Comp virus or gremlin?
#1
Comp virus or gremlin?
I have a PC running WinXP Prof, ADSL dialup with XP firewall activated and Norton AV updated regularly. Recently, lost my internet dialup connection suddenly and in the connection setup wizard, the modem and dialup broadband options were blanked out, leaving only the always-on option available, which refused to change even when I reloaded Windows. The only solution that worked was a format and clean reboot, where during the setup process, I was asked to select the type of internet connection I have. So someone or something has managed to change this setting, which I can only access during a new bootup apparently. I have heard that some virus can disable a PC's internet access to prevent downloading of antivrus antidote, is this how they do it?
Another strange thing that happened to my PC before this is the auto loading of MSN Messenger every few minutes, filling up my tray with its icons unless I open it and let it run. I have disabled the autostart feature of the program, so it is starting on its own.
I suspect a possible gremlin besides a virus as once I lost the use of the CD-rom on my PC and upon opening up the case, the power supply to it had been pulled out. I installed that myself and I know how tight the connection is, so it couldn't have just fallen out by itself, someone has to really pull the plug. (OK, it could have worked loose with all the vibrations of the drive, but unlikely) Nobody else in the house is PC savy enough to open the case to mess inside. On another occasion, the drive letters for my storage devices got changed by itself without any changes to the physical setup. I have a hard disk configured as C: and D: and a zip as E:, somehow the Zip came in between as D:. Again, this can only be done through the BIOS setup, which only I can manage in the house. The strongest physical evidence of a gremlin in the house was when a chest of drawers crashed to the floor from its perch against the wall. No one was in the room, I heard the noise and rushed in immediately, nothing. It was heavy and there is not enough clearance from the wall for it to be just pushed over. Strange.
Another strange thing that happened to my PC before this is the auto loading of MSN Messenger every few minutes, filling up my tray with its icons unless I open it and let it run. I have disabled the autostart feature of the program, so it is starting on its own.
I suspect a possible gremlin besides a virus as once I lost the use of the CD-rom on my PC and upon opening up the case, the power supply to it had been pulled out. I installed that myself and I know how tight the connection is, so it couldn't have just fallen out by itself, someone has to really pull the plug. (OK, it could have worked loose with all the vibrations of the drive, but unlikely) Nobody else in the house is PC savy enough to open the case to mess inside. On another occasion, the drive letters for my storage devices got changed by itself without any changes to the physical setup. I have a hard disk configured as C: and D: and a zip as E:, somehow the Zip came in between as D:. Again, this can only be done through the BIOS setup, which only I can manage in the house. The strongest physical evidence of a gremlin in the house was when a chest of drawers crashed to the floor from its perch against the wall. No one was in the room, I heard the noise and rushed in immediately, nothing. It was heavy and there is not enough clearance from the wall for it to be just pushed over. Strange.
#2
Sounds to me like you have a poltergeist
BTW it is possible to change the drive letter mappings in Disk Managment in Windows XP.
Alot of the things you mentioned above could be considered coincidence, but there are things that I am not sure about.
Darren
BTW it is possible to change the drive letter mappings in Disk Managment in Windows XP.
Alot of the things you mentioned above could be considered coincidence, but there are things that I am not sure about.
Darren
#4
I know it is possible to do some or all of the things I mentioned on the PC through human input, but the thing is, I didn't do it, so it has to be a external virus or hacked or a gremlin.
The drive letter change occured on the computer when it was still running Win 98 SE, was it possible then? Didn't know that.
My remote can't change the neighbor's TV, but I have a watch with built-in infra-red remote control for most major brands which I used to turn off TV's at public places. It was fun to watch the guy keep turning on his TV every time it died mysteriously.
The drive letter change occured on the computer when it was still running Win 98 SE, was it possible then? Didn't know that.
My remote can't change the neighbor's TV, but I have a watch with built-in infra-red remote control for most major brands which I used to turn off TV's at public places. It was fun to watch the guy keep turning on his TV every time it died mysteriously.
