Curious about a virus issue.

By normhaga ·
Earlier today after browsing a questionable website, my anti virus was disabled. This usually poses no threat as I will reinstall with a quickness if a reboot fails to remedy the problem.

Today was a little different. After a reboot, I looked at system processes to see what was running using "Whats Running". I found no unusual processes but the anti virus would not reload, even after three reboots. I went to another computer and downloaded the manufacturers anti virus install program onto a USB drive and attempted to install on the suspected infected computer. The anti virus refused to install reporting that there was an invalid forward reference. So I pulled a copy from a compressed backup on the network drives. Same thing happened. I rebooted into safe mode and attempted to reinstall as well as uninstall - same issue.

I came back into service mode and was getting ready to do a full backup restore from a three day old backup, but which I had first decided to reboot once more. Surprisingly, the anti virus came up. I ran a sha sum on all the files on the computer and could find nothing out of place.

I think that a virus or other malware nailed the computer and attacked the anti virus but could not fully install. It is puzzling that I can find no trace, but I can at least explain this as I have the computer setup so that it will reboot when anything interferes with the system processes.

What do you think might have happened. Why do you think it would leave no trace. How do you think it might have attacked my anti virus. And how do you think it might have bypassed two previous and different firewalls/anti virus programs before it got to the local machines firewall/anti virus to attack it. I did not download and files and was looking for information on new exploits on some dangerous web sites.

Oh, just before this problem occurred I was scanning for an ftp vulnerability.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

I think that might have been a virus.

by Absolutely In reply to Curious about a virus iss ...

What do you think might have happened.

Ask a stoopid ?, get a stoopid

Edited to add recursive "humor."

Collapse -

It might be recursive.

by normhaga In reply to I think that might have b ...

But is it?

My curiosity is up because I have never seen something heal itself. And his is why I am looking for others experience.

Collapse -

Best advice - don't invite trouble !....

by OldER Mycroft In reply to It might be recursive.

I think the 'questionable site' is more of an issue here.

If you intend to browse dangerously again, try it within a virtual machine, then you can REALLY check if it is recursive.

Collapse -

Sometimes, I wish I did not have to...

by normhaga In reply to It might be recursive.

But since part of what I do is vulnerability testing, I often have to browse very questionable sites, and thereby "Invite trouble." Places like Bugtrac and Security Focus are not always up to the minute

I do not like virtual machines because they change the behaviour of the machines I use and make it more difficult to identify when something like this does happen.

When I do this, I run my test lab on its own network with another machine monitoring the first and a second monitoring the exclusive dsl router for the test bench. I do what I can to protect myself, but sometimes get bit. This time I am more curious than concerned because I would like to conduct forensics on whatever happened.

Collapse -

Where was the wife Norm?

by ComputerCookie In reply to Curious about a virus iss ...

A few years ago I had a virus problem like you described.

It was a codec update!

Went back 4 times to ensure what was the best fix. Had a new computer with 3 months Norton included, couldn't fix. Reloaded Ghost, next time search suggested AVG, that fixed it. Next time as AVG was on the computer it wouldn't fix, used restore and it worked.

Collapse -

Computer and test lab...

by normhaga In reply to Where was the wife Norm?

are kept in a secured room with motion sensors that start cameras.

I am the only person with access to that room.

Collapse -

Maybe the janitor was surfing bukake porn sites :^0

by ManiacMan In reply to Computer and test lab...

Quite possible :^0

Collapse -


by normhaga In reply to Computer and test lab...

I am the only person with access, therefore I am the janitor. I have the only key that is not in a safe deposit box, the only rfid card, and the only one with the lock code. The room is also shielded.

Collapse -

Possible MBR virus?

by seanferd In reply to Curious about a virus iss ...

Related Discussions

Related Forums