hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: mbr virus
GovernmentSecurity.org > System Security > Trojan & Virus Errata
upengan78
Jun 13 2003, 11:14 AM
hi all
memory is infected with wyx.c virus on win98
norton prof 2003 is loaded and at startup it setects virus and refuses to boot system. i could bbot system by disablin startupp scan from safe mode

but how cani iremove the virus? ph34r.gif smile.gif smile.gif smile.gif smile.gif
Jay
Jun 13 2003, 11:31 AM
I am not having a go smile.gif but a point worth remembering is that if you have a problem some one else is bound to have a had it and posted a solution somewhere so worth checking Google etc

Here's a link i found, hope it is of some helpSophos virus analsis Good luck. cool.gif
ComSec
Jun 13 2003, 11:38 AM
if your using norton have you tried this removal from symantec

http://securityresponse.symantec.com/avcen...data/wyx.c.html

let us know how you get on
Rigpa
Jun 13 2003, 10:43 PM
Hope this might help :

http://www.sophos.com/support/disinfection...dbrvir.html#1.1

1.1. Disinfecting DOS boot record viruses in Windows 95/98/Me and DOS

* Backup any important data on the hard drive
* Switch off the PC, wait several seconds and boot from a clean system disk to prevent the virus from being loaded into memory.
* Put a floppy disk containing a copy of 'SWEEP for DOS' in the floppy disk drive and at the A: prompt type
*
SWEEP *: -DI
* When requested insert the floppy disk containing the virus data.
* Run another scan to check that the virus has been removed.

If infection persists replace the boot sector using the DOS utility SYS.COM. Contact support if in doubt.

* Switch off the PC, wait several seconds then boot from a clean system disk to prevent the virus from being loaded into memory. This system disk must be formatted with the same version of the operating system as the PC.
* At the command prompt type

DIR C:
* Check that the contents of the infected drive are visible. If they are not contact support for advice.
* To overwrite the DOS boot sector enter

SYS C:

If a virus fragment is reported in upper memory then it probably indicates the presence of a virus. Contact support for advice.
ThinIce
Feb 22 2004, 09:21 AM
I had that a while back if I can recall, it was called "w32spaces". a VxD whacker that would not let you run any .exe files; hence it was nicknamed "anti-exe";
It adds a space in the vxD module of older windows machines which causes this problem. It hides out in your mbr as well; I remember sitting in 16 color mode for 2 days figuring this puppy out.

fdisk /mbr fixed it up nicely; didn't have to do anything else beyond that.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.