PC Virus Attack?

Sounds like a rootkit.

Get your data off with Ubuntu and reformat the partition. The OS is hosed.

I was afraid of that. I am still trying to salvage it. I don't have a Windows CD, so reloading is going to be a bit of a chore, and I have some applications that I have added since my last backup...

I am trying to migrate fully to Ubuntu, but there are still a lot of things I can't do in Ubuntu that I need Windows for. VirtualBox gives me some of the functionality I am looking for, but does not cover all the bases.

I am also trying to get help from Avira and Comodo, but so far, nothing that works....

I now have three Acer laptop's.

The last two have Win XP Pro and run fine.

The first laptop cost $3500 and had removeable, exchangeable 3.5" and CD drive's. This laptop would sometimes fail to boot, so I found I could loosen the holding screw, pop out the hard drive and reseat the hard drive and everything worked fine until the next time, maybe a 1,000 miles later. I did buy two more hard drives for that laptop and still have it. The first hard drive was configured for dual boot, with maybe Win 95 and Win NT, the NT of course did not like to connect to external items.

Although the particular Acer I have is most likely not of the same quality as the originals, so far I have no problem with the hardware (other than the lack of floppy drive and RS232 port!). Since I paid considerably less for my laptop than you did for yours (a price that I consider appropriate for "disposable" equipment rather than a long-term replacement), I can live with the fact that the paint is wearing off, and the mousepad stopped functioning...The unit runs perfectly with Xubuntu, and I can even access the data on the infected sector from Ubuntu with no problems- indicating it is not a hardware problem.

Thanks for the tip. I have downloaded UBCD4Win and will give it a try. I have also tried Avira's rescue CD, but it did not work- it booted, then froze up when it started to scan. This appears to be a pretty nasty virus- won't let me even boot into Windows if I don't have the Internet connected...

GA for your answer.

By the way, Knoppix Boot CD will do the same thing.....

I understand that you have no Windows CD, why not? All PCs come with either a Boot CD, a recovery CD or a copy of one or the other on the hard disk, that you burn onto a CD or two, in case something goes wrong in the future.......

Also, it sounds like you still have the PC connected to the internet, you should disconnect at least while trying to fix Windows.......!!! Some software just keeps calling up reinforcements!!!!

If you have to buy a Windows, may I suggest that you Buy WinXP Pro, either new or second hand from ebay.......and get any updates online AFTER you have installed good anti virus software....and a hardware firewall and a software firewall.

Once you have sorted that out, may I recommend that you erase/format the partition for Windows, run a virus and a rootkit scan on it, before reinstalling Windows. I personally use Knoppix to do all that, I format to Fat16 first, rewrite the MBR, then scan, then install Windows XP Pro, but allowing Windows to format in NTFS before installing.....

Never use the same physical hard disk for the system and your data, ALWAYS use a second disk. People who have their data on a D: partition (or similar) on the same disk are running unacceptable risks........but simply do not know it!!!

An external USB disk can also be effective in securing data, but only provided you have properly installed anti virus and anti rootkit software....otherwise you may only be saving the malicious software on the USB disk too.......

I also personally recommend Kaspersky as an antivirus software, its as good as any, and slows your PC down the least of any that I have seen or heard used (also mentioned in many good magazine tests!). Symantec products work well, but slow everything down to a crawl, but still better than no antivirus software.

When everything is back to normal, download and run the latest version of Dr Web free version in a full scan - just to make sure!!!

You can download the latest version once a week and rescan, though since I have had Kaspersky and the first scan from Dr Web, Dr Web has never found a further infestation.......but that does not stop me running it!!! Just to be sure.

Best of luck.

Andy-

Thanks for your response. It would seem it has been a while since you purchased a new PC- a lot of manufacturers no longer supply a CD with their equipment. The last computer I purchased that came with an operating CD had Windows 98! One can supposedly get a CD from the manufacturer at special request, if one happens to live in a part of the world where this is convenient...Anyway, the actual disc images are often on the computer itself, but no convenient way, or instructions, usually, to create a CD from the package (now one sees .msi images, which are easy to use, but my computer is a bit older than that).