#5
lokokkee,
The drive letters could not be changed in Windows 98 unless you had a Iomega Zip disk installed from what I remember. Of course they could still be change in the BIOS though.
Have you considered setting an obscure password on the machine. Then monitor failed attempts or setup a camera?
Darren
The drive letters could not be changed in Windows 98 unless you had a Iomega Zip disk installed from what I remember. Of course they could still be change in the BIOS though.
Have you considered setting an obscure password on the machine. Then monitor failed attempts or setup a camera?
Darren
#6
could be a hacker has gained access and doing it all remotly . i see you havnt got any firewalls up! dont even bother with xp firewall its useless. get a proper firewall sombody tried to access my computer three times through a back door lucky i had nortan firewall up since then nobodys tried to access my computer
#7
Trending Topics
#8
Darlodge, the zip drive was assigned e: when installed and then changed to d: all by itself. Can BIOS be assessed when Win98 is running or just on startup only? Looks like someone have to hack into my comp, do a remote restart, change the drive letters, save the changes and reboot, as cong suggested. Surely to pull out the drive power supply would be beyond any remote hacking program. Set up a camera to do what? Capture the gremlin on video? I have ruled out possible human intervention within the house as the missus and the maid are completely computer illiterate, the latter probably saw her first computer when she first started working for us. The children are comp users, but those things are beyond their level of competence, besides, if the comp is fouled up, they can't play their games, so it is a greater loss to them. If it is due to virus, surely others would have come across the same experience and my AV scans keep coming up negative.
Cong, I was only able to reset my internet connections setting by doing a clean reboot, after re-installing failed to salvage the situation. I am only a private home user, why would a hacker go to such an elaborate extent to fool around with my computer? I have previously installed zone alarm, but it keeps sounding alerts every 5 minutes or so, so deleted it after a while and relied just on Norton AV. Putting it back on now and see what is happening.
Cong, I was only able to reset my internet connections setting by doing a clean reboot, after re-installing failed to salvage the situation. I am only a private home user, why would a hacker go to such an elaborate extent to fool around with my computer? I have previously installed zone alarm, but it keeps sounding alerts every 5 minutes or so, so deleted it after a while and relied just on Norton AV. Putting it back on now and see what is happening.
#9
The BIOS can only be obtained during the start up of the PC. During the POST (Power On Self Test) tests. There is no way a remote hacker would be able to obtained access to your BIOS as the moment your machine was disconnected to the Internet the remote session (if you have one) would be lost.
Also, devices such as Printers, modems, Network cards, etc. would not function until your PC is loaded into Windows. This means it is impossible for your PC to be administered remotely as it does not have any means to connect to the Internet.
The power lead that became disconnected is most likely coincidence as I said before. There is no way a hacker could do this.
Have you run the online virus checker from Trend Micro?
Hackers generally only go for the 'bigger fish' but as these are far harder to hack into they sometimes try the general home users just incase there is a gapping hole in their PC's. 9 times out of 10 they would get nothing, but if they get 1 PC they are laughing.
When you say you have previously installed zone alarm, but it keeps sounding alerts every 5 minutes or so. What kind of alerts. Generally with Firewalls they take a few weeks to get used to the kind of Internet traffic you have and then they remember and don't alert you until something out of the blue happens, such as a hacker trying to obtain access to your PC from your IP address.
Darren
Also, devices such as Printers, modems, Network cards, etc. would not function until your PC is loaded into Windows. This means it is impossible for your PC to be administered remotely as it does not have any means to connect to the Internet.
The power lead that became disconnected is most likely coincidence as I said before. There is no way a hacker could do this.
Have you run the online virus checker from Trend Micro?
Hackers generally only go for the 'bigger fish' but as these are far harder to hack into they sometimes try the general home users just incase there is a gapping hole in their PC's. 9 times out of 10 they would get nothing, but if they get 1 PC they are laughing.
When you say you have previously installed zone alarm, but it keeps sounding alerts every 5 minutes or so. What kind of alerts. Generally with Firewalls they take a few weeks to get used to the kind of Internet traffic you have and then they remember and don't alert you until something out of the blue happens, such as a hacker trying to obtain access to your PC from your IP address.
