Can anything destroy this?

[Urwumpe]

What if one of the two DLLs just checks, if you deleted the other and copies itself back to a new name? Windows does not delete simultaneously, but in sequence. But when the DLLs are not loaded, because you operate with a minimum system or live CD, they cannot repair their system. Using two processes is a old virus trick, but very reliable.

 

[fort]

The DLLs only seem to be the creation of the virus, which, in itself, I've no idea where to look for. Deleting the DLLs simply means there will be at least two new ones the next time I boot. I've no idea where the actual module is that is causing this to happen, and nothing can seem to find it.

Sometimes the root process is in a temp folder. With : 'caché' (in french) as attribute.

 

[TJohns]

Another trick to try

One way I've used in the past to shut down a virus so it can be deleted is to simply change the file security settings! Right-click; Properties; Security tab; tick DENY READ+EXECUTE for all entries; OK; reboot Now the OS has been denied permission to run the DLL's! That might be sufficient for a quick fix ... leave them there, knowing that they can't run. To scan for those other unknown tasks running behind the scenes that put them back again, I'd recommend the AutoRuns tool from SysInternals (now part of Microsoft). It lists ALL those things you never see (machine boot processes, user login processes, browser add-ons, explorer extensions) and lets you safely disable them to test before removing them permanently. Trevor

 

[pete.dakota]

One way I've used in the past to shut down a virus so it can be deleted is to simply change the file security settings! Right-click; Properties; Security tab; tick DENY READ+EXECUTE for all entries; OK; reboot Now the OS has been denied permission to run the DLL's! That might be sufficient for a quick fix ... leave them there, knowing that they can't run. To scan for those other unknown tasks running behind the scenes that put them back again, I'd recommend the AutoRuns tool from SysInternals (now part of Microsoft). It lists ALL those things you never see (machine boot processes, user login processes, browser add-ons, explorer extensions) and lets you safely disable them to test before removing them permanently. Trevor

As I've said, I can't located the virus' 'file', so I have no way to access it's properties or operation.

 

[pete.dakota]

I don't want to start a new thread as, I suppose these two issues are somewhat related. I have decided to give up on this virus and re-install Windows XP with a full re-format.

I am currently trying to back up my data to a second hard drive. I have found an old 40 gig HDD in my house. I have connected it to my motherboard and PSU as normal, and the disk is detected in the IDE list of drives and BIOS. However, Windows Explorer does not show it, and so, I am unable to copy the data I wish to back up.

I have quite a lot of experience with managing HDDs and data transfer between systems on home PCs, but yet, I'm lost on this one. I don't understand how the hard drive can be detected by the BIOS and not by Windows. I have tried switching between master and slave, and between the IDE1 and IDE2 connectors on my motherboard, but to no avail.

I am not sure what shape the hard drive is in, if it's formatted, if it hosts a version of Windows. I really have no idea, and without Windows Explorer recognising it, I'm not sure what I can do.

 

[pete.dakota]

I have been researching this problem, and I believe it may have something to do with the jumper that is needed on the jumper block on the back of the drive.

The sticker on the HDD seems to indicated different jumper placements for different methods of connection the disk to a motherboard (Master, Slave, Master non-ATA, Alternate Capacity). I'm not sure if the hard drive was supposed to come with a jumper or whether I am supposed to take one off of my mobo. I certainly don't have any spare ones.

Could this be why Windows does not recognise the hard drive?

 

[pete.dakota]

After booting the PC from the XP startup CD I have realised that the old HDD drive I was attempting to use must be faulty. I began to think that maybe the reason Windows wasn't detecting it was because it had never been used and was not partitioned. But, in transpires that it has one partition which is not formatted in NTFS and is not 'detectable'. This partition can not be deleted, and nor can Windows be installed on it.

Ignore my ramblings

 

[tomek]

That might actually be a hidden recovery partition included by PC manufacturer. You are not supposed to install Windows onto it, but rather from it.

 

[pete.dakota]

That might actually be a hidden recovery partition included by PC manufacturer. You are not supposed to install Windows onto it, but rather from it.

Doubtful as it takes up the entire disk.

 

[Pilot7893]

There is one thing:

MAMA LUIGI!!

 

[spcefrk]

Is there a way to format the drive with windows on it? For some odd reason my windows xp disk doesn't boot (I bought a copy of XP when I built my PC) so when I last reinstalled windows I wasn't able to reformat the drive.

 

[dbeachy1]

Since the virus is resident in memory it simply recreates two new DLLs with random names and configures them to run on each reboot -- it probably polls the startup configuration every so many seconds so it can be sure to recreate any items you delete. This is why deleting the current DLLs has no effect. Also, once you have a virus or a trojan many of them download additional viruses. Since you aren't (yet) running an antivirus, the safest thing to do is to back up all your data and do a fresh install of XP on your system, making sure to delete and recreate your C: partition. Then after the reinstall get a good antivirus and spyware program.

If you have less than, say, 16 GB of actual document data to save (don't save the program data -- it's infected!), you can just use a USB flash drive to save your data rather than messing with a second hard drive. Flash drives are quite inexpensive now.

Is there a way to format the drive with windows on it? For some odd reason my windows xp disk doesn't boot (I bought a copy of XP when I built my PC) so when I last reinstalled windows I wasn't able to reformat the drive.

It is possible to launch Windows setup from within Windows, so you do not need to boot from the CD: just pop the XP disk in and when the autorun pops up, click "Install Windows" or something like that (it's been awhile since I did that).

 

[polaris149Tiberius]

Nuke and Pave

Nuke and Pave

When I worked at Symantec (yes thats right the guys who make Norton AV) I worked in the Enterprise Tech Support area, Level 2 we had a term to refer to Partitioning the HDD and re-installing windows from scratch (assuming you use an MS OS or Windows at all)

If you do then you would be like the many customers I delt with (including NASA) who came accross a new veriant of some Trojan or something that was sweeping a large part of thier 30,000 nodes.
Me and the boys in the cubicles used to joke about these admins that were in charge of these large enterprise sized LANs/WANs and extended "roadwarrior" units that would log in occasionally via a VPN tunnel.....anyway we would joke about how these guys getting paid around 100k a year somehow didnt know that backing up thier data on these infected nodes was paramount.

Even if your a home user I will still tell you to allways be prepaired for this to happen in case you encounter something that does irreversable damage to your critical windows files. Windows Vista is supposed to have a protected kernal so if you have Vista then you may be ok ?

In Win XP you can backup your User folder in C:\Documents and Settings|[Your User Name]

You back this folder up on a CD and then you can NUKE AND PAVE.

This process will get rid of 99.9% of all malitious code out there.


Also on your boot install to Win XP install, make sure that your drive is set to be the first to boot from in the BIOS of your PC or your boot up will passover this drive and go to C or whatever your system drive is.
Good luck.

 

[Urwumpe]

You can also run most windows software under XP without having full Admin rights and by using a custom sudo command for the other software. It is tricky and needs some work to find out which settings you need for a software which is not cooperating, but the reward is, that 90% of all virus software for windows can't hurt you.

But still, that does not replace your brain.