|
Posted by =?Utf-8?B?V29sZmll?= on August 28, 2005, 10:25 am
If you were Registered and logged in, you could reply and use other advanced thread options
file it should have, so I don't know there... McAfee locked up during scan of
\system32\config, just after system.log. But it did detect some
'Adware-GameSpyArcade.LNK and 'Adware-BJCFD' potentially unwanted programs in
some of the "Axxxxxxx.xxx" files, and deleted them. GameSpy is affiliated
with Halo's online game. (Halo is also one of the programs that got
renamed-scrambled-deleted. I'm gonna try them in Safe mode next...
"David H. Lipman" wrote:
>
> | On Aug 24th, discovered my Outlook, Word, Excel, etc, as well as Morrowind,
> | Halo2 savegames, and many other programs, shortcuts, ini files, etc are just
> | Gone! The shortcuts pinned to the start menu for them are still there, but
> | say invalid shortcut. Less than a week earlier, I had installed the
> | Plug-n-Play vulnerability patch. I'm running XP Home.
> |
> | I checked the recycle bin, not there. Checked the .exe files normal
> | locations, nada. Installed Iolo Search and Recover, they weren't found as
> | deleted. Oddly though, their remnants are there as deleted, looks like the
> | files were renamed "A<some number>.<original extension>", but their contents
> | are scrambled with control characters (for example, should be able to read a
> | .cfg or .ini file in Notepad, but can't cuz it's scrambled.) Registry still
> | has entries for the correct file names and the locations they Should have
> | been though. System Restore goes back no further than the 24th of Aug. It
> | is as if they were remotely uninstalled or something, renamed, scrambled, and
> | restore made impossible. All are programs that I own the license to use.
> |
> | I use firewall (Windows) and through my ISP also (Cox), also do virus scans,
> | anti-spy/ad ware scans regularly. Did these scans but found no problems.
> | Got a Ton of processes running though, not sure which ones shouldn't be on my
> | computer... I backed up much of my drive bout a month ago, so gonna recopy
> | the main files, but seems like it could happen again.
> |
> | Anyway, have you heard of this symptom ? Could it be a new virus? (Going
> | to use your recommended Multi-AV in the meantime)
>
> The symptoms sound like a virus that deletes EXE files.
>
> The AV scan by COX is only goos for incoming email which contain viruses.
Their scan won't
> protect you from getting infectors when browsing the Internet or using media
(CDROM,
> floppies, Flash RAM, etc.) that has infectors on it. For that you need to
have an anti
> virus scanner that is kept up to date and performing "On Access" scanning.
>
> We await the results of the scans performksed within the Multi AV scanning
tool that I
> wrote.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
| 
XML site map