Darren
#10
Darren, thanks for the reply. It seems to rule out remote hackers for some of the strange things that happened. When I installed zone alarm the last time, it was warning me of attempted access to my PC, and when I tried to trace the source, usually got no where, so deleted it after a few days. Will be putting it again, as well as trend micro. Just installed the latter in another PC and caught 4 virus in the internet temporary file that apparently escaped Norton AV's defence. Just got to be more vigilant from now on.
#12
Cong,
I never said it couldn't. I said
.
Changing drive letters in Windows Xp (and 2000) its a peice of pi$$.
Darren
I never said it couldn't. I said
The drive letters could not be changed in Windows 98 unless you had a Iomega Zip disk installed from what I remember. Of course they could still be change in the BIOS though.
Changing drive letters in Windows Xp (and 2000) its a peice of pi$$.
Darren
Last edited by darlodge; 16 March 2004 at 11:34 AM.
#14
sorry just correcting and confirming that it can be done from within windows darlodge. still cant be all coincidence wtih all the stuff going on best be safe with a firewall i never thought i would get a virus and then found out my computer had 2 viruses lovesan b and c! bloody irritating then found out sombody was accessing my ip address and tryng to hack through a backdoor trojan! lucky by then i had norton firewall up and runing and blocked it but the hackers dont need a exscuse to hack they do because they can
#15
Just had a look at my other Win98 machine. There is no facility like disc management as in XP that allows easy drive letter changes. Makes it a bit harder for a hacker to do it remotely.
Further strange thing just hit me. After a clean reboot, I have problems with my Norton AV, which now refuses to be enabled, even though I have deleted a worm virus which it detected. Also, my Creative DVD +-RW drive now can't read audio and rom (program) cds, while DVD works fine. It worked perfectly before the reboot. Going to try a bootable disk like Win XP to see if it is a software or hardware problem. Hate having to do another clean reboot so soon after reinstalling all my programs.
Further strange thing just hit me. After a clean reboot, I have problems with my Norton AV, which now refuses to be enabled, even though I have deleted a worm virus which it detected. Also, my Creative DVD +-RW drive now can't read audio and rom (program) cds, while DVD works fine. It worked perfectly before the reboot. Going to try a bootable disk like Win XP to see if it is a software or hardware problem. Hate having to do another clean reboot so soon after reinstalling all my programs.
#16
You can change drive letters within windows 98 - its very easy.
Change Drive letter
Run the Registry Editor (REGEDIT.EXE).
Open one of the following branches, depending on the type of device you wish to
configure (your system may vary):
For all SCSI devices, and most non-SCSI CD-ROM drives, open
HKEY_LOCAL_MACHINE\ Enum\ SCSI.
For IDE hard disks, open HKEY_LOCAL_MACHINE\ Enum\ ESDI.
For standard floppy drives, open HKEY_LOCAL_MACHINE\ Enum\ FLOP.
Expand the branch of the SCSI device you wish to configure, and click on the key
under that device (if you have two of the same device, there will be two keys here).
Double-click on the string value called UserDriveLetterAssignment (create it if it's
not there by selecting New and then String Value from the Edit menu).
In the box that appears, type the desired drive letter once, in all caps (example:
type NN to configure this drive to use N.
Next, double-click on the string value called CurrentDriveLetterAssignment.
In the box that appears, type the desired drive letter once, in all caps - if this device
is partitioned into more than one logical drive, include all drive letters (example: type
CEFG to configure this drive to use C:, E:, F:, and G.
Close the registry editor when finished, and restart your computer immediately for
this change to take effect.
Change Drive letter
Run the Registry Editor (REGEDIT.EXE).
Open one of the following branches, depending on the type of device you wish to
configure (your system may vary):
For all SCSI devices, and most non-SCSI CD-ROM drives, open
HKEY_LOCAL_MACHINE\ Enum\ SCSI.