I do not have the computer connected to the Internet- but the bug won't let me boot without an internet connection. So, I have to connect it momentarily when I reboot it (unless I boot it in Ubuntu). I also keep most of my data on a separate partition (everything except fresh downloads from the internet, which are examined BEFORE the are transferred to the data storage), as well as backups of application installation files. Also, as of this incident (not the first), I now restrict ALL of my Internet activity to Ubuntu machines (well, OK, sometimes one must violate that rule). I have to re-evaluate my procedures for transferring information, though, because I have been using a thumb drive, and it is distinctly possible that the thumb drive was actually the source of the virus, having used it to capture data from a third party computer recently...

I am considering dumping windows all together on the laptop, but I still have a couple of issues to work out. Specifically, this is my "field" computer, and I have applications (specifically related to communicating with critical T&M equipment) that I have not gotten to work in VirtualBox for which no Linux packages exist, or are likely to be created. I've looked at Wine and VMWare as well, but VirtualBox seems most appropriate (running a virtual Win 98 machine- I have always preferred Win 98 to any other flavor of Windows).

I use Avira antivirus (in fact, it was during an update of Avira that brought the problem to light- the update procedure requires shutting off the protection to activate the new files. I don't think the virus CAME with the download, but the update procedure left a window of opportunity. Based on the oldest available restore point on the computer, the infection dates from when I did the update). I have tried a couple of other antivirus software packages since the problem arose, but this is a pretty sophisticated bug- it won't let me add anything that even remotely looks like antivirus software. I have a root kit detector, Glary Utilities, and CCleaner which I use quite a bit, but the bug got through my defenses somehow (most likely due to some careless on my part). I have been using Avira fora couple of years quite successfully. I also use Comodo fire wall, which can be aggravating at times, asking permission every time some app wants to do something new, but good protection. This bug seems to have deactivated both.

I have not looked at Kaspersky products (not all reviews are favorable) and Symantec seems to draw too much attention from the malware writers as the standard against which to test their product. I will have a look at Dr. Web. Avira has provided a rescue CD, but the system freezes when booted from that. I now have a different rescue package that I am going to try, but I have to transfer it to another system (package downloaded in Ubuntu, needs to be transferred to my Windows machine to create a bootable CD). Fortunately, I have a couple of uninfected Windows machines available. But, like I said, I only do Internet stuff from Ubuntu now.

I will let you know if Dr. Web can get me out of this fix.

Charlie

Buy a legal copy of Windows, its far better than all the screwing around you are having to do right now.....format, scan and re-install.......or is all your software without an install CD too?

In Germany, you always get one of the options I have previously mentioned on Laptops with Windows, in fact, it could even be considered illegal NOT to supply backup in some manner.....being in some way "unfit for the purpose sold".....

It appears that the US must play "Catchup!" in that area....or not if nobody complains.....it probably saves you Guys $10 on the price of the Laptop! Worth having? Only you can answer that!!!

I have always received FULL CDs on all the Laptops I have bought I build my own PCs), or knowing bought cheaper laptops with Linux )also with CDs) and separately bought WinXP Pro on ebay.

Yes buy a legal copy of VISTA! and forgetabout all this stuff that continues to effect XP.

What I have seen of Vista is that it is bloated, won't run well on my existing equipment, and won't run my legacy software. Some of the legacy software will never be upgraded to Vista because the manufacturers of the T&M equipment want to sell me new equipment, not help keep the old stuff working.

Okay, I like XP too and it will be supported thru 2014 so we can make good use until then.

Let's get you machine back in order. It has been noted as of 01/16/07 that Trojan.StartPage.1505 is a FP and reported as false positive by DR. WEB, you may find it as RegUPB2b - user name.reg.

There many types of malware scans to detect but you need a remedy.

Getting rid of that "False Positive" has cured some of the problem, but I still have something writing to the registry without my permission, and there is something named _start.exe that keeps trying to access different parts of the system (Comodo firewall is now apparently working). Dr. Web a least got me back to where I wanted to be, and Malwarebytes is now running on the system. The computer boots in Windows without Internet connection, so we are making progress.

I am also still suspicious of the RtkBtMnt.exe, which is the name of a Realtek application, but the properties on my machine do not agree with what the properties should be (and the machine tells me it is in Chinese!) It keeps coming back, so I don't know what the source is. I have not been able to get Avira antivirus to start up again, so I have deleted it from the computer. I can now run Glary Utilities and CClean, but they give me different results. I'm still not ready to try to put the machine back on the Internet, but we are making progress.

God, this has cost me three days, when I should be working on projects that bring in money! Another reason to accelerate my migration to Ubuntu...

It stands to reason as RealTek is a Chinese product, RtkBtMnt.exe errors normally occur due a registry problem.

use manual registry correction method given earlier and you may be making again

I use Ubuntu as a HD cleaner

I don't know what I'd use ubuntu for otherwise it's merely a step sideways and I need to go forward.

For the benefit of the curious...

I recommend for those whom want free protection to use Avira-free and malwarebytes and Spybot S&D; they work well together. For those wanting more; Avira or ESET I think I think are the best available.

Avira is kind of slow but that isn't bad, anti-virus products that claim to be fast normally accomplish by cutting corners which enable opportunity for infections. Think of it as comparing every bit of data on you machine to a gazillion possible contradictions.

ESET is an exception providing low latency, speed and extreme effectiveness.

Hi the latest Noton 360 is superb you pay about 50 gbp for to keep it up to date and get a free upgrade when ever one comes availabe it will clean up every piece of malware right into the kernel of the machine there is a load of diagnostics and regular updates of virus definitions it is well worth having. It is worth every penny after it initial purchase and is kept up to date for the aformentioned annual fee

Andy- I HAVE a legal copy of Windows- purchased with an Acer laptop and properly registered with Microsoft. I am in the process of converting to Linux, but, unfortunately there are still a lot of applications that don't work well in Linux or some of the virtual solutions I am working with. I especially have trouble with some critical T&M equipment that only comes with Windows software...

Then format the XP partition and re-install....(all good Linux installs have a boot manager, ubuntu for example, that will handle Linux and XP on the same drive).....install good antivirus software, if not integrated in the antivirus (Kaspersky has it integrated) get a good firewall software. If you have DSL, install a hardware firewall in the DSL Modem.....it should just need activating...then go online to MS and update your XP.

If you need data saving under an XP partition, do it under linux, save it to a external USB drive first.....thats what I had to do recently for a friend of mine, worked fine.

Like the man says, Andy, it's totally legit/normal.

A lot of companies supply computers with windows pre-installed. As I understand, the company is obliged to provide a recovery utility on the HD, or supply recovery discs. Whichever method, it should enable you to recover windows "as shipped".

My cheap Dell (not Del, the proper one ) was supplied in that way. I managed to get some free discs off them. Having managed to trash the recovery suite supplied, their 'recovery' discs re-installed the whole thing (XP Home)*. 10/10 to Dell for customer service.

* The extra ones I got for free.

You said "Like the man says, Andy, it's totally legit/normal."

I totally agree, provided copies are on the Hard disk that I can burn onto CDs and use to correct errors.

Many people forget this and a bit of bad luck or a virus and the copies are gone.

It was intimated that in the USA, some PCs/Laptops are sold without any means of recovering at all, with the OS already installed, and I mentioned that in Germany at least, that is not allowed and I listed the 3 possible methods of recovery supported here, in my post....

