[Mike Rivers]

No, not the Virus synthesizer (where did they ever come up with that
name?), but I know there are some computer experts here who know I'm
pretty naive so I don't mind asking a potentially embarrassing
question.

On my AVG Anti Virus run this morning, I noticed a couple of "Change"
reports that seem rather threatening to me, even though AVG reports
"No threats found." This is with a fresh virus data base update.

Partition Table (MBR) - Changed
Boot Sector of Disk C - Changed

Nothing else suspicious, and everything seems to work normally. I
haven't visited any new web sites recently so it's not likely that I'd
have picked up something that way.

Maybe those have been around for a while, or they always change, and
I've just never noticed it. Usually I'm away from the computer when
AVG finishes its run and all I ever look at is the "No Threats Found"
report, but today I happened to be at the computer while it was
running and saw these pop up.

I usually leave this computer on all the time so I'm not planning to
reboot it before I find out that it's safe and what to do about it if
there's a time bomb waiting there to wipe me out on the next boot-up.

[Don Pearce]

On Fri, 1 Feb 2008 05:33:34 -0800 (PST), Mike Rivers
wrote:

No, not the Virus synthesizer (where did they ever come up with that
name?), but I know there are some computer experts here who know I'm
pretty naive so I don't mind asking a potentially embarrassing
question.

On my AVG Anti Virus run this morning, I noticed a couple of "Change"
reports that seem rather threatening to me, even though AVG reports
"No threats found." This is with a fresh virus data base update.

Partition Table (MBR) - Changed
Boot Sector of Disk C - Changed

Nothing else suspicious, and everything seems to work normally. I
haven't visited any new web sites recently so it's not likely that I'd
have picked up something that way.

Maybe those have been around for a while, or they always change, and
I've just never noticed it. Usually I'm away from the computer when
AVG finishes its run and all I ever look at is the "No Threats Found"
report, but today I happened to be at the computer while it was
running and saw these pop up.

I usually leave this computer on all the time so I'm not planning to
reboot it before I find out that it's safe and what to do about it if
there's a time bomb waiting there to wipe me out on the next boot-up.

Give this a go and see if it reports anything

http://www.gmer.net/catchme.php

d

--
Pearce Consulting
http://www.pearce.uk.com

[Laurence Payne]

On Fri, 1 Feb 2008 05:33:34 -0800 (PST), Mike Rivers
wrote:

Partition Table (MBR) - Changed

This is advice from a moderator of the AVG support forum:

It is normal that AVG shows that files, the MBR or Boot record to have
changed. These are done during normal maintainance, when you or
windows updates files or have had to correct errors on the drive. The
only time that you should worry is if they also show as infected.

To get AVG to quit showing them as changed, open the AVG Test Center,
click the F3 key on your keyboard and tell it to accept the changes.
If it still shows something as changed after this.. delete the file
named AVG7QT.DAT in C:\ and AVG will rebuild it the next time it is
run.

[Mike Rivers]

On Feb 1, 9:37 am, Laurence Payne NOSPAMlpayne1ATdsl.pipex.com
wrote:

It is normal that AVG shows that files, the MBR or Boot record to have
changed. These are done during normal maintainance, when you or
windows updates files or have had to correct errors on the drive. The
only time that you should worry is if they also show as infected.

Thanks. A Windows update come along within the past few days and it
looked reasonable so I installed it. That's probably what did it.

[Richard Crowley]

"Mike Rivers" wrote ...
Laurence Payne wrote:
It is normal that AVG shows that files, the MBR or Boot record to have
changed. These are done during normal maintainance, when you or
windows updates files or have had to correct errors on the drive. The
only time that you should worry is if they also show as infected.

Thanks. A Windows update come along within the past few days and it
looked reasonable so I installed it. That's probably what did it.

The MBR gets changed every time you start (and stop)
the computer. (At least the "dirty" bit that tracks whether
the drive was properly shut down last time.) Hopefully,
AVR isn't reporting this (completely normal and predictable)
change.

[Mike Rivers]

On Feb 1, 2:14 pm, "Richard Crowley" wrote:

The MBR gets changed every time you start (and stop)
the computer.

For all I know, it's been reporting it every time I've run the
program, it's just that I don't usually see that screen. It disappears
after a fairly short while unless it decides that something is really
wrong. I just happened to be looking in the right direction at the
right time.

[David Morgan \(MAMS\)]

"Mike Rivers" wrote in message ...
On Feb 1, 2:14 pm, "Richard Crowley" wrote:

The MBR gets changed every time you start (and stop)
the computer.

For all I know, it's been reporting it every time I've run the
program, it's just that I don't usually see that screen. It disappears
after a fairly short while unless it decides that something is really
wrong. I just happened to be looking in the right direction at the
right time.

In most boot up sequences (unless the manufacturer's boot screen
displaces the BIOS / OS diagnostic boot screen) you can hit the
keyboard 'pause' key and stop the process long enough to examine
the passing report.

DM

[david correia]

In article
,
Mike Rivers wrote:

I usually leave this computer on all the time so I'm not planning to
reboot it before I find out that it's safe and what to do about it if
there's a time bomb waiting there to wipe me out on the next boot-up.




Redmond thanks you for your fealty.

Now clean my boots, bitch.





Steve Ballmer ;

[D C[_2_]]

david correia wrote:

I usually leave this computer on all the time so I'm not planning to
reboot it before I find out that it's safe and what to do about it if
there's a time bomb waiting there to wipe me out on the next boot-up.




Redmond thanks you for your fealty.

Now clean my boots, bitch.





Steve Ballmer ;


If they buy Yahoo!, I might not use it for email anymore.

[Laurence Payne]

On Sat, 02 Feb 2008 11:38:44 -0500, D C wrote:

If they buy Yahoo!, I might not use it for email anymore.

That'll teach them!

[Mike Rivers]

On Feb 2, 2:06 am, "Soundhaspriority" wrote:

There is no assurance that AVG could find it, because it's a rootkit.

So how do I know? Do I have to pay ransom to McAfee? Apparently the
tool in the reference you posted only works for subscribers.

[D C[_2_]]

Laurence Payne wrote:

If they buy Yahoo!, I might not use it for email anymore.

That'll teach them!


You think you're funny? You're not.

[Jenn]

In article ,
"Sylvan Morein, DDS" wrote:

wrote in message


On Feb 2, 2:06 am, "Soundhaspriority" wrote:

There is no assurance that AVG could find it, because it's a rootkit.

So how do I know? Do I have to pay ransom to McAfee? Apparently the
tool in the reference you posted only works for subscribers.

So you're too cheap to care about your data? Then LIVE with the problems,
sport. LOSE your data. RUN as a bot zombie and get your IP banned.

This group is for PROS who CARE about their WORK. Get lost!

Bob Morein
(310) 237-6511

I would guess that this group also doesn't give a rip about the rantings
of a person who forges another person's name.

Jenn

[Mike Rivers]

On Feb 2, 3:35 pm, "Soundhaspriority" wrote:

An alternative is the free Symantec Security Check:http://security.symantec.com/sscv6/d...d=symhome&lang...

It said I didn't have any threats.

I don't like AVG, for this reason. About five years ago, it had a detection
rate of 60%. How can you trust guys like that?

It's apparently come a long way in five years. But then how can you
really trust anyone? I don't consider myself to be a particularly high
virus risk, but still I check the computer on a regular basis.

The most reliable way, unfortunately, is to mount the drive on another
machine and check it there.

How would that make any difference? Apparently the way these rootkit
things work is that after installed, they change something after the
computer is next booted. It doesn't seem to me that it would make any
difference WHICH computer was booted, whatever was on the disk would
be changed, whether it's to run a program to erase everything on the
drive or to send spam out on my e-mail account.

[Jenn]

In article ,
Soundhaspriority wrote:

wrote in message


In article ,
"Sylvan Morein, DDS" wrote:

wrote in message


On Feb 2, 2:06 am, "Soundhaspriority" wrote:

There is no assurance that AVG could find it, because it's a rootkit.

So how do I know? Do I have to pay ransom to McAfee? Apparently the
tool in the reference you posted only works for subscribers.

So you're too cheap to care about your data? Then LIVE with the problems,
sport. LOSE your data. RUN as a bot zombie and get your IP banned.

This group is for PROS who CARE about their WORK. Get lost!

Bob Morein
(310) 237-6511

I would guess that this group also doesn't give a rip about the rantings
of a person who forges another person's name.

Sorry, my computer had a virus and I had to use daddy's. Who's YOUR daddy?
Does he know you're a lesbian?

Bob Morein
(310) 237-6511

Coward

[David Morgan \(MAMS\)]

Get a life, pillow-head.

