Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 18 Sep 2014, 23:53
All times are UTC - 4
 Forum index » Off-Topic Area » Security
I got wacked real good x 3 (SOLVED)
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 8 [120 Posts]   Goto page: 1, 2, 3, ..., 6, 7, 8 Next
Author Message
obxjerry


Joined: 29 Jan 2010
Posts: 394
Location: Louisville, Kentucky

PostPosted: Tue 02 Mar 2010, 15:21    Post subject:  I got wacked real good x 3 (SOLVED)  

I'm was getting away from the pay to play OS anyway. Dual booting, keeping the old (what could it hurt) but using Puppy 95% of the time. I got a real kick in the pants to move me along.

My son's computer crashed, I had him bring it over, I looked at it and I was sure it was a hardware problem. I was wrong and in a matter of minutes had infected 2 of our computers. From what I understand, anything I do can kill, cure or do nothing and there's a good chance they're all dead anyway. FUD big time. The only way out is getting out the credit card.

The lesson learned is never use that other OS again.

Last edited by obxjerry on Thu 18 Mar 2010, 19:09; edited 1 time in total
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1271

PostPosted: Tue 02 Mar 2010, 16:53    Post subject: lesson learned and fixes  

Hi obxjerry,

While I share your opinion in configuring machines for my own use, (the machine I'm on now sticks its tongue out at you if you choose the W*****s boot entry,) I still try to help people tied to that other OS world by organizations. I typically boot Puppy from CD on a malfunctioning machine to see if there are hardware problems before I assume I'm dealing with software, unless I recognize the characteristics of a particular infection. (Recognition is getting more probable for me with experience.)

Nearly always, I take a known good machine along for comparison, in case there is a network problem. I never connect this machine to a suspect machine. The principle is to maintain an "air gap" between suspected-infected and known-clean machines. Flash drives connected to a running suspect system should be considered suspect until proven innocent. (It helps to imagine you are dealing with the biological Ebola virus in avoiding contamination.)

If you take time in advance, you can use a tool like Spybot Search & Destroy to create a W*****s boot disk which scans for malware on boot up from a CD. There are also other tools for this.

With huge hard drives on modern machines, it is now good practice to create a partition with a complete restore image of the system you got from the factory. I've used the Comodo (free) back-up and restore software to create my own restore image on machines which don't have this already. (It helps to check that you can actually get this system onto the regular C: partition if that system is completely inoperable.) I also like to have a complete restore on an external drive. (Once again, protected by an "air gap". )

Once people realize this investment of time, energy and intellect is required to safely and reliably use that other OS, it becomes easier to talk about using something else.
Back to top
View user's profile Send private message 
cthisbear

Joined: 29 Jan 2006
Posts: 3413
Location: Sydney Australia

PostPosted: Tue 02 Mar 2010, 18:16    Post subject:  

You can boot Hirens etc and run a scan.
But try the Falcon first....below.

Also you can run Teamviewer through these boot cds.
No risk to people helping you out getting infected.

http://www.teamviewer.com/index.aspx

Use Run...not install

//////////////

Here's some tips...my posts.

http://murga-linux.com/puppy/viewtopic.php?p=376302#376302

Look at all the links too.

//////////

Shardana Antivirus Rescue Disk Utility.

http://forums.whirlpool.net.au/forum-replies.cfm?t=1360775&p=13

///////////

Falcons Rescue cd >>>>>>>>>>Excellent

Using ERD you can stop the startups, go back with System Restore,
off the cd.
Try the System Restore first....if your comp boots then make
sure that you turn it off and run your scans.
You can turn it back on later...2% is enough...not 12%

Malwarebytes....rename .exe as ,com to defeat smarty viruses.
Latest Whirlpool tip.
Hitman Pro...quick scan on the net.
Has a onetime code to fix viruses.

http://thepiratebay.org/torrent/5283510/FalconFour_s_Ultimate_Boot_CD_USB_2.0_-_Hiren_s_9.9__ERD

has ERD Commander, XP and Vista versions
which may well get you fixed easily.
Latest release has Konboot and Hirens 9.9.

ERD was made by the Systems Internals team
who fixed XP before MS could do a fix.

Microsoft had to buy them out and give them a job.

////////

http://forums.whirlpool.net.au/forum-replies.cfm?t=1349346&p=3

Chris.

Last edited by cthisbear on Mon 08 Mar 2010, 09:43; edited 1 time in total
Back to top
View user's profile Send private message 
obxjerry


Joined: 29 Jan 2010
Posts: 394
Location: Louisville, Kentucky

PostPosted: Tue 02 Mar 2010, 20:41    Post subject:  

Hi folks,

What a wonderful world you live in, where a computer with a virus will boot from cd. Smile I've put 2 of the machines in mothballs in case running them would make them more infected. The one I am working with will only boot from the floppy drive. I assume the others are the same. I'm trying to get a handle on whether I'm seeing the tip of the iceberg or the cover on the book. First and always is to contain the virus.

The point I was trying to make was most people in my position will buy a brand new computer, more AV software and always feel so vulnerable. I found my son a computer comparable to his for $35 on Craigslist. It had a Linux distro on it and I added Puppy hoping one of them would take root with him. As he was leaving with it he was saying he had talked to a friend that said he would install that other OS for him. Since he has found out his computer didn't die of old age and it took 2 more with it he's changed his tune.

In the end I'll probably buy a couple more old desktops, the ones too slow for anybody to want. Hopefully and likely I've had my last virus. I know there's files and pictures we didn't save. One of the computers we had recently gone through since I partitioned to install Puppy and we'd been warned data could be lost. The other I was trying to make space on the hard drive to add Puppy. I know I don't know what 90% of that stuff is. Puppy takes up less than 400 mb on my hard drive and doesn't grow without my say so.

Thanks for the advice and recommendations. Have you any knowledge of a virus that is keeping computers from booting to hard drive and cd? I can imagine the landfills filling as we speak.

Take care
Back to top
View user's profile Send private message 
obxjerry


Joined: 29 Jan 2010
Posts: 394
Location: Louisville, Kentucky

PostPosted: Wed 03 Mar 2010, 00:11    Post subject:  

cthisbear, I took the time to go through your post and click the links. You go the extra mile. Unfortunately, I have very little to work with.

When I say It doesn't boot I need to clarify. The hard drive doesn't turn. The cd turns briefly and rarely but never at boot. When I first started with it the tray wouldn't even open. I can change boot sequence, cd is set to boot first.

Normal start gets to XP splash screen and a blink of a blue screen with text (too fast to pick out a word) then reboot. Safe mode is scrolling text, hold, reboot.

I have found very little online. I have posted to a virus forum, no replies. I did see where someone said a RAM stick removed from an infected machine could completely destroy a computer it was put in. Scary stuff indeed.
Back to top
View user's profile Send private message 
snowshaker

Joined: 24 Aug 2008
Posts: 23
Location: Midwesterner running Slacko Puppy 5.3

PostPosted: Wed 03 Mar 2010, 02:48    Post subject:  

If you got pics and stuff on the old drives, get a $20 USB enclosure and mount the drive. Then read it with another machine and save off what you need. Caution. Don't use a windows PC. Boot up Puppy or Linux or use a MAC. If the drive has an autorun.inf virus, it will jump right onto your good windows PC. Maybe that's what happened to you already?

As for viruses spreading via RAM sticks, that's just urban legend. RAM loses its data when powered down. Maybe your article was speaking of the BIOS memory. If you could stick a virus in there, it stays with the chip. What could it do? Well, I have read where one guy claim his BIOS shows his picture when the PC boots, so that could be one way for a virus to keep you from booting into CD.

More likely though that you just have a bad CD drive, given that its tray was stuck.
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3444
Location: West Lothian, Scotland, UK

PostPosted: Wed 03 Mar 2010, 04:47    Post subject:  

1. "The one I am working with will only boot from the floppy drive"
(a) So make a "Smart Boot Manager" [SBM] bootable floppy, and use the menu presented by that to choose to boot some other drive such as the optical drive.
The bootable optical disk needs to be seen by the BIOS [LED blinking starts when you close the drawer with the disk in place, then ceases] before you hit <Enter> with the optical highlighted.
If an attempt fails you'll see presented a big red warning window, but it's then easy to try again [and again] by hitting <Enter> each time.
AND...

(b) You should also attempt to set the BIOS boot menu order to:
FDD
CD-ROM
HDD
If you then want a particular drive to be booted, make sure there is a bootable disk in place there, and no bootable disk in the drives above it in the list.
AND/OR...

(c) Try resetting to the BIOS's default configurations...
Perhaps a virus changed the config settings.
Then do (b) above once again.

(d) It may even be that the virus changed the BIOS ROM, so that you need to "Flash the BIOS".
Or if the virus did that [OUCH! Sad ]...
Swap in a new BIOS ROM chip.

2. "What a wonderful world you live in, where a computer with a virus will boot from cd"
Most of us live in that world.
If your PC won't boot a bootable CD, then you need to begin looking for the culprit in either the hardware or the BIOS.
[config settings, or BIOS ROM?]
e.g. Try re-setting the BIOS config settings to the defaults.

