VideoHelp Forum
+ Reply to Thread
Results 1 to 25 of 25
Thread
  1. Somebody put their USB memory stick in my computer and then I immediately got a virus so severe that even Ghost
    restore did not work. After Ghost restoring the C drive, I found that the virus was still on the D and E drive. The virus was seen as a autorun.inf and a pif file (MS-DOS-based program shortcut to a program executable). If I tried to delete either file, they would just reappear a few seconds later. Then they jumped back on the C drive and reinfected that. Some other things that I noticed: the date was set back to 2004, regedit and msconfig would not work (message that other program was using them). Also I could not shut the computer down. I tried Housecall and that did not solve the problem. I think I finally solved the problem by restoring the C drive again , BUT NOT BOOTING BACK to Windows. Somebody helped me get in the Windows safe mode command line and used DOS command to delete the virus on the d and e drive. They used a command something like, attrib-s-h (negate system file and hidden file attributes) to change the attributes of the virus file so that they could be deleted. I couldn't follow all what he did, but if somebody can clarify that procedure, that would be really helpful to me.
    Quote Quote  
  2. Member
    Join Date
    Jan 2003
    Location
    India
    Search Comp PM
    If you could not follow what they did, you are better off not knowing the procedure.
    Pen drives are very prone to be infected by viruses and trojans because they are the modern version of the floppy!
    The usual method is use of an autorun.inf file
    For your own sake do what this article tells you to disable autorun.inf from all drives.
    http://windowssecrets.com/2007/11/08/02-One-quick-trick-prevents-AutoRun-attacks
    and then, whenever you are attaching a pen drive, run a scan on it before opening any files on it.
    afaik, all the present day viruses/trojans which infect pen drives use autorun.inf.
    Quote Quote  
  3. Banned
    Join Date
    Jun 2007
    Location
    UNREACHABLE
    Search Comp PM
    Awesome info, mgh.
    My next PC(s) will be even safer now. 8)
    Quote Quote  
  4. I would like to confirm the above directions. I copied them exactly as in the screenshot (see screenshot 1) and followed the directions for merging. However, when I insert a software disk into the cd drive (after rebooting), the software menu still appears (see screenshot 2). I was under the impression that after modifying the registry, the software menu will NOT appear. I don't think the above trick (to disable autorun) works on my xp computer.



    Quote Quote  
  5. I found the following DOES work to disable autorun. At least, when the above software disk is inserted, nothing happens (no menu appears). However I still wonder if a nasty virus might secretly re-enable the autorun.
    I found this info at:
    http://antivirus.about.com/od/securitytips/ht/autorun.htm

    Here's How:

    1. If you use XP Pro, follow steps 1 through 8 only. XP Home users begin at step 9.
    2. Click Start and then click Run
    3. Type gpedit.msc and click OK
    4. The Group Policy window will open. In the left pane, double-click Administrative Templates
    5. In the right pane, double-click System
    6. Scroll down the list and double-click Turn Off Autoplay
    7. In the Turn Off Autoplay Properties window, select Enabled. From the dropdown next to Turn Off Autoplay on, select All drives and then click OK
    8. Exit Group Policy by selecting File, then choosing Exit from the menu.
    Quote Quote  
  6. Oops, I found my mistake regarding modifying the registry to disable autorun. DON'T use the link:
    http://windowssecrets.com/2007/11/08/02-One-quick-trick-prevents-AutoRun-attacks
    Instead use the link:

    http://nick.brown.free.fr/blog/2007/10/memory-stick-worms
    The first link is only for geeks and cannot be followed by most people.
    The second link is easy to follow and works. Problem in the first link has to do with the confusing spacing of the
    phrase: Windows NT
    There should be a space between Windows and NT.
    So it should read:

    REGEDIT4
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
    @="@SYSoesNotExist"
    Quote Quote  
  7. On the D and E drive I would save any important information and then format the drive. after those drice are formatted and reghost the C drive and start fresh.
    Quote Quote  
  8. The regedit command is easy if you just navigate into it yourself rather than merging, manually making the key changes is much safer as oppossed to blindly merging which is dangerous.

    Ghost did not solve the problem because it was not applied to it, the virus was removed from the area onto which Ghost was used, the C drive. All storage areas must be cleaned. If the other drives had been ghosted with a clean image you would have been OK.

    The attrib (attributes) command is "Attrib -r -s -h" which removes the Read-only, System, and Hidden attributes, it is generally uses with a "*.*" to apply to all files. This then allows for deletion.

    A Linux boot CD with an NTFS reader has become an essential piece of software for anti-virus use. Booting Windows in Safe Mode sometimes works, but often not.
    Quote Quote  
  9. A Linux boot CD with an NTFS reader has become an essential piece of software for anti-virus use.
    I find that very interesting. I hear that you can get a Linux CD and just run the whole PC without installing anything. It seems that in that situation, the viruses (from Windows) on the D and E drive will just boil to the top where you can delete them.
    Quote Quote  
  10. joollyjohn jollyjohn's Avatar
    Join Date
    Mar 2005
    Location
    Sydney Australia
    Search Comp PM
    Thanks for the tip guys.
    Quote Quote  
  11. Member
    Join Date
    May 2001
    Location
    United States
    Search Comp PM
    Originally Posted by Nelson37
    A Linux boot CD with an NTFS reader has become an essential piece of software for anti-virus use. Booting Windows in Safe Mode sometimes works, but often not.
    Or, you could make yourself a "Bart CD" disk. This is a Windows XP (with the possibility of having all the current updates - just depends on how YOU want things) system on a CD. With it, you can do anything you want to the system on your harddrive, because the active system is being run from a CD.

    In my opinion, every user should have him/herself a Bart CD "rescue" disk on hand, for just such occasions.

    Read all about Bart here: http://www.nu2.nu/pebuilder/
    ICBM target coordinates:
    26° 14' 10.16"N -- 80° 16' 0.91"W
    Quote Quote  
  12. Banned
    Join Date
    Oct 2004
    Location
    Freedonia
    Search Comp PM
    Originally Posted by jimdagys
    I find that very interesting. I hear that you can get a Linux CD and just run the whole PC without installing anything. It seems that in that situation, the viruses (from Windows) on the D and E drive will just boil to the top where you can delete them.
    Your comment makes it clear that you do NOT understand what is going on. Nothing "boils to the top". In fact, I would advise you NOT to use this method because if you are not an experienced Linux user it's really easy to screw things up.

    Damn dude, can you go even one week in China without something screwing up your PC? You don't seem to be learning any lessons based on your constant posts about one calamity or another on your PC.
    Quote Quote  
  13. Man of Steel freebird73717's Avatar
    Join Date
    Dec 2003
    Location
    Smallville, USA
    Search PM
    Originally Posted by jman98
    Damn dude, can you go even one week in China without something screwing up your PC? You don't seem to be learning any lessons based on your constant posts about one calamity or another on your PC.


    https://forum.videohelp.com/topic357120.html?highlight=virus

    https://forum.videohelp.com/topic356838.html?highlight=virus

    https://forum.videohelp.com/topic349539.html?highlight=virus

    https://forum.videohelp.com/topic348783.html?highlight=virus

    https://forum.videohelp.com/topic348738.html?highlight=virus
    Donadagohvi (Cherokee for "Until we meet again")
    Quote Quote  
  14. To the OP - You need one of two things, possibly both: A helmet, or a padded hammer.

    Get a Linux boot CD and a memory stick. All you got to do is burn it, no "build" involved. Takes a lot less time than all these Ghost restores, and BTW, if your Ghost image is not restoring the boot sector, you've done something wrong.
    Quote Quote  
  15. Member FulciLives's Avatar
    Join Date
    May 2003
    Location
    Pittsburgh, PA in the USA
    Search Comp PM
    My favorite line is from this thread: https://forum.videohelp.com/topic348783.html?highlight=virus

    And I quote, "I have been experimenting with downloading things from very dubious sources."

    What ???

    - John "FulciLives" Coleman
    "The eyes are the first thing that you have to destroy ... because they have seen too many bad things" - Lucio Fulci
    EXPLORE THE FILMS OF LUCIO FULCI - THE MAESTRO OF GORE
    Quote Quote  
  16. Always Watching guns1inger's Avatar
    Join Date
    Apr 2004
    Location
    Miskatonic U
    Search Comp PM
    Originally Posted by FulciLives
    My favorite line is from this thread: https://forum.videohelp.com/topic348783.html?highlight=virus

    And I quote, "I have been experimenting with downloading things from very dubious sources."

    What ???

    - John "FulciLives" Coleman
    It's kind of like saying "I've been experimenting with eating things I find on the floor of public lavatories" and then wondering why you have gastro all the time. Especially when the OP appears to make no effort at all to protect himself except by constantly re-imaging with ghost.