It now appears (if I understood correctly) that the required software/OS was on the hard disk all the time.....and he got sent free disks as well. Sounds like a good deal to me.....

I think we are now on the same train, travelling in the same direction.......

Whoa up there Andy,

No need to format, scan and re-install the problem is a corrupt registry.

Newer computers do not come with the old time restore ensemble, now you need download the ensemble to disc F.Y.I. and peace of mind.

Possibly you are so anti MS you've overlooked the free phone support (4) calls up to 72 hours each provided by Microsoft to legitimate owners of their products. An awful lot can be set right in that time frame after which they then charge for additional help. I've got 144 hours remaining on my oldest machine

Then I misunderstood, I understood that a virus was part of the problem......then I take extra special precautions to make sure that it is REALLY gone......

Its the safest way.....but each to his own......

Even if its only the registry, unless you have a recent clean copy, its usually quicker to re install, then you know you have an up to date, clean (fast!!) version.

I find that about once every 18 months, a re install gets rid of a lot of "Chaff", even with good registry cleaners......I test and install and de install a lot of software each month for various people.....it leaves crap behind.....having several PCs and Laptops, means that I am not dead in the water either, while installing.

By the way, in the time taken up to now to fix this sp, I would have re installed Windows 10 times at least!!

Most people would have stopped after the first succesful re-install. Still, an extra 9 installs won't do any harm !

It was good practice.....

I typically hit "format c:" about once every four or five years, but I usually have a clean system to start with, and have done proper preparations. Windows tends to corrupt all by itself with time, and sometimes it is easier to just wipe it and move on, which is most likely going to be the case with this, when I get back to the city. But I would still like to know what killed my system, how it got in, and, maybe, learn something to share with others when they face a similar problem...

It's probably gotten so cluttered you'd never find out exactly what occurred. The program that can keep an o/s perfectly streamlined doesn't exist. Like Andy said earlier, a complete re-install every 12 - 18 months is well worth the effort. Just plan it well, and make sure you get security loaded asap after a re-install. At the rate HD prices drop, I'd go so far as to suggest hammering the old one and buying new. 50 quid and half a days work once a year is nothing. Keep (security scanned) copies of all your vital documents and downloaded program setup files on disc. How often depends on how critical, usage etc. DVD's are cheap as chips - once a month ?

Yep, 'wipe and go' sure saves a lot of hassle. Just remember to close the lid, women hate that

Well put Kris.

May I just add that one needs to be well organized insofar that all the software/OS and the passwords/serial numbers to activate it, plus any updates on CD, are needed to be kept to hand, so that a new install, planned or unplanned can be made in a short space of time......

I have a lot of software that I have bought, but only downloaded over the internet, this needs also to be burnt to a CD with passwords/serial numbers in .txt files. Not forgetting any tutorials or documentation.

One single box should be enough for most folks......

cwarner7 11:

I have been looking into this because one of my relatives seems to be suffering from a malware attack. I would recommend trying the following web site:

www.bleepingcomputer.com

that is, if you can get a web connection to work. They are a volunteer site that trouble-shoot all kinds of Malware and Spyware attacks (which is what your symptoms sound like) and have special software tools that you can use against the malware that reinstalls itself between boots and hides in the Windows directory as .dll files. If you can get a copy of the program "HijackThis" which they use to get a list of what processes are running on your computer and what entries in your registry are suspicious, you can get started with them. They do require that you set up an account, but they do not cost any money as far as I know. I looked at some of their entries helping other people and they seem pretty patient and helpful. They do work on other things than just spyware and malware as well. Their guides to Malware seem pretty good also.

Some of these attacks are really hard to defeat and the suggestion to reformat is really the cleanest way to solve them, but if you don't do backup very frequently or you have lots of apps that you hate to reinstall and get set back up, this type of help could be an answer.