3. "most people in my position will buy a brand new computer"
NO WAY!
I've NEVER seen that being necessary.
Back to top
View user's profile Send private message 
obxjerry


Joined: 29 Jan 2010
Posts: 394
Location: Louisville, Kentucky

PostPosted: Wed 03 Mar 2010, 12:06    Post subject:  

I know this may be hard to believe but I really didn't post here to back door ask for help. This is a Linux website and I don't have a Linux problem.

Nevertheless, I really appreciate the help. I have a habit of replying to what is written when I read it so I haven't implemented anything yet. The SBM floppy sounds like just what I need. I think I spread the virus with floppy disks but I'll sacrifice one more. (I did not boot a healthy computer from an infected floppy.)

It goes without saying, you don't realize all the little things you had until you lose a hard drive. I was thinking I might try transplanting the hard drives into a Linux machine and reading them that way.

Please don't take this as me being snarky. I really appreciate you guys starting with the basics. Most people won't begin with the basic stuff.

BIOS names the HD and the CD drive and will stay set to boot the CD drive first, second and third. It still won't boot. I'm thinking boot sector, MBR.

Once bitten, twice wary, I'm over assuming hardware problems. I know I have 2 CD drives that won't boot.

I know a stick of RAM can't hold data but, the urban legend has me afraid to take a chance. Also I've seen flashing the BIOS chip can go wrong so I haven't done that yet.

I'm hoping I can identify this virus first and act accordingly from there.

I will agree that it is rare that a computer is a total loss, I live in a city that has a facility for collection of unwanted electronics. It is a big building with hundreds of complete computers. Big business thrives on people tossing the old and buying new. It happens a lot. I may be wrong but I think if I took one of my machines to a pro they would attempt to retrieve some data and try to sell me a new computer.

Thanks again
Back to top
View user's profile Send private message 
8-bit


Joined: 03 Apr 2007
Posts: 3368
Location: Oregon

PostPosted: Wed 03 Mar 2010, 12:45    Post subject:  

If they are desktop PCs, here is something to try to rule out the hard drive for the failure to boot from CD.
Disconnect the hard drive, power off of course, and then set up BIOS to boot from the CD and try that.
If the PC boots, Then the problem is that the hard drive initilization code got overwritten If that is possible.
If the CD does not boot, then the BIOS may be corrupted.
Back to top
View user's profile Send private message 
Aitch


Joined: 04 Apr 2007
Posts: 6825
Location: Chatham, Kent, UK

PostPosted: Wed 03 Mar 2010, 13:22    Post subject:  

snowshaker wrote:
As for viruses spreading via RAM sticks, that's just urban legend. RAM loses its data when powered down. Maybe your article was speaking of the BIOS memory. If you could stick a virus in there, it stays with the chip. What could it do? Well, I have read where one guy claim his BIOS shows his picture when the PC boots, so that could be one way for a virus to keep you from booting into CD.


Whilst I agree ram dies without power refresh cycles, most likely what was meant was flashdrives/pendrives/Keysticks, or some other name for a file transfer USB storage device

They most definitely WILL transfer any number of viruses & as prehistoric said, consider them to have ebola, if transferring to another windoze box

obxjerry

Yes, this is a linux site and we're used to helping whether by the front or backdoor Wink

My suggestion, is to try a PuppyCD as a live boot device, as a linux boot setup it is completely unaffected by ebola or any other virus!

You could then mount your existing H/D and copy any pics/docs you need to save to an external flashdrive or USB H/D or even burn to CD

....but you MUST run a recently updated virus scan as soon as you put the drive on any other windoze box, before copying them to that setup

Tip: emailing is normally scanned for virus, so you could email them to yourself....if there aren't too many Wink

Chris's (cthisbear's) tips for dealing with viruses is probably one the best around, though if the virus has affected the boot sector of the drive it may need reformatting & re-installing an OS, after saving your data, as a safe, simple way forward
There are utilities, like TRK/testdisk, which can repair a damaged drive, but it takes some skill
http://trinityhome.org/Home/index.php?wpid=1&front_id=12

see virusscan news here
http://trinityhome.org/Home/blog.php?front_id=15
testdisk info here
http://www.cgsecurity.org/wiki/TestDisk

Best of Luck

Aitch Smile
Back to top
View user's profile Send private message 
obxjerry


Joined: 29 Jan 2010
Posts: 394
Location: Louisville, Kentucky

PostPosted: Wed 03 Mar 2010, 15:30    Post subject:  

You people are the best. You restore my faith in my fellow man.

8-bit, I've tried unplugging the hard drive and taking out the CMOS battery several times.

