Q: Scan with web based antivirus program stops internet connectivity

[Kompu Kid]

I am posting this on behalf of a friend who lost his internet
connectivity after scanning his computer with Panda Software's web
based scanner.

She thinks the problem is not with Panda Software but rather something
the virus(es) has done to her system.

She says Panda software found the following:

1- Virus:Trj/Riler.A Disinfected
Operating system
2- Virus:Trojan Horse No disinfected
C:\Documents and Settings\sheila\DESKTOP\May 24, 2004.rar[May 24,
2004.htm]
3- Virus:Trj/Riler.A Renamed
C:\WINNT\SYSTEM32\SynUSB.dll
4- Virus:Trj/Riler.A Disinfected
C:\WINNT\SYSTEM32\WinSSi.exe

I immediately see some questionable things above (for example, why "No
disinfected" and "Renamed", but I am not sure if these are the things
stopping her access.

She needs some guidance as to what to fix.

For example-
-- Could it be the regedit that got screwed up?
-- Are the networking files damaged?
-- Is there something still lurking on the computer?

I suggested that she check the "Hosts" file.

By the way, she is on W2K professional.
She connects to internet with a wireless PCMCI card. She is able to
connect to the wireless network, has good strength, but cannot ping
anything. Her network settings are all there correctly.

Thanks!

Deguza
[Please rely to me here, I do not accept e-mails to prevent spam.]

 

[andrucha]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

wild guess: panda is unable to repair infected files in archives.
to get shure if the system is clean you have to scan it from a clean
medium. means: ether a live-cd (knoppix would do) with newest virus
definitions or plug the hdd in a second PC (that in not infected) and
scan it.
it would be nice to see the errorcode your friend gets when she tries to
connect..

greets, ´drucha

Kompu Kid wrote:

| I am posting this on behalf of a friend who lost his internet
| connectivity after scanning his computer with Panda Software's web
| based scanner.
|
| She thinks the problem is not with Panda Software but rather something
| the virus(es) has done to her system.
|
| She says Panda software found the following:
|
| 1- Virus:Trj/Riler.A Disinfected
| Operating system
| 2- Virus:Trojan Horse No disinfected
| C:\Documents and Settings\sheila\DESKTOP\May 24, 2004.rar[May 24,
| 2004.htm]
| 3- Virus:Trj/Riler.A Renamed
| C:\WINNT\SYSTEM32\SynUSB.dll
| 4- Virus:Trj/Riler.A Disinfected
| C:\WINNT\SYSTEM32\WinSSi.exe
|
| I immediately see some questionable things above (for example, why "No
| disinfected" and "Renamed", but I am not sure if these are the things
| stopping her access.
|
| She needs some guidance as to what to fix.
|
| For example-
| -- Could it be the regedit that got screwed up?
| -- Are the networking files damaged?
| -- Is there something still lurking on the computer?
|
| I suggested that she check the "Hosts" file.
|
| By the way, she is on W2K professional.
| She connects to internet with a wireless PCMCI card. She is able to
| connect to the wireless network, has good strength, but cannot ping
| anything. Her network settings are all there correctly.
|
| Thanks!
|
| Deguza
| [Please rely to me here, I do not accept e-mails to prevent spam.]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA/kQK4waLiSSF7LURAuV4AKCGRFgTT/lomCMIt8+sY8cqjUfFywCeJ2e6
JFgMwLGFV9j7ZrTxY4/O8UE=
=QVJz
-----END PGP SIGNATURE-----

 

[Kompu Kid]

I just looked at the Knoppix site. It looks like a very interesting
and useful thing.

How do you recommend using a Knoppix CD to check and get rid of
viruses on the PC harddrive?

Are there any linux-based antivirus software that I can put on the CD
that could check the PC viruses on the infected harddrive?

Thanks!

Deguza
[Please rely to me here, I do not accept e-mails to prevent spam.]

 

[David W. Hodgins]

Regarding the loss of internet access, try lspfix.exe, which you can get from
http://www.cexx.org/lspfix.htm

How do you recommend using a Knoppix CD to check and get rid of
viruses on the PC harddrive?

Check out http://www.oreillynet.com/pub/wlg/5118

Are there any linux-based antivirus software that I can put on the CD
that could check the PC viruses on the infected harddrive?

http://www.f-prot.com/download/getfplinfree.html

Regards, Dave Hodgins

 

[Kompu Kid]

A bit of a setback for my friend Sheila. I prepared a Knoppix CD at
work and gave it to her. Her Dell Latitude won't boot with it. It
starts up, Knoppix finds the HD, etc. And of course all this time it
is working off of the CD drive. Then it says it is looking for the CD
drive. CD drive, turns and churns but nothing happens. She and I let
it spin for five minutes but, the rest of the Linux won't load.

I wonder if it is running into a driver that did not download
properly. The CD worked on my desktop at work.

Deguza

 

[Kompu Kid]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

wild guess: panda is unable to repair infected files in archives.
to get shure if the system is clean you have to scan it from a clean
medium. means: ether a live-cd (knoppix would do) with newest virus
definitions or plug the hdd in a second PC (that in not infected) and
scan it.
it would be nice to see the errorcode your friend gets when she tries to
connect..

[..]
Forgot to mention:

She is not getting any error messages. Her wireless adapter sees the
access point. Her settings are not changed a bit. But she cannot
access any web site. She cannot even ping the access point.

Deguza

 

[Duane Arnold]

(e-mail address removed) (Kompu Kid) wrote in

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

wild guess: panda is unable to repair infected files in archives.
to get shure if the system is clean you have to scan it from a clean
medium. means: ether a live-cd (knoppix would do) with newest virus
definitions or plug the hdd in a second PC (that in not infected) and
scan it.
it would be nice to see the errorcode your friend gets when she tries
to connect..

[..]
Forgot to mention:

She is not getting any error messages. Her wireless adapter sees the
access point. Her settings are not changed a bit. But she cannot
access any web site. She cannot even ping the access point.

Deguza

You should just have the person wipe the machine out and move on for a
computer that has been seriously compromised. You should have the person
secure the machine by *hardening* the O/S and use the proper tools, like
an AV and FW for a wireless connection. The person should practice safe
hex and not have happy fingers that click on everything. That's the best
you can do at this point, otherwise, you'll be chasing it until the
*cows* come home.

Duane

 

[David W. Hodgins]

A bit of a setback for my friend Sheila. I prepared a Knoppix CD at
work and gave it to her. Her Dell Latitude won't boot with it. It

Take a look at http://www.hackdiary.com/archives/2003_03.html
Apparently, with a firewire cd, if she can copy the cd to a folder on her hd,
she might then be able to boot from the cd (it should find the copy on the hd).

Did you have her try running lspfix, to see if that fixes the internet connection?

Regards, Dave Hodgins

 

[Kompu Kid]

Take a look at http://www.hackdiary.com/archives/2003_03.html
Apparently, with a firewire cd, if she can copy the cd to a folder on her hd,
she might then be able to boot from the cd (it should find the copy on the hd).

Did you have her try running lspfix, to see if that fixes the internet connection?

Well, I helped her today and she tried lspfix. And that did the trick!
She is now able to surf the net!

On her behalf I thank everybody who wrote.

She now has an antivirus program (AVG) running, Zonealarm acting as
Firewall, and a Spybot checking for unwanted spyware.

In addition to all this, she says she will use more commonsense in
sealing with downloads, and even with surfing the net.


Deguza

 

[David W. Hodgins]

Well, I helped her today and she tried lspfix. And that did the trick!
She is now able to surf the net!
On her behalf I thank everybody who wrote.

Glad it worked!!

She now has an antivirus program (AVG) running, Zonealarm acting as
Firewall, and a Spybot checking for unwanted spyware.
In addition to all this, she says she will use more commonsense in
sealing with downloads, and even with surfing the net.

Now that she's back online, point her to
http://www.claymania.com/safe-hex.html for some usefull info.

Also, as per http://www.kb.cert.org/vuls/id/713878 try to get
her to avoid using M$ patchware to view websites, or html email.
Opera, or Mozilla are good replacements.

Regards, Dave Hodgins