Re: Possible new virus?

[Wirefire Systems Administrator <sysadmin () wirefire com>]

The answer to this is, in at least one case, yes, the fan was recently 
replaced and working, and that did not stop the error from coming up.
        Only when the bios alarm was disabled did the error come up. I just recently 
found this out from the technician. He didn't try a boot disk, in order to 
bypass a possibly compromised MBR, and since he no longer has the machine, I 
can't tell you if it would have worked. 
        I'm at an impasse now. I don't (and unfortunately never did) have my hands on 
a questionable system, and he doesn't either so we're stuck here without more 
info until I get another report of this issue. It's entirely possible that it 
was a set of errant hardware, but the odds lean against it, imho. If I get 
any new info, rest assured, I'll post it here asap.  Sorry for not being able 
to provide any more background on the problem. 

--Matt


On Wednesday 10 September 2003 08:30 pm, David Gillett wrote:
> > > Bootsector virus, perhaps?....
> > > Do you know if the fans are still in fact running?
> >
> > Hmm, I don't see how even the worst bootsector virus could
> > have any effect
> > on the fans since they come on before POST and work even if
> > the CPU is dead.
>
>   Chris, please stop and think for just a moment!!!
>
>   The original poster has not (yet) provided an answer to this
>
> CRITICAL question:
> > > Do you know if the fans are still in fact running?
>
>   All he has described is a MESSAGE on the screen (and accompanying
> noise) CLAIMING that the fans have died.
>
>   I could write a boot-sector virus that spat out a message that
> the moon was made of green cheese.  Whether my virus *could* actually
> turn the moon into green cheese or not would be completely
> independent of whether you had caught my boot virus or not!
>
>   (I seem to recall a family of viruses that attempted to re-flash
> the BIOS.  Machines that were supposed to have different BIOS versions
> might not, after attack by such a virus....)
>
> David Gillett
>
>
> ---------------------------------------------------------------------------
> Captus Networks
> Are you prepared for the next Sobig & Blaster?
>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
>  - Precisely Define and Implement Network Security
>  - Automatically Control P2P, IM and Spam Traffic
> FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
> http://www.captusnetworks.com/ads/42.htm
> ---------------------------------------------------------------------------
> -

-- 
-------------------
Matt Simmons
Assistant Network Administrator
304.580.8080x5007
Fibernet LLC


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------