It's on two systems that are networked together. Both systems, connect to the net, but don't have any other things running. After connection, normally the modem would just sit there without any transmit or receive. Now(both systems), they both sit and send, send, send, send... until a receive comes in and then the fun starts. One system that I had just booted logged into the other one (requires passwords that I just changed) and started dinging around on the hard drive while I'm watching this whole thing. Turned PC-cillin stupid. Deleted the AVP dir.
So, I have another something in here that I can't find from reading all the docs about them and files to manually delete. There isn't anything in the run/services etc that is starting anything it shouldn't. However, there is probably something IN something else that is being run to start the whole thing. Don't know what this thing is, but I'd really like it gone.
Experimenting with both machines online, what seems to me as the "evil one" out there can only mess into one machine at a time. Will go from one to the other sometimes. I'd really like to talk to them and ask them how much fun it is, but mostly I'd like to do bad things to them.
The cool thing is I can tell when they are waiting for "me" to come online. The send only lasts about 2-3 minutes, and goes to sleep for 30-60 minutes, if nothing answers. So I know "they" do sleep or pester other people.
I don't know what "they" were doing this morning, but my cd-rw kept opening and closing. Didn't put a disk in for them either.
It doesn't affect Linux, so that's good.
I have one poor last machine that has been turned off for a couple of months and doesn't have a network card. Dialing the U and just sitting there doesn't have these crazy sends going on. It will just time out and hang up eventually. Also found out that using AOL on the infected machines will crash AOL about 2 minutes after connection. I assume that it doesn't like AOL. http://www.sysopt.com/forum/biggrin.gif
Maybe I don't have the One Half type virus, I just have a friend.
welsh wizard
12-23-1999, 07:18 PM
Socalgal, same here with AVP on infected sys, won't instal, took version down to disk on clean system, took zip disk to infected system crashes during install, every time http://www.sysopt.com/forum/frown.gif
the way I tried to format the infected drive was by getting new sytem up and running with brand new every thing once all was installed shut down system and set up infected drive as slave on port 2 then booted up, tried to format drive drive format crashes out at 94%
strange thing is if I put drive in other sytem Lilo boots up then says info missing.
Each time the system has been altered in any way I have booted with out any hard drives connected to clear cmos with jumper then reset evrything with new drive.
The explore.exe virus was adoddle to get rid of, it's this darn iexplor thats causing problems delete it in windows and 2 more pop up with same name http://www.sysopt.com/forum/frown.gif
tried deleting in dos only shows as deleted but is back when you boot up,
will try makeing a version of Dos that allows me to boot from zip or floppy next then make sure everything is cleaned up, and bootup dos from it, will then try changing prop of files to make every little b***** show up and then just plod through deleting any thing thats not supposed to be there like any thing in dos, then try a format on drive if all file delete.
Also going to get Quantum zero fill and try that, if I am right this one is in the part of drive to do with it's initialise routine.
If I crack it I'll keep you posted, if it went on, there has to be way of getting it off. Not beaten yet.
WW
socalgal
12-23-1999, 11:01 PM
WW and Beck - thanks for the continuing reports on your situations. Please keep doing so - you are providing valuable information here.
I tried running a scan w/AVP myself tonight and the prog couldn't find the Shared Files, etc... And the Update wouldn't initiate. I will uninstall and reinstall the prog. I don't think (hope&pray) this is related to a virus/trojan, perhaps rather my bungled attempts at one thing or another...
BUT as long as you keep reporting the symptoms of what's happening on your systems, it will give us a better idea of what to look for and someone may read this and be able to help.
Have you tried CMonster's method?
Beck - WW: You seem to have some common symptoms here.. related, identical, similar? ... anything you can deduce which could be a common denominator?
It's definitely is a serious concern when all these AV programs - supposedly good ones - aren't picking up this 'whatever'. Sounds like a very serious remedy is needed here.
