Re: Possible new virus?

[Wirefire Systems Administrator <sysadmin () wirefire com>]

Thank you everyone for the many suggestions that have been pouring in. 
Unfortunately I don't have any of these computers at hand, because these were 
reported to me by another technician (actually an ISP reseller with a 
computer shop). I have called him, and he reported that another machine (!) 
came in today with the same symptoms. Apparently the message has been coming 
up after the post operation, immediatly before entering GUI mode. If this 
continues, I may take a road trip to investigate myself, in which case I'll 
have alot more info. 
        My ISP's technical support hasn't gotten any calls about this error in 
particular, but many people may not connect that error to an internet problem 
(though sometimes they seem to connect printer and video problems?) but as 
soon as I can get my hands on a machine, I'll post my findings. Thanks again 
everybody! 

Matt Simmons

On Wednesday 10 September 2003 01:57 pm, Sebastian Schneider wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Seems like being a boot sector/mbr virus. On that 98 machine, when is that
> message actually coming up ? before the message "Starting Windows 98..."
> shows up or after. What happens if you place a empty floppy into your drive
> trying to boot from that one. Does that message appears anyways?
>
> Win98 is in that way easier to analyze, since its boot process is quite
> simple.
>
> Sebastian
>
> On Tuesday 09 September 2003 17:01, Wirefire Systems Administrator wrote:
> > Hey all,
> >
> > I've had a computer tech calling me about a very strange symptom.
> >
> > One operating system was XP, one was 98, and another was unknown. The
> > symptom was an error while still in text mode before booting:
> >
> > cpu cooling fan is malfunctioning
> >
> > Accompanying this is a high-pitched tone from the PC speaker. mem /c/p
> > doesn't reveal anything out of the ordinary. There is nothing suspicious
> > in autoexec.bat or config.sys... I wouldn't think twice if it hadn't
> > happened to 3 computers from 3 different vendors in 2 days.
> > I've done some looking in google, and that phrase doesn't even occur in
> > the google database, which leads me to believe this is something new.
> >
> > Any ideas?
>
> - --
>
> Sebastian Schneider
> straightLiners IT Consulting & Services
> Metzer Str. 12
> 13595 Berlin
> Germany
>
> Fon: +49-30-3510-6168
> Fax: +49-30-3510-6169
> www.straightliners.de
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (GNU/Linux)
>
> iD8DBQE/X2YYQ7mOWZBxbPcRAnmWAJ9dQtf2gbT3HEi13HsPimwErCqkLACgsvPs
> t+ABRDn12bNlIzU0xAO42CU=
> =ogUS
> -----END PGP SIGNATURE-----

-- 
-------------------
Matt Simmons
Assistant Network Administrator
304.580.8080x5007
Fibernet LLC


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------