For IDE hard disks, open HKEY_LOCAL_MACHINE\ Enum\ ESDI.
For standard floppy drives, open HKEY_LOCAL_MACHINE\ Enum\ FLOP.
Expand the branch of the SCSI device you wish to configure, and click on the key
under that device (if you have two of the same device, there will be two keys here).
Double-click on the string value called UserDriveLetterAssignment (create it if it's
not there by selecting New and then String Value from the Edit menu).
In the box that appears, type the desired drive letter once, in all caps (example:
type NN to configure this drive to use N.
Next, double-click on the string value called CurrentDriveLetterAssignment.
In the box that appears, type the desired drive letter once, in all caps - if this device
is partitioned into more than one logical drive, include all drive letters (example: type
CEFG to configure this drive to use C:, E:, F:, and G.
Close the registry editor when finished, and restart your computer immediately for
this change to take effect.
#17
disabling virus programs is a very common activity of Viruses.
What version of Norton are you using and is it up to date?
Suggest you run another copy of Trend Micro suite or purchase an up to date virus program. Mcafee is very good.
Darren
What version of Norton are you using and is it up to date?
Suggest you run another copy of Trend Micro suite or purchase an up to date virus program. Mcafee is very good.
Darren
#18
So it is possible to change drive letters from Win98, but it is definitely beyond me and if some hacker took the trouble to get control of my comp just to do that, he is wasting his time. Could have done lots more damage to show that he can, as that's the ego thing for most non-commercial hackers. If he is a commercial hacker, he should have left things as they were after going through the files and got what he is looking for, and not leave a suspicious trail of his actions.
I am running Norton System Works for WinXP, which was updated immediately upon reboot and installation. The Norton AV program was unable to remove the worm virus, so I downloaded the removal program from Norton and got rid of it (apparently), but my programs start to act funny after that.
Just tested the DVD+_RW drive again booting the WinXP in startup, works fine, so it is Win software problem that prevents it from reading audio and CD-rom. Ran through the Norton diagnostics as to why the enable function is disabled. No joy. So another all night session of backing up, reboot and reinstall then.
I am running Norton System Works for WinXP, which was updated immediately upon reboot and installation. The Norton AV program was unable to remove the worm virus, so I downloaded the removal program from Norton and got rid of it (apparently), but my programs start to act funny after that.
Just tested the DVD+_RW drive again booting the WinXP in startup, works fine, so it is Win software problem that prevents it from reading audio and CD-rom. Ran through the Norton diagnostics as to why the enable function is disabled. No joy. So another all night session of backing up, reboot and reinstall then.
#19
lightening101 another dos hacker!!! or has too much time on his hands like me! use to know how to use dos properly but ive forgotten and a registery changer too! i try not to play about with my registry. changed my xp number trying to deactivate the 30 day time limit..buggered up my system
#20
The saga continues ( a long story)
After the previous clean reboot, my PC has came under 'attack' again, this time more vicious than the previous one. I have a primary 40 g HDD partioned into c: for WinXP Pro mainly and d: for other programs, and a secondary 80 g HDD for my data. One fine afternoon, after returning from work (the PC is left on, as my children is usually downloading stuff from the net), the monitor went blank even after reactivation from energy saving mode. Rebooting was no help, as no video signal was received, i.e. no BIOS startup screen at all.
Thought probably the video card, took it down to the PC shop and have them test the card. It was OK, so suspect the motherboard. Unfortunately, mine was an Intel 450 board running Rambus ram and an Intel 423 pin 1.4 ghz P4, which is no longer in production. So forced to swap the board, new memory ram and a 2.4 ghz P4. The shop tested them first, BIOS failed to boot properly, so changed from a 350 watts PSU to a 450 watts one as well and problem solved.
