Weird Virus found - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: Weird Virus found

  1. #11
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Peer to peer, non server based. We already tried with trying with ip. Using the ip address we were unable to bring up the pc at all however it returns pings.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  2. #12
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    It's hardware?

    Change the router/switch?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #13
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    My hunch is Avg has removed files due to a false positive...restore them from quarantine and see if you can connect again.

    I would run an online scan from Panda or Trend to see if you are infected after you restore the files.

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  4. #14
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    I will be going there tomorrow morning. I will check AVG and sort that out. If it still doesn't work I will implement a new switch...

    however will the switch cause that error in my first post?
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  5. #15
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    however will the switch cause that error in my first post?
    Normally when things die they do it in a very obvious fashion. They stop working; period. However, there are situations where things deteriorate more slowly or suffer traumatic partial damage. These circumstances are much more difficult to diagnose as the results are unpredictable (and may even be intermittent, although that is not the case here).

    You have three independent boxes with the only common denominator being the switch. So, IF it is a hardware issue, it has to be something wrong with the switch?

    What I would do is (on one disconnected machine):

    1. Disable AVG's interactive scanning.

    2. Look at the AVG settings and see what it is instructed to do if it finds malware. If it is "quarantine" then look at what is in there. I only have instances of the free version, where there are no options other than to ask it to attempt a repair ("heal") of an infected item. By default it will put things in quarantine if it cannot heal them or is not instructed to do so.

    If you have a commercial version (which they should, being a business?) there should be enhanced settings options. Check to see that it has not been set to delete uncleanable files. If it has, you obviously won't find anything in quarantine.

    2. If there is stuff in the quarantine, you are only interested in items immediately before the problem starting. Make a note of what they are, then use AVG to restore them.

    3. Submit them to:
    http://www.virustotal.com/?9f4b11a2b...bc0b1f8617:eng

    That should give you a number of opinions as to whether they really are malware, rather than a false positive. If other AVs come up positive, then rename them with a .vir suffix (Don't forget to delete them later).

    If they don't come up positive, or only AVG says so, then follow the same procedure to restore the files on the other machines (the one that didn't have AVG to begin with might be OK, so don't worry about it, if that is the case)

    REMEMBER TO DISABLE AVG ON ALL THE MACHINES IF IT STILL REPORTS THE ITEMS AS VIRAL

    4. If the files actually are infected (positive), or they have been deleted, then boot from the Windows CD and select the "repair" option.

    To see if anything was deleted (if that option is there and is set) look in the "Test Results" and "Event History Log" in the AVG application.

    If none of that works then try replacing the switch. The reason I suggested trying that early on, is I happen to have a couple lying around for testing purposes and you only have to test two machines' connectivity to confirm or rule out a hardware issue. That takes a few minutes
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #16
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Hi all, Thank you all for your replies it was really appreciated. Nihil thank you for the in-depth look as always.

    I installed Spybot, Clam AV and Adware remover. I updated and ran all the scans.

    When I was about to hand the problem onto my colleague windows security center popped up asking my about the firewall. I enabled windows firewall and bam it works.

    Wierd ....

    I didnt notice another firewall on when I first checked out the machine.

    Why would windows firewall not being enabled be the problem ???
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  7. #17
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    It shouldn't. You can disable the Windows firewall as many people do because they have another product or a hardware solution, for example.

    The Windows Security Center will warn you (if enabled) that the firewall is turned off, unless it recognises an alternative firewall product.

    IMHO you did the right thing. Although the Windows firewall isn't the sharpest tool in the box it is much better than having no firewall at all.

    Hey Cider, please don't get me wrong, as this is not a criticism................ being the sort I am, I would have briefly turned it off on one of the boxes to see if I could get the problem to come back
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #18
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Haha. Well another week at work. The problem came back but one of the other techs sorted it out. they can use the network shares around the office however the error still pops up that I included with my original post.

    Now I assume that it is a virus trying to attack from the outside, only thing I can think of is turning off some ports on the router...

    anymore suggestions?
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  9. #19
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    OK,

    You activated the Windows firewall and it started working. What were the messages or logs relating to this new occurrence.............were they exactly the same as last time?

    What did the other tech do to fix it this time?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #20
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Nihil: Ill have to get back to you on what the tech did. To my knowledge he reinstalled the network. I will get back to you on this.

    The new occurrence is just those Win32 error messages popping up. Everything works fine just abit irratating with those messages. Ill post when I am at work tomorrow.

    Thanks.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

Similar Threads

  1. Virus Circulating Via Email
    By HTRegz in forum AntiVirus Discussions
    Replies: 8
    Last Post: September 26th, 2006, 10:28 PM
  2. McAfee SiteAdvisor red flags AO
    By ShagDevil in forum Miscellaneous Security Discussions
    Replies: 12
    Last Post: September 3rd, 2006, 05:54 AM
  3. Denial of Service
    By M@rin3 Snip3r in forum AntiOnline's General Chit Chat
    Replies: 6
    Last Post: September 24th, 2003, 04:59 AM
  4. Virus Types
    By Alcatraz in forum The Security Tutorials Forum
    Replies: 7
    Last Post: July 25th, 2002, 12:15 PM
  5. First JPEG virus identified...
    By jehnx in forum AntiVirus Discussions
    Replies: 10
    Last Post: June 16th, 2002, 03:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •