D
Dawntreader688
Sorry for being unclear, I'll try and keep this precise and tight.
When I worked as a tech I would have written off my problem as som
paranoid that thinks a red light on the Cable Decoder means a camera i
watching him. The only way you will know I'm not, is to resolve thi
problem, or keep calling in help until it's solved. Affer all, if
drive is really clean, the bios is not infected, and the install CD i
not counterfeit, it would follow that an install MUST be good.
I would NEVER go onto the net without at least the SP2 firewall just t
get me to M$ Update, and purchased a M$ XP Pro SP2 CD last week, t
avoid being on the net PERIOD while I did an install. At this point
dumping another $175.00 into this is a small problem. All newor
cables are unplugged, Linkysy gateway router/firewall and RCA cabl
modem powered down. Any more secure, and I'd be sitting in a Farada
Cage.
Due to my inability to determine the method used to compromise m
system, I "broke into the middle of setup" by doing the following.
Clean wipe, start setup from CD on unpartitioned media, allow setup t
run until the reboot point after the files have been transfered fro
the CD. At THAT reboot point, instead of allowing the setup process t
reboot from the Hard drive, I restarted from CD, and entered Recover
Console, at which point I noted the listed files. After making notes
I allowed the setup process to continuere by rebooting.
The malware infestation occured BEFORE connection to the internet, o
to any network at all, or even any cable plugged into the network card
The machine had no connection to any other machine or hardware at tha
point.
The 18 of 22 who also have these issues are coast to coas
corespondents of mine, and we DO NOT have any shared network, softwar
or media in common. My own network is sitting in a stack behind me.
As for IT, I've been unable to find anybody local at the ubergeek leve
that really knows XP (or let's be honest, it's really NT with ne
paint) and is willing to work for $500 a day.
I've got Norton 2005 on CD, Ghost, and Partition Magic also lates
versions. I've been running SbyBot, Ad-Aware, and the AOL version o
McAffee for a couple years with a few incidents of infection. SpyBot
Ad-Aware, CWShred, HJT (That Dutch kid ever comes to Seattle, he won'
have to spend a dime), and all the rest including Panda, Trend Micro
McAffee, Symantic, and every other scanner I can locate mostly turn u
no clues, Ad aware caught bad ADS (Alternate Data Streams) a time o
two, and ADSpy nailed 80 bad streams on the first machine I tried t
clean. I must be missing something that will be obvious, but I may b
too close to the problem.
No, not all at once. I've reformatted DoD three pass on severa
different drives, half a dozen times, and avoid installing program
that will clash.
But, I don't have any problem going back through all the steps wit
you, and not taking even one little "I've been doing this for 20 year
so I know" shortcut. I've been on your side of the drill far too man
times.
One aside. The machine I'm on the net with now has most service
turned off, and security settings screwed down so tight that byte
squeek when they leave, so isn't the best candidate for a test, but
am sending the hijack this logs, that said. If you care to continue
I'll set up another machine, and walk this all the way through, th
only contact the new machine will have with the outside world i
Factory CDs, and "use once" new factory format floppys to transfer an
created logs.
I've seen others with the same problem doing a google search fo
"imposta felrak" and for the most part, they give up because they ar
laughed off the net when they describe their problem. Getting rid o
this bug is not a problem, since a factory BIOS and new HD will cur
anything. At least, until somebody figures out how to write to all th
smart new devices we plug into our computers. What I want to do, is t
undersand what's happening to the machines I have that are infected
and find out why I can't clean them. So far, Microsoft and Symanti
have been of no help, and my pool of local talent is stumped.
Shall we continue?
Log to follow:
When I worked as a tech I would have written off my problem as som
paranoid that thinks a red light on the Cable Decoder means a camera i
watching him. The only way you will know I'm not, is to resolve thi
problem, or keep calling in help until it's solved. Affer all, if
drive is really clean, the bios is not infected, and the install CD i
not counterfeit, it would follow that an install MUST be good.
I would NEVER go onto the net without at least the SP2 firewall just t
get me to M$ Update, and purchased a M$ XP Pro SP2 CD last week, t
avoid being on the net PERIOD while I did an install. At this point
dumping another $175.00 into this is a small problem. All newor
cables are unplugged, Linkysy gateway router/firewall and RCA cabl
modem powered down. Any more secure, and I'd be sitting in a Farada
Cage.
Due to my inability to determine the method used to compromise m
system, I "broke into the middle of setup" by doing the following.
Clean wipe, start setup from CD on unpartitioned media, allow setup t
run until the reboot point after the files have been transfered fro
the CD. At THAT reboot point, instead of allowing the setup process t
reboot from the Hard drive, I restarted from CD, and entered Recover
Console, at which point I noted the listed files. After making notes
I allowed the setup process to continuere by rebooting.
The malware infestation occured BEFORE connection to the internet, o
to any network at all, or even any cable plugged into the network card
The machine had no connection to any other machine or hardware at tha
point.
The 18 of 22 who also have these issues are coast to coas
corespondents of mine, and we DO NOT have any shared network, softwar
or media in common. My own network is sitting in a stack behind me.
As for IT, I've been unable to find anybody local at the ubergeek leve
that really knows XP (or let's be honest, it's really NT with ne
paint) and is willing to work for $500 a day.
I've got Norton 2005 on CD, Ghost, and Partition Magic also lates
versions. I've been running SbyBot, Ad-Aware, and the AOL version o
McAffee for a couple years with a few incidents of infection. SpyBot
Ad-Aware, CWShred, HJT (That Dutch kid ever comes to Seattle, he won'
have to spend a dime), and all the rest including Panda, Trend Micro
McAffee, Symantic, and every other scanner I can locate mostly turn u
no clues, Ad aware caught bad ADS (Alternate Data Streams) a time o
two, and ADSpy nailed 80 bad streams on the first machine I tried t
clean. I must be missing something that will be obvious, but I may b
too close to the problem.
No, not all at once. I've reformatted DoD three pass on severa
different drives, half a dozen times, and avoid installing program
that will clash.
But, I don't have any problem going back through all the steps wit
you, and not taking even one little "I've been doing this for 20 year
so I know" shortcut. I've been on your side of the drill far too man
times.
One aside. The machine I'm on the net with now has most service
turned off, and security settings screwed down so tight that byte
squeek when they leave, so isn't the best candidate for a test, but
am sending the hijack this logs, that said. If you care to continue
I'll set up another machine, and walk this all the way through, th
only contact the new machine will have with the outside world i
Factory CDs, and "use once" new factory format floppys to transfer an
created logs.
I've seen others with the same problem doing a google search fo
"imposta felrak" and for the most part, they give up because they ar
laughed off the net when they describe their problem. Getting rid o
this bug is not a problem, since a factory BIOS and new HD will cur
anything. At least, until somebody figures out how to write to all th
smart new devices we plug into our computers. What I want to do, is t
undersand what's happening to the machines I have that are infected
and find out why I can't clean them. So far, Microsoft and Symanti
have been of no help, and my pool of local talent is stumped.
Shall we continue?
Log to follow: