I was about to do a scan of the files I downloaded last night. I hadn't even opened any of them yet. While checking memory, my virus scanner found 16 (?!?!) viruses! The weird thing is I can't find any trace of them now. I haven't even rebooted yet. I scanned all the files on my hard drive, with 2 different programs, and came up with nothing. Memory is clean. Was it just a glitch? Any ideas? Thanks for any advise. I'm gonna try a reboot now. Thanks again.

Uh oh. Talk to the people who wrote your virus checker. Your virus checker was doing its job. Maybe the viruses have escaped detection somehow. I'm not an expert but I have had similar experiences on compus networks. Don't assume anything.

I've probably run this damned checker around 20 times now, with no trace of any viruses. It's not the best (Virus Alert, or something like that), but it should tell me something, right? I mean, it found 16 viruses in memory earlier. I've also updated and run that free dos-based checker (F-Prot, I do believe), and still came up with nothing. Should I be worried or was it just a fluke? Virus Alert has the latest signiture file installed, dated early April. Thanks again.

The virus is lying to your checking program!

After the initial scan, they imunized themselves. The only way is to use a clean recently updated virus rescue boot floppy to scan the sys again.

Or you can wait for your drive to crash!

BBA

Okay, I've used 3 different scanners now, and came up with nothing. I do have a rescue disk, but I kinda made that a while ago, before I reformatted a couple of weeks ago... Can you suggest a virus scanner I can download off the net? Just something that will tell me for sure if I have a problem on my hands or not. Thanks for the advise. I really appreciate it.

If I come across the posting at the Tweakit bbs where someone posted the ip for a web based virus scanning site, I'll post it. You might want to browse some of the articles over there, because I know this topic is addressed there.

BBA

It's been a few days now, with no trace of my viruses, and no after-effects. Am I in the clear? Any advise would be helpful. Thanks a lot.

Do you know anyone with a Clean sys that can produce an updated virus boot disk set?

The disk set really doesn't have to be from your PC, it will tell you that your sys has changed, but if the Virus is still there it should pick it up!

Did you right down the names of the virus('s)?
Were there really 16 different virus's or that many infected files?

I would browse the sites at Norton and McCafee.

BBA

I am not sure if this applies to you. I did this several months ago when CIH was discovered. You should install and use the KILL TOOL before you initiate a virus scan (please read *NOTE* below). This following is the from Symnantec(Norton AV) site.

http://www.symantec.com/avcenter/kill_cih.html

Information and Protection for W95.CIH (Chernobyl) virus: KILL_CIH.EXE Tool

Introduction


The KILL_CIH tool is designed to safely detect and remove all known strains of the W95.CIH (Chernobyl) virus (known strains as of August 3rd, 1998) from memory under Windows 95 and Windows 98 (the W95.CIH virus cannot infect Windows NT systems). If the tool is run before the virus has infected the system, it will also "inoculate" the computer's memory to prevent the W95.CIH virus from infecting the system until the next system reboot.

*NOTE* If you are already infected with the W95.CIH virus, run the KILL_CIH tool first before attempting to update your anti-virus definitions or scan your system. If you attempt to scan with an anti-virus product without first running this tool, you run the risk of causing your infection to spread. Once you have used this tool, you can safely update your Norton AntiVirus definitions and scan your machine.

The KILL_CIH tool will not detect or remove the W95.CIH virus from files; it will only disable the virus in memory so that an anti-virus program can remove the infection without inadvertently spreading the virus.

I hope this helps.

I checked for that CIH virus last sunday. I used a program I downloaded from somewhere... It didn't occur to me to write down the names of the viruses (in memory) before I exited my scanner. I thought I'd be able to detect them again. Guess not... I don't know if they were different viruses, but there were at least 3 diffent, found 16 times in memory. Any ideas?

You are in a potentially bad bad situation. With some viruses, like CIH, once you run the virus checker it becomes infected and is directed to ignore the virus. What you should do is download Kill_CIH from a known clean site (don't use your computer) and then run it from floppy on your machine. As noted above, the program will disable the virus in memory, but this is only part of the solution.

If you have it, you have your work cut out for you. Unfortunately, that would mean your virus checker is already infected, and at the least you will have to re-install the virus checker (after disabling the virus in memory). If you have to re-boot, be sure to run Kill-CIH again to disable it in memory (it will reactivate each time you boot until you clean the whole system). Once deactivated you can update your virus scanner, and clean out the system. You have to be very very careful or you will just re-infect everything.

I would not assume that all is well. CIH is bad bad mojo.

I really doubt that it's CIH. These viruses were found on Sunday morning, not Monday, which is when the CIH virus was supposed to go off. Besides, I scanned for it and came up empty handed. I'm gonna get an old 486 online and download scanners to try on my 300. But this is strange though... Shouldn't I see some effect of these viruses by now? I can't even find now.

when you were scanning the zip files, the viruses might have been loaded to memory, when detected, they were deleted.

I had experience with AVP eliminating virus' that McAfee can't. You can get a free evaluation here:
avp.com (http://avp.com)

There's a DOS version (when you're really shot)as well as a Windows version.

If you had the CIH, I beleive you would know it by now. Your drive would be inaccessible.

cobain1crt, it happened before it started scannign the files. They were detected during the initial memory check, but nothing showed up when I first booted that morning...

Susan, thanks alot. I'm gonna give that a try. Am I safe in downloading and running it on this potentially infected computer? If it is infected, would that affect the download? Thanks again, I really appreciate it.