Good Luck

Farmers Son-

Thanks for the suggestion. I will try anything (free is better). It appears that the malware may not stay resident in memory, but is set to wake up periodically. I am currently running Dr. Web as Andy suggested, and the initial scan (which included boot sectors and memory) uncovered nothing, but the complete scan is starting to turn up some results. Hijack This did not find the problem. The malware has apparently hijacked my firewall and antivirus protection. An interesting thing about the Windows XP starter edition- it won't allow more than three processes to run at once, so every once in a while I get a little window that tells me some program is trying to do something, and asks me to close some applications. Unfortunately, it does not tell me what application is demanding attention...

I will keep posting here as I resolve this problem...

cwarner7 11,

Sadly HijackThis seems to be more useful for reporting the processes running and registry information than solving the malware issue. Other software that I have heard that might help you include Malwarebytes Anti-Malware, SuperANTISpyware, and Dr. Web Cure-IT (which I see you have already tried).

One other suggestion that I saw that made sense was to run these anti-malware and anti-spyware programs while in SAFE mode (fewer other processes get started in this mode and maybe the malware has less access to stuff). Also, some who were helping trouble-shoot suggested renaming the executeable filename to something other than the normal program name. The point is that some of these infections are looking for you to be using Norton Anti-Virus or Malwarebytes Anti-Malware or the others by their normal "name" and they stop them from running, maybe even before they install properly! You might try reinstalling the tools that you have, changing the install file name to something random and then changing the executable that runs it to something different just to avoid this.

I know, it sounds paranoid, but the people doing these malware/spyware infections have their full focus on "what do we have to do to defeat the biggest threats to our infections" and they can be very clever. Dang them!

I'm interested in what you find helps you...

Again, good luck,

Calvin

Hi Norton 360 with use of a comprehensive scan defeats these sick idiots that put out this stuff and you can also scan and clean up your system registry and do diagnostics. But I guess you use it it's all together in one package

Hello Farmers Son,

Good advice

Everyone should have http://www.bootdisk.com as a Favorite/Bookmark. I never heard of Xbuntu. Maybe, it contains your virus,

Xubuntu is an abreviated Ubuntu Linux package, specifically designed for laptops and other systems of limited capacity (i.e., it is not overloaded with eye candy). So far, it seems malware sources are primarily focused on Windows systems, and I have encountered no issues to date with either of my Ubuntu installations (but, I am sure, time will change this as Linux grows market share.... Thanks for the link- I will have a look.

A few renditions have cause recent problem to Ubuntu and other Linux systems.

I haven't found any programs that will run on XP but not on Vista, any specific troubles?

Thanks, Bwire. I am currently working with Dr. Web, the first scanner that I have been able to get to work since the problem started, and it has identified Trojan.StartPage.1505 as the culprit. If that is in fact the culprit, then I will need to do a lot of restore work to get the system functional again...

Dr. Web reported Trojan.StartPage.1505 as a false positive

Suggest download Start-up from manufacturer and burn a disc on another pooter and follow directions to manually restore the registry.

You missed out this bit ;

"Warning Do not use the procedure that is described in this article if your computer has an OEM-installed operating system. The system hive on OEM installations creates passwords and user accounts that did not exist previously. If you use the procedure that is described in this article, you may not be able to log back into the recovery console to restore the original registry hives. "

It might just be relevant, since he appears to have OEM install.

Here's the full article.

Yes I see your point though the passwords are easily bypassed.

My point is that too many incorrectly assume drastic measures are needed before actual determination of the issue is recognized.

The SpywareGuide List of Companies is one of the single largest sources of companies behind offending or questionable products or products that may impact the Enterprise. This is a continually updating list of the companies that supply spyware, adware, malware, keyloggers, trojans and other greynets. If you are looking for information on a company that has placed their software on your PC, this is the place to start.

http://www.spywareguide.com/creator_list_.php

I am very thankful to all those who have given me assistance with this problem, and apologize for not responding to each and every one in a timely fashion- I had to take a day off today to actually get some work done.

