|
Posted by Galen on August 23, 2005, 6:42 am
If you were Registered and logged in, you could reply and use other advanced thread options
My reply is at the bottom of your sent message:
> I suspect that my computers are infected with some sort of trojan or
> worm that is hijacking the setup/install process. It appears to be
> emulating the CDROM and is somewhere in upper memory. After
> examining the logs and some of the setup files from the install, it
> appears that the file sysfiles.inf in the USMT folder has some
> references to files that have been aliased to be hidden. The folder
> $WIN_NT$.~BT shows up but say that it is not accessible because it is
> too deeply nested. Virus scanner first scans the path
> C:\C\C\C\C\C\C\C\C\C\C\C\C\C\C\C\C\C but crashes and says it cannot
> enumerate the path. In the XMLprov.dll and Setuploader.bin files,
> there is a line between cdrom and device that says "worm", as the
> partition is being created, it has a line that says ..."Sorry, I
> wasn't talking to you!!!...insert 33 *00000". The previous 33 *0000
> repeats for about 20 lines. The next error says string unexepected
> string and length too long.
>
> When it first opened XP pro for the first time it said my copy had to
> be activated before I could log on. I think it must have been
> because the date somehow was set to the year 1792 (which is what the
> files on the PC indicate). The BIOS time however was set to 2099.
> Symantec license immediately expired and system would never connect
> to the server to register.
>
>
> Security Certificates were expired and many were unreadable (IE
> german or russian or unicode).
> Is it possible that if time-stamping is corrupted or changed
> drastically that it could cause the DRM software or "copy protection"
> to malfunction? I am not sure if a virus did this or a hacker.
> Anyone seeing this?
>
> Help
No, no I can't say that I've seen that nor have I seen anything like that
reported recently. You might want to go ahead and flatten that entire box
and rebuild it with a nice clean installation. However if you'd at least
like to take a look and see if you can clean it without having to go through
all of that (and really that box should be taken offline and rebuilt from
scratch with a complete format in my opinion if it's that bad) then:
Malware Cleaning :
http://kgiii.info/windows/all/general/malwarefix.html
I don't usually recommend a complete format if there's a way to avoid it. In
this case it's something to consider.
Galen
--
"Chance has put in our way a most singular and whimsical problem, and
its solution is its own reward."
Sherlock Holmes
| 
XML site map