    I also find it funny that he believes this virus is all powerful because Ghost couldn't remove it - when the virus was on a drive that he didn't re-image anyway. Ghost is not an anti-virus product or an anti-virus solution. It is a system backup and recovery tool that should be used when all else fails, not as a standard response to virus infections that could be so easily stopped simply by using a good anti-virus product.
    Read my blog here.
    Quote Quote  
  17. for now on just format your hard drive every time you get hit by a virus
    Quote Quote  
  18. Member
    Join Date
    Oct 2004
    Location
    United States
    Search PM
    might i suggest...




    virus free since the 1950's.
    Quote Quote  
  19. Originally Posted by freebird73717
    Originally Posted by jman98
    Damn dude, can you go even one week in China without something screwing up your PC? You don't seem to be learning any lessons based on your constant posts about one calamity or another on your PC.


    https://forum.videohelp.com/topic357120.html?highlight=virus

    https://forum.videohelp.com/topic356838.html?highlight=virus

    https://forum.videohelp.com/topic349539.html?highlight=virus

    https://forum.videohelp.com/topic348783.html?highlight=virus

    https://forum.videohelp.com/topic348738.html?highlight=virus
    EPIC!!!
    Quote Quote  
  20. Member fatbloke88's Avatar
    Join Date
    May 2006
    Location
    United Kingdom
    Search Comp PM
    run a sandbox program if you want to play with files from dubious sources.
    Quote Quote  
  21. Far too goddamn old now EddyH's Avatar
    Join Date
    Jan 2003
    Location
    Soul sucking suburbia! But a different part since I last logged on.
    Search Comp PM
    Would it be too harsh to say that "Well, if you only re-imaged the C:\ drive of a computer with multiple partitions, of COURSE D:\ and E:\ will still be infected!" ?? --- and as soon as you look at those drives they'll likely re-infect C:\ anyway, so you've completely wasted your time.

    If you have images of D: and E: that are usable and you haven't got anything it would hurt to lose on them, do all three at once. If not, then a method similar to what I just posted in another thread may be needed... run a liveCD with antivirus things on, clean up and recover everything you can manage to from those disks, then reformat the entire sodding thing. Take it back to completely blank, no partitions or anything. DISCONNECT FROM THE NET. Ghost C:\ back into life at original size, remake and reformat D:\ and E:\. Make sure AUTORUN for removable drives is off (even in legit cases, 90% of the time it's an unwanted annoyance) - or at least, for crying out loud, get yourself a decent antivirus that can spot these things and keep it updated. Even the free ones do that. Put on a more crap-proof browser with some anti-malware plugins. THEN recover your documents back to those drives. And start scanning all your USB keys etc.

    It's not difficult to avoid most virus issues, it just needs a little knowledge and a little care. Most problems stem from lacking one or the other, and hopefully we can provide you with the former element.
    -= She sez there's ants in the carpet, dirty little monsters! =-
    Back after a long time away, mainly because I now need to start making up vidcapped DVDRs for work and I haven't a clue where to start any more!
    Quote Quote  
  22. Member
    Join Date
    Jan 2006
    Location
    United States
    Search Comp PM
    This thread is over 1.5 years old, and the OP is probably no longer seeking a solution.
    Quote Quote  
  23. Originally Posted by jimdagys View Post
    Problem in the first link has to do with the confusing spacing of the
    phrase: Windows NT
    There should be a space between Windows and NT.
    Copy/Paste works.
    Quote Quote  
  24. Far too goddamn old now EddyH's Avatar
    Join Date
    Jan 2003
    Location
    Soul sucking suburbia! But a different part since I last logged on.
    Search Comp PM
    Originally Posted by bevills1 View Post
    This thread is over 1.5 years old, and the OP is probably no longer seeking a solution.
    Crap, how did I even end up on this thread?
    Is there a "don't bump" button I can use?
    -= She sez there's ants in the carpet, dirty little monsters! =-
    Back after a long time away, mainly because I now need to start making up vidcapped DVDRs for work and I haven't a clue where to start any more!
    Quote Quote  
  25. Originally Posted by EddyH View Post
    Originally Posted by bevills1 View Post
    This thread is over 1.5 years old, and the OP is probably no longer seeking a solution.
    Crap, how did I even end up on this thread?
    Is there a "don't bump" button I can use?
    One of my biggest pet peeves about this new system. It no longer shows the original post/creation date of the thread in the index. You have to make an effort each time to look for the dates.
    tgpo famous MAC commercial, You be the judge?
    Originally Posted by jagabo
    I use the FixEverythingThat'sWrongWithThisVideo() filter. Works perfectly every time.
    Quote Quote  



Similar Threads

Visit our sponsor! Try DVDFab and backup Blu-rays!