[Laurence Payne]

On Sat, 2 Feb 2008 17:36:01 -0800 (PST), Mike Rivers
wrote:

The most reliable way, unfortunately, is to mount the drive on another
machine and check it there.

How would that make any difference? Apparently the way these rootkit
things work is that after installed, they change something after the
computer is next booted. It doesn't seem to me that it would make any
difference WHICH computer was booted, whatever was on the disk would
be changed, whether it's to run a program to erase everything on the
drive or to send spam out on my e-mail account.

If you have problems with a boot partition, it can be easier to sort
out in a situation where it ISN'T the boot partition, i.e. mount it on
another machine as a secondary drive.

[Mike Rivers]

On Feb 3, 5:40 am, Laurence Payne NOSPAMlpayne1ATdsl.pipex.com
wrote:

If you have problems with a boot partition, it can be easier to sort
out in a situation where it ISN'T the boot partition, i.e. mount it on
another machine as a secondary drive.

OK, now I get it. I suspect though, that as you reported earlier in
the thread, that I don't really have a problem, that I just noticed
something "normal" that I never noticed before. I tried that on-line
Symantec scan and it reported no virus or security threats. I figure
that if there was the slightest chance that they could scare me into
buying something, they would.

[Scott Dorsey]

Mike Rivers wrote:

OK, now I get it. I suspect though, that as you reported earlier in
the thread, that I don't really have a problem, that I just noticed
something "normal" that I never noticed before. I tried that on-line
Symantec scan and it reported no virus or security threats. I figure
that if there was the slightest chance that they could scare me into
buying something, they would.

And you have just discovered why so many of us hate Windows so much.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."

[Don Pearce]

On 3 Feb 2008 09:02:38 -0500, (Scott Dorsey) wrote:

Mike Rivers wrote:

OK, now I get it. I suspect though, that as you reported earlier in
the thread, that I don't really have a problem, that I just noticed
something "normal" that I never noticed before. I tried that on-line
Symantec scan and it reported no virus or security threats. I figure
that if there was the slightest chance that they could scare me into
buying something, they would.

And you have just discovered why so many of us hate Windows so much.
--scott

I believe that the first ever virus was aimed at the Mac. And
currently Mac viruses are appearing at a greater rate than those for
Windows. Times change.

d

--
Pearce Consulting
http://www.pearce.uk.com

--
Posted via a free Usenet account from http://www.teranews.com

[Scott Dorsey]

Don Pearce wrote:
On 3 Feb 2008 09:02:38 -0500, (Scott Dorsey) wrote:
Mike Rivers wrote:

OK, now I get it. I suspect though, that as you reported earlier in
the thread, that I don't really have a problem, that I just noticed
something "normal" that I never noticed before. I tried that on-line
Symantec scan and it reported no virus or security threats. I figure
that if there was the slightest chance that they could scare me into
buying something, they would.

And you have just discovered why so many of us hate Windows so much.

I believe that the first ever virus was aimed at the Mac.

Yes, the first popular viruses were the result of a bad design decision
in the Mac floppy design; there was an executable code segment that would
be executed when a filesystem was mounted. Consequently, lots of folks
wrote code which copied itself to all the other floppies on a system.

So... Apple changed the filesystem design and removed the executable
segment in the bootblock. And the problem went away.

The difference between Microsoft and all the other folks out there is
that Microsoft is so obsessed with compatibility they they do not fix
the actual problems; at best they produce patches which prevent specific
exploits without fixing the fundamental security issue. Other vendors
will redesign systems when major flaws are found. Microsoft will not do
this for fear of breaking legacy code; consequently their systems consist
of one security issue after another.

And
currently Mac viruses are appearing at a greater rate than those for
Windows. Times change.

So, use some system other than OS X or Windows. There are plenty of
other choices out there. I do not believe your statement is actually
true, however, but it's true that times do change. When they do,
systems need to change with them. Other OS vendors, and that includes
everyone from IBM to Apple to the various bundlers using Linux kernals,
actually fix design bugs when they are discovered. Microsoft does not.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."

[Don Pearce]

On 3 Feb 2008 10:11:01 -0500, (Scott Dorsey) wrote:

Don Pearce wrote:
On 3 Feb 2008 09:02:38 -0500, (Scott Dorsey) wrote:
Mike Rivers wrote:

OK, now I get it. I suspect though, that as you reported earlier in
the thread, that I don't really have a problem, that I just noticed
something "normal" that I never noticed before. I tried that on-line
Symantec scan and it reported no virus or security threats. I figure
that if there was the slightest chance that they could scare me into
buying something, they would.