The situation is still dire- what ever has attacked me is persistent and well hidden. I was able to get in to Windows finally, and using Dr. Web was able to get things to the point where I could actually accomplish something. Dr. Web found StartPage.1505, which some have reported as a false positive, but cleaning it out seemed to help. Further, I was having suspicious behaviour from RtkBtMnt.exe and deleted it and some associated files from a Temporary folder- they kept coming back, though (to delete the copies in the deleted folder, one needs to kill the process in something like Process Explorer). My concern was that what I was finding on my computer did not match the properties reported for the Realtek product. Just to be safe, I deleted RealPlayer as well (where RealPlayer came from is a puzzle to me- one of those things that just sort of appears out of nowhere...

I was able to delete and reload a new version of Avira, and Avira found TR/Dropper.Gen in a program suite I haven't used in a while (specifically, win32Forth, which last time I used it had no evidence of any problems). This has also been reported as a False Positive, but I deleted the win32Forth package just to be safe.

HackThis is now giving me problems- it is still reporting Registry entries with embedded nulls that I have not been able to delete, and has added a couple of other registry key issues that may have resulted from adding additional security tools. I now run Threatfire, which is supposed to help identify "suspicious behaviour", although it has caught nothing yet.

Comodo, also upgraded, tells me that RarSFXO\_start.exe, located in one of the temp folders in the Documents and Settings folders is trying to execute frequently. This appears to be a key logger. Of course, the files do not show up in the folders Comodo tells me they are in.

I am still having boot problems- intermittent- I get the feeling things are looking cleaner, then everything goes haywire again. Sometimes, Windows boot process just freezes up and does nothing, other times I get a non-compatibility error, sometimes the run-time error reported earlier. Sometimes, Windows won't boot without the Internet connection (I try not to connect this unit to the Internet, except where absolutely necessary to get some new tool I can't get through transfer from my other machine, running Ubuntu).

I have not yet tried to rebuild the Registry yet, because it appears I am still infected and whatever it is is modifying the Registry at will. In addition to the tools already mentioned, I have what seems to be a working copy of Malwarebytes that finds nothing, Glary Utilities that helps with Registry cleanup and cleaning up temporary files (among other things), Process Explorer and RootKit Explorer, none of which are identifying the problem, and some of which don't function consistently. It appears that I have a CD image file of the original Windows, which I can access through the Xubuntu system on the same computer, but I am not quite ready to reload Windows- I want to know what this thing is, and where it came from (and, maybe, help others that face a similar attack).

As to where it came from, the first instance of a known attack coincides with a download of an Avira update. I do not believe the attack originated with that update, but, during the update process, the antivirus protection shuts down to load new files, and this creates a window of opportunity when one's "guard is down". I had earlier in the day installed a new Internet connection, but have had no problems with a second Windows instance on another computer using the same Internet access. It is possible that the attack originated with a Thumb drive I used to transfer some image files from someone else's computer (there were some questionable files uncovered on the Thumb drive after the fact when examined with one of my Linux boxes, which were deleted). Actually, if I get to the point where I need to wipe the HD (i.e., giving up on the detective work), I will most likely convert this to a pure Linux box.

One other issue I noted today. This being a dual boot system (no problems booting in to Linux), I have noticed that the GRUB loader seems to be a bit slower than before (this is an impression, not an actual measurement). Does anyone know of an attack strategy that would affect the GRUB boot loader?

I am leaving on a trip to the jungle for a few days, which is going to seriously hamper my efforts to resolve this issue in a timely fashion, but we are not giving up. I will be able to monitor the Internet and e-mail from a third party system during this journey, but I don't know if I will be able to continue my efforts to solve the problem until I return to town. Please, keep the suggestions coming- someone out there has had a similar issue, and someone has a solution...

Again, thanks for all the support.

