Virus problems seem to be multiplying faster than ever!

 My own computers run anti-virus checks regularly but an odd E-mail prompted me to check again. All clear was the result, but as the latest generation of viruses are very specific when it comes to their detection, I had to load the very latest definition files before W32.Badtrans.B@mm was revealed. Even after it had been dealt with it popped up again twice more and I had to try several times before the originating file could be deleted manually.

 

A recent visitor to the workshop was a computer that had Norton Anti-Virus but it was 71 days old. This had persuaded the owner that she was was safe from invasion but a check of the hard drive in my test computer revealed 37 virus infections! Unfortunately the older version of Norton had insisted on some suspect files being deleted and this had virtually brought the machine to a stop as the applications concerned were pretty basic. After a lot of fiddling the latest virus definition files were in place and the missing exe files had been replaced.

 

There were two customer's computers which had been invaded by viruses on the bench this week (beginning of November) not counting my own. Dealing with the last first, I decided to check a few of my old "system" disks against an updated Norton Anti-Virus and found to my surprise, that despite regular checks, two of the disks were infected.
The first had been produced by a customer some time ago when he had complained of a boot-up problem and had copied his CONFIG.SYS and AUTOEXEC.BAT to a floppy for me to check. At the time I presumed they were OK but today I was informed that "SAMPO" was present (that's a vintage virus).
A second disk, would you believe, an ancient copy of "VET" the Australian anti-virus, around a few years ago, had "Trojan.bat.quickformat". I wonder how many computers I infected with this one!!

 

Anyway back to the two computers that arrived on the bench this week.
The first (Repair F240) was having a problem with E-Mails.
The owner could no longer find his "Address Book" in Outlook Express.
Other odd intermittent problems were also mentioned.
I removed his hard drive and fitted it in my removeable hard drive cradle in my test computer. Strangely, although it was recognised correctly in the BIOS, it would not work as "Master" on the secondary IDE bus and stopped the computer booting up. Maybe this was a side effect of the viruses? There were no other drives present on the bus, and without much hope of success, I set the jumper as "Slave". Surprisingly it worked and I was able to read the drive and I found 91 infected files.

There were four different virus types present, three of which were similar. These were:- W95.MTX; W95.MTX (dll); W95.MTX.dr and Wscript.KakWorm.dr. Most of the commonly used EXE and DLL files were infected, hence the computer was now failing in a big way.

 

The second (Repair F243) was a machine that had suddenly started to misbehave, eventually failing to boot up. Is this because the day plus the month equalled "13" or just a coincidence? When I tried it, the thing crashed just after the graphics drivers had been loaded in the Windows Drivers section of boot-up. A message "Error loading gdi.exe" was displayed which is not terribly informative and not a lot of use to a normal computer user especially when loading a new version of the file did absolutely nothing to improve matters.


After subjecting the hard drive to a search in my test computer it came up with only a single virus affecting two files. That was "JS.Search", which I'd not come across before. Norton quarantined the thing but the computer still wouldn't boot up even though I loaded a fresh version of the rogue EXE file. Clearly there was more to this than Windows was letting on.
I initially loaded a previous version of a known good Registry, which didn't help in the slightest, then reloaded Windows 98 with fingers crossed. Fortunately it found all the necessary drivers; something not all computers manage to do successfully, and after this, everything was back to normal.

Goodness knows what people are supposed to do these days, even if they have Norton on their machine, because unless it's absolutely up-to-date, it certainly won't catch specific examples of the latest generation of viruses if they're not in the definition files. The last machine had Norton and the owner said it couldn't be a virus because this was so. When I checked however, his version had only 10,000 definitions instead of the current 58,000 or so!
There seems to be a regular stream of customers coming in lately with similar complaints!

 

As a postscript I heard from my nephew on the Wirral the other day.
I knew that Freeserve had bounced 9 E-Mails I didn't knowingly send, all addressed to him.
He said he'd found another 24 that had got through the net, in a second E-Mail account that must have got there, either before Freeserve shut the door to EXE attachments, or which had slipped through because they were a different type… I haven't enquired yet.

 

Now it's July 2002. I started this page over a year ago...

Saturday... 10 e-mails arrive. Norton gets very excited and suggests I quarantine them.

I looked on their website and checked the characteristics of W32 whatever... It says that the sender is disguised. I right click a sample mail addressee and there, buried in the coding is the name of the true sender. Totally oblivious to what had been going on of course.

Two days later I got a phone call. Allan can you help. We seem to have got a virus. Customers are ringing us up and askinbg us not to send any more e-mails! Sure enough it's the rogue machine that sent me my 10.

I fitted the hard drive to my test computer and scanned it. 4 basic viruses (2 types), 99 files with viruses attached and about 1000 files that had been corrupted beyond use.

Do you have Norton Anti-Virus?

It came with the computer.

Have you kept it up-to-date?

What do you mean?

There's the answer.

I get the same story approximately once a week.

The other day I had an interesting one. Not content with waiting till the computer went on-line to ply its trade. This one would suddenly dial up by itself. I caught it when I was talking on the phone. What's that noise?, I asked, before the penny dropped. That owner is South African and gets lots of mail from down under.

Not always from friends afar. One customer arrived with a virus-disabled computer. It wouldn't boot up. Have you had any suspicious e-mails lately? I had one from a lady in a Government Office in the USA she said. It looked funny and an attachment name invited me to look at what it said. The computer hasn't worked since.

Not that I'm suspicious about the origin of viruses.... I once downloaded a sample of a program that claimed to let you know when an outside agency tried to access your computer.

I tried it out and instantly got an alarm.

This happened lots of times. I looked at the information about the interloper...

Funny... buried in the data was a little clue

It was the same Company doing the interloping that was trying to sell me the program...

I wish I'd thought of it first...

 

Return to computer repair stories