Security Basics mailing list archives
Re: Possible new virus?
From: Wirefire Systems Administrator <sysadmin () wirefire com>
Date: Wed, 10 Sep 2003 14:15:44 -0400
Thank you everyone for the many suggestions that have been pouring in. Unfortunately I don't have any of these computers at hand, because these were reported to me by another technician (actually an ISP reseller with a computer shop). I have called him, and he reported that another machine (!) came in today with the same symptoms. Apparently the message has been coming up after the post operation, immediatly before entering GUI mode. If this continues, I may take a road trip to investigate myself, in which case I'll have alot more info. My ISP's technical support hasn't gotten any calls about this error in particular, but many people may not connect that error to an internet problem (though sometimes they seem to connect printer and video problems?) but as soon as I can get my hands on a machine, I'll post my findings. Thanks again everybody! Matt Simmons On Wednesday 10 September 2003 01:57 pm, Sebastian Schneider wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Seems like being a boot sector/mbr virus. On that 98 machine, when is that message actually coming up ? before the message "Starting Windows 98..." shows up or after. What happens if you place a empty floppy into your drive trying to boot from that one. Does that message appears anyways? Win98 is in that way easier to analyze, since its boot process is quite simple. Sebastian On Tuesday 09 September 2003 17:01, Wirefire Systems Administrator wrote:Hey all, I've had a computer tech calling me about a very strange symptom. One operating system was XP, one was 98, and another was unknown. The symptom was an error while still in text mode before booting: cpu cooling fan is malfunctioning Accompanying this is a high-pitched tone from the PC speaker. mem /c/p doesn't reveal anything out of the ordinary. There is nothing suspicious in autoexec.bat or config.sys... I wouldn't think twice if it hadn't happened to 3 computers from 3 different vendors in 2 days. I've done some looking in google, and that phrase doesn't even occur in the google database, which leads me to believe this is something new. Any ideas?- -- Sebastian Schneider straightLiners IT Consulting & Services Metzer Str. 12 13595 Berlin Germany Fon: +49-30-3510-6168 Fax: +49-30-3510-6169 www.straightliners.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/X2YYQ7mOWZBxbPcRAnmWAJ9dQtf2gbT3HEi13HsPimwErCqkLACgsvPs t+ABRDn12bNlIzU0xAO42CU= =ogUS -----END PGP SIGNATURE-----
-- ------------------- Matt Simmons Assistant Network Administrator 304.580.8080x5007 Fibernet LLC --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Possible new virus? Wirefire Systems Administrator (Sep 09)
- Re: Possible new virus? Tomas Wolf (Sep 10)
- Re: Possible new virus? Tomas Wolf (Sep 10)
- Message not available
- Re: Possible new virus? Wirefire Systems Administrator (Sep 10)
- Re: Possible new virus? Logan Rogers-Follis (Sep 11)
- Re: Possible new virus? Wirefire Systems Administrator (Sep 10)
- Re: Possible new virus? Sebastian Schneider (Sep 10)
- <Possible follow-ups>
- Re: Possible new virus? Chris Berry (Sep 09)
- DoS is "Denial of Service (was: Re: Possible new virus? Meritt James (Sep 11)
- Re: Possible new virus? Lee Rich (Sep 10)
- RE: Possible new virus? Harris Samuel W PORT (Sep 10)
- RE: Possible new virus? Bacchus Apollonius (Sep 10)
- RE: Possible new virus? Buz Dale (Sep 10)
- RE: Possible new virus? David (Sep 10)
- RE: Possible new virus? Brian Dunbar (Sep 10)