[ previous ] [ next ] [ threads ]
 
 From:  Shaun Sutterfield <shaun at prointegrations dot com>
 To:  Ryan Rodrigue <Ebay at aarelectronics dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] OT Strange Virus?
 Date:  Mon, 07 Aug 2006 11:41:19 -0700
This may be reaching (meaning, I doubt the odds but it's worth a try)... 
  have you ran CHKDSK to look for directory problems?  If you have some 
odd damage in your directories, perhaps the images are being orphaned or 
deleted when the OS tries to build thumbnails in the background?

Start -> Run -> cmd
then run CHKDSK C: /f
Say yes to scan on next boot, and repeat for all of your other drives 
(if asked if you want to forcefully unmount, say no and then it will 
give you the option to run on next boot).  Reboot and let it scan.

Remember that CHKDSK will often reboot and run again if it finds 
problems, let it continue to do as many times as it wants.

- Shaun

Ryan Rodrigue wrote:
> Thanx Kimmo,
> 
> 	I use this soley with older windows types.  Since windows 2000 and XP boxes
> have been added I tried a cd based AV I found, but it offered no way to
> update its definitions and I found it completely useless.  Thanks.  I
> appreciate the link.  I  will give the bootable CD another go.  >Ryan
> 
> -----Original Message-----
> From: Lee Sharp [mailto:leesharp at hal dash pc dot org]
> Sent: Sunday, August 06, 2006 12:06 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] OT Strange Virus?
> 
> 
> From: "Kimmo Jaskari" <kimmo dot jaskari at gmail dot com>
>> On 8/3/06, Ryan L. Rodrigue <Ebay at aarelectronics dot com> wrote:
> 
>>> did you try yanking the HD out of the machine and adding it to another
>>> machine as a spare > and running the virus and malware scans?  I have
>>> done this and am yet to get a virus I have > not been able to get rid of.
> 
>> Anyone administrating boxes (be they Windows or any other kind) should
>> have a bootable CD to run antivirus etc scans from. One a Windows box
>> is rooted, it's completely untrustworthy until you zap the drive and
>> reinstall from scratch (more so than a Windows box is usually, I
>> mean.)
> 
> Pebuilder is nice, but UBCD 4 Win is a configured PE Builder that is as
> simple to make as can be.  http://www.ubcd4win.com/  Several malware and
> virus scanners.  But no help in this case.
> 
> For the record, the only odd thing I have found is with filemon.  I have no
> clue what this means, and there is now good string to search...  Several
> pages if this in several directories as soon as I one one.
> 
> 353 1:23:58 PM explorer.exe:1256 OPEN C:\Documents and
> Settings\Cap'n\Desktop\Scooby\AWD.jpg\:Docf_QebiesnrMkudrfcoIaamtykdDa:$DAT
> A
> NOT FOUND Options: Open  Access: Read
> 354 1:23:58 PM explorer.exe:1256 OPEN C:\Documents and
> Settings\Cap'n\Desktop\Scooby\AWD.jpg\:QebiesnrMkudrfcoIaamtykdDa:$DATA NOT
> FOUND Options: Open  Access: Read
> 355 1:23:58 PM explorer.exe:1256 OPEN C:\Documents and
> Settings\Cap'n\Desktop\Scooby\AWD.jpg\:Docf_QebiesnrMkudrfcoIaamtykdDa:$DAT
> A
> NOT FOUND Options: Open  Access: Read
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>