Charlie

Not suggesting it happened to you, but data sticks are used to spread viruses and such ; http://www.telegraph.co.uk/scienceandtechnology/technology/microsoft/4322032/Windows-worm-being-spread-through-USB-memory-sticks.html

If you update antivirus software, you must have at least an active firewall, both software and hardware, to cover the "shop" during the update, or pull the cable out of the modem!!!

I had the same thing some years ago after an XP re-install......I was only online a few minutes to update XP with the latest patches......crazy......

I haven't read all the replies yet. something similiar happened in Dec 08 with my HP laptop. after updating Avast antivirus I had increasing difficulty starting up. after restore did not entirely fix it, I noticed it was 3/4 through start up by watching my icons one by one in the running corner. [xp, home] i traced this to AVAST antivirus. there is a setting for

"disable root kit scan during start up",

"delay loading antivirus services after other system services"

"disable raw disk access in avast boot time scan"

after or something like that. found in a Avast blog for users.

this was all it was. antivirus changed these settings during an update.i unselected these and no probs since. you may have something similiar in your antivirus. good luck.

as usual I am a few days behind the original post and I hope you have already exterminated the bug in your computer. However I would recommend spending some time with the people at bleeping computer, as another poster mentioned . They are very helpful especially with windows products. Also don't over look a hardware problem . I recently was convinced I had picked up a virus with all the usual symptoms, bsod , various and inconsistent error messages , the machine only operating in safe mode etc. I spent a better part of a week trying to identify and remove the virus. I finally got so discouraged I started testing hardware and sure enough a 1 gig ram stick had failed, removed the bad ram and presto problem solved. Look for ram test exe. on the web its' free. By the way, with some of the nasties out there, especially rootkits, A wipe (format) and reinstall doesn't always work. You must Identify the paticular bug and eliminate it, either with a scanner or by hand in the registry. If all else fails and you are still considering a format C or a new hard drive at least upgrade to xp pro it's pretty cheap now.Avoid sp3 if your laptop is an AMD machine they are not compatable.

I have been away for a while, with limited access to the net, and I apologize to those to whom I have not responded directly. I have not been able to fully identify the virus that got me, but it most definitely was a virus, which included a key logger. The fact that Linux runs perfectly well on the other boot segment on the same computer suggests that this is not a hardware problem. Although it is not clear where the virus came from, or when it first entered the computer, it clearly began its attack when I was updating my anti-virus software (the update includes a short period of time during which protection is turned off while the files are updated). It appears that my attempts to clean the system have rendered it unsalvageable, and it is time to reformat. Fortunately, having the dual boot configuration on the computer has saved a great deal of very important historical data, since I can access the contaminated sectors from Linux and grab the files I want to save.

Now it comes time to make a decision about what to do when I reformat. I have over 100 hours invested in trying to solve the problem, and have reached the point where my corrective efforts seem to be causing more damage than solutions. Some have suggested "upgrading" to either XP pro or Vista from XP Starter edition. I happen to have a preference for the Starter edition over XP Pro, in that it is less cluttered with eye candy and insignificant applications that tend to slow the system down (I run XP Pro on another computer, and it is definitely slower for certain tasks than the Starter edition). I also think that, since the Starter edition limits the number of programs that can be run simultaneously, there is some added measure of security (I have seldom run in to problems with this limitation while working, but I did notice that once the virus started its work, the limitation seemed to hamper the virus, as indicated by frequent popups of the MS warning about too many processes). I can highly recommend dual boot configurations for all computers- when a problem arises, one can look at the problem areas (i.e., actually see files hidden on the target sector from the mother operating system), which greatly improves troubleshooting options.

I am partial to abandoning Windows all together, and going with Linux. Unfortunately, I rely on applications that require Windows (CAD software, for which I have found no acceptable alternative, Excel, for which Open Office and other solutions I have examined can not even come close to competing, and several instrumentation applications, for getting data out of stand-alone measurement equipment). I have toyed with some Virtualization solutions to give me Windows capabilities under Linux, but the results have not been as great as the proponents would like us to believe (I currently use VirtualBox with Windows 98- Windows 98 is still, in my opinion, the best MS has been able to do).

