Thread: Windows virus?

  1. #1
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,229

    Windows virus?

    I am dealing with a strange what-I-suspect-to-be-virus and could use some help. I have been spoiled by Linux for so long that I am clueless with virii now.

    The machine is a cheap prebuilt Acer branded Pentium D 3ghz with SiS chipset. Running Windoze XP.

    The machine has been used primarily for word processing and web surfing for the past 1 year.

    The symptoms -
    Upon booting, a few dialogues pop up, saying "Memory cannot be "read"". Name of the binary is different every time (that's why I suspect it to be a virus).

    I formatted (quick option) the drive, and reinstalled Windows XP SP2 using a trusted media (XP CD with slipstreamed SP2 that I have been using for years). The problem remains upon the first boot.

    I do have a second partition that I kept my data in, which might have carried the virus over, but I haven't accessed it since reformatting.

    I have not installed anything yet. It was the very very first boot, not even drivers, and the dialogue shows up immediately after I log in.

    The computer functions normally otherwise.

    Suggestions?

    Thanks

  2. #2
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    Check your startup list and untick any programs you don't know.
    Most of the times, this is a harmless message about a program screwing up and thus being closed by Windows.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  3. #3
    Registered User
    Join Date
    Jul 2008
    Posts
    67
    Did you made a (slow) memory check from the BIOS ?

    Is it a(n) (old) notebook ? Maybe the memory begins to die, notebooks don't have long life.


    Greetz
    Greenhorn

  4. #4
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Whilst I agree to some extent with Greenhorn, it may simply be a case of "you need to reseat the memory". Running a memory test (perhaps you can find Linux CDROM with memtest86, or download a CD/Floppy of it from somewhere). It is a thorough memory test that will show if your memory is OK or not. If it's OK then it's likely something else that has gone wrong. If it shows errors, it may be time to open the machine up and unplug the memories and plug them back in.

    Memory chips in themselves should last tens of years, but the connections can go old.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  5. #5
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,229
    Thanks for the suggestions!

    Check your startup list and untick any programs you don't know.
    Assuming you are referring to "start -> All Programs -> Startup", it's empty.
    Most of the times, this is a harmless message about a program screwing up and thus being closed by Windows.
    Hopefully that is the case. Seems strange, though. It's a fresh install.

    Is it a(n) (old) notebook ? Maybe the memory begins to die, notebooks don't have long life.
    It's a one-year old desktop. Could be that it's cheaply built, though, as it's a prebuilt machine. I usually build my machines myself.

    Whilst I agree to some extent with Greenhorn, it may simply be a case of "you need to reseat the memory". Running a memory test (perhaps you can find Linux CDROM with memtest86, or download a CD/Floppy of it from somewhere). It is a thorough memory test that will show if your memory is OK or not. If it's OK then it's likely something else that has gone wrong. If it shows errors, it may be time to open the machine up and unplug the memories and plug them back in.
    I will try memtest86. It's Orthos (prime95) blend test stable for 8 hours, though.

    I have ran SeaTools full disk surface scan on the Seagate harddrive, too.

  6. #6
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    I mean check ALL startup programs. You know Windows is too complex for its own good
    Use the msconfig utility to find and disable startup programs or alternatively some 3rd party utility.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  7. #7
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,229
    Use the msconfig utility to find and disable startup programs or alternatively some 3rd party utility.
    That's it! Thanks so much.

    There are two binaries in the startup list, jvvo and kxvo.

    Googling reveals that they are virii spread by USB drives. I happen to have one attached .

    It's still strange, though. How did ANYTHING on the USB get run without me accessing the USB drive at all?

  8. #8
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,229
    Googling revealed something even crazier.

    Apparently the virus creates an autorun.inf and a downloader on the USB drive.

    Upon attaching the USB drive, autorun gets executed and runs the downloader which downloads (from the USB drive or internet) and installs the virus.

    Hmm. Microsoft? User friendliness comes first?

    Sometimes it really puzzles me how Windows can survive so long and so popular being so insecure. This is beyond poor design - running anything on a USB drive upon attaching? Even I can write a virus like this, knowing this behaviour of Windoze.

    Sorry, just had to let it out .

