Virus Riddle
-
- Registered User
- Posts: 26022
- Joined: 13 May 2004, 02:00
- Location: Getting there...
- Contact:
Virus Riddle
Riddle me this...
I have two machines running MSE, both XP Home, both connected to the net via seperate 3G connections, not networked. Windows update are running on both etc etc. Basically they are identical software wise.
So I transfer data from the one (Joe*) to the other (Bob*) and am informed that the memory stick has a virus on it. Rimecud!inf none the less.
Fair enough, stuff happens.
MSE on Bob cleans the infection and I'm a happy puppy. Plug the stick into Joe, no issues are reported and I'm still happy.
10 minutes later we need to print some more files and the stick is plugged into Bob again. And the presence of the same virus is reported.
Hmmm, seems Joe has the flue (not a speliing mistake), so we update the virus definitions on it and run a full scan. ~3 hours later Joe is given a clean bill of health. The offending memory stick is formatted and plugged as is into Bill.
Same virus.
So what now. Joe refuses to acknowledge the problem but Bill does. And both use the same tool to do so?
*Names added to prevent obfuscation
I have two machines running MSE, both XP Home, both connected to the net via seperate 3G connections, not networked. Windows update are running on both etc etc. Basically they are identical software wise.
So I transfer data from the one (Joe*) to the other (Bob*) and am informed that the memory stick has a virus on it. Rimecud!inf none the less.
Fair enough, stuff happens.
MSE on Bob cleans the infection and I'm a happy puppy. Plug the stick into Joe, no issues are reported and I'm still happy.
10 minutes later we need to print some more files and the stick is plugged into Bob again. And the presence of the same virus is reported.
Hmmm, seems Joe has the flue (not a speliing mistake), so we update the virus definitions on it and run a full scan. ~3 hours later Joe is given a clean bill of health. The offending memory stick is formatted and plugged as is into Bill.
Same virus.
So what now. Joe refuses to acknowledge the problem but Bill does. And both use the same tool to do so?
*Names added to prevent obfuscation
MOOD - Thirsty
A surprising amount of modern pseudoscience is coming out of the environmental sector. Perhaps it should not be so surprising given that environmentalism is political rather than scientific.
Timothy Casey
A surprising amount of modern pseudoscience is coming out of the environmental sector. Perhaps it should not be so surprising given that environmentalism is political rather than scientific.
Timothy Casey
Re: Virus Riddle
Why not try plugging it into... um... Chris... and see what he says... haha but ok really, try another machine and see if the AV complaines about anything
Cooler Master RC-690 CM 690
Intel Core i7 950 3.06 GHz
MSI R5870
2 x 1TB WD Black
Corsair DDR3-1600 6GB DOMINATOR
Intel SmackOver DX58SO MB
Corsair TX650W Power Supply - 650W
Samsung P2350 23"
Windows 7 ultimate 64bit
Intel Core i7 950 3.06 GHz
MSI R5870
2 x 1TB WD Black
Corsair DDR3-1600 6GB DOMINATOR
Intel SmackOver DX58SO MB
Corsair TX650W Power Supply - 650W
Samsung P2350 23"
Windows 7 ultimate 64bit
-
- Registered User
- Posts: 26022
- Joined: 13 May 2004, 02:00
- Location: Getting there...
- Contact:
Re: Virus Riddle
Hmmm, haven't considered that. Although I'll probably have to fake ignorance if Chris finds the same virus.
And then I'll be left with the same conundrum...
Why does one instance of MSE see a virus and another doesn't?
And then I'll be left with the same conundrum...
Why does one instance of MSE see a virus and another doesn't?
MOOD - Thirsty
A surprising amount of modern pseudoscience is coming out of the environmental sector. Perhaps it should not be so surprising given that environmentalism is political rather than scientific.
Timothy Casey
A surprising amount of modern pseudoscience is coming out of the environmental sector. Perhaps it should not be so surprising given that environmentalism is political rather than scientific.
Timothy Casey
-
- Registered User
- Posts: 14338
- Joined: 04 Sep 2004, 02:00
- Processor: i386DX Sooper
- Motherboard: A blue one
- Graphics card: A red one
- Memory: Hard drive
- Location: On a Möbius strip
- Contact:
Re: Virus Riddle
Joe has the virus on its harddisk. Everytime you plug the USB back into Joe, the virus is transferred to the memory stick again. That's fairly obvious.
Could it be possible that you need a GOOD antivirus and not MSE? You can try AVG but I'm not a fan. I prefer Nod32.
Could it be possible that you need a GOOD antivirus and not MSE? You can try AVG but I'm not a fan. I prefer Nod32.
If I weren't insane: I couldn't be so brilliant! - The Joker
-
- Registered User
- Posts: 26022
- Joined: 13 May 2004, 02:00
- Location: Getting there...