I know it's hard to believe anyone would say RAM could spread a virus and even harder to believe that anyone would believe it. The specifics were an infected machine with 3 sticks of RAM gave one apiece to 3 healthy machines. Only one of them got the virus. I know there has to be a logical explanation. Nobody would believe that, unless they just got wacked real good x 3. Hey I'm not sure I trust my Puppy CD-R since it's been in there. I do have 6 floppies and a 16 gig flash drive in quarantine.

I'm waiting to get with my wife so we can agree on a floppy that can be overwritten with SMB. One step at a time.
Back to top
View user's profile Send private message 
Aitch


Joined: 04 Apr 2007
Posts: 6825
Location: Chatham, Kent, UK

PostPosted: Wed 03 Mar 2010, 15:47    Post subject:  

Quote:
Only one of them got the virus. I know there has to be a logical explanation. Nobody would believe that, unless they just got wacked real good x 3.


Sorry mate - there has to be another reason, & I suspect the PC had a virus before the ram was transferred, or some other thing has happened

RAM means random access memory, & can have timings from around 70ns to as low as 5ms, and MUST be "refreshed'' by pulses of power in order to stay active

http://en.kioskea.net/contents/pc/ram.php3

HOWEVER, once power is removed the cells, memory capability evaporates, so no virus can possibly transfer to another PC
- you just couldn't move them quickly enough

Think again

I suspect your use of firewalls and antivirus/antispyware to be below par on all your PCs

Move to linux and forget it Wink

Aitch Smile
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1271

PostPosted: Wed 03 Mar 2010, 16:14    Post subject: nvram & BIOS  

It now sounds like you got clobbered by malware that corrupts nvram or BIOS flash memory. Your first post didn't contain the clues I was looking for.

Having three machines develop the same "hardware" problems is highly suspicious, though I don't for a minute believe it was transmitted by RAM. Try to clear nvram with the jumper on the motherboard. Using a boot floppy to get further is the next step if this fails to resolve problems. (I still carry one in my tool kit, for those old machines which have floppies. In fact, I also have an ancient Tom's Root/Boot floppy with an entire OS I can use for troubleshooting.) This will get you to the point where it is possible to reflash the BIOS, if that is necessary.

While the code that would cause this is extremely malicious, it is unlikely to be commercial malware. So far, we don't see how anyone is making money. I'm betting it is not very sophisticated. Simply setting PCI latency to an incorrect value can cause IDE controllers to fail. This could affect both the hard drive and CD.

If you do turn up something which appears sophisticated, or produces a financial gain for someone, by all means report it to someone trustworthy who specializes in tracking malware. Many notorious pieces of malware could have been stopped early if people affected had reported failed experiments by malware authors. Computer criminals do regularly make mistakes. Here's a relevant item from today's news.
Back to top
View user's profile Send private message 
Sylvander

Joined: 15 Dec 2008
Posts: 3444
Location: West Lothian, Scotland, UK

PostPosted: Wed 03 Mar 2010, 16:53    Post subject:  

My thoughts:
1. Your PC's POST is completing OK. [A good sign]

2. The BIOS then attempts to find a drive to boot, and that's where the problem is.
(a) The BIOS uses its boot menu to tell it which order to look for a bootable disk/drive.
It should boot the 1st bootable disk/drive it finds to be in a functional condition.

(b) It finds and boots a floppy just fine.
Is the FDD the 1st in the list or not?
If not the 1st...
e.g. If the optical comes before it, why is the optical being skipped?
-----------------------------------------------------------------------
(c) You say you tried 3 good opticals, and none booted a good [bootable] disk.
Remember, the optical disk MUST BE BOOTABLE!
Or it will be skipped!
The blinking of the optical LED [after you close the drawer, with the SBM menu on-screen?] tells you that the BIOS is attempting to read the disk, and when it succeeds, the blinking will stop.

(d) Is the Controller [to which the optical is connected] configured OFF in the BIOS Setup?
[Or is the controller faulty? Or the connector faulty?]
Is the optical drive [and HDD also] shown in the BIOS Setup as being detected?
-----------------------------------------------------------------------
(e) If you don't provide any bootable floppy or optical...
The BIOS aught to look for a bootable HDD.
Any sign that it does that?
Any warning [provided by the MBR] that [for example] no bootable disk was found?
Back to top
View user's profile Send private message 
Bligh

Joined: 08 Jan 2006
Posts: 484
Location: California

PostPosted: Thu 04 Mar 2010, 01:31    Post subject:  

Interesting issue, and a good read, thanks for sharing it.
Cheers
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 8 [120 Posts]   Goto page: 1, 2, 3, ..., 6, 7, 8 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1134s ][ Queries: 13 (0.0053s) ][ GZIP on ]