[ previous ] [ next ] [ threads ]
 
 From:  "Ryan Rodrigue" <Ebay at aarelectronics dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] OT Strange Virus?
 Date:  Mon, 7 Aug 2006 08:32:44 -0500 
Thanx Kimmo,

	I use this soley with older windows types.  Since windows 2000 and XP boxes
have been added I tried a cd based AV I found, but it offered no way to
update its definitions and I found it completely useless.  Thanks.  I
appreciate the link.  I  will give the bootable CD another go.  >Ryan

-----Original Message-----
From: Lee Sharp [mailto:leesharp at hal dash pc dot org]
Sent: Sunday, August 06, 2006 12:06 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] OT Strange Virus?


From: "Kimmo Jaskari" <kimmo dot jaskari at gmail dot com>
> On 8/3/06, Ryan L. Rodrigue <Ebay at aarelectronics dot com> wrote:

>> did you try yanking the HD out of the machine and adding it to another
>> machine as a spare > and running the virus and malware scans?  I have
>> done this and am yet to get a virus I have > not been able to get rid of.

> Anyone administrating boxes (be they Windows or any other kind) should
> have a bootable CD to run antivirus etc scans from. One a Windows box
> is rooted, it's completely untrustworthy until you zap the drive and
> reinstall from scratch (more so than a Windows box is usually, I
> mean.)

Pebuilder is nice, but UBCD 4 Win is a configured PE Builder that is as
simple to make as can be.  http://www.ubcd4win.com/  Several malware and
virus scanners.  But no help in this case.

For the record, the only odd thing I have found is with filemon.  I have no
clue what this means, and there is now good string to search...  Several
pages if this in several directories as soon as I one one.

353 1:23:58 PM explorer.exe:1256 OPEN C:\Documents and
Settings\Cap'n\Desktop\Scooby\AWD.jpg\:Docf_QebiesnrMkudrfcoIaamtykdDa:$DAT
A
NOT FOUND Options: Open  Access: Read
354 1:23:58 PM explorer.exe:1256 OPEN C:\Documents and
Settings\Cap'n\Desktop\Scooby\AWD.jpg\:QebiesnrMkudrfcoIaamtykdDa:$DATA NOT
FOUND Options: Open  Access: Read
355 1:23:58 PM explorer.exe:1256 OPEN C:\Documents and
Settings\Cap'n\Desktop\Scooby\AWD.jpg\:Docf_QebiesnrMkudrfcoIaamtykdDa:$DAT
A
NOT FOUND Options: Open  Access: Read


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch