HELP!

[Gamingphreek]

Well i posted a day ago about my moms computer being infected by virus's, (trojans and the like). Then it has trouble loading windows and made a mess out of things, Then when we finally get windows loaded again after going to fdisk, making fat32 partitions and that sh!t we find out that we are still having the exact same problems. Then while we are (my dad and I) diagnosing and working on that i said it better not hit one of the other computers well we found out it did. Now when our spare computer boots up we get an error telling us something like disk is unbootable or corrupt please insert system disk.

So at that moment the first thought that entered my head was a traveling boot sector virus. I am at a complete loss at what to do. I dont know how to stopit from spreading to my dad and my computer. My dad says if it infects his computer hes pulling the network offline. So i need extrmely fast responses.

So my questions are:

HELP!??!?!?!

and

How do i stop this thing?

-Kevin

 

[Davegod]

if its spreading over the network your dad should seperate his comp from it now, and any other comp not infected.

next step is to scan the infected PC's, find out what it is then look for a removal tool from one of the antivirus vendors websites. If you cant remove it (remember to try removal when in safe mode! - tap F8 repeatedly during bootup), prepare to format and reinstall.

this post may be some help though I think it's orientated more towards spyware etc.

 

[XplosiV]

Could be a boot sector virus, then again it could be BIOS / CMOS resident also. It could just be that either your windows regestry became corrupt or a corrupt start up file, if you have another working pc using the same version of windows, you could try copying command.com from a working pc to the one not working, just to the root of C:. Also if you can boot from a start up disk with no problems, you could copy the startup files from the disk to your hard drive root ( C: ) and see if the PC will boot ok from that. If it does you can then work on getting some virus analysis done, i would suggest ( as not to risk the network ) use a pc that is not having any problems, download a GOOD antivirus and the install file you download, burn to CD, so you can then keep any 'infected' PC OFF the network, put the CD in and install the antivirus with no network risk at all. See how that goes and if anything is found, then you know what to look for to remove. Personally i would recomend you download norman's AV as it has sandboxing - www.norman.com Just use common sence when it comes to the network, isolate the 2 non working pc's and start from the ground up.

 

[mechBgon]

There are a couple of antivirus scanners in my signature, John particularly recommended the Panda one.

Other steps I'd take:

1) Isolate the computers from eachother, obviously. If you need to go online with one, make sure it's the only one connected to the network at the time.

2) On the healthy computer(s), give all Administrator-class accounts a strong password so share-hopping worms don't get lucky on a weak/blank password guess. If the computer isn't even using username/password logon, still get the passwords changed if they were weak.

3) On the healthy computers, install ZoneAlarm firewall software and set the Trusted Zone security level to High.

4) On the healthy computers, update their antivirus definitions and review their antivirus settings. They should be set to deal with threats without asking the user what to do. For the time being, I'd suggest setting them to Silently Delete infected files, period. Play hardball Also ensure that the software is set to use heuristics and every other detection option.

5) For the infected systems, try the Panda antivirus scanner in my signature. More resources here too.

6) Figure out why this infection was able to take hold in the first place, and shut down that vulnerability. Were the systems not patched, or were they running P2P software, or did someone install warez, and why did the systems' antivirus software not catch the threat and deal with it then & there? Batten the hatches this time. The systems should have firewalling, antivirus, Windows updates, and legit software, and "loose-cannon" users should have Restricted User accounts so they can't do much damage.

 

[howdyduty]

mechBgon has the good info, nice post.

could be that bin laden has died on your network though.

 

[Gamingphreek]

Thx for all the good replies, however im still not 100% positive it is a virus. On our spare computer the HD misteriously became corrupt. Even though no one has touched it.

On my moms we found 4 trojans but were not able to find them again afterwards, even though Norton Anti Virus Corporate Edition was not able to do anything with them. The file that was infected was augscrsvr.exe. But i couldn't find that either. I MIGHT have been able to find it but some of the problems wer haveing are as follows..

- Computer freezes when we navigate to any web page.

-Computer does not respond to hyper links

- (Before format) Was not able to copy, cut or paste files.

-(Before format) was not able to search for anything on the computer

All the computers in are house that are on the Internet are running the government issued (my dad works for the federal govt) NAV Corporate edition with the latest updates. Also none have personal firewalls we have the router which is a HW firewall.

The virus seemed to have come when my 2 moronic sisters downloaded, played games and basically had free reign on the computer. Also the original computer my mothers did not have a windows password. It was running windows XP, and did not have all the latest updates. Nor did Office 2000. So far my dad and my computer are the only things that have not been infected, and so far they are doing fine. We both went ot are computers set NAV to highest priority, maxed out real time scan, and maxed out all settings that were needed. So far nothing has happened to them. I can only pray.

Does this sound like a typical virus. Also how could it still be in the boot sector, NAV runs a boot sector scan whenever we scan a computer (only takes like 1 sec for the boot sector scan to complete). Is there anywhere else it could be residing. Please note that my mother computer is a compaq laptop so it has the most basic settings in the bios. It allows boot order changes, time changes, and video memory changes thats it! meanwhilie should we enable boot virus scan in the BIOS on the spare computer that refuses to boot?

Anyone have any clue how to solve this... Thx in advance.

-Kevin

 

[mechBgon]

The hardware firewall of your router does not defend your home computers from eachother. That's why I recommended installing ZoneAlarm on each PC and setting the Trusted Zone protection to High... to keep the computers in your home network from being able to attack eachother.

IMHO, you should nuke that one problem system, reformat its hard drive, and reinstall from scratch if possible. It doesn't sound pretty :Q

 

[ScrapSilicon]

Originally posted by: mechBgon
The hardware firewall of your router does not defend your home computers from eachother. That's why I recommended installing ZoneAlarm on each PC and setting the Trusted Zone protection to High... to keep the computers in your home network from being able to attack eachother.

IMHO, you should nuke that one problem system, reformat its hard drive, and reinstall from scratch if possible. It doesn't sound pretty :Q

Avril

 

[Gamingphreek]

alright well work with the spare machine but does anyone have any clue or any guesses as to what is going on with my moms.

-Kevin

 

[ScrapSilicon]

Originally posted by: Gamingphreek
alright well work with the spare machine but does anyone have any clue or any guesses as to what is going on with my moms.

-Kevin

you answered that question

Originally posted by: Gamingphreek
Well i actually found out what was wrong. I dunno but it did it in my computer to so i was like wtf!?!?! Well when i looked on the disk it is all scratched up. Nothing deep just scratched enough that it cant do somethings. If i burn a copy of this CD will it burn porperly because i dont have another copy of XP. Anyone have any suggestions.

-Kevin

you need a decent media disk..