[pchelpers] Re: Unknown attack

 Hi Cy, I do hope the System Recovery Disk doesn't wipe out my hdd. I had never 
have to use it before. When I booted with this SRD today, I  got the warning 
message which stated that it would wipe off everything from my hdd and if I 
wanted to continue, otherwise to remove the CD from the drive and reboot. I 
didn't have time to do a complete reinstall so I aborted the restore. But since 
you had used this SRD before, I'm reassured. Thanks for the feedback §:^) 
Regards
 
Tonia
 
 
 
 
  Cyril H Halbach <cyrilh@xxxxxxxx> wrote: 
Tonia, remember that the System Recovery Disk does not wipe out
anything on your Hard drive unless of course you have to Reformat. It
just replaces all the software that came with your system in the first
place but it does not touch anything that you have added since then. Now
I do not know if it was a Virus that caused all this or not but it is
worth the effort to just go ahead and use the Recovery CDs to at least
replace the portion of the software that originally came with your
machine.. If the virus is in that portion of the software it should get
overlaid since the Recovery CD since you will be BOOTING directly from
the CD and not the hard drive. I assume you will have to set the BIOS to
BOOT from the CD so it does not try booting from the C:\Drive. 
Cy

On Tue, 25 Dec 2001 03:09:56 +0000 (GMT) =?iso-8859-1?q?Tonia?=
writes:
> 
> Hi Cy
> Thanks for the suggestion. As a matter of fact I scan and defrag 
> weekly and have no problem with either so far. All went well and 
> rather quickly. I have 20G drive on PIII 1GHz and it scans and 
> defrag pretty fast because it's done regularly. 
> Did I also mention that when my system crashed after that strange 
> install, that when I checked the configuration of Outlook Express 
> and found that my POP3 provider domain name had been changed to the 
> loopback address (127.0.0.1)? 
> When I used the HP Brio Management Agent to view the details of my 
> system, all info was wiped out! Every field has the Not Available 
> comment! Used to be full of info for my hardware, OS and Bios 
> versions, memory etc. When I clicked on Health to check on the 
> health of my hdd, I got this message saying SMART not supported. I 
> am sure it was before this incident and I used to get the 'Healthy' 
> report before. Looks like something drastically changed my system 
> configuration! Like you, I may have to use the HP System Recovery 
> CD to clean up and reinstall. Using this System Recovery means 
> everything gets wiped out from my hdd. I'll have to do that when I'm 
> sure I have enough time to do a reinstall of the OS and all the 
> apps, drivers etc. . I have to get ready for my trip "down 
> under". Flying off tomorrow. Guess this cleaning job will have to 
> wait till I get back.
> Anyway I'll follow your suggestion and do a thorough scan later this 
> evening. May turn up something interesting, who knows? Thanks for 
> the tip.
> 
> Regards
> 
> Tonia
> 
> Cyril H Halbach wrote: 
> Tonia, I just had a go around with HP on my daughters computer
> with a 30 Gig drive.(Problems not as severe as yours) They insisted 
> the
> 30 Gig drive has been a problem free drive and suggested I try to do 
> some
> cleanup. I did a scandisk in DOS mode and then tried to do a defrag.
> Defrag insisted there was something wrong and that I should run
> scandisk. I then ran scandisk surface scan as requested with Windows 
> in
> SAFE mode. That worked OK after a couple of hours running until it 
> got
> within about 100k sectors from the top of the drive. At that point 
> it
> kept on going but took 20 minutes to run for every 250 sectors which
> worked out to abut 55 hours to finish. At that point they 
> recommended
> that I do an unconditional format ( format c:/U ) ... After that I 
> used
> the System Recovery CDs to restore the machine and everything has 
> been
> working fine. 
> My point, the problem is not likely your hard drive but it would
> be good to try to run a surface scan to find out.. 
> Cy
> 
> On Mon, 24 Dec 2001 15:52:41 +0000 (GMT) =?iso-8859-1?q?Tonia?=
> writes:
> > 
> > Hi Robert
> > Yes, I'm still around. I have a back up machine so if one doesn't 
> > work I fire up the other. I need that redundancy for my work. I 
> work 
> > from home on weekends and that means I need my Internet connection 
> 
> > at those times.
> > My hdd is barely six months old and so are my RAMs. In fact I had 
> > new ones installed just a few months ago. If it's hardware, then I 
> 
> > have no worries. It's still under warranty! §:^) 
> > I experienced this problem only after I clicked on the link to try 
> 
> > to read about the case brought by CompTIA against Troytech for 
> > copyright violatation. Something got installed immediately I 
> > clicked on the link and that link didn't take me anywhere either. 
> > Oh well, it's still a mystery to me. It'd be interesting to know 
> > what or why this is happening. Then again you may be right and I'd 
> 
> > been given a lemon of a hdd. 
> > I'm not wiping the hdd yet. I want to find out what exactly is 
> > happening first. 
> > Thanks for the feedback. §:^)
> > 
> > Tonia
> > 
> > pchelp 
> wrote: 
> > Don't know if you are still around but it sounds like you may have 
> a 
> > hdd
> > going bad. OR... bad memory. I have had the experiences you 
> > mentioned
> > with both those media.
> > 
> > Robert McLellan
> > 
> > ----- Original Message -----
> > From: "Tonia" 
> > To: 
> > 
> > Sent: Monday, December 24, 2001 1:36 AM
> > Subject: [pchelpers] Re: Unknown attack
> > 
> > 
> > >
> > > Hi John
> > >
> > > Thanks for the tip. Norton was beaten with this one. When I 
> > suspected
> > something wasn't right I tried to bring up NAV to do a scan but it 
> 
> > won't
> > even start, giving an error instead. It was just stone dead!
> > > This strange phenomenon sure is weird! I know it zapped my Lotus 
> 
> > WordPro
> > and some other apps. I can still log onto the web at times and it 
> is 
> > only at
> > around late afternoon, strange things begins to happen. So during 
> > one of
> > those times when things were working ok, I downloaded AVG and did 
> a 
> > scan. It
> > hanged at one file and I had to shut it down by brute force! I 
> wonder
> > if it's a virus at all. I had NAV on all the time and it didn't 
> > catch this
> > one. Instead it got zapped. AVG tells me no virus was found. 
> > Yesterday
> > while trying to boot up, I got the 'window protection' error. And 
> > then it
> > won't shut down, instead hanging at the 'windows is shutting down' 
> 
> > screen.
> > Looks like I may have to start all over again. I'll try the HP 
> > system
> > recovery CD to see if it works. Otherwise I'd have no choice but 
> to
> > reformat.
> > > In the meantime I'll search around the web and see if I can find 
> 
> > anything.
> > Checking my registry didn't turn up anything suspicious. I'll let 
> > you know
> > if I find anything resembling this odd critter.
> > > The worse part of this thing is not knowing what bit me! Oh 
> well, 
> > it's a
> > learning experience. I learned to read all pop-ups before clicking 
> 
> > OK or
> > Open! §:^)
> > > Thanks for your suggestions and off of help.
> > > Tonia
> > >
> > > John Ford wrote:
> > > Tonia,
> > > Another thing that you could do would be to load and install 
> > another virus
> > > program on your infected machine. Most of the time when 
> installing 
> > a
> > > program such as those you are able to answer a question 
> something 
> > like "is
> > > your machine infected with a virus" or something to that effect.
> > >
> > > Norton's program will allow you to do that and perhaps it may 
> > locate the
> > > problem and at least quarantine it for you and at the very least 
> 
> > give you
> > a
> > > name for the critter and then using your older machine you could 
> 
> > get the
> > > information needed to isolate and remove from your HD on your 
