logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
konrad  
#1 Posted : Tuesday, November 8, 2005 6:07:27 AM(UTC)
konrad

Rank: Advanced Member

Groups: Registered, Registered Users
Joined: 6/6/2005(UTC)
Posts: 424
Location: connecticut,USA

I had few virus on my pc I have no idea how they get in... I never open any ports that I dont use , I had Sygate personal firewall pro, Avast pro antivirus, System works-Symantex and also few antispywere all on real time protection... how this virus get it? #-o , he kill me!, lost all my data, indicator, tools, system exert, all that I had create! god! I have save them on usb floppy (128) mb, but I have to instal all component again, how to prevent from a threat? I want to know if I restart pc (before virus active) to safe mode, scan with antvirus software it will kill virus? #-o or maybe some other method... remeber that this virus has kill my all software that way that I can run anything!!!, a big worm...!!! :x Maybe somebody don't like me from this forum and sent it? :?: :twisted: Many thanks!!!
Bulli  
#2 Posted : Tuesday, November 8, 2005 7:03:39 AM(UTC)
Bulli

Rank: Advanced Member

Groups: Registered, Registered Users
Joined: 9/26/2005(UTC)
Posts: 185
Location: Brazil

Are you sure it was not your little brother? I will give you one good advice, saved my neck a few times already: Get the program: Norton GoBack http://www.norton.com/ho...ecovery/ngb40/index.html Then: Go for Zonealarm Security suite or Panda Security Suite. Hope this help Bulli ;)
konrad  
#3 Posted : Tuesday, November 8, 2005 12:52:35 PM(UTC)
konrad

Rank: Advanced Member

Groups: Registered, Registered Users
Joined: 6/6/2005(UTC)
Posts: 424
Location: connecticut,USA

I have norton go back 4.0 , and Norton System works and the problem was that virus attack all software kill programs, freeze them and I can't move!, that why I ask about safe mode PS: my little brother.... :lol: no he has 4 yrs... but smart guy!... play on stock market with know Metastock ( how to broke) :lol:
kanellop  
#4 Posted : Tuesday, November 8, 2005 3:08:38 PM(UTC)
kanellop

Rank: Advanced Member

Groups: Registered, Registered Users
Joined: 6/3/2005(UTC)
Posts: 181

You must go to a Professional Technician for Help, for to see your PC and to fix it. If you make anything by your Own, i think that will enlarge your Problems. In the past i had the same problem and a Good Technician that i had, fix my Problems to my PC. George K.
konrad  
#5 Posted : Tuesday, November 8, 2005 4:44:23 PM(UTC)
konrad

Rank: Advanced Member

Groups: Registered, Registered Users
Joined: 6/6/2005(UTC)
Posts: 424
Location: connecticut,USA

I put system recover disk and delete all file clear everythink I have norton goback but I dont use it because I can't in this situation...,Now I have clear system improve ablility, performance, look like demon pc-much faster than it was before The hacker know that I need to reinstal new windows , work partiction... I have learn all from windowx xp manual, Also message to Patrick I know now how remote control work I directly connect laptop to my office everyday at school, work. anywere I leave and look pretty nice Thanks for advice! 8)
StorkBite  
#6 Posted : Tuesday, November 8, 2005 6:46:20 PM(UTC)
StorkBite

Rank: Advanced Member

Groups: Registered, Registered Users
Joined: 3/19/2005(UTC)
Posts: 2,995

Was thanked: 14 time(s) in 10 post(s)
K!!! This is you >>> :cry: There's a black cloud following you around. Make sure that whatever virus scanner you use is scanning the boot sector too. Otherwise, you can keep reinstalling everything and still be infected. If you start from scratch, delete all partitions and reformat the disk. Make sure that your backup files are not infected. If you created the backup files, deep scan them to make sure you are reinfecting yourself. Any external drives attached to your network should be scanned too. You can save yourself a lot of grief if you make a disk image after you perform a new installation. In the future, when you need to reinstall from scratch, this will save you hours or days. BTW, any remote connections also increase your exposure to virii. Last thought... if you know for sure that you are infected, then make sure you don't email your buddies. That exposes them too. Pretty soon you won't have any buddies left!
konrad  
#7 Posted : Tuesday, November 8, 2005 6:59:39 PM(UTC)
konrad