Went home, assembled the new parts, started the PC. This time, BIOS screen came on, but Win XP can't boot up. All the hard drives were listed in the BIOS, so no need to press panic button yet, probably just need to reinstall Win XP. However, during installation, it warned that Win XP can't be installed on my present partition. Slight panic, going to lose my users settings if I have to do a clean install, so took the hard disks and slaved to the office PC hoping to backup the info first. No such luck, as the office PC cannot read the drives at all. WinXP cannot find them, even though they were listed in the BIOS. Ran through Partition Magic and found that the partitions of both drives have been changed. To have one drive corrupted is quite common, but to have both partitions gone is more than coincidence. Major panic, as that means the data on the 80 g HDD is going to be lost.
Never mind, worry about that later. Partitioned and formatted the first 40 g drive and reinstalled Win XP. This worked fine, so installed Norton System Works, updated Antivirus, downloaded Zone Alarm and left to go to work. Came back, monitor went blank again, so cursed and sweared, not again! This time, problem traced to no power from the UPS. So unplugged the PC cable and connected it straight to the plug point. Pop went the circuit breaker. Damage - 1 brand new 450 watts PSU went up in smoke, one lightning surge protector blown. Went back to the shop, upgraded to a 'deluxe' unit costing more than twice the cheapo model. So now I have two spare PSU's, the old 350 watts unit and another brand new 450 watts cheapo unit replaced under warranty.
Now to confront the 80 g data HDD. Consulted some experts and tried out some disk utility programs from the net and found one that can recover my files. So bought the licence online and saved the files to the 40 g drive. Worked like a charm, so repartitioned the drive and got it to work.
I have another 40 g mini HDD in an USB2 sleeve that my son uses to store his work. This is only connected to the PC when needed and surprise, surprise, the partition is also fouled up. So have to go through the recovery process one more time, but got to get some sleep first. Hope to wake up and find that all these nasty happenings is just a bad dream.
Thought probably the video card, took it down to the PC shop and have them test the card. It was OK, so suspect the motherboard. Unfortunately, mine was an Intel 450 board running Rambus ram and an Intel 423 pin 1.4 ghz P4, which is no longer in production. So forced to swap the board, new memory ram and a 2.4 ghz P4. The shop tested them first, BIOS failed to boot properly, so changed from a 350 watts PSU to a 450 watts one as well and problem solved.
Went home, assembled the new parts, started the PC. This time, BIOS screen came on, but Win XP can't boot up. All the hard drives were listed in the BIOS, so no need to press panic button yet, probably just need to reinstall Win XP. However, during installation, it warned that Win XP can't be installed on my present partition. Slight panic, going to lose my users settings if I have to do a clean install, so took the hard disks and slaved to the office PC hoping to backup the info first. No such luck, as the office PC cannot read the drives at all. WinXP cannot find them, even though they were listed in the BIOS. Ran through Partition Magic and found that the partitions of both drives have been changed. To have one drive corrupted is quite common, but to have both partitions gone is more than coincidence. Major panic, as that means the data on the 80 g HDD is going to be lost.
Never mind, worry about that later. Partitioned and formatted the first 40 g drive and reinstalled Win XP. This worked fine, so installed Norton System Works, updated Antivirus, downloaded Zone Alarm and left to go to work. Came back, monitor went blank again, so cursed and sweared, not again! This time, problem traced to no power from the UPS. So unplugged the PC cable and connected it straight to the plug point. Pop went the circuit breaker. Damage - 1 brand new 450 watts PSU went up in smoke, one lightning surge protector blown. Went back to the shop, upgraded to a 'deluxe' unit costing more than twice the cheapo model. So now I have two spare PSU's, the old 350 watts unit and another brand new 450 watts cheapo unit replaced under warranty.
Now to confront the 80 g data HDD. Consulted some experts and tried out some disk utility programs from the net and found one that can recover my files. So bought the licence online and saved the files to the 40 g drive. Worked like a charm, so repartitioned the drive and got it to work.
I have another 40 g mini HDD in an USB2 sleeve that my son uses to store his work. This is only connected to the PC when needed and surprise, surprise, the partition is also fouled up. So have to go through the recovery process one more time, but got to get some sleep first. Hope to wake up and find that all these nasty happenings is just a bad dream.
Thread
Thread Starter
Forum
Replies
Last Post