Problems with virus osame time...if thise r exploit on a clean ins

[Guest]

I have been trying to get rid of a virus or exploit on my home network that
involves an encrypted "user" changing all my policies and permissions and
taking over everything. I have tried everything including fresh instals and
to the hard drive and reseting my cmos removing my ddr memory
graphics card...( I know sounds desparate right?) but still by the time the
install is finished this "user" has logged on and changed all the settings
and who knows what else. Usually my event logs are disabled, deleted or
corrupt when i check them. However I did find some on my most recent install
of XP that reference a fifo from a serial port and apparently incorporated it
into the installs final settings. Has anybody heard of this?This seems quite
diabolical and I have been banging my head against it for a couple of
weeks..need to find a solution soon or I'm gonna switch to Mac.....jk' Any
help or suggestions would be greatly appreciated at this point.
Thanks!!

 

[David H. Lipman]

1) Download the following four items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt255.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point

You can also try some of the below online scanners.

BitDefender:
http://www.bitdefender.com/scan/license.php

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

DialogueScience:
http://www.antivir.ru/english/www_av/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

Freedom Online scanner:
http://www.freedom.net/viruscenter/index.html

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

RAV
http://www.ravantivirus.com/scan/

Symantec:
http://security.symantec.com/

Trend:
http://housecall.antivirus.com
http://housecall.trendmicro.com


* * * Please report your results ! * * *

Dave


| I have been trying to get rid of a virus or exploit on my home network that
| involves an encrypted "user" changing all my policies and permissions and
| taking over everything. I have tried everything including fresh instals and
| "0" writes to the hard drive and reseting my cmos removing my ddr memory
| graphics card...( I know sounds desparate right?) but still by the time the
| install is finished this "user" has logged on and changed all the settings
| and who knows what else. Usually my event logs are disabled, deleted or
| corrupt when i check them. However I did find some on my most recent install
| of XP that reference a fifo from a serial port and apparently incorporated it
| into the installs final settings. Has anybody heard of this?This seems quite
| diabolical and I have been banging my head against it for a couple of
| weeks..need to find a solution soon or I'm gonna switch to Mac.....jk' Any
| help or suggestions would be greatly appreciated at this point.
| Thanks!!

 

[Dave]

your most likely mistake.... connecting to the internet before you have the
following all installed:
1. firewall
2. virus scanner
3. all the latest xp updates
within minutes of connecting to the internet without at least a fully locked
down firewall you will be infected with several worms and who knows what
else. you can reinstall all you want, wipe hd's and reset cmos all you
want, if you aren't practicing safe hex you will be infected almost
instantly.