Do you think I have a virus? Probably not. - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Do you think I have a virus? Probably not.

erratic@nomail.afraid.org says...
Quoted text here. Click to load it

But then wouldn't the virus have to target specific programs with
'know' weak checksum algorithms?

--
Pete Ives
Remove All_stRESS before sending me an email

Re: Do you think I have a virus? Probably not.

Quoted text here. Click to load it

It is not generally a good idea to have the algorithm as part of the program
it hopes to protect.

I suppose it could refuse to infect those systems whose integrity checking
program generated checksums which it was unable to match. You're right
though, it wouldn't be *easy*. A properly implemented integrity checker (or
change detection) program is a *very* good defense against further spreading
of a virus you are already executing on the system.

This may interest you:

http://www.people.frisk-software.com/~bontchev/papers/attacks.html



Re: Do you think I have a virus? Probably not.

wrote:

Quoted text here. Click to load it

From the link: 'Remember: the only 100% foolproof anti=96stealth
technique is to cold booting the computer from a non=96infected write=96
protected system diskette, to ensure that no virus is present in
memory. '

Wow. Does anybody really do this?  I've never heard of this being
done.  Does Norton, Symantec, etc even have such an option?

RL


Re: Do you think I have a virus? Probably not.

wrote:

Quoted text here. Click to load it

From the link: 'Remember: the only 100% foolproof anti–stealth
technique is to cold booting the computer from a non–infected write–
protected system diskette, to ensure that no virus is present in
memory. '

Wow. Does anybody really do this?

***
Everybody that does malware removal for others *should* be doing this.
Working on a live infection can be like a dog chasing its tail. Some even
suggest swapping out the harddrive to a known clean surrogate computer and
scanning the drive with *that* system to avoid any possibility of malicious
code interfering with the process.

Some malware is really easy to remove, and it is not even necessary to
"clean boot" - so, it depends on what you are dealing with.
***

I've never heard of this being done.  Does Norton, Symantec, etc even have
such an option?

***
They *all* have rescue disks as far as I know, some require or suggest that
the user create one when first executing the AV program. There is also a
create boot disk suggestion when completing the install of most OSes.
***



Re: Do you think I have a virus? Probably not.


| wrote:


Quoted text here. Click to load it


| From the link: 'Remember: the only 100% foolproof anti–stealth
| technique is to cold booting the computer from a non–infected write–
| protected system diskette, to ensure that no virus is present in
| memory. '

| Wow. Does anybody really do this?  I've never heard of this being
| done.  Does Norton, Symantec, etc even have such an option?

Some provide an ISO image where you can burn a bootable CDROM.

--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Do you think I have a virus? Probably not.

In article <485c6542-f24f-4330-b9c8-dbdc64e97230
@t20g2000yqa.googlegroups.com>, raylopez88@gmail.com says...
Quoted text here. Click to load it
I do have a Kaspersky rescut cd-rom which runs a linux O/S and can=20
download an updated virus database for its AV software. However, I've=20
only used it on a couple of occasions and found that it wasn't always=20
able to connect to the internet to update.

Only really used when can't pull the HD, ie on some laptops.

--=20
Pete Ives
Remove All_stRESS before sending me an email

Re: Do you think I have a virus? Probably not.

RayLopez99 wrote:
Quoted text here. Click to load it
You can build your own xp cd with bartpe cd builder(need the original
xp install cd or files), link:> http://www.nu2.nu/pebuilder /



Also the Hiren bootcd dowload:>> http://www.hirensbootcd.net /


Re: Do you think I have a virus? Probably not.

$0$8918$703f8584@textnews.kpn.nl:

Quoted text here. Click to load it

Yea, just be careful trying to boot a machine running ati drivers if
you have plainjane xp with sp3 on it. <G> You might very well meet a
consistent bluescreen. heh


--
Some people are like a Slinky. Not much good for anything, but you
can't help but smile when one tumbles down the stairs.

Re: Do you think I have a virus? Probably not.

Dustin wrote:
Quoted text here. Click to load it
Both cd's run as stand-alone xp system, not needing drive C, and contain
a host of support software for repair.

Re: Do you think I have a virus? Probably not.


Quoted text here. Click to load it

I know what the bart disc does, thanks. I've been using it awhile
myself. It still tries to load drivers for some things; and if you
prepped it using an sp3 cdrom with some ati video cards on a machine,
it will bluescreen and crashout instead of booting into the bart gui.
It's a video driver issue. You can always make your bart disc, and just
force it to boot into vga mode if you encounter the problem. I was just
trying to provide you a heads up.


--
Some people are like a Slinky. Not much good for anything, but you
can't help but smile when one tumbles down the stairs.

Re: Do you think I have a virus? Probably not.

955d654e6033@a36g2000yqc.googlegroups.com:

Quoted text here. Click to load it

It's the first one, actually. Google cavity infector and companion virus.
 
Quoted text here. Click to load it

See above...


--
Some people are like a Slinky. Not much good for anything, but you can't
help but smile when one tumbles down the stairs.

Site Timeline