Best of luck guys, thanks for keeping us informed.
welsh wizard
12-24-1999, 03:51 AM
New turn of events,
Norton told me to try a program they have, called, KILL_EZ.EXE tried run this program from a fresh boot dos system disk, came back can't run from dos http://www.sysopt.com/forum/frown.gif
Norton say to run from Dos window so I go to find MS DOS short cut it's missing in windows get it back from CD, try to open MS dos window it keeps closing , tried putting on desk top and openning program file dos window flashes up and closes, try it from run in start get can't run from this location, so I closed windows to go back to DOS start up, to have a look around,after finnished typed win at prompt , when I got to Windows the whole setting had changed the start Icon was about 3" long and about 1" deep if I had 50" monitor I might have been able to get the frame in , pointer would not go bellow half way on screen, and had to use key board to shut down and try fresh start , same thing so rebooted into safe mod and reset every thing system is now showing Iexplor again.
No up to Norton to sujest something,
BTW,
also tried laying windows back into sys but told it not save previous version, when came back up after instal every thing was there, same version of Windows UPdated as per download from MS.
I have not given up yet. got to beat it some how as I was going to start the Biz up after recoup, now I can't as This has to be under control first, can't risk letting this one escape. it may even force Biz down, if I don't get the answer soon. http://www.sysopt.com/forum/frown.gif
WW
welsh wizard
12-24-1999, 07:53 PM
I may have cracked it, A real no no of a way though,went into Syedit and regedit found any thing that said ieplore and deleted it then deleted ieplor then the real no no pulled power cable from hard drive ( half expected it to blow drive) then pulled power plug.
put every thing back and rebooted from windows cd rom only,reinstalled over top of old windows , three system have been running now for 6 hours as yet ieplor has not come back up, so I am keeping fingers crossed. http://www.sysopt.com/forum/smile.gif
WW
HAVE A GREAT TIME OVER CHRISTMAS ALL
beck
12-25-1999, 07:21 PM
WW,
I would have never thought of pulling the plug on the drive! ROFL!!! Go get em!!!
I might be rid of my problem here too. I'll have to keep monitoring for a while to be sure, but if not, I think I'm closer.
welsh wizard
12-26-1999, 04:08 AM
yep looks like once iexplore file was deleted what ever that was in mem couldn't find a link on drive to reset iexplor until shut down and by pulling the drive plug it could write back to drive system seems all clear, just hope it stays that way.
WW
Characteristics
NAI Labs AVERT would like to inform you of a new email HOAX.
This email message is just a HOAX, currently we know of no other message that the user will receive about the HOAX as the initial email states. AVERT has not received any report of a user's hard drive being erased for opening the email.
We are advising users who receive the email to delete it and DO NOT pass it on as this is how an email HOAX propagates.
Below is the actual text from the message that may be received via email.
Warning on December 25, 1999 you may receive an email called, Lump of Coal...do not open it, it contains a deadly virus...it will erase your windows along with many other program files.
Pass this on as soon as you can to get the WORD out!!!This is not a hoax....this was reported on the CBS morning news August 20,1999.
__________________________________
- This is the end of the email message -
Again if you receive this email delete the it and DO NOT pass it on
AVERT
A Division of NAI Labs
For more information pon viruses check out:
http://www.nai.com/asp_set/anti_virus/alerts/intro.asp
welsh wizard
12-28-1999, 03:25 PM
Tried with linux didn't work but now have all systems back, just a few Zip disk that ahve now gone in the fire.
got all drives back bar one that being a Quantum 6gig. files that I found on others that were questionable were "iexlor" and a folder that only became visable in show all files, this being " E-MAIL VIRUS FILES" which contained "orotation.virus" properties showed this as an exe file so I deleted it of every thing I could, on one zip disk it would not delete, this got formated by mistake and shows as about 16k of bad sector on disk any others I found with these on that would not delete I just burned, I still have quite a number of disks to check but when I find another dupe of these files I am sending it in to Norton.