- Contact:
Re: Virus Riddle
That's quite possible Blade - abou tme needing a decent paid for anti-virus. Which is what I do on my work laptop.
What gets my goose is that MSE finds the virus on the memory stick - but only on one machine and not the other.
I mean WTF???? It should either find it or not at all???
What gets my goose is that MSE finds the virus on the memory stick - but only on one machine and not the other.
I mean WTF???? It should either find it or not at all???
MOOD - Thirsty
A surprising amount of modern pseudoscience is coming out of the environmental sector. Perhaps it should not be so surprising given that environmentalism is political rather than scientific.
Timothy Casey
A surprising amount of modern pseudoscience is coming out of the environmental sector. Perhaps it should not be so surprising given that environmentalism is political rather than scientific.
Timothy Casey
-
- Registered User
- Posts: 14338
- Joined: 04 Sep 2004, 02:00
- Processor: i386DX Sooper
- Motherboard: A blue one
- Graphics card: A red one
- Memory: Hard drive
- Location: On a Möbius strip
- Contact:
Re: Virus Riddle
So I suggest you try AVG Free and check if you get different results. Perhaps even the Nod32 trial.doo_much wrote:That's quite possible Blade - abou tme needing a decent paid for anti-virus. Which is what I do on my work laptop.
What gets my goose is that MSE finds the virus on the memory stick - but only on one machine and not the other.
I mean WTF???? It should either find it or not at all???
If I weren't insane: I couldn't be so brilliant! - The Joker
Re: Virus Riddle
*hits self over the head until unconscious, wakes up and wonders how could I have missed the most obvious...Bladerunner wrote:Joe has the virus on its harddisk. Everytime you plug the USB back into Joe, the virus is transferred to the memory stick again. That's fairly obvious.
Could it be possible that you need a GOOD antivirus and not MSE? You can try AVG but I'm not a fan. I prefer Nod32.
Cooler Master RC-690 CM 690
Intel Core i7 950 3.06 GHz
MSI R5870
2 x 1TB WD Black
Corsair DDR3-1600 6GB DOMINATOR
Intel SmackOver DX58SO MB
Corsair TX650W Power Supply - 650W
Samsung P2350 23"
Windows 7 ultimate 64bit
Intel Core i7 950 3.06 GHz
MSI R5870
2 x 1TB WD Black
Corsair DDR3-1600 6GB DOMINATOR
Intel SmackOver DX58SO MB
Corsair TX650W Power Supply - 650W
Samsung P2350 23"
Windows 7 ultimate 64bit
Re: Virus Riddle
On both computers (is the second one Bill or Bob?) in command type: dir /ah . Do you see an *.inf file? If you do, type: type [name of file].inf . Does the file refer to an executable?
Last edited by KALSTER on 26 Jul 2010, 00:07, edited 2 times in total.
"It is the mark of an educated mind to be able to entertain a thought without accepting it." - Aristotle
Intel i5 2500; AsRock Z77 Extreme 4; Asus GTX580; 4x 2GB DDR3 1333; Intel 520 240GB SSD + 2x WD 3TB + 2TB Samsung; Samsung 22X DVD/RW; 23" LG W2343T-PF; Huntkey 700W
Intel i5 2500; AsRock Z77 Extreme 4; Asus GTX580; 4x 2GB DDR3 1333; Intel 520 240GB SSD + 2x WD 3TB + 2TB Samsung; Samsung 22X DVD/RW; 23" LG W2343T-PF; Huntkey 700W
-
- Registered User
- Posts: 26022
- Joined: 13 May 2004, 02:00
- Location: Getting there...
- Contact:
Re: Virus Riddle
People...
I am NOT worried about the flippen virus!!!!!
What worries me is that one instance of MSE picks it up and another doesn't!!!!
Yes. Multiple exclamation marks. I know...
I am NOT worried about the flippen virus!!!!!
What worries me is that one instance of MSE picks it up and another doesn't!!!!
Yes. Multiple exclamation marks. I know...
MOOD - Thirsty
A surprising amount of modern pseudoscience is coming out of the environmental sector. Perhaps it should not be so surprising given that environmentalism is political rather than scientific.
Timothy Casey
A surprising amount of modern pseudoscience is coming out of the environmental sector. Perhaps it should not be so surprising given that environmentalism is political rather than scientific.
Timothy Casey
-
- Registered User
- Posts: 14085
- Joined: 06 Oct 2004, 02:00
- Location: Location, Location...
- Contact:
Re: Virus Riddle
doo, is this maybe one of those virus(es- or whatever) that once it infects a machine, it prevents said machine's AV from knowing it's present?
- rustypup
- Registered User
- Posts: 8872
- Joined: 13 Dec 2004, 02:00
- Location: nullus pixius demonica
- Contact:
Re: Virus Riddle
first guess?
auto-run is disabled on joe but enabled on bob/bill - MSE plays the 'on-access' game, so those machines accessing the stick using auto-run are effectively triggering an access scan, whereas joe isn't?..
still sounds like joe is a dirty tramp needing a reset...
auto-run is disabled on joe but enabled on bob/bill - MSE plays the 'on-access' game, so those machines accessing the stick using auto-run are effectively triggering an access scan, whereas joe isn't?..
still sounds like joe is a dirty tramp needing a reset...
Most people would sooner die than think; in fact, they do so - Bertrand Russel
-
- Registered User
- Posts: 26022
- Joined: 13 May 2004, 02:00
- Location: Getting there...
- Contact:
Re: Virus Riddle
Joe is mum's PC so you never know what dodgy sites she'd been to...
Thanks I'll have a look at the auto-run settings.
Thanks I'll have a look at the auto-run settings.
MOOD - Thirsty
A surprising amount of modern pseudoscience is coming out of the environmental sector. Perhaps it should not be so surprising given that environmentalism is political rather than scientific.
Timothy Casey
A surprising amount of modern pseudoscience is coming out of the environmental sector. Perhaps it should not be so surprising given that environmentalism is political rather than scientific.
Timothy Casey
Re: Virus Riddle
2.0KALSTER wrote:On both computers (is the second one Bill or Bob?) in command type: dir /ah . Do you see an *.inf file? If you do, type: type [name of file].inf . Does the file refer to an executable?
"It is the mark of an educated mind to be able to entertain a thought without accepting it." - Aristotle
Intel i5 2500; AsRock Z77 Extreme 4; Asus GTX580; 4x 2GB DDR3 1333; Intel 520 240GB SSD + 2x WD 3TB + 2TB Samsung; Samsung 22X DVD/RW; 23" LG W2343T-PF; Huntkey 700W
Intel i5 2500; AsRock Z77 Extreme 4; Asus GTX580; 4x 2GB DDR3 1333; Intel 520 240GB SSD + 2x WD 3TB + 2TB Samsung; Samsung 22X DVD/RW; 23" LG W2343T-PF; Huntkey 700W
-
- Registered User
- Posts: 26022
- Joined: 13 May 2004, 02:00
- Location: Getting there...
- Contact:
Re: Virus Riddle
2.0 ??
MOOD - Thirsty
A surprising amount of modern pseudoscience is coming out of the environmental sector. Perhaps it should not be so surprising given that environmentalism is political rather than scientific.
Timothy Casey
A surprising amount of modern pseudoscience is coming out of the environmental sector. Perhaps it should not be so surprising given that environmentalism is political rather than scientific.
Timothy Casey
Re: Virus Riddle
Sorry, did you try that? I have had similar behaviour from Autorun.inf viruses in the past. Once you locate the hidden *.inf file, then you can check inside it using the 'type' command to see which file it references so you can nuke it. Usually once I had deleted the *.inf file (after changing the attributes) and rebooted, the AV was suddenly able to pick it up. I had to format the flash drive as well before rebooting, otherwise it would sometimes reinfect the PC.
"It is the mark of an educated mind to be able to entertain a thought without accepting it." - Aristotle
Intel i5 2500; AsRock Z77 Extreme 4; Asus GTX580; 4x 2GB DDR3 1333; Intel 520 240GB SSD + 2x WD 3TB + 2TB Samsung; Samsung 22X DVD/RW; 23" LG W2343T-PF; Huntkey 700W
Intel i5 2500; AsRock Z77 Extreme 4; Asus GTX580; 4x 2GB DDR3 1333; Intel 520 240GB SSD + 2x WD 3TB + 2TB Samsung; Samsung 22X DVD/RW; 23" LG W2343T-PF; Huntkey 700W
-
- Registered User
- Posts: 26022
- Joined: 13 May 2004, 02:00
- Location: Getting there...
- Contact:
Re: Virus Riddle
No hidden inf files.
@rusty - yep spot on. I've disabled auto run on the other PC as well. Will install decent anti virus later this week and clean up on both.
Thanks for all the advice. Let's treat this as resolved?
@rusty - yep spot on. I've disabled auto run on the other PC as well. Will install decent anti virus later this week and clean up on both.
Thanks for all the advice. Let's treat this as resolved?
MOOD - Thirsty
A surprising amount of modern pseudoscience is coming out of the environmental sector. Perhaps it should not be so surprising given that environmentalism is political rather than scientific.
Timothy Casey
A surprising amount of modern pseudoscience is coming out of the environmental sector. Perhaps it should not be so surprising given that environmentalism is political rather than scientific.
Timothy Casey