Home |
Search |
Today's Posts |
#1
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
No, not the Virus synthesizer (where did they ever come up with that
name?), but I know there are some computer experts here who know I'm pretty naive so I don't mind asking a potentially embarrassing question. On my AVG Anti Virus run this morning, I noticed a couple of "Change" reports that seem rather threatening to me, even though AVG reports "No threats found." This is with a fresh virus data base update. Partition Table (MBR) - Changed Boot Sector of Disk C - Changed Nothing else suspicious, and everything seems to work normally. I haven't visited any new web sites recently so it's not likely that I'd have picked up something that way. Maybe those have been around for a while, or they always change, and I've just never noticed it. Usually I'm away from the computer when AVG finishes its run and all I ever look at is the "No Threats Found" report, but today I happened to be at the computer while it was running and saw these pop up. I usually leave this computer on all the time so I'm not planning to reboot it before I find out that it's safe and what to do about it if there's a time bomb waiting there to wipe me out on the next boot-up. |
#2
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
On Fri, 1 Feb 2008 05:33:34 -0800 (PST), Mike Rivers
wrote: No, not the Virus synthesizer (where did they ever come up with that name?), but I know there are some computer experts here who know I'm pretty naive so I don't mind asking a potentially embarrassing question. On my AVG Anti Virus run this morning, I noticed a couple of "Change" reports that seem rather threatening to me, even though AVG reports "No threats found." This is with a fresh virus data base update. Partition Table (MBR) - Changed Boot Sector of Disk C - Changed Nothing else suspicious, and everything seems to work normally. I haven't visited any new web sites recently so it's not likely that I'd have picked up something that way. Maybe those have been around for a while, or they always change, and I've just never noticed it. Usually I'm away from the computer when AVG finishes its run and all I ever look at is the "No Threats Found" report, but today I happened to be at the computer while it was running and saw these pop up. I usually leave this computer on all the time so I'm not planning to reboot it before I find out that it's safe and what to do about it if there's a time bomb waiting there to wipe me out on the next boot-up. Give this a go and see if it reports anything http://www.gmer.net/catchme.php d -- Pearce Consulting http://www.pearce.uk.com |
#3
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
On Fri, 1 Feb 2008 05:33:34 -0800 (PST), Mike Rivers
wrote: Partition Table (MBR) - Changed This is advice from a moderator of the AVG support forum: It is normal that AVG shows that files, the MBR or Boot record to have changed. These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive. The only time that you should worry is if they also show as infected. To get AVG to quit showing them as changed, open the AVG Test Center, click the F3 key on your keyboard and tell it to accept the changes. If it still shows something as changed after this.. delete the file named AVG7QT.DAT in C:\ and AVG will rebuild it the next time it is run. |
#4
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
On Feb 1, 9:37 am, Laurence Payne NOSPAMlpayne1ATdsl.pipex.com
wrote: It is normal that AVG shows that files, the MBR or Boot record to have changed. These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive. The only time that you should worry is if they also show as infected. Thanks. A Windows update come along within the past few days and it looked reasonable so I installed it. That's probably what did it. |
#5
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
"Mike Rivers" wrote ...
Laurence Payne wrote: It is normal that AVG shows that files, the MBR or Boot record to have changed. These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive. The only time that you should worry is if they also show as infected. Thanks. A Windows update come along within the past few days and it looked reasonable so I installed it. That's probably what did it. The MBR gets changed every time you start (and stop) the computer. (At least the "dirty" bit that tracks whether the drive was properly shut down last time.) Hopefully, AVR isn't reporting this (completely normal and predictable) change. |
#6
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
On Feb 1, 2:14 pm, "Richard Crowley" wrote:
The MBR gets changed every time you start (and stop) the computer. For all I know, it's been reporting it every time I've run the program, it's just that I don't usually see that screen. It disappears after a fairly short while unless it decides that something is really wrong. I just happened to be looking in the right direction at the right time. |
#7
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
"Mike Rivers" wrote in message ... On Feb 1, 2:14 pm, "Richard Crowley" wrote: The MBR gets changed every time you start (and stop) the computer. For all I know, it's been reporting it every time I've run the program, it's just that I don't usually see that screen. It disappears after a fairly short while unless it decides that something is really wrong. I just happened to be looking in the right direction at the right time. In most boot up sequences (unless the manufacturer's boot screen displaces the BIOS / OS diagnostic boot screen) you can hit the keyboard 'pause' key and stop the process long enough to examine the passing report. DM |
#8
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
In article
, Mike Rivers wrote: I usually leave this computer on all the time so I'm not planning to reboot it before I find out that it's safe and what to do about it if there's a time bomb waiting there to wipe me out on the next boot-up. Redmond thanks you for your fealty. Now clean my boots, bitch. Steve Ballmer ; |
#9
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
david correia wrote:
I usually leave this computer on all the time so I'm not planning to reboot it before I find out that it's safe and what to do about it if there's a time bomb waiting there to wipe me out on the next boot-up. Redmond thanks you for your fealty. Now clean my boots, bitch. Steve Ballmer ; If they buy Yahoo!, I might not use it for email anymore. |
#10
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
On Sat, 02 Feb 2008 11:38:44 -0500, D C wrote:
If they buy Yahoo!, I might not use it for email anymore. That'll teach them! |
#11
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
On Feb 2, 2:06 am, "Soundhaspriority" wrote:
There is no assurance that AVG could find it, because it's a rootkit. So how do I know? Do I have to pay ransom to McAfee? Apparently the tool in the reference you posted only works for subscribers. |
#12
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
Laurence Payne wrote:
If they buy Yahoo!, I might not use it for email anymore. That'll teach them! You think you're funny? You're not. |
#13
Posted to rec.audio.pro,rec.audio.tech,aus.hi-fi,rec.music.classical
|
|||
|
|||
Possible Virus Advice
In article ,
"Sylvan Morein, DDS" wrote: wrote in message On Feb 2, 2:06 am, "Soundhaspriority" wrote: There is no assurance that AVG could find it, because it's a rootkit. So how do I know? Do I have to pay ransom to McAfee? Apparently the tool in the reference you posted only works for subscribers. So you're too cheap to care about your data? Then LIVE with the problems, sport. LOSE your data. RUN as a bot zombie and get your IP banned. This group is for PROS who CARE about their WORK. Get lost! Bob Morein (310) 237-6511 I would guess that this group also doesn't give a rip about the rantings of a person who forges another person's name. Jenn |
#14
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
On Feb 2, 3:35 pm, "Soundhaspriority" wrote:
An alternative is the free Symantec Security Check:http://security.symantec.com/sscv6/d...d=symhome&lang... It said I didn't have any threats. I don't like AVG, for this reason. About five years ago, it had a detection rate of 60%. How can you trust guys like that? It's apparently come a long way in five years. But then how can you really trust anyone? I don't consider myself to be a particularly high virus risk, but still I check the computer on a regular basis. The most reliable way, unfortunately, is to mount the drive on another machine and check it there. How would that make any difference? Apparently the way these rootkit things work is that after installed, they change something after the computer is next booted. It doesn't seem to me that it would make any difference WHICH computer was booted, whatever was on the disk would be changed, whether it's to run a program to erase everything on the drive or to send spam out on my e-mail account. |
#16
Posted to rec.audio.pro,rec.audio.tech,aus.hi-fi,rec.music.classical
|
|||
|
|||
Possible Virus Advice
Get a life, pillow-head.