WW
socalgal
12-28-1999, 04:35 PM
I couldn't find anything matching or coming close to those defs in the AV db's. You may have found a new virus in the wild, WW!
If you find it again on the Zip, perhaps you could duplicate it and send it into a couple of different AV companies and get a 2nd/3rd opinion on this one (though I can understand why you wouldn't want to play mad scientist further http://www.sysopt.com/forum/smile.gif ).
Congrats and glad to hear you beat this thing and you will be open for business come the new year. Way to go, WW! http://www.sysopt.com/forum/smile.gif
welsh wizard
12-28-1999, 11:57 PM
BBA put me onto some thing over on Hostclub in answer to a post by Mrcomputer and a new virus,
BBA had sim troubles some time ago, his view was it was hiding in the PRI-DOS sector, and was invisible to every thing, so I went back to Quantum, and ran their QDPS program after down load all checked out fine, so I had nozy round there site and found that some viruses can't be removed by formating, but they recommended Zero fill to get rid of unwanted guests, on this I remember another member of this board sent me a copy of an e-mail from Quantum also about zero fill, so I decided to check dead drive that nothing would format, QDPS sead drive passed all test's so ran ZERO FILL again on this drive, this time it worked, got drive back up and then formated, after this I just sead all will get the zero fill treatment, better safe than sorry.
I now recal dimly that is why I decided to use Quantum as the main drive to install on system's. Mem don't work to good with some things from past,so I have to relearn a lot of the things I lost, but getting there.
http://www.sysopt.com/forum/smile.gif http://www.sysopt.com/forum/smile.gif http://www.sysopt.com/forum/smile.gif http://www.sysopt.com/forum/smile.gif http://www.sysopt.com/forum/smile.gif http://www.sysopt.com/forum/smile.gif http://www.sysopt.com/forum/smile.gif http://www.sysopt.com/forum/smile.gif http://www.sysopt.com/forum/smile.gif http://www.sysopt.com/forum/smile.gif http://www.sysopt.com/forum/smile.gif
A real happy Welsh Wizard.
WW
welsh wizard
12-29-1999, 12:09 AM
Sweeper what I had was not a hoax, I have one hard drive that stuffed, had to clear a number of systems, and this little B***** is close to shutting my biz down.
I have managed to clear the systems and have a number of Zip disks that were use as back ups that are now unusable, when SARC come up with an answer I will post a link.
WW
ChrisWayne
12-29-1999, 12:40 AM
Could you not use linux boot disk to clean out all partitions, then boot with dos and use (c:\fdisk /mbr) to redo Boot manager?
just a thought
chris
Sweeper
12-29-1999, 04:16 AM
welsh wizard I wasn't claiming that your "perticular" problem was a hoax, but that some that are being spread around "are truly a hoax". Sorry for the misunderstanding. http://www.sysopt.com/forum/frown.gif
welsh wizard
12-29-1999, 01:40 PM
Sweeper,
Now I beaten it, I must apologise to you also, Iwas getting quite f***** in the head as this thing kept coming back, the main thing it's taught me is with any thing iffy better to scrap it than be sorry after when it comes to these viruses, this was the worst I've seen.
still raty over that Zip disk which I am sure had it on, don't know if Norton can recover the bad sectors but might just ask them, if they can they can have the disk. It's left me wondering how many drive companies have or will supply a utility similer to Quantums QDSP and Zero fill, as this experience makes me wonder if the scrap bin has more than one drive of another make that may have had the same problem and been taken for dead.
http://www.sysopt.com/forum/smile.gif
WW
AQR8
12-30-1999, 12:02 AM
CONGRATULATIONS WW! I've followed this from the start and frankly, it scared the h*** out of me. You beat the d@@@ thing!
Good luck in the coming year! http://www.sysopt.com/forum/smile.gif
AQR8
SysOpt.com
Copyright Internet.com Inc. All Rights Reserved.