Image Map Image Map
Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 35

Thread: What to do about a persistent virus?

  1. #21
    Join Date
    Feb 2015
    Location
    Cleveland, OH, USA
    Posts
    888

    Default

    Succeeded in re-flashing the BIOS, using SomeGuy's suggestion of a bootable floppy. Found this article on the topic as well: https://forums.techguy.org/threads/i...sh-bios.34862/. I created the config.sys with the suggested "device=himem.sys" line in it. When I was using FreeDos I was booting it "clean", i.e. with nothing resident, as the txt file with the update suggested, and that may have caused the insufficient memory error.

    Anyway, I flashed KW7 version 11, which had a date of 2004, and then version 15, which had the same date as the one I replaced. I am confident the existing BIOS has been replaced.

    I do not have another SATA drive similar to the 150 Gb Samsung that I was using for Windows. The Linux drive is a WD of about the same size but I don't want to sacrifice that. I do have another similar machine, an IBM ThinkCentre, with a SATA drive that has WinXP loaded already. I could put that into the Abit and perhaps quickly confirm or disprove the hardware question, but if I were to infect that drive as well then I would regret the choice.

    I think I'm going to have to find another SATA drive... More to come.

    Thanks again to all who offered suggestions.

    -CH-

  2. #22

    Default

    No need for a SATA drive -- A plain old IDE drive will do just fine for test purposes.
    PM me if you're looking for 3" or 5" floppy disks. EMail For everything else, Take Another Step

  3. #23

    Default

    You may want to see if the problem persists already. It would be nice to know which fix solved the problem.

  4. #24
    Join Date
    Jan 2013
    Location
    Marietta, GA
    Posts
    3,277

    Default

    That is odd, with those kinds of errors I really would have expected a bad memory failure.

    I'd still suggest running Prime95 as a CPU test.

    Can someone recommend a good reliability tester for modern-ish hard drives? I've run in to my fair share of intermittent flaky IDE communications over the years - very hard to diagnose some times. (Usually the darn cables).

    I don't believe that it is applicable to the KW7, but the KT7A had some issues with PCI latency that could cause random intermittent crashes under Windows XP or 7. If these problems persist, you might go in to the BIOS setup and disable various advanced CPU/PCI options and see if that makes any difference.

  5. #25
    Join Date
    Feb 2015
    Location
    Cleveland, OH, USA
    Posts
    888

    Default

    Quote Originally Posted by KC9UDX View Post
    You may want to see if the problem persists already. It would be nice to know which fix solved the problem.
    It's tempting to mount the Samsung drive and see if things are "fixed" but I'll do that after trying a fresh install on another drive first. I have an IDE that I am preparing for use.

    -CH-

  6. #26
    Join Date
    Feb 2015
    Location
    Cleveland, OH, USA
    Posts
    888

    Default

    Quote Originally Posted by SomeGuy View Post
    I'd still suggest running Prime95 as a CPU test.
    I'll try that today before reinstalling Windows.

    Quote Originally Posted by SomeGuy View Post
    I don't believe that it is applicable to the KW7, but the KT7A had some issues with PCI latency that could cause random intermittent crashes under Windows XP or 7. If these problems persist, you might go in to the BIOS setup and disable various advanced CPU/PCI options and see if that makes any difference.
    The BIOS update caused a reset to "default" settings both times. Not sure whether that means "advanced" were disabled, but I could load "safe" settings instead. As above, I'll do that before reinstall.

    -CH-

  7. #27
    Join Date
    Feb 2015
    Location
    Cleveland, OH, USA
    Posts
    888

    Default

    I removed all the SATA drives and installed an IDE drive of about 150 Gb size. Immediately checked BIOS to see that it was being recognized as CH1 Master, then saved config and booted to the FreeDos Live CD. From there I ran FDISK and made one active DOS partition out of the drive. Then I ran Format /U to launch the FreeDos format, which took at least four hours to complete. Internet connectivity was disabled.

