G
Guest
Background:
The system is an old, stable Windows 98 machine, completely up-to-date with
Windows Update, the last 2 security fixes applied were KB917344 & KB918547 on
June 23/06. Machine is used for some basic internet surfing, e-mail using
Pegasus, and word processing. No other intentional OpSys settings or other
changes (other than Windows Update) in a long time, no new applications
installed, no downloads, nothing. This machine is in a LAN with a router hub
c/w firewall. Norton Antivirus V4.04 ("Avenge" version, circa 1998) has virus
defs up-to-date, runs weekly and also autoprotects all files coming from the
internet, all apps, etc. We are very careful about not falling for phishing
ruses, opening e-mail attachments etc. E-mail is also remotely pre-filtered
for viruses and spam at the server using SpamAssassin family of products.
Problem: Suddenly. starting July 23, regular weekly automatic Norton virus
scans, which normally start by scanning boot records, now return error
messages "Drive access error: unable to read boot record" on "drive#0",
whatever that is, (Master boot record?) and subsequently (same error) on
"drive c". Additional (unscheduled, user-initiated) scans return the same
messages. Each time, pressing the "continue" button results in all files
being properly scanned, and the activity log at the end shows the scan was
successful, no viruses found, all files scanned, but it also shows that the
master boot record and the hard drive (C) boot record were NOT scanned.
That version of Norton does not check for spyware but I have also remotely
scanned that hard drive as a network drive using Norton Antivirus 2004
(V10.0.29.4) from another computer. NAV 2004 is also up-to-date & supposedly
checks for spyware but I do not know if boot records are checked on a network
drive.
I thought perhaps the recent Windows Update security patches have resulted
in the older NAV not being able to get at the boot records, except that the
older NAV ran routinely and successfully on 2 occasions AFTER the patches
were applied, before the problem started occurring.
I did a thorough-mode disk-check and no disk errors were found.
Does anyone know whether this seems symptomatic of a keystroke logger or
other virus or whatever that is managing to get into the boot record & make
itself inpenetrable by NAV? or if it could be caused by the recent Win98
security patches, but with some kind of delay? or what else is happenning?
The system is an old, stable Windows 98 machine, completely up-to-date with
Windows Update, the last 2 security fixes applied were KB917344 & KB918547 on
June 23/06. Machine is used for some basic internet surfing, e-mail using
Pegasus, and word processing. No other intentional OpSys settings or other
changes (other than Windows Update) in a long time, no new applications
installed, no downloads, nothing. This machine is in a LAN with a router hub
c/w firewall. Norton Antivirus V4.04 ("Avenge" version, circa 1998) has virus
defs up-to-date, runs weekly and also autoprotects all files coming from the
internet, all apps, etc. We are very careful about not falling for phishing
ruses, opening e-mail attachments etc. E-mail is also remotely pre-filtered
for viruses and spam at the server using SpamAssassin family of products.
Problem: Suddenly. starting July 23, regular weekly automatic Norton virus
scans, which normally start by scanning boot records, now return error
messages "Drive access error: unable to read boot record" on "drive#0",
whatever that is, (Master boot record?) and subsequently (same error) on
"drive c". Additional (unscheduled, user-initiated) scans return the same
messages. Each time, pressing the "continue" button results in all files
being properly scanned, and the activity log at the end shows the scan was
successful, no viruses found, all files scanned, but it also shows that the
master boot record and the hard drive (C) boot record were NOT scanned.
That version of Norton does not check for spyware but I have also remotely
scanned that hard drive as a network drive using Norton Antivirus 2004
(V10.0.29.4) from another computer. NAV 2004 is also up-to-date & supposedly
checks for spyware but I do not know if boot records are checked on a network
drive.
I thought perhaps the recent Windows Update security patches have resulted
in the older NAV not being able to get at the boot records, except that the
older NAV ran routinely and successfully on 2 occasions AFTER the patches
were applied, before the problem started occurring.
I did a thorough-mode disk-check and no disk errors were found.
Does anyone know whether this seems symptomatic of a keystroke logger or
other virus or whatever that is managing to get into the boot record & make
itself inpenetrable by NAV? or if it could be caused by the recent Win98
security patches, but with some kind of delay? or what else is happenning?