Re: puter question (DOS)
ok mellow, here is my 2c, which would amt to @ .000002 in AV skills, but it gets me thru hardtimes when the beaurocracy of getting our corp IT team involved isn't worth the hassle...<br /><br />i recently picked up the blackmalB and sasser worms, and cleaned up shop within 4 days, partime, as one of my 'test' pc's is not under the heavy blanket imposed by corp IT.<br /><br />i would explore that file, change its tag to .txt<br />if that gives 'in use' err then u got a good idea its something sinister
and even not, if its reinitializg itself, then same suspicion.<br />once i did that, i'd open it with notepad. if its junk, maybe it'll give a few legible paths, like
www.werule.schitheds.com, etc<br />THEN use these legible words as wildcards to search the c: along with the actual filename. <br /><br />i guess my slow columbo work aint rocket science but you will eventually get there, and after a few times, remember the basic files used by regedit, startup, core oslevel kernal, etc<br /><br />i would change all .exe you find to .2exe,but that's just my way. oh yeah, if you get the 'in use', then its time to reboot to safe mode, then rename. i guess i basically searched all variables found, then their variables(filenames,paths) and pretty quickly shut it down.<br /><br />not to mention <end task> to see whats running in the bkgrnd, and then ZoneAlarm to reject all the crap (one at a time)until i could verify where it was coming from. which, in my case, several come from the timesync prog since we work online realtime support callcenters.<br /><br />then, once i figured out the areas of my opsys that were affected, and how, i had an idea of what to search for in online AV sites. <br /><br />i learned/figured out that:<br /> viruses are quick to mutate<br /> viruses cheifly combine the best features of other common viruses <br /> this is called a 'blended threat'<br /> they could be really nasty and del files, but most of the time just duplicate oslevel files, and setup bkgrnd proc - spam machines<br /><br />that is what i caught-- making spam mch on my pc. and it would replace my last used exec progs to be robots or whatever the hell you wanna callem. i would have perfectly legit progs like mediaplayer, ipconfig, clocksync - all going out on the internet connecting to ftp sites with automatic scripts, pulling crap back to me!<br /><br />the <end task> routine helped spot alot, the searches/ file properties helped spot alot, and finally the Zone Alarm/firewall kept it from running. THEN i had wildcards to search for on AV sites. i got most help from MS.com believe it or not. i got symptoms to match mine, and downloadable fixes. and i found that the core opsys .exe files were still intact, and the ones actually running were duplicates, but in diff directories- if you understand what i mean. its just the $path allowed it to use the 1st occurrance of the specified $variables... i wont expl in detail, but hope you understand, and/or research it rather than have me offer fodder to the other zillion 12yrold dumazzes that want to incr their ego by writing a virus...
<br /><br />but i didn't dwnload, i did it manually. i don't want more .exe files that are unfamiliar and unkn to me 6mos from now... i then had the printouts with step by step filenames to look for in regedit. and regedit is what prevents it from reocurring, like you are seeing.<br /><br />once i got familiar with the fields within regedit, it helps tremendously in understanding how exec files can 'popup' on your desktop, or after running your IE browser to access iboats.com<br /><br />hope this might point you in the right direction, or at least help entertain