    When done I retrieved a different XP Pro installation disk, one I had not used to install on this machine before, and performed a fresh install of XP Pro, SP2. I allowed Windows to change the format from FAT32, which FreeDos had used, to NTFS. Install was successful, but there was no Internet access. Next I performed the SP3 update, also successful.

    By means of a USB drive, which this Win7 machine has examined and pronounced clean, I transferred the setup files for Avast Free. I had searched specifically for XP compatibility and decided on this. I had been using AVG but had experienced trouble with it recently so took another tack. As soon as I invoked it I encountered an error (pic below). I thought MAYBE it was because it wanted to update its definition files first thing so I installed the Netis driver and utility and established Internet connectivity. Then I tried the installation of Avast again, with the same result. Third try under safe mode, same results.

    All in all I tried installing about six anti-malware packages. The only ones that installed successfully were versions that, after installation, announced they were unusable with WinXP, with two exceptions: MalwareBytes failed with a floating-point error message whe I tried to install v.3.x but installed 2.x and then attempted an update, and announced that there was a newer version. When I okayed downloading the newer version it halted with an error. The "old" version ran, but did not find anything. Another program, which I ran under safe mode as well, ran from a command prompt and announced it had found and eliminated UNREGMP2.exe in the registry and in with win32 folder, but deleting this did not resolve the installation issue.

    Those programs that failed to install left one of two error messages. See below for examples.

    So far I'm 0-for-ever.

    -CH-

    13.jpg 14.jpg 15.jpg 16.jpg 17.jpg 18.jpg

  8. #28
    Join Date
    Aug 2006
    Location
    Chicagoland, Illinois, USA
    Posts
    6,087
    Blog Entries
    1

    Default

    Quote Originally Posted by clh333 View Post
    there was no Internet access. Next I performed the SP3 update
    How did you perform the update without internet access? In other words: Are you sure your SP3 update isn't corrupted? Are you sure the XP you're installing isn't corrupted? Have you installed both on another computer to ensure they're fine?

    If you run the TDSS tool again, post what the report contains (just the screenshot is unhelpful).
    Offering a bounty for:
    - A working Sanyo MBC-775, Olivetti M24, or Logabax 1600
    - Music Construction Set, IBM Music Feature edition (has red sticker on front stating IBM Music Feature)

  9. #29
    Join Date
    Feb 2015
    Location
    Cleveland, OH, USA
    Posts
    888

    Default

    The XP installation media was in the form of CDs. XP was OEM issue (came with the refurbished IBM ThinkCentre that was purchased from MicroCenter 4 or 5 years ago), SP3 was downloaded 6-7 years ago. Both had been installed elsewhere before but I will check them to see if they are corrupt; thank you for the suggestion.

    I will re-run the TDSS tool and retrieve the error report.

    -CH-

  10. #30
    Join Date
    Feb 2015
    Location
    Cleveland, OH, USA
    Posts
    888

    Default

    Quote Originally Posted by Trixter View Post
    How did you perform the update without internet access? In other words: Are you sure your SP3 update isn't corrupted? Are you sure the XP you're installing isn't corrupted? Have you installed both on another computer to ensure they're fine?

    If you run the TDSS tool again, post what the report contains (just the screenshot is unhelpful).
    Neither the XP or SP3 install disk reported any problems when scanned with AVG and MalwareBytes on this Win7 machine.

    I ran the Kaspersky again on the XP machine, and as before I got an exception as soon as it was invoked. I noted that it was creating a report file in the Locals/Temp directory so I looked to see what was there. Apparently when the exception occurs two files are created; a .TXT file and a .DMP file. As soon as I closed the exception dialog both were deleted, although there were other similar files from yesterday that persisted.

    I was able to make a copy of the .txt file but could not access the .dmp file to view or copy its contents. The .txt file is attached as are screen shots of the exception report, which appears to be much more detailed than the .txt file indicates, and a before and after view of the TEMP folder contents.

