well to make the short story long -tried from a supposedly clean 98/
XP PC with attached infected win98 disk : comd.line mcafee, nod32,
avg, addaware,avast with no sucess 'cause either they get stuck in the
infinitely deep recursive subfolders virus makes in windows folder and
elsewhere or the AVs could not open/check bunch of files.
Comm.line Sophos did find, but only on usb flash, MAL/AUTOINF-A but
did not clean it in full mode.
Personally I saw (also on USB) an autorun and MSOCACHE/90000.../
kb915865.exe however its killer?VirusCleaner from e-nil site (nor
avg,avast) did not find anything on hdd from which usb was infected.
Anyway aside from recursive folders on infected win98 HDD, problem is
there are 2 types of infected files and virus refuses to get zipped or
submited to an antivirus site(havent tried ftp though)
-if you try in win/dos to zip or copy the first kind
of infected files-the falsely too big ones(example pkunzip.pif
129MB), the virus is not included-i.e. you get a clean
file-with normal size(changing attributes does not help)
- the other type of files are the ones whose names are
malformed with including \ or | so you cant even rename
In addition virus (or viruses) hide in boot sector cause the mentioned
win98 infected hdd will not boot any more and also when reformated
another infected disk, to prepare a clean win98 PC it would get stuck
in installation until the disk was zeroed first!
Also when you stick flash in infected PC(while the disk still worked-
now it cannot be accesed at all-&probably needs fixboot) the usb diode
just kept flashing and PC bluescreened reporting usspdrr.vxd error
Anone came across this evil or can suggest antivirus that has
definitions for rootkits or registry checker that can load registry
hives from an attached disk as EasyPCFix can?

From: <j_slobo@hotmail.com>

| well to make the short story long -tried from a supposedly clean 98/
| XP PC with attached infected win98 disk : comd.line mcafee, nod32,
| avg, addaware,avast with no sucess 'cause either they get stuck in the
| infinitely deep recursive subfolders virus makes in windows folder and
| elsewhere or the AVs could not open/check bunch of files.
| Comm.line Sophos did find, but only on usb flash, MAL/AUTOINF-A but
| did not clean it in full mode.
| Personally I saw (also on USB) an autorun and MSOCACHE/90000.../
| kb915865.exe however its killer?VirusCleaner from e-nil site (nor
| avg,avast) did not find anything on hdd from which usb was infected.
| Anyway aside from recursive folders on infected win98 HDD, problem is
| there are 2 types of infected files and virus refuses to get zipped or
| submited to an antivirus site(havent tried ftp though)
| -if you try in win/dos to zip or copy the first kind
| of infected files-the falsely too big ones(example pkunzip.pif
| 129MB), the virus is not included-i.e. you get a clean
| file-with normal size(changing attributes does not help)
| - the other type of files are the ones whose names are
| malformed with including \ or | so you cant even rename
| In addition virus (or viruses) hide in boot sector cause the mentioned
| win98 infected hdd will not boot any more and also when reformated
| another infected disk, to prepare a clean win98 PC it would get stuck
| in installation until the disk was zeroed first!
| Also when you stick flash in infected PC(while the disk still worked-
| now it cannot be accesed at all-&probably needs fixboot) the usb diode
| just kept flashing and PC bluescreened reporting usspdrr.vxd error
| Anone came across this evil or can suggest antivirus that has
| definitions for rootkits or registry checker that can load registry
| hives from an attached disk as EasyPCFix can?

Huh ??

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in news:PnDCj.349
$CO3.141@trnddc04:

Lost you too huh?


--
Regards,
Dustin Cook - http://bughunter.it-mate.co.uk
BugHunter v2.2e AntiMalware Removal Utility

From: "Dustin Cook" <bughunter.dustin@gmail.com>


|

Totally.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

On Mar 14, 11:45 pm, "j_sl...@hotmail.com" <j_sl...@hotmail.com>
wrote:
Well,

You weren't very clear however, some of this viruses behavior looks
like a vbs worm... Give us some examples of the file names with / and
| so that we have a better idea.

You should try doing a Hijackthis log (http://www.hijackthis.de) and
posting it in a forum such as security-forums, bleepingcomputer(post
in only one forum), they might be able to help you as well.. I'd also
suggest you google combofix and sdfix and try running them considering
you can boot into the OS.

I don't know much about other antiviruses since I only use AVG, the
8.0 version of avg has also the anti-rootkit signatures. I've heard
many good things about Kaspersky so it should have them too. (They are
commercial products so you'll have to download the 30-day trial
version).

Hope I helped you in any way (Hoping google translator did a good job
^_^)

Dan

d