Thank You

Watch sector size, new threat???

I LOVE LINUX !, it saved my data, however the saved data on CDs may be infected.

What ever the Malware was it was it removed my permission to view my files on my external HD, I tried three PCs.

Group and User Policy settings were disabled, I did not have permission to change it even as Admin in Safe Mode.

The files were there showing proper space usage but when I tried to open them I received you do not have permission etc.

I was able to save my pictures & lawyer data using Ubuntu 7.10 Gutsy Gibbon installed on sons pc (dual boot) with windows.

The Virus? even prevented me from using Eraser, Brute force remover, Hijack this, various shredders and a few others to remove it.

I Formatted the drive 5 times while installed in sons desktop there was a 70MB spot that resisted all attempts to remove it.

After the fourth format I still noticed approx 70 MB used.

I read all details on the next three format attempts it was setting the "Sectors at 40MB+"

So i reset the sectors to default twice, it was still there.

I set the sectors to 512KB it reset the sectors to 40MB+ on the fly Grrrr.

I think I killed it finally, we will see.

I should have saved it for an expert but I was bent on killing the Malware.

I have no idea how much information was compromised sent who knows where.

Later.

Please excuse the missing and confusing info. :zzz:zzz:zzz

 

! not a-virus

Hi again,

Zone Alarm Suite found, not a-virus? on my back-up DVD.

Red circle, ! not a-virus:Monitor.Win32.QuasiVNC.b
Identified as in HJT Reader\HijackReader.exe

I will treat it as a possible threat.

Has this happened before, is it possibly a false positive?
I believe some programs that fight malware give a false positive, yes/no??

Please also see my next post today.

Thank you.

 

Re: ! not a-virus

Zonealarm found a Trojan "Win32.BackDoor.Bifrost" & "Backdoor.win32.Delf.dhu"
So I dug deeper and found "Win32.Trojan.shutdown", I also noticed during a scan but not detected as a threat "c:\win/System32\blackbox" ??
What ever the Malware was it removed my permission to view my files on my ext HD, I tried three PCs.
Group and User Policy settings were disabled I did not have any access to change them, I did not have permission to change it even as Admin in Safe Mode.
The files were there showing proper space usage with a Word icon but when I tried to open them I received,
1.) Word cannot open the document.
2.) User does not have access privileges.
3.) Access Denied.
When using Safely remove USB for the external drive I received The device "Generic volume" cannot be stopped because a program is still accessing it. Nothing should have been running at that point in time "SAFE".
I ran the Major Geeks Malware removal procedures which has never failed in the past.
I tried ERD Commander, DOS, Notepad, various recovery programs.
I was able to save my pictures & lawyer data using Ubuntu 7.10 Gutsy Gibbon installed on sons pc (dual boot) with windows.
The Trojan(s) even prevented me from using Eraser, Brute force remover, Hijack this, shredder, registry cleaners and a few others to remove it."C:\External Drive\Documents and Settings\Dad.TOSHIBA\Local Settings\Temp\IEC1.tmp"
I think I Located the file in question IEC1.tmp, TMP File, 339KB The Icon was a windows unknown program icon.

I Formatted the drive 5 times with the Windows CD while installed in my sons desktop there was 70MB used instead of the usual 8MB partition that resisted all attempts to remove it.
I even removed the partitions and restarted the PC then reformatted four times.
After the fourth format I still noticed approx 70 MB used.
I read all details on the next three format attempts it was setting the "Sectors at 40MB+"
So i reset the sectors to default twice, it was still there.
I set the sectors to 512KB it reset the sectors to 40MB+ on the fly.
I think I removed it finally by installing it as a slave in my sons desktop and using Ubuntu Gutsy Gibbon 7.10 to pick away at it, we will see.

I should have saved it for an expert but I was bent on removing the Malware.
I have no idea how much information was compromised sent who knows where. (personal and identity information) the external drive was only attached occasionally however I have high speed internet.
I believe the Trojan started a hidden file in a partition and was saving data from the external HDD to my laptop for sending via high speed internet.
Even zone alarm did not pick up data leaving, I only noticed because my router was flashing when it should have been unable to make an internet connection disabled via software.

My Router has up to date firmware and a hardware firewall, No passthru or VPN were allowed.
I disconnect the wireless router from the internet and change all settings to the highest encryption available to me and passwords which are so confusing I have to write them down on a pad and store it in a desk drawer.

So I reinstalled windows and during Microsoft Windows updates I notice something not right screen flicker and very slow response to commands.
Re format and reload.
Seems ok so far.


I find it fascinating that this can be done.

Does anyone know what this was ????????

These 2 posts are in reverse order in which they were performed.

 

Re: ! not a-virus

Tie in: "Yes"
One thread: "Sorry about multiple threads, hands not as fast as brain or brain hiccup" lack of sleep.

 

Re: ! not a-virus

When I run the hijack this reader downloaded from Major Geeks zonealarm disables it each time as a virus.
this is what comes up.
HackTool.Win32.AntiAV.d.
Why?

I will run the read this malware procedures exactly as outlined again.

 

Log after Read & run me first

I have run the Read Me.

Each time I do a Reformat & Fresh Windows install and update at Microsoft I get infected. ( 4 Times ) swearing is not allowed.
I am starting to feel targeted.
It Is Getting Rediculous.

Here are my logs please help.

 

Re: Log after Read & run me first

Zone alarm found and as far as I can see terminated the following after completion of Read Me first.

1.) Trojan: P2P-Worm.Win32.Logpole.c
2.) Kazaa Lite goop 28

I belive I was told this was a false positive.

Thank you very much for the help everyone.

 

Re: Log after Read & run me first

1.) Exact path: No. scan manual of C: no external drives attached at the time.
2.) I will try the scan with Bitdefender.

Thanks.

 

Thank you, to all who help those of us with less experience! :confused
I am sure we all appreceiate the help. :major