> > newer
> > machine.
> > > I am surprised if you had a virus program running that it did 
> not 
> > detect
> > > anything when you clicked open on the pop up window.
> > >
> > > If you get he name of the virus and need our help from the list 
> do 
> > not
> > > hesitate to ask and maybe we can collectively come up with a 
> > solution or
> > at
> > > the very least get you the instructions needed to help you 
> remove 
> > it.
> > >
> > > John F
> > >
> > > -----Original Message-----
> > > From: pchelpers-bounce@xxxxxxxxxxxxx
> > > [mailto:pchelpers-bounce@xxxxxxxxxxxxx]On Behalf Of Tonia
> > > Sent: Sunday, December 23, 2001 1:32 AM
> > > To: pchelpers@xxxxxxxxxxxxx
> > > Subject: [pchelpers] Unknown attack
> > >
> > >
> > >
> > > Hi all
> > > I've got the strangest thing happen to me yesterday while I was 
> on 
> > line. I
> > > was reading an article in a newsletter from Cramsession and 
> > clicked on a
> > > link which said "Read More". What I got was a pop up window like 
> 
> > what you
> > > get when you want to download something and it prompts you to 
> save 
> > to disk
> > > or open in current window etc. Without thinking I clicked on 
> > Open....and
> > > that opened a Pandora box! I noticed something being installed 
> on 
> > my
> > > system. Before I could do anything to stop it, it was all over! 
> So 
> > were my
> > > apps, Internet connection, Outlook Express email etc. Nothing 
> > works
> > anymore.
> > > The icon of the Word Viewer turned into a black pokemon-like 
> > monster!
> > > I have been reading this Cramsession newsletter for some years. 
> > It's all
> > > about exams and certifications and other techie stuff. This 
> > particular
> > > article was on CompTIA suing Troytech so I didn't even think of 
> > reading
> > what
> > > that pop up window was about. After shutting it down I booted up 
> 
> > my older
> > > machine to continue with my work. Later that evening, I went 
> back 
> > to it
> > and
> > > it seemed to work fine. Didn't give it a thought this morning 
> when 
> > I
> > started
> > > it up. But towards the later part of the morning it started to 
> act 
> > funny!
> > It
> > > killed my Lotus WordPro, even notepad won't start up! And the 
> > online
> > > mentoring chat window just went blank! I went to shut down at 
> > "Start" but
> > > it refused to start! I normally use the winkey for that but 
> seeing 
> > it
> > won't
> > > work I used the mouse and what I got was a small square with a 
> > computer
> > icon
> > > saying "shut down". But fortunately it worked and I managed to 
> > shut it
> > down.
> > > I wonder if anyone here had this experience. I want to know what 
> 
> > was
> > planted
> > > on my machine. I'm using Win98SE on an HP Brio workstation. 
> Never 
> > given me
> > > any problem till now. I hope I'm not zombiefied!
> > > Any advice would be most appreciate...before I reformat which 
> > means I lose
> > > everything. Haven't backed up a thing yet!
> > >
> > > TIA.
> > > Tonia
> > >
> > >
> > >
> > >
> > > ---------------------------------
> > > Do You Yahoo!?
> > > Get personalised at My Yahoo!.
> > >
> > >
> > > ---
> > > Incoming mail is certified Virus Free.
> > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > Version: 6.0.303 / Virus Database: 164 - Release Date: 11/24/01
> > >
> > > ---
> > > Outgoing mail is certified Virus Free.
> > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > Version: 6.0.303 / Virus Database: 164 - Release Date: 11/24/01
> > >
> > >
> > >
> > >
> > > ---------------------------------
> > > Do You Yahoo!?
> > > Get personalised at My Yahoo!.
> > >
> > 
> > 
> > 
> > 
> > ---------------------------------
> > Do You Yahoo!?
> > Get personalised at My Yahoo!.
> > 
> > 
> > 
> 
> 
> 
> ---------------------------------
> Do You Yahoo!?
> Get personalised at My Yahoo!.
> 
> 
> 



---------------------------------
Do You Yahoo!?
Get personalised at My Yahoo!.

Other related posts: