Security Basics mailing list archives
Re: Possible new virus?
From: Wirefire Systems Administrator <sysadmin () wirefire com>
Date: Thu, 11 Sep 2003 16:09:56 -0400
The answer to this is, in at least one case, yes, the fan was recently replaced and working, and that did not stop the error from coming up. Only when the bios alarm was disabled did the error come up. I just recently found this out from the technician. He didn't try a boot disk, in order to bypass a possibly compromised MBR, and since he no longer has the machine, I can't tell you if it would have worked. I'm at an impasse now. I don't (and unfortunately never did) have my hands on a questionable system, and he doesn't either so we're stuck here without more info until I get another report of this issue. It's entirely possible that it was a set of errant hardware, but the odds lean against it, imho. If I get any new info, rest assured, I'll post it here asap. Sorry for not being able to provide any more background on the problem. --Matt On Wednesday 10 September 2003 08:30 pm, David Gillett wrote:
Bootsector virus, perhaps?.... Do you know if the fans are still in fact running?Hmm, I don't see how even the worst bootsector virus could have any effect on the fans since they come on before POST and work even if the CPU is dead.Chris, please stop and think for just a moment!!! The original poster has not (yet) provided an answer to this CRITICAL question:Do you know if the fans are still in fact running?All he has described is a MESSAGE on the screen (and accompanying noise) CLAIMING that the fans have died. I could write a boot-sector virus that spat out a message that the moon was made of green cheese. Whether my virus *could* actually turn the moon into green cheese or not would be completely independent of whether you had caught my boot virus or not! (I seem to recall a family of viruses that attempted to re-flash the BIOS. Machines that were supposed to have different BIOS versions might not, after attack by such a virus....) David Gillett --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm --------------------------------------------------------------------------- -
-- ------------------- Matt Simmons Assistant Network Administrator 304.580.8080x5007 Fibernet LLC --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Re: Possible new virus?, (continued)
- Re: Possible new virus? Chris Berry (Sep 09)
- DoS is "Denial of Service (was: Re: Possible new virus? Meritt James (Sep 11)
- Re: Possible new virus? Lee Rich (Sep 10)
- RE: Possible new virus? Harris Samuel W PORT (Sep 10)
- RE: Possible new virus? Bacchus Apollonius (Sep 10)
- RE: Possible new virus? Buz Dale (Sep 10)
- RE: Possible new virus? David (Sep 10)
- RE: Possible new virus? Brian Dunbar (Sep 10)
- RE: Possible new virus? Chris Berry (Sep 10)
- RE: Possible new virus? David Gillett (Sep 11)
- Re: Possible new virus? Wirefire Systems Administrator (Sep 11)
- RE: Possible new virus? David Gillett (Sep 11)
- Re: Possible new virus? Chris Berry (Sep 10)
- Re: Possible new virus? Sebastian Schneider (Sep 11)
- Re: Possible new virus? Stephen Pedrosa Eilert (Sep 15)
- Re: Possible new virus? gregh (Sep 16)
- RE: Possible new virus? Chris Berry (Sep 11)
- RE: Possible new virus? David Gillett (Sep 11)
- Re: Possible new virus? Wirefire Systems Administrator (Sep 11)
- RE: Possible new virus? David Gillett (Sep 11)
- Re: Possible new virus? Chris Berry (Sep 11)
- Re: Possible new virus? Chris Berry (Sep 09)