|
#17
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
On Sat, 2 Feb 2008 17:36:01 -0800 (PST), Mike Rivers
wrote: The most reliable way, unfortunately, is to mount the drive on another machine and check it there. How would that make any difference? Apparently the way these rootkit things work is that after installed, they change something after the computer is next booted. It doesn't seem to me that it would make any difference WHICH computer was booted, whatever was on the disk would be changed, whether it's to run a program to erase everything on the drive or to send spam out on my e-mail account. If you have problems with a boot partition, it can be easier to sort out in a situation where it ISN'T the boot partition, i.e. mount it on another machine as a secondary drive. |
#18
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
On Feb 3, 5:40 am, Laurence Payne NOSPAMlpayne1ATdsl.pipex.com
wrote: If you have problems with a boot partition, it can be easier to sort out in a situation where it ISN'T the boot partition, i.e. mount it on another machine as a secondary drive. OK, now I get it. I suspect though, that as you reported earlier in the thread, that I don't really have a problem, that I just noticed something "normal" that I never noticed before. I tried that on-line Symantec scan and it reported no virus or security threats. I figure that if there was the slightest chance that they could scare me into buying something, they would. |
#19
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
Mike Rivers wrote:
OK, now I get it. I suspect though, that as you reported earlier in the thread, that I don't really have a problem, that I just noticed something "normal" that I never noticed before. I tried that on-line Symantec scan and it reported no virus or security threats. I figure that if there was the slightest chance that they could scare me into buying something, they would. And you have just discovered why so many of us hate Windows so much. --scott -- "C'est un Nagra. C'est suisse, et tres, tres precis." |
#20
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
On 3 Feb 2008 09:02:38 -0500, (Scott Dorsey) wrote:
Mike Rivers wrote: OK, now I get it. I suspect though, that as you reported earlier in the thread, that I don't really have a problem, that I just noticed something "normal" that I never noticed before. I tried that on-line Symantec scan and it reported no virus or security threats. I figure that if there was the slightest chance that they could scare me into buying something, they would. And you have just discovered why so many of us hate Windows so much. --scott I believe that the first ever virus was aimed at the Mac. And currently Mac viruses are appearing at a greater rate than those for Windows. Times change. d -- Pearce Consulting http://www.pearce.uk.com -- Posted via a free Usenet account from http://www.teranews.com |
#21
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
Don Pearce wrote:
On 3 Feb 2008 09:02:38 -0500, (Scott Dorsey) wrote: Mike Rivers wrote: OK, now I get it. I suspect though, that as you reported earlier in the thread, that I don't really have a problem, that I just noticed something "normal" that I never noticed before. I tried that on-line Symantec scan and it reported no virus or security threats. I figure that if there was the slightest chance that they could scare me into buying something, they would. And you have just discovered why so many of us hate Windows so much. I believe that the first ever virus was aimed at the Mac. Yes, the first popular viruses were the result of a bad design decision in the Mac floppy design; there was an executable code segment that would be executed when a filesystem was mounted. Consequently, lots of folks wrote code which copied itself to all the other floppies on a system. So... Apple changed the filesystem design and removed the executable segment in the bootblock. And the problem went away. The difference between Microsoft and all the other folks out there is that Microsoft is so obsessed with compatibility they they do not fix the actual problems; at best they produce patches which prevent specific exploits without fixing the fundamental security issue. Other vendors will redesign systems when major flaws are found. Microsoft will not do this for fear of breaking legacy code; consequently their systems consist of one security issue after another. And currently Mac viruses are appearing at a greater rate than those for Windows. Times change. So, use some system other than OS X or Windows. There are plenty of other choices out there. I do not believe your statement is actually true, however, but it's true that times do change. When they do, systems need to change with them. Other OS vendors, and that includes everyone from IBM to Apple to the various bundlers using Linux kernals, actually fix design bugs when they are discovered. Microsoft does not. --scott -- "C'est un Nagra. C'est suisse, et tres, tres precis." |
#22
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
On 3 Feb 2008 10:11:01 -0500, (Scott Dorsey) wrote:
Don Pearce wrote: On 3 Feb 2008 09:02:38 -0500, (Scott Dorsey) wrote: Mike Rivers wrote: OK, now I get it. I suspect though, that as you reported earlier in the thread, that I don't really have a problem, that I just noticed something "normal" that I never noticed before. I tried that on-line Symantec scan and it reported no virus or security threats. I figure that if there was the slightest chance that they could scare me into buying something, they would. And you have just discovered why so many of us hate Windows so much. I believe that the first ever virus was aimed at the Mac. Yes, the first popular viruses were the result of a bad design decision in the Mac floppy design; there was an executable code segment that would be executed when a filesystem was mounted. Consequently, lots of folks wrote code which copied itself to all the other floppies on a system. So... Apple changed the filesystem design and removed the executable segment in the bootblock. And the problem went away. The difference between Microsoft and all the other folks out there is that Microsoft is so obsessed with compatibility they they do not fix the actual problems; at best they produce patches which prevent specific exploits without fixing the fundamental security issue. Other vendors will redesign systems when major flaws are found. Microsoft will not do this for fear of breaking legacy code; consequently their systems consist of one security issue after another. Yup, even that first 640kB of memory is still "special" in current MS operating systems. And currently Mac viruses are appearing at a greater rate than those for Windows. Times change. So, use some system other than OS X or Windows. There are plenty of other choices out there. I do not believe your statement is actually true, however, but it's true that times do change. When they do, systems need to change with them. Other OS vendors, and that includes everyone from IBM to Apple to the various bundlers using Linux kernals, actually fix design bugs when they are discovered. Microsoft does not. --scott I have windows PCs because I must. Where I have a choice, most of my machines are Linux. d -- Pearce Consulting http://www.pearce.uk.com -- Posted via a free Usenet account from http://www.teranews.com |
#23
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
On Feb 3, 9:02 am, (Scott Dorsey) wrote:
And you have just discovered why so many of us hate Windows so much. There's nothing to hate about Windows, it's the PEOPLE who attempt to exploit it maliciously. I don't feel that it should be my, or Microsoft's responsibility to shield a system from improper use, but unfortunately it's something we have to do. I do my part, but that doesn't include switching to another operating system that the exploiters haven't turned to yet. Unix is probably better protected against enemy invasion, not so much because it's inherent in the operating system, but because the users and administrators (who, on the amateur level, are the users as well) study security methods, and continually strengthen their systems' defenses. It's just crap up with which you have to put, and there are more tools available to the Unix users who choose to use them. |
#24
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
Mike Rivers wrote:
On Feb 3, 9:02 am, (Scott Dorsey) wrote: And you have just discovered why so many of us hate Windows so much. There's nothing to hate about Windows, it's the PEOPLE who attempt to exploit it maliciously. I don't feel that it should be my, or Microsoft's responsibility to shield a system from improper use, but unfortunately it's something we have to do. That's the job of an operating system. An operating system prohibits applications from improper use of the machine resources, that is, to force applications to play together nicely. Everything else is secondary to that. The gui or the command interpreter is important (and in the case of Windows, the gui is 90% of the system), but what is REALLY important is that the operating system provide facilities for the applications to access the hardware while preventing the applications from accessing any resources that are not required for the job. I do my part, but that doesn't include switching to another operating system that the exploiters haven't turned to yet. Unix is probably better protected against enemy invasion, not so much because it's inherent in the operating system, but because the users and administrators (who, on the amateur level, are the users as well) study security methods, and continually strengthen their systems' defenses. It's just crap up with which you have to put, and there are more tools available to the Unix users who choose to use them. Unix was never designed to be a secure system in the first place, and in some ways was modelled after Multics with all the security stuff removed. But as it has evolved, individual security problems have been fixed and the overall design has been tightened up. If I had to run a secure multiuser system, there are a lot of operating systems I'd pick over the Unix variants... but for the most part, when holes are found in the Unix systems, they get fixed. The problem with Microsoft comes down to this: the system was originally never designed to be secure (Windows didn't originally have even basic OS functions like memory management and pre-emptive multitasking), and the folks currently developing it want to be able to run legacy code designed for those early versions on the current system. --scott -- "C'est un Nagra. C'est suisse, et tres, tres precis." |
#25
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
On Feb 3, 10:56 am, (Scott Dorsey) wrote:
The problem with Microsoft comes down to this: the system was originally never designed to be secure (Windows didn't originally have even basic OS functions like memory management and pre-emptive multitasking), and the folks currently developing it want to be able to run legacy code designed for those early versions on the current system. And bless 'em. I still use some old fashioned DOS applications from before we could open our computer's doors to the whole on-line world. |
#26
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
In article ,
(Don Pearce) wrote: currently Mac viruses are appearing at a greater rate than those for Windows. Please provide a source for your assertion. I've been looking for information on Mac viruses and, excepting cross-platform Word and Excel macro viruses, have not found any. The information I have found indicates that current versions of Mac OS are afflicted by 2 or 3 trojan applications and no viruses whatsoever. -- My newsreader kills all posts made from google groups http://improve-usenet.org/ |
#27
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
On Sun, 03 Feb 2008 15:16:54 -0330, Pat wrote:
In article , (Don Pearce) wrote: currently Mac viruses are appearing at a greater rate than those for Windows. Please provide a source for your assertion. I've been looking for information on Mac viruses and, excepting cross-platform Word and Excel macro viruses, have not found any. The information I have found indicates that current versions of Mac OS are afflicted by 2 or 3 trojan applications and no viruses whatsoever. Sorry, I wasn't being that specific to discriminate the two. My source was a tech news programme on the BBC a few weeks ago. d -- Pearce Consulting http://www.pearce.uk.com -- Posted via a free Usenet account from http://www.teranews.com |
#28
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
On Feb 3, 1:38 pm, "Soundhaspriority" wrote:
Mike, that's not the way to think about it. Even the best scanners have success rates of 98 to 99 percent. It is completely feasible, really easy, to create an indetectable virus, and these are being used widely for monetary gain. If the virus is well written, it awaits discovery by an antivirus researcher who sees subtle symptoms, such as unexplained port traffic. I don't have a mission critical system here. It would be an annoyance to have to rebuild but I simply can't afford the time and trouble to chase after every possible virus scanner in hopes that it will detect an undetectable virus that I may or may not have. Besides, if a virus is clever enough to be undetectable by reasonably competent programs, how do you expect a duffer like me to find it on an isolated disk drive and repair it? |
#29
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
On Feb 3, 4:06 pm, "Soundhaspriority" wrote:
May I suggest the following precautions: Don't network it with another machine. If you do, make sure it can't get to the system partition of that other machine. It's networked with another machine, and since it's all in one partition, I assume it can get to the system partition. If you never hear from me again, you'll know I was eaten by a virus. Duffer or no, if you put it on another machine as a secondary drive, the virus scanner won't be handicapped by an OS that has been modified to lie to it. I wonder if I can run AVG from another computer on the network and point it to this disk drive? Of course if I only run it once, it won't know what the MBR looked like previously so it won't know if it's been changed. I guess if I'm doomed, I'm just doomed. So far there have been no symptoms of anything wrong, but then I haven't tried to run every program and look at every data file on the machine so I don't know if anything's been corrupted. There's no indication that there's any outgoing network traffic so I know it's not flooding the world with spam on my account. I guess I'll just have to see what happens when I reboot next. So far, there's been one plausible explanation, that the MBR will change when there's been a Windows update, and there has been one recently, an update to the NetFramework setup. |
#30
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
On Sun, 3 Feb 2008 13:37:27 -0800 (PST), Mike Rivers
wrote: So far, there's been one plausible explanation, that the MBR will change when there's been a Windows update, and there has been one recently, an update to the NetFramework setup. Yup. And everyone else is trying to panic you. Be careful, but don't be paranoid. Your data's backed up isn't it? You may even have a Ghost image of a clean Windows. What's the worst that can happen? |
#31
Posted to rec.audio.pro
|
|||
|
|||
Possible Virus Advice
On Feb 3, 4:43 pm, Laurence Payne NOSPAMlpayne1ATdsl.pipex.com
wrote: Yup. And everyone else is trying to panic you. Nope, just Bob. g Be careful, but don't be paranoid. Your data's backed up isn't it? You may even have a Ghost image of a clean Windows. What's the worst that can happen? As a matter of fact, I did make a Ghost backup after I replaced the disk drive a couple of months ago. The worst that could happen is that I'd lose some e-mail and maybe half a day getting things back in order again if I have to rebuild, but any mail that's really worth keeping is probably still on the Verizon mail server anyway. I figure that being careful about where I surf, what software I install and files I download, what mail I don't open, and scanning with an up-to-date virus scanner on a regular basis is going to keep me at lower risk than most of the users about which the virus-scare articles are written. |
Reply |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
Anti-Virus on a DAW | Pro Audio | |||
FYI Virus-Trojan | Pro Audio | |||
Virus | Vacuum Tubes | |||
The Borg Virus? | Audio Opinions | |||
FA: Access Virus B | Pro Audio |