popsters who think they have the Serflog.C

[David H. Lipman]

If you have a suspect file sample...

Please submit the suspect file to Virus Total ASAP --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against several different AV vendor's scanners.
Unless you indicate otherwise, the sample will be shared amongst the various AV vendors.

Another way to submit is to send the suspect file to the following email address
scan<at>virustotal.com
{ replace <at> with @ } with only the word SCAN as the subject.

Please post back the EXACT results.

 

[David H. Lipman]

Popsters ? { He, he }

I meant "Posters" -- Sorry !

 

[GM]

Popsters ? { He, he }

I meant "Posters" -- Sorry !

Well that's useless, you can't 'unhide' files with the virus, as the virus
controls everything in that respect...

The files are hidden, and there's about 15 of them.

 

[David H. Lipman]

From: "GM" <[email protected]>

|
| Well that's useless, you can't 'unhide' files with the virus, as the virus
| controls everything in that respect...
|
| The files are hidden, and there's about 15 of them.
|

No file is totally "hidden" !

If it is Win2K/WinXP you can use Safe Mode with Command Prompt or through the Command
Console
(if the Command Console was installed via; i386\winnt32 /cmdcons )

If it is Win9x/ME -- boot form a OS generated EBD or other DOS Boot Disk.

If it is Win2K/WinXP using FAT32 -- boot form a OS generated EBD or other DOS Boot Disk.

 

[GM]

No file is totally "hidden" !

If it is Win2K/WinXP you can use Safe Mode with Command Prompt or through
the Command
Console
(if the Command Console was installed via; i386\winnt32 /cmdcons )

If it is Win9x/ME -- boot form a OS generated EBD or other DOS Boot Disk.

If it is Win2K/WinXP using FAT32 -- boot form a OS generated EBD or other
DOS Boot Disk.

I appreciate your response, however:

Yes they are. The virus will halt any command prompt.

You *cannot* access from 'dos', or xp's updated version of it, as the virus
has locked all files; you will only get 'access denied' when trying to
access it through a boot-disk/xp-repair console.

This virus is well thought out, and rather nasty.

You can access c:\windows, but nothing else, and yes i was using
administrator privelages...

 

[What's in a Name?]

I appreciate your response, however:

Yes they are. The virus will halt any command prompt.

You *cannot* access from 'dos', or xp's updated version of it, as the virus
has locked all files; you will only get 'access denied' when trying to
access it through a boot-disk/xp-repair console.

This virus is well thought out, and rather nasty.

You can access c:\windows, but nothing else, and yes i was using
administrator privelages...

Have you tried Killbox or Copylock? I have links on my site.
-max