    -CH-

    19.jpg 20.jpg 21.jpg

    A portion of the TXT file:

    <?xml version="1.0" encoding="UTF-16"?>
    <DATABASE>
    <EXE NAME="tdsskiller.exe" FILTER="GRABMI_FILTER_PRIVACY">
    <MATCHING_FILE NAME="EmsisoftEmergencyKit.exe" SIZE="309745960" CHECKSUM="0xDCCBD3A5" MODULE_TYPE="WIN32" PE_CHECKSUM="0x12768C55" LINKER_VERSION="0x0" LINK_DATE="02/03/2016 19:38:25" UPTO_LINK_DATE="02/03/2016 19:38:25" />
    <MATCHING_FILE NAME="ERARemover_x64.exe" SIZE="2991832" CHECKSUM="0xE1F0F162" BIN_FILE_VERSION="1.0.4.1" BIN_PRODUCT_VERSION="1.0.4.1" PRODUCT_VERSION="1.0.4.1" FILE_DESCRIPTION="ESET Rogue Applications Remover" COMPANY_NAME="ESET" PRODUCT_NAME="ESET Rogue Applications Remover" FILE_VERSION="1.0.4.1" ORIGINAL_FILENAME="ERARemover.exe" INTERNAL_NAME="ERARemover" LEGAL_COPYRIGHT="Copyright (c) ESET, spol. s r.o. 1992-2012. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2DE2DD" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.4.1" UPTO_BIN_PRODUCT_VERSION="1.0.4.1" LINK_DATE="10/10/2012 09:37:06" UPTO_LINK_DATE="10/10/2012 09:37:06" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="ERARemover_x86.exe" SIZE="2273880" CHECKSUM="0xE741E97B" BIN_FILE_VERSION="1.0.4.1" BIN_PRODUCT_VERSION="1.0.4.1" PRODUCT_VERSION="1.0.4.1" FILE_DESCRIPTION="ESET Rogue Applications Remover" COMPANY_NAME="ESET" PRODUCT_NAME="ESET Rogue Applications Remover" FILE_VERSION="1.0.4.1" ORIGINAL_FILENAME="ERARemover.exe" INTERNAL_NAME="ERARemover" LEGAL_COPYRIGHT="Copyright (c) ESET, spol. s r.o. 1992-2012. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x232DFD" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.4.1" UPTO_BIN_PRODUCT_VERSION="1.0.4.1" LINK_DATE="10/10/2012 09:34:49" UPTO_LINK_DATE="10/10/2012 09:34:49" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe" SIZE="83316440" CHECKSUM="0x1CD368B1" BIN_FILE_VERSION="3.3.1.2183" BIN_PRODUCT_VERSION="3.3.1.2183" PRODUCT_VERSION="3.3.1.2183 " FILE_DESCRIPTION="Malwarebytes " COMPANY_NAME="Malwarebytes " PRODUCT_NAME="Malwarebytes " FILE_VERSION="3.3.1.2183 " LEGAL_COPYRIGHT=" 2017 Malwarebytes. All Rights Reserved. " VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x4F81040" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="3.3.1.2183" UPTO_BIN_PRODUCT_VERSION="3.3.1.2183" LINK_DATE="01/15/2016 08:22:50" UPTO_LINK_DATE="01/15/2016 08:22:50" VER_LANGUAGE="Language Neutral [0x0]" />
    <MATCHING_FILE NAME="mbam-setup-2.0.3.1025.exe" SIZE="19828376" CHECKSUM="0xDE4AFC41" BIN_FILE_VERSION="2.0.3.1025" BIN_PRODUCT_VERSION="2.0.3.1025" PRODUCT_VERSION="2.0.3.1025 " FILE_DESCRIPTION="Malwarebytes Anti-Malware " COMPANY_NAME="Malwarebytes Corporation " PRODUCT_NAME="Malwarebytes Anti-Malware " FILE_VERSION="2.0.3.1025 " LEGAL_COPYRIGHT="(c) Malwarebytes Corporation. All rights reserved. " VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x12F38C5" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="2.0.3.1025" UPTO_BIN_PRODUCT_VERSION="2.0.3.1025" LINK_DATE="06/19/1992 22:22:17" UPTO_LINK_DATE="06/19/1992 22:22:17" VER_LANGUAGE="Language Neutral [0x0]" />

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •