Re: Possible new virus?

[Logan Rogers-Follis <logan () tntnetworx net>]

Has anyone opened the PC to make 100% sure the noise comes from the PC 
speaker and make sure all fans are working good and heatsinks don't feel 
to warm?  Can you boot to DOS (off a floppy, CD, etc.) w/o getting this 
error?  If you can just fine, can you start the boot into Safe-Mode w/o 
getting this error (cause even less is loaded when booting there)?
Let us know what you find.

Logan


Wirefire Systems Administrator wrote:

> Thank you everyone for the many suggestions that have been pouring in. 
> Unfortunately I don't have any of these computers at hand, because these were 
> reported to me by another technician (actually an ISP reseller with a 
> computer shop). I have called him, and he reported that another machine (!) 
> came in today with the same symptoms. Apparently the message has been coming 
> up after the post operation, immediatly before entering GUI mode. If this 
> continues, I may take a road trip to investigate myself, in which case I'll 
> have alot more info. 
> 	My ISP's technical support hasn't gotten any calls about this error in 
> particular, but many people may not connect that error to an internet problem 
> (though sometimes they seem to connect printer and video problems?) but as 
> soon as I can get my hands on a machine, I'll post my findings. Thanks again 
> everybody! 
>
> Matt Simmons
>
> On Wednesday 10 September 2003 01:57 pm, Sebastian Schneider wrote:
>  
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Seems like being a boot sector/mbr virus. On that 98 machine, when is that
> > message actually coming up ? before the message "Starting Windows 98..."
> > shows up or after. What happens if you place a empty floppy into your drive
> > trying to boot from that one. Does that message appears anyways?
> >
> > Win98 is in that way easier to analyze, since its boot process is quite
> > simple.
> >
> > Sebastian
> >
> > On Tuesday 09 September 2003 17:01, Wirefire Systems Administrator wrote:
> >    
> >
> > > Hey all,
> > >
> > > I've had a computer tech calling me about a very strange symptom.
> > >
> > > One operating system was XP, one was 98, and another was unknown. The
> > > symptom was an error while still in text mode before booting:
> > >
> > > cpu cooling fan is malfunctioning
> > >
> > > Accompanying this is a high-pitched tone from the PC speaker. mem /c/p
> > > doesn't reveal anything out of the ordinary. There is nothing suspicious
> > > in autoexec.bat or config.sys... I wouldn't think twice if it hadn't
> > > happened to 3 computers from 3 different vendors in 2 days.
> > > I've done some looking in google, and that phrase doesn't even occur in
> > > the google database, which leads me to believe this is something new.
> > >
> > > Any ideas?
> > >      
> > - --
> >
> > Sebastian Schneider
> > straightLiners IT Consulting & Services
> > Metzer Str. 12
> > 13595 Berlin
> > Germany
> >
> > Fon: +49-30-3510-6168
> > Fax: +49-30-3510-6169
> > www.straightliners.de
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.2 (GNU/Linux)
> >
> > iD8DBQE/X2YYQ7mOWZBxbPcRAnmWAJ9dQtf2gbT3HEi13HsPimwErCqkLACgsvPs
> > t+ABRDn12bNlIzU0xAO42CU=
> > =ogUS
> > -----END PGP SIGNATURE-----
> >    
>
>  

--
Thanks,
   Logan Rogers-Follis - Logan () TNTNetworx net
   Try New Technology Networx - TNTNetworx.net (Under Construction)
                  "Try it.  Use it.  Master it."



---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
- Precisely Define and Implement Network Security 
- Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------