  9. #9
    Registered User
    Join Date
    Jul 2008
    Posts
    67
    Save the following code as "yxz.reg" and doubleclick it. This will disable autostart from DRIVE_UNKNOWN, DRIVE_REMOVABLE, DRIVE_REMOTE, DRIVE_CDROM.

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoDriveTypeAutoRun"=dword:000000B5
    Greetz

  10. #10
    Registered User VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,607
    In Window's defense security is a bit difficult when 90% of the world's PC's use it. Other OS's have it far easier. Why write a virus for a system that no one uses? I have far fewer complaints about XP having been to Vista and back. XP is a very nice operating system and is very fast save for startup like most Microsoft apps. There are legit complaints about XP but I don't feel yours is one of them. In the end, it is the user's responsiblity to protect their system from threats. I'd rather have XP lean and mean and rely on third party apps to secure my system. Trying to make Windows do everything comes off to me like a video game that wants to do everything. It might be able to do everything but it does nothing well. I'd rather have a few components that do their job very well than ten thousand that just suck.

    But there are sooo many tools out there available for free that I have a hard time believing this virus just 'crept' in. Complete scans of your system and carefuly monitoring of what you install and plug into your computer will thwart any virus. I will not use someone else's USB flash drive if they do not have virus software on their computer and if they do not perform regular scans. I deny every application or script that wants to run on a site including possible spyware in ads. Spybot S&D will silently block this stuff and firewalls like Comodo Pro and Zone Alarm will help you guard your system.

    I haven't had a virus that actually threatened my PC in years. AVG found one about a month ago while I was browsing gamedev.net and it quickly killed it. Before that time the last serious virus I had was about 4 years ago.
    Last edited by VirtualAce; 07-14-2008 at 06:21 PM.

  11. #11
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,229
    Other OS's have it far easier. Why write a virus for a system that no one uses?
    I don't think there is any less interest in cracking UNIX than Windows. True, Windows is run on 99% of all computers, but the remaining 1% are the mission critical ones. If equally difficult, I would rather crack a bank server rather than 99 personal computers.

    In the end, it is the user's responsiblity to protect their system from threats
    But all virii exploit a bug in the OS (except social engineering ones). If there are no bugs (or if fixed rapidly enough), there won't need to be anti-viruses. Anti-viruses are like third party Windows bug fixing packs. Looking around the computer world, Windows is the only OS in the whole universe that needs a third party program to keep it safe.

    I'd rather have a few components that do their job very well than ten thousand that just suck.
    Also known as the UNIX philosophy.
    http://en.wikipedia.org/wiki/UNIX_ph...NIX_Philosophy

    Except in UNIX, when an exploit is found, the OS designers fix the bug, instead of irresponsibly redirecting their users to buy (or get) third party anti-viruses that use pattern matching and heuristics to do damage control.

    But there are sooo many tools out there available for free that I have a hard time believing this virus just 'crept' in. Complete scans of your system and carefuly monitoring of what you install and plug into your computer will thwart any virus. I will not use someone else's USB flash drive if they do not have virus software on their computer and if they do not perform regular scans. I deny every application or script that wants to run on a site including possible spyware in ads. Spybot S&D will silently block this stuff and firewalls like Comodo Pro and Zone Alarm will help you guard your system.
    Sure, but as said above, the fault lies in Windows. Anti-viruses/Anti-Spywares are just damage control devices.

    I am not saying Windows can't be safe (which is debatable) with all precautions, regular scans, tweaks, and third party softwares. What I am saying is, why is it necessary?

    Compare it to, say, any popular Linux distribution. They are all more secure than necessary for home and small office use out of box. As far as I am aware, all Linux virii are proof of concept ones (that Linux can be infected, too), and there were only a few, the last one couple years ago. Linux people responded by fixing the bugs in the OS, not redirecting users to get third party bugfixes.

  12. #12
    Woof, woof! zacs7's Avatar
    Join Date
    Mar 2007
    Location
    Australia
    Posts
    3,459
    By that theory it's the OS's fault that you can delete the entire thing, ie "rm -rf /" on Linux.

    > But all virii exploit a bug in the OS
    That's a huge stereotype. I'd say very, very few exploit the bugs. They usually rely on the user playing a big part, ie how is an virus attachment in an email which, when run emails your private documents away anything to do with an OS bug? And this isn't classed as Social Engineering... What, are programs not supposed to be able to read files? Must be a bug...

    > I don't think there is any less interest in cracking UNIX than Windows.
    Who said anything about cracking? Windows is targeted because it holds a larger userbase, at least for personal computing. If you're planning to spread ads or havok why would you go for the smaller userbase?

    And if you're going to get that technical, there is more 3rd party software in Linux than Windows...

  13. #13
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    Virus writers have been targeting Microsoft operating systems for decades since the DOS days. It won't change if the OS becomes more secure... search google for "Linux virus", and you'll see that malware is being written for Linux too and in great part due to the increased popularity of this operating system.

    Every operating system offers it's own approach to security. Windows is no less secure than Linux or Mac. What it does is delegate security to third party tools, some embed on the operating system (windows firewall, user management,...) others made by 3rd party sources.

    What you have to reason instead is if a whole blooming market that has been created to support windows security can't handle the amount of threats, what makes you think Microsoft alone could do? There's no magic feature that would suddenly turn Microsoft into a foolproof operating system. Root Access alone is no guarantee of success since that alone doesn't secure against many types of malware... again check google. Besides I'm pretty sure Windows architecture isn't geared towards root and it would be a difficult feature to implement in the presence of the current core. A good example is sad Vista attempt. You can argue that's an example of bad implementation... perhaps. I'd prefer to think instead it's an example of the difficulty of Windows to implement a root-like feature.

    One day will come when computer users will realize that part of their tasks to use a computer is to maintain a computer, much like they do with their car. It's not only about pressing the pedal, it's also about regular inspections. Complaining about Windows security when outside the context of a bug, is complaining about our inability to use our computers. Sorry, but that's just the way it is. Every virus that we allow to enter our systems, every hijacker or trojan, every successful hacking, is a written letter to our incompetence first and foremost. And this is like so today as it was 15 years ago. And is true on Windows as it is on any other operating system.
    Last edited by Mario F.; 07-14-2008 at 09:30 PM.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  14. #14
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,229
    They usually rely on the user playing a big part, ie how is an virus attachment in an email which, when run emails your private documents away anything to do with an OS bug
    Sure, if you need to execute the attachment to get infected, I wouldn't blame Windows.
    It's a different story, though, if you only need to open the email to get infected. When I open an email, I am not expecting to run anything. It's like you don't expect anything to be run when you enter a drive. Yet, that is what Windows does (autorun).

    By that theory it's the OS's fault that you can delete the entire thing, ie "rm -rf /" on Linux.
    You have to type and run the command.

    I only need to insert the USB disk to run whatever is written in autorun.inf.

    Who said anything about cracking? Windows is targeted because it holds a larger userbase, at least for personal computing. If you're planning to spread ads or havok why would you go for the smaller userbase?
    Because you get a bigger prize for cracking a bank server than 100 PCs.

    And if you're going to get that technical, there is more 3rd party software in Linux than Windows...
    Huh?... what does it have to do with this?

    Virus writers have been targeting Microsoft operating systems for decades since the DOS days. It won't change if the OS becomes more secure... search google for "Linux virus", and you'll see that malware is being written for Linux too and in great part due to the increased popularity of this operating system.
    I just googled it. All the virii I found require the user to explicitly run an untrusted binary. Not like just inserting a USB drive. And then the virus would perhaps exploit a bug in Linux to get root access. Yes, it would be a bug of Linux, just as Linux developers would openly admit, and be willing to fix.

    The Linux operating system, Unix and other Unix-like computer operating systems are generally regarded as well-protected against computer viruses.[1] There have been successful attacks, however, on both Linux and Unix systems, the most notable perhaps being the Cuckoo's Egg attacks on Unix systems in the 1980s.

    There has not yet been a single widespread Linux malware threat of the type that Microsoft Windows software currently faces, this is commonly attributed to the malware's lack of root access and fast updates to most Linux vulnerabilities.[2]

    The number of viruses specifically written for Linux has been on the increase in recent years and more than doubled during 2005 from 422 to 863.[3]
    - Wikipedia
    The whole blooming market cannot support the number of threats because of the fundamental design problems in Windows, making it particularly easy to exploit. Both bugs and "features" like autorun.

    The Vista attempt at imitating what UNIX has for decades (sudo) has been a step towards the right direction IMHO. I won't comment on the implementation, because I have not used it extensively.

