PDA

View Full Version : Damn Virus!!



RoundEye
12-29-01, 12:03 PM
Well, the modded pc (http://forums.speedguide.net/showthread.php?s=&threadid=61757)that I built for my dad for Christmas got a virus, on Christmas day!

I'm running Norton's Corporate Edition and it popped up on the system center on my server.

Here's the problem, Norton didn't delete it. I had to find it on his PC and remove it. The virus seems to have screwed up one of the hard drives, now it "clicks" every time he boots.

This is what happened, I seen the virus on the system center and went to go turn on his computer. I got a bios prompt that one of the hard drives was not responding and had to be rebuilt. I have two IBM GXP 60's mirrored. After rebuilding the mirror the computer would boot, but the drive "clicks" now.

So then after that I ran a manual scan on every computer in the house. Nothing else turned up.

Now here's the b!tch part, the same virus popped up last night on his PC again! I found it in the temp internet files and deleted it again, now I'm scared it might pop up again.

Here's the questions:

Is it just coincidence that the virus popped up at the same time as the drive failed, or did the virus kill it? The IBM drives don't have the best track record and have a lot of failures, but I thought it was the GXP 75's. These are my old drives and I formatted them and did a fresh install of XP. They worked fine for months for me.

How in the hell do I find out where this virus is coming from, to stop it from popping up a third time?

MagicMikey
12-29-01, 12:28 PM
Sounds like a trojan, do you know which one? Norton Anti-Virus should have told you the name of it. Deleting a simple file containing the trojan doesn't get rid it.....most of the time. Once you know the name of the trojan, you can search for a remover tool. There's a lot of those at Symantec's Web site..... good luck! ;)

Is he using a firewall and has the Norton's auto-protection enabled? is XP all patched up for the security vulnerabilities it has?

cy
12-29-01, 01:23 PM
hum...hum..hum....where did u get ur case and the neon lights? I want to get soemthing similar, how much are they? ;)

YeOldeStonecat
12-30-01, 10:00 AM
What virus was it? I'm sure you have Norton CE on live update from either direct, or the main server.

Temp Internet Files....was it something like jms-exploit? I run the same Norton CE on our network at the office, that's one that I cannot get rid of, even when I clear the status so the red X goes away, and I go and delete the temp internet files, a day or two later the main console gives me the warning again. Tomorrow since the office is close, I'm gonna upgrade the CE to 7.6, since I'm running 7.5 now.

RoundEye
12-30-01, 11:11 AM
cy, got your pm, I wish I knew a place to get the case cheaper. Custom cases aren't cheap, and I did do all the work my self including the window.

MagicMikey & YeOldeStonecat,

I wrote down the name and put it in a safe place, now I can't find it. :o
I looked it up at Symantecs site, and it'a an older virus (came out in 1999) Seems to not have caused any other problems other than the hard drive making noise now. I just don't know how it could effect WinXP. I guess I can rma the drive.

I do have Symantec set to update from the central server and I did disable uneeded services.

YeOldeStonecat
12-30-01, 11:16 AM
Symantecs virus encyclopedia is pretty good...finding the name of the virus and looking up the info should help.

I just can't imagine a virus that hoses the hardware of a drive....gotta be a coincidence.

I can't tell by your first post, the drivers are either 75's or 60's? If 75's, yeah, RMA those right away. The 60's are awesome, and for me have been reliable.

RoundEye
12-30-01, 11:34 AM
I have four of the 60's. Two mirrored in my server, and two that I put in my dad's pc.


I just can't imagine a virus that hoses the hardware of a drive....gotta be a coincidence.
I'm starting to think that too. I was just really pissed that he got a virus in his new Christmas present. You've built many of computers from what I can tell, I sure you know how much time I've got into that pc.

:2cool:

YeOldeStonecat
12-30-01, 12:12 PM
Roger that....right now spending the afternoon rebuilding a LAN server to replace our aging public gaming server up at my ISP. Got an old Abit VP-6 dual CPU mobo with the dreaded Via chipset, pair of PIII's on it, installing NT 4 Server. So much to install, patch, especially IIS. Yuck.

You do a Ghost image when you were done? In case of blow-ups..makes for an easy rebuild. My GF's kid, I rebuild my old Abit BH-6 with a PIII on it for him to replace his old Pentium MMX IBM CrAptiva....figured the kid would hose the system sooner or later, did a nice ghost image when I was done so I'll have an easy rebuild.

MagicMikey
12-30-01, 12:53 PM
I still stick by my first post....the virus/trojan is still not completely removed. Just hope you get it again so that you can find out the name of it then download a remover tool to completely get rid of it. See if your hard drive still makes that noise. If it does it might just be a hardware problem....loose screw perhaps? doubt you left it loose but it might have came loose while handling the case.... ;)

VIKTOR2020
12-30-01, 05:06 PM
MM,
What's that and where do you get one?

Faust
12-30-01, 05:49 PM
here's a list of some removal tools...

http://www.symantec.com/avcenter/tools.list.html . you can use the search feature at the site to find other removal tools if you know the name of the virus.

cy
12-30-01, 09:18 PM
Originally posted by RoundEye
cy, got your pm, I wish I knew a place to get the case cheaper. Custom cases aren't cheap, and I did do all the work my self including the window.


thx, I think i gotta stop spending too much money on unnessessary stuff and saving money on a nice case ;)