Virus ??

Discussion in 'Windows Desktop Systems' started by banter, Sep 6, 2003.

  1. banter

    banter Guest

    I have recently had a problem with win xp pro. Windows File Protection comes up saying a vital file has been replaced. So i entered the cd as it asks. But the message came up every few seconds. I decided just to format and re-install. But the same probelm happens again. I just left it for a while(clicking cancel) but then eventually i was unable to start windows and had to re-install. Is this a virus ?? Each time the only update i installed was the one to fix the RPC virus thing. What is happening??


    Help me please !!


    Thank you.
     
  2. Hipster Doofus

    Hipster Doofus Good grief Charlie Brown

    Messages:
    5,920
    Location:
    Melbourne Australia
    Did you format (wipe the disk) or just reinstall over the top. Formatting should have wiped out any trouble you were having unless it was a virus that got into the bios.....but that's doubtful. Check this guide out & see if that is what you did.
     
  3. banter

    banter Guest

    I booted from the xp cd and deleted the exisiting partitiion and formatted it in ntfs (Not the quick option). then installed xp.

    Could it be the service pack update that i installed both times ??
    (i doubt it would contain virus but maybe an errror)
     
  4. StormFront

    StormFront Guest

    Hola! First post here WOOHOO!
    Anyway, if it really is a virus it could still be there after a full reinstall. The real nasty virus's of the world can do one of 2 things:
    1) Write themselves to the Hidden SCSI boot sector on your hard drive
    2) Write themselves to one of the EPROMS on your motherboard.

    A good example of this is BOARDTRASH. It writes itself to the keyboard controller chip on your MOBO.
    The way to get rid of this is use a low level format utility (avaiable from your hard disk manufacturer) on the drive and totally power off the system, remove the mains lead and the battery and wait for 5 mins.
    THis should do the trick

    On the other hand, amy not be a virus at all, just a slightly dodgy (ie amaged) install disk!

    Hope this was of some use :)
     
  5. Enyo

    Enyo Moderator

    Messages:
    1,338
    There is no indication as yet that this is a virus.

    banter, could you please check the event log. You will find a message from Windows File Protection which will state the file that has been replaced and will point us in the right direction.

    StormFront, Welcome! :)

    Generally nowadays we don't seen viruses doing this. I have not come across a sample in some time that has used the "old hand" methods. Modern boards protection of EPROM and CMOS RAM is pretty good, makes its hard for malicious code to survive there.
     
  6. StormFront

    StormFront Guest

    Thanks Enyo

    As for these viruses not occuring very much these days you are right. I am however a paranoid old git.....;)
     
  7. banter

    banter Guest

    I ran sfc/scannow and then looked at the event viewer. I think the files aren't actually being deleted but it says the files have a bad signature. What could have caused windows to think they have a bad signature?? Its affecting all (or almost all) the files in system32 folder.
     
  8. Enyo

    Enyo Moderator

    Messages:
    1,338
    If SFC cant verify the signature it could be that the Cryptographic Services service is not running, ensure that it is. Windows cant do signature checking without this.
     
  9. banter

    banter Guest

    the crypo service is running
     
  10. Enyo

    Enyo Moderator

    Messages:
    1,338
    Run SFC /purgecache and then run SFC /scannow again
     
  11. banter

    banter Guest

    I ran purgecache and then scannow put the messages still come up.

    I had to format then re-install, just to start my computer up. I don't know if the messages are do to with this problem.

    But please if you have anymore ideas


    Thanks