Thread: Replace file while in memory

  1. #1
    PC Fixer-Upper Waldo2k2's Avatar
    Join Date
    May 2002
    Posts
    2,001

    Replace file while in memory

    I've seen programs that can alter files while they are in memory. Basically I've run into some nasty viruses where I work, it's a win98 machine which complicates things, plus the fact that norton can't seem to find it/fix it (I think this was some script kiddies lame attempt to bring the system down). We do NOT have the time or resources to reformat each machine. So I'm desperately looking for a program that can delete files that are in memory, or at least alter them. (i'll run this from a batch file executed when they log into novell at bootup). I've looked around, but it seems to be a hacker kind of thing usually, and I'm not exactly up to par on everthing I'd need to use those programs. Anywho, if anyone has any experience, or good links, etc. It'd help me get this done quicker, otherwise I think i might be searching for a week. Thanks.
    PHP and XML
    Let's talk about SAX

  2. #2
    5|-|1+|-|34|) ober's Avatar
    Join Date
    Aug 2001
    Posts
    4,429
    EWW... Novell! That have that garbage here at work and I loathe it. :shudder: Thank God we're moving off of the platform in less than a year. As for your problem, I'm fairly certain some versions of Norton offer a boot-time virus checker which should clean your system. Granted, if you're just doing something on log-in, it wouldn't work until the user actually reboots, but still. Short of that, I don't have any other ideas. Good luck.

  3. #3
    Bob Dole for '08 B0bDole's Avatar
    Join Date
    Sep 2004
    Posts
    618
    i had to format 40+ boxes. I did one total setup, reformatted loaded windows and everything on it. Then ghosted the rest of the hard drives. Saved a little time, still a big job
    Hmm

  4. #4
    PC Fixer-Upper Waldo2k2's Avatar
    Join Date
    May 2002
    Posts
    2,001
    >>i had to format 40+ boxes

    yeah...try a little over 250...that's why I'm looking for an alternative.

    btw our version of norton sucks, it was made with the symantec packager and is seriously void of features (the guy who made it didn't know what he's doing). And I'm not allowed to touch it becuase of some sort of contract we have with the company who set it up for us. Bastages...oh well, I stayed up late last night toying with one of the infected computers, and I think I'm going to take a crack at novells zenworks imaging, hoping I can broadcast it to all the infected computers...but some of them don't have PXE lan so I'll have to images those manually....work's gonna suck today
    PHP and XML
    Let's talk about SAX

  5. #5
    Bob Dole for '08 B0bDole's Avatar
    Join Date
    Sep 2004
    Posts
    618
    oh i didnt think of this, you can load the image using ghost on boot off the server on all the machines, still sucks though
    Hmm

  6. #6
    PC Fixer-Upper Waldo2k2's Avatar
    Join Date
    May 2002
    Posts
    2,001
    we don't have ghost
    PHP and XML
    Let's talk about SAX

  7. #7
    Bob Dole for '08 B0bDole's Avatar
    Join Date
    Sep 2004
    Posts
    618
    i believe its freeware
    Hmm

  8. #8
    Registered User major_small's Avatar
    Join Date
    May 2003
    Posts
    2,787
    last time I checked you had to pay for noton ghost... (AFAIR)
    Join is in our Unofficial Cprog IRC channel
    Server: irc.phoenixradio.org
    Channel: #Tech


    Team Cprog Folding@Home: Team #43476
    Download it Here
    Detailed Stats Here
    More Detailed Stats
    52 Members so far, are YOU a member?
    Current team score: 1223226 (ranked 374 of 45152)

    The CBoard team is doing better than 99.16% of the other teams
    Top 5 Members: Xterria(518175), pianorain(118517), Bennet(64957), JaWiB(55610), alphaoide(44374)

    Last Updated on: Wed, 30 Aug, 2006 @ 2:30 PM EDT

  9. #9
    PC Fixer-Upper Waldo2k2's Avatar
    Join Date
    May 2002
    Posts
    2,001
    no...it's not...you have to pay a license for each machine you use it on...so in our case, 250 licenses (because imaging them with one license one by one is pointless).
    PHP and XML
    Let's talk about SAX

  10. #10
    Bob Dole for '08 B0bDole's Avatar
    Join Date
    Sep 2004
    Posts
    618
    im thinking of the version of ghost before norton purchased it.
    Hmm

  11. #11
    &TH of undefined behavior Fordy's Avatar
    Join Date
    Aug 2001
    Posts
    5,793
    If you know the process that's causing the problem (it wont just be a file...there has to be a program behind it) you could use something like WMI to flick through the active processes and kill the ones that are causing trouble.

    You would still need to look for the cause of the virus (often the start keys of the registry are where these apps launch themselves from)

  12. #12
    PC Fixer-Upper Waldo2k2's Avatar
    Join Date
    May 2002
    Posts
    2,001
    well these are win98 machines, which means it can be tied into the system at many points...trust me i scoured the registry and win.ini...either I missed something somewhere else (perhaps it injected itself into a dll) or it's in the bootsector in which case I might as well just re-image if I have to restart into dos to fix the boot sector anyway.
    PHP and XML
    Let's talk about SAX

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. A development process
    By Noir in forum C Programming
    Replies: 37
    Last Post: 07-10-2011, 10:39 PM
  2. File Writing Problem
    By polskash in forum C Programming
    Replies: 3
    Last Post: 02-13-2009, 10:47 AM
  3. opening empty file causes access violation
    By trevordunstan in forum C Programming
    Replies: 10
    Last Post: 10-21-2008, 11:19 PM
  4. Basic text file encoder
    By Abda92 in forum C Programming
    Replies: 15
    Last Post: 05-22-2007, 01:19 PM
  5. Post...
    By maxorator in forum C++ Programming
    Replies: 12
    Last Post: 10-11-2005, 08:39 AM