I no longer use Windows to access the Internet- most of my computers are set up as dual boot systems with Linux, and Linux is, at present, far more secure for surfing the net (this will likely change at some point in the future, as Linux becomes more prevalent and the bad guys can figure out how to make money off their attacks). Since there are multiple flavors of of Linux out there, it seems unlikely that near term attacks would be as effective as attacks against MS. For the time being, I feel safer with Linux.

I would like to hear from the forum members their thoughts and recommendations. Is there a better virtualization solution out there? Is there some justification for keeping an independent Windows instance that I am missing? Is there some solution, other than buying an Apple computer (which I can not afford at present) that I am overlooking?

Hi,

it does not surprise me that you were attacked during an update, that is the reason that I actually remove the LAN cable on my PC and switch the WiFi off when updating....I had a similar experience many years ago when rebuilding my PC...

Dual boot sounds like a good idea, I think I will do just that myself, probably with Knoppix, thanks for the suggestion.

I disagree about XP Pro, the reasons that it runs slower are more likely to do with the "extra" work that the Antivirus software has to do, so may I suggest a "faster" antivirus like Kaspersky for example....

The Pro version has proved to me time and time again to be more stable than the Home versions that many friends use....it also has backup built in (in a simple but usable form) for example. I know several people who earn their money working on PCs and none of them like the Home version at all.....

You must call that one....

There is a way to have a "Windows in a Box" running under normal Windows where nothing is there for an "attacker" to find or do anything to. I have not yet tried this approach myself, I was only reading about it this morning, but that sounds like an attractive idea for anyone who does not want to go to Linux for example........

Which Windows98 are you talking about? The original was not much at all, but the later SE version was quite acceptable, I use it for my CNC hobby......proving yet again that MS always needs a second (or more) run at the same OS before it works well.....XP is another, both sp 2 and 3 are far better than the original and sp1....as of course they should be....!!

Many will say that Win7 is a second (third or fourth?) run at Vista.......I would not argue!!

It was an interesting blog and I am sure it has/will helped many people, but I for one as soon as I have saved any needed data, I re-install as Windows is so complicated today that you would need to be very, very lucky to find all the places where bits have got changed. Plus a fresh install brings a burst of speed back that no other method achieves.....and I have used many different software packages that clean the registry and work well, but NEVER as well as a re-install....

I would estimate that of the 100 hours, you could have saved yourself at least 90 of them, if not more by this approach.

I think you can get Backup in XP Home, like this.

Yes I know there is a way, most people don't though, but why buy Home when Pro has it all in place....? the money saved should not be the reason.......

Andy-

You are right, I could have saved a whole lot of time had I just bit the bullet and reformatted at the outset, but I really did want to find out what the infection was. I agree with Win 98 SE- bar far the best Windows OS to date (my all time favorite OS is actually the Palm OS, but, unfortunately, nothing similar is available for larger capacity machines, and Palm has now abandoned it).

I have also been reading about "Windows in a Box"- specifically, a program called Comodo Diskshield. However, I have had unsatisfactory results so far with trying to virtualize Windows under Linux- back to the old situation, software writers are totally out of touch with how people use their computers.

It seems to me that MS is leaving themselves open to a significant class-action law suit- they are selling products that are not suited to their intended purposes...

Charlie

There is a version that runs under windows, but don't ask me, as I have forgotten what its called.....If I remember, I will post it for you....

Hi

I favour Norton 360 as it stopped a very nasty downloader file which could have put any number of viruses on my computer it costs a bit to udate per year but itis worth it. The latest version is very slow loading so boot up is rather slow. There diagnostics routine state that I should increase my ram by adding more chips my computer has 512 kb of ram i have added ram chips before but it is adequate at the moment