It happened again... Just before I tried to scan some files, the preliminary memory scan turned up 89 (?!?!) viruses in memory. Out of three virus scanners, once again, only one found these viruses, and only one time at that. I have them all written down, but it's a really big list. Roughly half were found at 576KB, and the other half at 832KB. All kinds of viruses were found. When I get the list typed up I'll post it (on paper right now). Any advise? I don't see any effects yet... Thanks guys.

Unless the viruses already invaded the other 2 programs, you might have some problems with your memory.

A virus is a virus is a virus... http://www.sysopt.com/forum/smile.gif
www.avp.com (http://www.avp.com)

You can download the trial version of WIN and DOS both. Fdisk your MBR, too.

Susan, I think you told me about that last time. Someone did. I already have it on floppy, so it was definitely not infected. Good idea about the MBR though. Couldn't hurt... Any other ideas? This is really weird... They haven't turned up again.

Eli, just curious, what virus scan found all those viruses?

I use McAfee and Nortons and never had that happen.

Having that many in only two separate memory addresses is very odd. Virii are small but not that small. A lot of virii are similar in design and can be falsely detected. I am leaning toward bad ram module idea.

The virus checker maybe trying to match up what it is finding to its database and it can't find an exact match so it sends back a list of what it could be. Or maybe it's a new virus. Does this checker use a heuristic search? Or better yet what virus checker is doing this.

I've only had one real virus on this system before, so this is weird. The program that detected them is Virus Alert. I have it's Autoscan and Susan's AVP running in the background all the time. I did access more than a few ftp sites the night before, but if it was infected, the viruses should've turned up during the scan at bootup, right? These unacountable viruses (first 16 a couple of months ago, now 89) have only appeared twice now, in the year I've had this computer. Could the ram (32MB sdram) really be at fault? I've been thinking of replacing it with a 128MB chip anyway... Thanks again. I really appreciate it.

Here's the list of viruses. Sorry it's so long.

At 576KB of memory scan, memory contains signature of:

Trux Family
TIP 554
Tip-554
Pick-1034
Mail
Kolumna-2048
Manzon
ATOM ANT 564
Npox
Chemnitz
Xtac
Silly-CR-261/264
Silly-CR-563
Bob-448
VLAD-Mon Ami-1085
Riot-Carpe Diem-1033
Riot-Carpe Diem-1012
Riot-Carpe Diem-1299
Riot-Carpe Diem-1305
Riot-Carpe Diem-1415
COFFEESHOP.VAR
PAYBACK
Mirage-1322
BLUE NINE A
HH&H
HH&H-4093
Andryushka-3536
Aidstest-999
HH&H-4087
Minea-17XX/1813
Rasek-1492
Gippo-Bumpy
Gippo-Stunning
Diabog-1173
Shin
Leningrad II [Encrypted]
Tchechen-34XX
HH&H-4115
VIENNA.VIOLATER.716
Mutation Engine (MtE)


At 832KB of memory scan, memory contains signature of:

Lozinsky-1922
Lozinsky-2269
Fat-666
BitAddict-512
V3SCAN
RMNS-651
Blacksun-2372
Antitel Galicia-840
Barrotes-1303
Best-512
Nutcracker-5375/5413 [Boot]
Nutcracker-5440 [Boot]
Nutcracker-5440-B [Boot]
Nutcracker-5589 [Boot]
Nutcracker-5589-B [Boot]
SILLY-CR-200
Witch
Zmi-1024
Angel-1571
Avalanche-2818
Avalanche-2831
Avalanche-2820
Vampiro-1492/1623
ALABAMA
Yankee Doodle
MrR-1300
HYDRA-11.B-1665
Wypi-1100
Xute-1182
Deadface
RDA-Fighters 2.0
CORDOBES
TURNER YOO HOO
ANARCH7-9594
Fred
Findme
Vampirus
Offspring v.07-1294
Cancerbero-Ant.Enter-1092
Slovakia-770
Morality-424
Yankee-2505
Virus-101
Nuke-1984
Narcosis-1431 [Boot]
Spectral Shadow-907
One half-3544/3577
Nice To Meet You-1722
Naff-821-B

89 viruses found


Any help? Thanks yet again.

I once worked on a friends system that had a nasty case of some virus (don't remember).

The only possible way to rid the system of the virus totally was to boot to A:, run a DOS AVP version, and immediately do FDisk /MBR. Without doing the FDisk, the virus was getting hung up in the MBR and when rebooted returned to the memory.

Have you tried this scenario?

I did re-copy the system files and refresh the mbr from a clean floppy, but I haven't tried the dos AVP. I got screwed up in my original post. Virus Alert and Win AVP (The trial keeps going...) are always loaded in memory, and I tried F-Prot from floppy. Shouldn't these "viruses" be taking some effect by now?

One would think so... http://www.sysopt.com/forum/frown.gif Very odd.

Do you have some more memory to swap with? That would be the true test.

Try the ram! If that doesn't fix it, then you have a single virus thats morphing to hide itself and leaving signatures in the MBR of different viruses.

The only 100% way to get rid of it is to boot the PC with the harddrive power supply disconnected and boot up on a floppy with a low level format utility on it.
Then Start low level format utility initializing while you plug in the hard drives power supply and instantly start the LLF.

This will eliminate it from going resident on the initial power up of the PC (during the bios drive detection phase, which I have seen before).

The drive will be like a new drive then and will need fdisk/format and rebuild of OS.

If you are serious about this being a virus, I wouldn't play games with it because it just might rewrite your bios code one day!

BBA

Of the 5 other systems I have access to, none has sdram. Any chance that it's a ram shortage that's causing it? I only have 32 meg on a W98 system, and I suspect that the 4 meg AGP system is just stealing it's 4 from the 32. I'll upgrade to 128 this summer if I can afford it (Canadian prices, ya know), but until then, I'm stuck with a possible infected system.

I tend to agree with Virus, that is what it sounds like to me too.

There is something not quite right in your system. You would have a difficult time catching that many virus even if you were trying to. By the time you became infected with a dozen or so your system would probably crash - depending on the type of viri.

How do you suppose you could have become infected with so many viri, especially if your antivirus protection was running?

Could these have been from the logs of found viruses? Did they have the file extension .vir? Perhaps the list is loaded into memory on booting, for reference.

Some virus checkers keep a list of cleaned viruses with this extension. Look in the files of the programs to see if the same info might be there.

Eli,
If I read your message correctly you have more than one virus protection package running in the background at the same time. Could this be causing the possibly false infection notice from one of the packages.??? Or you might really be infected...

Just my thought for the day

Have you tried the DOS AVP, yet Eli? No response from AVP http://www.sysopt.com/forum/frown.gif

Susan, sorry no, I haven't tried the dos version yet. Kinda hard to get all worked up about a problem that's not having any effect.

Mbarb, good suggestion, but I only had Virus Alert when this happened the first time.
I've been updating it's signature file, but maybe the program's just too out of date?

Susan ~ this AVP DOS evaluation version..
Is it uncrippled and can be used as a standalone? I will be reinstalling NAV 5.0, will there be any problem that you know of? Any problems uninstalling? Couldn't find any DOS FAQ's. Thanks.

I'm doing an fdisk/format soon and would like to use it.

Eli ~ I would be careful. Some virii hide until certain dates before they become active. Days, weeks, months.

[This message has been edited by socalgal (edited 06-21-99).]

Now that I think about it, I think that the first time this happened was before I reformatted a couple of months ago... hmm... How odd... I still have no ill effects though, and no more have turned up. By the way, the Win AVP trial is still running, even though it supposedly expired 3 weeks ago. Is that normal? Thanks for the advise everyone. I really do appreciate it.