And you have just discovered why so many of us hate Windows so much.

I believe that the first ever virus was aimed at the Mac.

Yes, the first popular viruses were the result of a bad design decision
in the Mac floppy design; there was an executable code segment that would
be executed when a filesystem was mounted. Consequently, lots of folks
wrote code which copied itself to all the other floppies on a system.

So... Apple changed the filesystem design and removed the executable
segment in the bootblock. And the problem went away.

The difference between Microsoft and all the other folks out there is
that Microsoft is so obsessed with compatibility they they do not fix
the actual problems; at best they produce patches which prevent specific
exploits without fixing the fundamental security issue. Other vendors
will redesign systems when major flaws are found. Microsoft will not do
this for fear of breaking legacy code; consequently their systems consist
of one security issue after another.


Yup, even that first 640kB of memory is still "special" in current MS
operating systems.

And
currently Mac viruses are appearing at a greater rate than those for
Windows. Times change.

So, use some system other than OS X or Windows. There are plenty of
other choices out there. I do not believe your statement is actually
true, however, but it's true that times do change. When they do,
systems need to change with them. Other OS vendors, and that includes
everyone from IBM to Apple to the various bundlers using Linux kernals,
actually fix design bugs when they are discovered. Microsoft does not.
--scott

I have windows PCs because I must. Where I have a choice, most of my
machines are Linux.

d

--
Pearce Consulting
http://www.pearce.uk.com

--
Posted via a free Usenet account from http://www.teranews.com

[Mike Rivers]

On Feb 3, 9:02 am, (Scott Dorsey) wrote:

And you have just discovered why so many of us hate Windows so much.

There's nothing to hate about Windows, it's the PEOPLE who attempt to
exploit it maliciously. I don't feel that it should be my, or
Microsoft's responsibility to shield a system from improper use, but
unfortunately it's something we have to do.

I do my part, but that doesn't include switching to another operating
system that the exploiters haven't turned to yet. Unix is probably
better protected against enemy invasion, not so much because it's
inherent in the operating system, but because the users and
administrators (who, on the amateur level, are the users as well)
study security methods, and continually strengthen their systems'
defenses. It's just crap up with which you have to put, and there are
more tools available to the Unix users who choose to use them.

[Scott Dorsey]

Mike Rivers wrote:
On Feb 3, 9:02 am, (Scott Dorsey) wrote:

And you have just discovered why so many of us hate Windows so much.

There's nothing to hate about Windows, it's the PEOPLE who attempt to
exploit it maliciously. I don't feel that it should be my, or
Microsoft's responsibility to shield a system from improper use, but
unfortunately it's something we have to do.

That's the job of an operating system. An operating system prohibits
applications from improper use of the machine resources, that is, to force
applications to play together nicely. Everything else is secondary to
that. The gui or the command interpreter is important (and in the case
of Windows, the gui is 90% of the system), but what is REALLY important
is that the operating system provide facilities for the applications to
access the hardware while preventing the applications from accessing any
resources that are not required for the job.

I do my part, but that doesn't include switching to another operating
system that the exploiters haven't turned to yet. Unix is probably
better protected against enemy invasion, not so much because it's
inherent in the operating system, but because the users and
administrators (who, on the amateur level, are the users as well)
study security methods, and continually strengthen their systems'
defenses. It's just crap up with which you have to put, and there are
more tools available to the Unix users who choose to use them.

Unix was never designed to be a secure system in the first place, and
in some ways was modelled after Multics with all the security stuff
removed. But as it has evolved, individual security problems have been
fixed and the overall design has been tightened up. If I had to run
a secure multiuser system, there are a lot of operating systems I'd pick
over the Unix variants... but for the most part, when holes are found in
the Unix systems, they get fixed.

The problem with Microsoft comes down to this: the system was originally
never designed to be secure (Windows didn't originally have even basic OS
functions like memory management and pre-emptive multitasking), and the
folks currently developing it want to be able to run legacy code designed
for those early versions on the current system.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."

[Mike Rivers]

On Feb 3, 10:56 am, (Scott Dorsey) wrote:

The problem with Microsoft comes down to this: the system was originally
never designed to be secure (Windows didn't originally have even basic OS
functions like memory management and pre-emptive multitasking), and the
folks currently developing it want to be able to run legacy code designed
for those early versions on the current system.

And bless 'em. I still use some old fashioned DOS applications from
before we could open our computer's doors to the whole on-line world.

