Thread: Badass Virus?

    #1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2003
    Posts
    5
    Rep Power
    0

    Exclamation Badass Virus?


    About a month ago, I turned on my machine. I logged into Win2k and to my surprise, I can't access the internet. Almost like I was disconnected from my LAN. I checked all my cables and they worked fine so I figure I have a virus. I use Norton Anti Virus (which sucks a nut but i have it for free so..) and scan my whole HDD. Didn't pick up anything. So I tried restarting into Safemode with networking, and to my unpleasant surprise, internet access is still disabled. I tell myself then that it must be some trojan thats got on my boot up files. So i wiped out my whole HDD, and even bought a new HDD for my win2k files. l installed windows its patches and SP's onto the new harddrive. That night, after I installed about half of my old programs again, i reboot and I cant access the internet again. So i run SygatePersonal Firewall and it doesnt pick up anything unusual. I set it so it boots up on windows load up. I reboot normally and for some reason, I was able to access the internet. This is my temporary fix. I thought it mightve been some software that i might've pirated but then this virus or whatever thing got worse. Then next time i booted up and logged on, an error message pops up saying my paging file was too small. So i press ok and everything boots up and i can access the interenet (thanks to SPF) but when I look down on my toolbar and my Norton is disabled (this is what makes me think it is a virus). My system is now worse, windows installer and windows registry is jacked. The last programs I installed onto my computer that may have set this virus/error was DeadAIM 4.0 and Diskeeper Lite. Someone please help me...

    (I can renable my Norton's auto protect but not its auto live update and my machine runs sluggishly, I've tried different anti virus software (including AntiVir and AVG), and tried adaware.)
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2003
    Location
    Mississippi
    Posts
    475
    Rep Power
    12
    i am glad to see this post, not happy that you have the situation. the reason for the "glad" last week, had three computer brought to me with odd problems, no virus detected on two, one had some easily fixed, nothing out of the ordinary. the other two,pain in the azz. i backed up the info on cdr. formatted, reinstalled to have the same problems start over,ok these are proprietary machines with format and recovery cd sets. should have been simple. ended up, i used the maxblast diagnostic floppy to do a low level format, erased the disk back to raw then set the partitions back up and installed. problem was gone. i have a machine i use to test things, installed a fresh copy of xp, then dumped backup files on it and used every anti virus i had and some i downloaded just for this, nothing detected. i just kept the pictures, music files,and documents.(these were home computers) both had norton firewall 2002 and anti virus 2002, one was a dell, the other a emachine. xp and norton was all they had in common, one connected dial up, the other cable. i ran this by several people who said it wasnt a virus, but they had no answers.
  4. #3
  5. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2003
    Location
    Boston MA
    Posts
    71
    Rep Power
    12
    Sounds like some bad spyware took over your DNS settings. Could you ping okay? How about Resolve DNS?
  6. #4
  7. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2003
    Posts
    5
    Rep Power
    0
    couldnt resolve my dns.. i could however ping myself... but nothing else...
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2003
    Posts
    113
    Rep Power
    13
    Hey gang... ....just wanted to share acouple tools i use to determine which process are listening or have established connection to the internet.They are easy to use and can help find possible virus

    The first tool is called tcpview and can be found here http://www.sysinternals.com/ntw2k/source/tcpview.shtml .Basically it will tell u which process is running....what protocol...loacl and remote address and whether its listening or connected.Now say u see a procees running that u r unfamiliar with u can use the next tool called fport

    Fport can be found here http://www.foundstone.com/index.htm?...desc/fport.htm and u run it in the command box.This tool will tell u where the process is installed.hope this helps someone.

IMN logo majestic logo threadwatch logo seochat tools logo