Rank: Advanced Member

Groups: Registered, Registered Users
Joined: 6/6/2005(UTC)
Posts: 424
Location: connecticut,USA

hey G.stockman a black crown of clown caming to my pc :( I scan boot sector, reinstal everything, delte all partions and reformat the disk , I scan back up files :roll: when I use remote control I have 2 firewall on just for security purpose... Symatec and Tinyfirewall now I have made a disk image for a brand new instaled file so it won't spend lot of time in future if anything happen... also I have all active antyvirus, spyremover firewall in real time protection... :twisted: Thanks for advise you are right about sending to buddy email! I never do this ! ALso: somebody know what a file NT Kernel system ntoskrnl.exe is use for? This file ask me to permission to access to internet...? should I alllow? I have many time see the same ask....
StorkBite  
#8 Posted : Tuesday, November 8, 2005 10:11:11 PM(UTC)
StorkBite

Rank: Advanced Member

Groups: Registered, Registered Users
Joined: 3/19/2005(UTC)
Posts: 2,995

Was thanked: 14 time(s) in 10 post(s)
I'm using WinXP and have never been asked to set a permission for this file: <Windows Root>\\System32\\Ntoskrnl.exe. You pose an interesting question, since it a file that is targeted by virii. Fortunately, MS made a patch for this problem. The trick is this: When you reinstalled Windows, you should have updated service pack 2 from a CD and installed your antivirus software BEFORE connecting to the internet. Once connected, the first stop should be to MS updates, to get all of the security updates. Otherwise, you run the risk of becoming re-infected... even with a brand new installation. Description: Kernel initialization involves initialization of kernel modules and device drivers by NTOSKERNEL.EXE based on system registry entries. The CurrentControlSet and CloneControlSet registry areas are saved. A driver can report the following errors to the kernel. Ignore - No error is displayed. Normal - Booting continues with error displayed. Severe - The LastKnownGood configuration is used to boot. Critical - Booting fails if LastKnownGood configuration is being used to boot. Exact problem: The interrupt 06h (#UD) handler in NTOSKRNL.EXE contains a branch of code for quickly handling C4h/C4h machine code byte sequences according to the control word specified in the two bytes that follow, when the sequence occurs in Virtual-8086 mode (bit 17 of EFLAGS is set). If a control word value other than 4250h or 4350h (both used for fast file I/O) is given, the "bop" is passed off to another section of code in the process hosting the VDM. In NTVDM.EXE, this transition normally corresponds to returning from a call to NtVdmControl(0) (VdmpStartExecution), but in actuality, execution can be redirected anywhere, since the switch is just accomplished by swapping out context structures. The VDM TIB (arrived at by way of [[[[FFDFF124h]+44h]+1DCh]+98h] on Windows 2000, FS:[F18h] on Windows NT 4.0, Windows XP, and Windows Server 2003) is used to hold a copy of the V86-mode context in effect at the time the fault occurred (at offset +CD0h on NT4 and 2000, +2D8h for XP and 2003), then the context for resuming execution of the host code is retrieved (from offset +A04h on NT4 and 2000, +0Ch on XP and 2003) and loaded into the appropriate registers. As mentioned above, this context is contained in user memory but is not sanitized in any way by the #UD handler, so any process with or without a formally-initialized VDM can place arbitrary values in the host execution context and get the handler to IRETD to any CS:EIP, allowing kernel privileges to be retained while user-supplied code is executed. On any version of Windows, it is sufficient to modify the VDM TIB in a process with a properly initialized VDM (most easily done by code executing in a .COM file). For Windows NT 4.0, XP, and 2003, it is only necessary to set the pointer at offset F18h in the user-land TIB to reference a fake VDM TIB, then execute V86-mode code using NtContinue().
konrad  
#9 Posted : Tuesday, November 8, 2005 11:05:05 PM(UTC)
konrad

Rank: Advanced Member

Groups: Registered, Registered Users
Joined: 6/6/2005(UTC)
Posts: 424
Location: connecticut,USA

Hey buli.... as you advice me I seen a proffesional techical support and he help me.... solve it! hey G.stockman I have Windows xp pro service pack 2 instaled you are right about Kernel System... that I should put antivirus before instal a network... probably I have dsl that automatic create network once I instal windows "network work without setup"..., I check for virus on techical support store and they dont see anything that my computer may involve any problem... that mean I dont have virus :? :eek: the techical part you wrote it down nothing tell me... the basic you wrote I understand... but who have to know that all? right? :twisted: I think the Kernel system is show becuase The orginal version on my pc is windows home edition but I delete home and upgrade to xp pro and that why computer think is still home edition .. crazy pc =D> Shame to pc... [-X :lol:
Users browsing this topic
Guest (Hidden)
Similar Topics
Avast Anti-Virus Quarantining The Downloader (Product Alerts)
by MS Support 11/25/2014 4:49:59 PM(UTC)
Avast Anti-Virus Quarantining The DownLoader Application (MetaStock.com Website FAQ)
by MS Support 11/25/2014 4:42:22 PM(UTC)
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.