    I'd prefer to think instead it's an example of the difficulty of Windows to implement a root-like feature.
    I think that is because Microsoft is keeping the core design from decades ago, when MS cared nothing about security. I think the only way to make Windows as secure as UNIX would be to rewrite the whole thing from ground up, with security in mind. But of course, that is not possible, as it will break all existing programs, and will be financially suicidal for Microsoft. It's a business afterall. As for why was UNIX designed from day 1 with security in mind, I wouldn't know. I wasn't born at that time.

    As for the future, I haven't lived long enough to know. However, as of now, in UNIX/Linux, every exploit is considered a bug, and is fixed by the respective software developer. This approach has been working fine for Linux, and I am sure people want to break into UNIX systems (due to them being mission critical servers) as badly as they want to break into personal computers running Windows.

  15. #15
    Registered User VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,607
    If there are no bugs (or if fixed rapidly enough),
    Hehe. If only it were that easy. Sometimes it's not so much of the issue of the bug but the issue of how recurring and how dangerous it is. You very well could waste weeks and weeks of dev time on a bug that might occur 1&#37; of the time. If the bug is a nuisance and not harmful then in my view it's a waste of time to address when there are plenty of other high priority bugs in the line to be fixed.

    By that theory it's the OS's fault that you can delete the entire thing, ie "rm -rf /" on Linux.

    You have to type and run the command.

    I only need to insert the USB disk to run whatever is written in autorun.inf.
    To get a virus on Windows you must give permission for a file to run, download, etc. Opening an email that has a script in it is pretty much giving it permission. Even then Outlook will warn you and allow you to not allow the script to run. IE also has this feature where you can block scripts from running. And the beautiful thing about autorun is you can shut it off completely from the control panel. I personally have never experienced any issues with autorun and certainly would not put the blame on it for a virus entering my system.

    I think that is because Microsoft is keeping the core design from decades ago, when MS cared nothing about security. I think the only way to make Windows as secure as UNIX would be to rewrite the whole thing from ground up, with security in mind. But of course, that is not possible, as it will break all existing programs, and will be financially suicidal for Microsoft. It's a business afterall. As for why was UNIX designed from day 1 with security in mind, I wouldn't know. I wasn't born at that time.
    And guess what keeping that core design did for them? It prevented catastrophes like Vista. I'm not so sure they kept the core design from ages ago and from what I know they did quite a bit of restructure and refactor between 95, 98, and XP. Vista looks pretty much like an overhaul and man does it blow chunks. Everything I liked about XP is either missing, doesn't work, or just plain sucks in Vista. My point is this is a big claim unless you have some affiliation with the company or the huge dev team for the OS. I don't know how much they kept and how much they left but I do know that XP is by far the best they have produced to date.

    The whole blooming market cannot support the number of threats because of the fundamental design problems in Windows, making it particularly easy to exploit. Both bugs and "features" like autorun.
    Again we are stuck on this autorun thing. Autorun has nothing to do with the problem. Autorun only runs when a .inf is present meaning you either installed the program in question, copied it piecemeal to your USB drive, or you inserted a CD/DVD. Using autorun to install a virus is a sad attempt in my book since it is so simple to bypass. Hold down left shift and autorun will not execute.

    So in the end if you have a virus it's your fault. Blaming the OS won't help matters and it won't help you rid yourself of bad habits that allowed the virus in. Just take it as a learning experience and stop trying to blame the OS. You certainly have not produced any evidence to support your claims that it is the OS's fault you have a virus.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Trojan horse generic
    By crvenkapa in forum Tech Board
    Replies: 8
    Last Post: 06-04-2007, 08:49 PM
  2. how to make a windows application
    By crvenkapa in forum C++ Programming
    Replies: 3
    Last Post: 03-26-2007, 09:59 AM
  3. Question..
    By pode in forum Windows Programming
    Replies: 12
    Last Post: 12-19-2004, 07:05 PM
  4. IE 6 status bar
    By DavidP in forum Tech Board
    Replies: 15
    Last Post: 10-23-2002, 05:31 PM
  5. Manipulating the Windows Clipboard
    By Johno in forum Windows Programming
    Replies: 2
    Last Post: 10-01-2002, 09:37 AM