[Pat]

In article ,
(Don Pearce) wrote:

currently Mac viruses are appearing at a greater rate than
those for Windows.

Please provide a source for your assertion. I've been looking for
information on Mac viruses and, excepting cross-platform Word and Excel
macro viruses, have not found any. The information I have found
indicates that current versions of Mac OS are afflicted by 2 or 3 trojan
applications and no viruses whatsoever.

--
My newsreader kills all posts made from google groups
http://improve-usenet.org/

[Don Pearce]

On Sun, 03 Feb 2008 15:16:54 -0330, Pat wrote:

In article ,
(Don Pearce) wrote:

currently Mac viruses are appearing at a greater rate than
those for Windows.

Please provide a source for your assertion. I've been looking for
information on Mac viruses and, excepting cross-platform Word and Excel
macro viruses, have not found any. The information I have found
indicates that current versions of Mac OS are afflicted by 2 or 3 trojan
applications and no viruses whatsoever.

Sorry, I wasn't being that specific to discriminate the two. My source
was a tech news programme on the BBC a few weeks ago.

d

--
Pearce Consulting
http://www.pearce.uk.com

--
Posted via a free Usenet account from http://www.teranews.com

[Mike Rivers]

On Feb 3, 1:38 pm, "Soundhaspriority" wrote:

Mike, that's not the way to think about it. Even the best scanners have
success rates of 98 to 99 percent. It is completely feasible, really easy,
to create an indetectable virus, and these are being used widely for
monetary gain. If the virus is well written, it awaits discovery by an
antivirus researcher who sees subtle symptoms, such as unexplained port
traffic.

I don't have a mission critical system here. It would be an annoyance
to have to rebuild but I simply can't afford the time and trouble to
chase after every possible virus scanner in hopes that it will detect
an undetectable virus that I may or may not have.

Besides, if a virus is clever enough to be undetectable by reasonably
competent programs, how do you expect a duffer like me to find it on
an isolated disk drive and repair it?

[Mike Rivers]

On Feb 3, 4:06 pm, "Soundhaspriority" wrote:

May I suggest the following precautions: Don't network it with
another machine. If you do, make sure it can't get to the system partition
of that other machine.

It's networked with another machine, and since it's all in one
partition, I assume it can get to the system partition.

If you never hear from me again, you'll know I was eaten by a virus.

Duffer or no, if you put it on another machine as a secondary drive, the
virus scanner won't be handicapped by an OS that has been modified to lie to
it.

I wonder if I can run AVG from another computer on the network and
point it to this disk drive? Of course if I only run it once, it won't
know what the MBR looked like previously so it won't know if it's been
changed.

I guess if I'm doomed, I'm just doomed. So far there have been no
symptoms of anything wrong, but then I haven't tried to run every
program and look at every data file on the machine so I don't know if
anything's been corrupted. There's no indication that there's any
outgoing network traffic so I know it's not flooding the world with
spam on my account. I guess I'll just have to see what happens when I
reboot next.

So far, there's been one plausible explanation, that the MBR will
change when there's been a Windows update, and there has been one
recently, an update to the NetFramework setup.

[Laurence Payne]

On Sun, 3 Feb 2008 13:37:27 -0800 (PST), Mike Rivers
wrote:

So far, there's been one plausible explanation, that the MBR will
change when there's been a Windows update, and there has been one
recently, an update to the NetFramework setup.

Yup. And everyone else is trying to panic you.

Be careful, but don't be paranoid. Your data's backed up isn't it?
You may even have a Ghost image of a clean Windows. What's the worst
that can happen?

[Mike Rivers]

On Feb 3, 4:43 pm, Laurence Payne NOSPAMlpayne1ATdsl.pipex.com
wrote:

Yup. And everyone else is trying to panic you.

Nope, just Bob. g

Be careful, but don't be paranoid. Your data's backed up isn't it?
You may even have a Ghost image of a clean Windows. What's the worst
that can happen?

As a matter of fact, I did make a Ghost backup after I replaced the
disk drive a couple of months ago. The worst that could happen is that
I'd lose some e-mail and maybe half a day getting things back in order
again if I have to rebuild, but any mail that's really worth keeping
is probably still on the Verizon mail server anyway.

I figure that being careful about where I surf, what software I
install and files I download, what mail I don't open, and scanning
with an up-to-date virus scanner on a regular basis is going to keep
me at lower risk than most of the users about which the virus-scare
articles are written.