help please possible virus

my brother seems to think he has detected a virus the following happens
winow appears saying system shut down in one minute
and also disables virus scan on the computer
any ides as to what it could be
thanks in advance
si

On Tue, 16 Mar 2004 16:17:55 -0000, "simon archer"
<simonarcher@blueyonder.co.uk> wrote:

>my brother seems to think he has detected a virus the following happens
>winow appears saying system shut down in one minute
>and also disables virus scan on the computer
>any ides as to what it could be
>thanks in advance

There are a number of malwares that disable av scanners. He could take
a shot at the use of McAfee's Stinger:

http://vil.nai.com/vil/stinger/

And also the Sys-Up download from my web site.


Art
http://www.epix.net/~artnpeg

tried the stinger but to no avail comes on disconnecting from the net
to but ill download the file from your site and give that a whirl
thanks for the help
si
<null@zilch.com> wrote in message
news:ktae50pnh0e0s2sbgt5s65hf6ii7sk4d1m@4ax.com...
> On Tue, 16 Mar 2004 16:17:55 -0000, "simon archer"
> <simonarcher@blueyonder.co.uk> wrote:
>
> >my brother seems to think he has detected a virus the following happens
> >winow appears saying system shut down in one minute
> >and also disables virus scan on the computer
> >any ides as to what it could be
> >thanks in advance
>
> There are a number of malwares that disable av scanners. He could take
> a shot at the use of McAfee's Stinger:
>
> http://vil.nai.com/vil/stinger/
>
> And also the Sys-Up download from my web site.
>
>
> Art
> http://www.epix.net/~artnpeg

Bitstring <MwG5c.13738$ra4.7484@news-binary.blueyonder.co.uk>, from the
wonderful person simon archer <simonarcher@blueyonder.co.uk> said
>tried the stinger but to no avail comes on disconnecting from the net
>to but ill download the file from your site and give that a whirl
>thanks for the help

Sounds to me like the side effects of an infection ATTEMPT (not
necessarily successful) by MSBLASTER or similar worm. Does your brother
have his firewall switched on?

--
GSV Three Minds in a Can
Outgoing Msgs are Turing Tested,and indistinguishable from human typing.

"GSV Three Minds in a Can" <GSV@quik.clara.co.uk> wrote in message news:ev1QpBBVD0VAFAC1@from.is.invalid...
> Bitstring <MwG5c.13738$ra4.7484@news-binary.blueyonder.co.uk>, from the
> wonderful person simon archer <simonarcher@blueyonder.co.uk> said
> >tried the stinger but to no avail comes on disconnecting from the net
> >to but ill download the file from your site and give that a whirl
> >thanks for the help
>
> Sounds to me like the side effects of an infection ATTEMPT (not
> necessarily successful) by MSBLASTER or similar worm.

Unsuccessful attempts wouldn't necessarily appkill security
software.

"FromTheRafters" <!0000@nomad.fake> wrote in message
news:105ei2b195v1de8@corp.supernews.com...
>
> "GSV Three Minds in a Can" <GSV@quik.clara.co.uk> wrote in message
news:ev1QpBBVD0VAFAC1@from.is.invalid...
> > Bitstring <MwG5c.13738$ra4.7484@news-binary.blueyonder.co.uk>, from the
> > wonderful person simon archer <simonarcher@blueyonder.co.uk> said
> > >tried the stinger but to no avail comes on disconnecting from the
net
> > >to but ill download the file from your site and give that a whirl
> > >thanks for the help
> >
> > Sounds to me like the side effects of an infection ATTEMPT (not
> > necessarily successful) by MSBLASTER or similar worm.
>
> Unsuccessful attempts wouldn't necessarily appkill security
> software.
>
disconnect from the internet connection, reboot, start\run type
'shutdown -a'

re-connect to the web and go download the blaster removal tool, and then the
MS patch

run them both in that order

polly

"polly tito" <deepthoukus@kneeclappers.com> skrev i meddelandet
news:c37iqg$djl$1@news6.svr.pol.co.uk...
>
> "FromTheRafters" <!0000@nomad.fake> wrote in message
> news:105ei2b195v1de8@corp.supernews.com...
> >
> > "GSV Three Minds in a Can" <GSV@quik.clara.co.uk> wrote in message
> news:ev1QpBBVD0VAFAC1@from.is.invalid...
> > > Bitstring <MwG5c.13738$ra4.7484@news-binary.blueyonder.co.uk>, from
the
> > > wonderful person simon archer <simonarcher@blueyonder.co.uk> said
> > > >tried the stinger but to no avail comes on disconnecting from
the
> net
> > > >to but ill download the file from your site and give that a whirl
> > > >thanks for the help
> > >
> > > Sounds to me like the side effects of an infection ATTEMPT (not
> > > necessarily successful) by MSBLASTER or similar worm.
> >
> > Unsuccessful attempts wouldn't necessarily appkill security
> > software.
> >
> disconnect from the internet connection, reboot, start\run type
> 'shutdown -a'
>
> re-connect to the web and go download the blaster removal tool, and then
the
> MS patch
>
> run them both in that order
>
> polly
>
>

Don't always help, I have seen brand new XP installations
get infected in less than 20 sec if the patch is not applied.

Better to have the patch on a floppy and patch xp before connecting to
internet.

thanks all for your help il pass on all the info to him
thanks again
si
"Conny" <NOSPAMuncurbed@swipnet.se> wrote in message
news:1AI5c.86435$dP1.246804@newsc.telia.net...
>
> "polly tito" <deepthoukus@kneeclappers.com> skrev i meddelandet
> news:c37iqg$djl$1@news6.svr.pol.co.uk...
> >
> > "FromTheRafters" <!0000@nomad.fake> wrote in message
> > news:105ei2b195v1de8@corp.supernews.com...
> > >
> > > "GSV Three Minds in a Can" <GSV@quik.clara.co.uk> wrote in message
> > news:ev1QpBBVD0VAFAC1@from.is.invalid...
> > > > Bitstring <MwG5c.13738$ra4.7484@news-binary.blueyonder.co.uk>, from
> the
> > > > wonderful person simon archer <simonarcher@blueyonder.co.uk> said
> > > > >tried the stinger but to no avail comes on disconnecting from
> the
> > net
> > > > >to but ill download the file from your site and give that a whirl
> > > > >thanks for the help
> > > >
> > > > Sounds to me like the side effects of an infection ATTEMPT (not
> > > > necessarily successful) by MSBLASTER or similar worm.
> > >
> > > Unsuccessful attempts wouldn't necessarily appkill security
> > > software.
> > >
> > disconnect from the internet connection, reboot, start\run type
> > 'shutdown -a'
> >
> > re-connect to the web and go download the blaster removal tool, and then
> the
> > MS patch
> >
> > run them both in that order
> >
> > polly
> >
> >
>
> Don't always help, I have seen brand new XP installations
> get infected in less than 20 sec if the patch is not applied.
>
> Better to have the patch on a floppy and patch xp before connecting to
> internet.
>
>

"Conny" <NOSPAMuncurbed@swipnet.se> wrote in message news:1AI5c.86435$dP1.246804@newsc.telia.net...
>
> "polly tito" <deepthoukus@kneeclappers.com> skrev i meddelandet
> news:c37iqg$djl$1@news6.svr.pol.co.uk...
> >
> > "FromTheRafters" <!0000@nomad.fake> wrote in message
> > news:105ei2b195v1de8@corp.supernews.com...
> > >
> > > "GSV Three Minds in a Can" <GSV@quik.clara.co.uk> wrote in message
> > news:ev1QpBBVD0VAFAC1@from.is.invalid...
> > > > Bitstring <MwG5c.13738$ra4.7484@news-binary.blueyonder.co.uk>, from
> the
> > > > wonderful person simon archer <simonarcher@blueyonder.co.uk> said
> > > > >tried the stinger but to no avail comes on disconnecting from
> the
> > net
> > > > >to but ill download the file from your site and give that a whirl
> > > > >thanks for the help
> > > >
> > > > Sounds to me like the side effects of an infection ATTEMPT (not
> > > > necessarily successful) by MSBLASTER or similar worm.
> > >
> > > Unsuccessful attempts wouldn't necessarily appkill security
> > > software.
> > >
> > disconnect from the internet connection, reboot, start\run type
> > 'shutdown -a'
> >
> > re-connect to the web and go download the blaster removal tool, and then
> the
> > MS patch
> >
> > run them both in that order
> >
> > polly
> >
> >
>
> Don't always help, I have seen brand new XP installations
> get infected in less than 20 sec if the patch is not applied.

True.

> Better to have the patch on a floppy and patch xp before connecting to
> internet.

Maybe the OP should search for "xpsurvivalguide" for suggestions.
I have only seen it in PDF format, but it is good information for XP
installation.

> > > >
> > > disconnect from the internet connection, reboot, start\run type
> > > 'shutdown -a'
> > >
> > > re-connect to the web and go download the blaster removal tool, and
then
> > the
> > > MS patch
> > >
> > > run them both in that order
> > >
> > > polly
> > >
> > >
> >
> > Don't always help, I have seen brand new XP installations
> > get infected in less than 20 sec if the patch is not applied.
> >
> > Better to have the patch on a floppy and patch xp before connecting to
> > internet.
> >
yes, brand new installations can get infected immediately that is why I
specified getting the -removal tool- first. It doesn't matter if your system
is infected you are able to clean it and patch it without the system
shutting down by following the instructions above. If in your case it didn't
help then maybe you forgot to disconnect from the web once you had the
removal tool/patch?

possibly?

polly