General discussion

Locked

Any Soyo Barebones Builders Lately?

By cglrcng ·
If you recently purchased a Barebones system BB-SY-A33E4 to build for personal or for a customer...Do not use the Mobo driver disk included w/ the barebones pack (or the disk included w/ the SY-K7VME Mobo sold separately), unless you also immediately download from the disk, install & run the Panda AV 30 day trial right away as 1 of the 4 programs on that CD disk is actually infected w/ the virus Natas.4744, which is an overwriting, full stealth, polymorphic, encrypting, memory resident, multi-partite virus. This virus infects .COM and .EXE files, as well as the hard disk Master Boot Record (MBR) and diskette boot sectors. Natas.4744 is a very fast infector.

Upon infection, Natas.4744 becomes memory resident as a Terminate-and-Stay Resident. The virus hooks interrupts 13 and 21", according to both McAfee & Panda....I warn because Norton doesn't find the virus and their write-up treats that virus as a hoax virus....Can anyone figure out that? Anyone have experience w/ this particular virus? I understand its been around since 1998.

I'm sure there are more than just a few of these infected disks out there in the world by now as the BB system has been a very hot seller. got mine from Tig Dir online to build for my son as an X-mas gift and loaded up the Panda trial AV (just to see what the trial offered), which found it not only on the brand new Maxtor HDD, but also on the CD still in the drive during the install scan.

Lucky for me it wasn't a machine for a customer as I would have installed NSW which does not include or find this particular nasty.

Just thought I'd warn the community.

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by machinegun_kelly In reply to Any Soyo Barebones Builde ...

Hmm interesting, Have you scanned the disc from another machine. Natas could of already made its way into local memory and started its rapid deception. IF you got that driver disk out of your MoBO box from Soyo. I'd sue for the malicous acts of their intentions. Even if they are that stupid to have an "Old School" virus on their chipset driver disk. They gotta know of it's existance if its really there. You need to spread this as much as possible, like to Soyo for starters. Have an attorney give them a call, cause if they don't have re-call in effect and some warnings at their web site then some things gotta change here. They should settle by paying your attorney fee's and $300 for your time dealing with this act of imcompentency. Call techTV to get some good help spreading this news.

Collapse -

by cglrcng In reply to Any Soyo Barebones Builde ...

Someone isn't that smart as the Virus IS ON the original chipset disk in a file of the disk imaging program (one of 4+ programs on the disk besides the Drivers and Panda Titanium AV included as 1 of the 4 programs).

Stupid me, I installed the disk imaging program first, restarted then for kicks as it was a machine I was building for my son for X-mas instead of a customer (I always use Norton System Works for customer machines as I need the utilities on there). I followed up w/the Panda install and wham the install scan option found it both on the drive in a file of the disk imaging program & on the Driver disk CD in the same file of the same program. Panda cleaned it off the drive it said, but of course it can't from the CD. All other scans came up clean thereafter on the drive, always finds it on the CD driver disk if checked w/ Panda...Strange thing though, is that Norton doesn't see it on the CD, the Symantec site lists it as a hoax virus and not included in it's NAV virus database, yet every other AV site I go to shows it as one real bad yet old virus.

I tried to contact Soyo by e-mail immediately (got the normal return e-mail, we'll get back to you in 48 hrs. or less, that was last Saturday night, and no news yet!)

I'm not interested in suing anyone (well unless something happens to the drive in the future of course attributable to that particular virus).

But I just wonder how many others loaded up that drive imageing program and didn't load up the 30 day Panda Titanium trial. If the virus does what Panda and others like McAfee say it does every .exe file on the drive is history as soon as the payload fires off, and it is a memory resident stealth virus. Just scary that Norton doesn't catch it.

I know lots of these systems sold as where I bought it, it was $20.00 after rebate for a nice case, mobo, CD drive, speakers, mouse & keyboard...Steal of a deal and it works like lightning. But that virus experience on the Soyo CD really surprised me

Collapse -

by cglrcng In reply to Any Soyo Barebones Builde ...

Tell me u aren't "THE" machinegun kelly of LA radio fame?

Collapse -

by cglrcng In reply to Any Soyo Barebones Builde ...

Hmmm, was on the line waiting for Soyo to pick up and dug deeper into their Knowledge Base articles, entered the Mobo Model # SY-K7VME and entering the virus name Natas.4744 (return nothing), entered the word Virus and sure enough it took me to the article at this link;

A document by Wasay Software concerning the offending "infected program" Image It Utility.

http://www.soyousa.com/kb/kbdesc.php?id=267

It say's there that "they informed Soyo that the file WSCDX.COM is mistaken for a virus infected file Natas.4744, but that everything is just fine and no hard drive damage will result."

I know for a fact that Panda on the startup actually cleaned the "infected" file, as it changed to an uninfected yet still existing file in the "Image It" program on the hard drive, after the 1st virus cleaning. All other scans come up clean thereafter on the hard drive, but it still scans as active/infected on the CD.

Their concluding info, ..."Please inform users don't worry about this"... isn't too reassuring in my case! Nor would it be too reassuring if you installed the Image It, but not the Panda AV...NORTON does NOT find this virus! It isn't even included in their signatures.

It further states that "SOYO was informed by Wasay that they also found the situation during a test, and it was suggested that they include the info in their manual"...Which they didn't!

Has anyone here ever had even any "old" experience w/ this particular virus? Am I making a big deal over nothing like I should not believe my own eyes and Panda Titanium AV, but I should believe the company that made the software? Why would Panda be able to clean the file if it was just a file mistaken to be infected? Wouldn't it always be "mistaken" to be infected and noticed by the AV on every sucessive scan unless its attributes were somehow changed, or Panda really does clean it contrary to what Wasay Software Technology Inc. says?

Collapse -

by cglrcng In reply to Any Soyo Barebones Builde ...

Enquiring minds (and machine owners who have already installed the lousy file), want to know!

Am I overreacting or justified in my curiosity and sort of, contempt? Or just a lil' paranoid?

Collapse -

by cglrcng In reply to Any Soyo Barebones Builde ...

Just a comment to update;

Finally received a reply from the software writer & distributor (Wasay), they and Soyo are duplicating what I did in the order I installed on the build and will be responding w/ a recall if they find the same thing I did. (A live virus on the driver disk in a program). I'll keep the community posted of what I learn.

Cg.

Back to Desktop Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums