My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A

Its infected virtually every .exe file in both my server and my
personal computer. Im posting from my non-networked laptop.

It only effects flles with a .exe extension, but thats thousands of
files on all 4 computers on the network. There is very little info on
the net about it, AVG has only been able to detect it for a week or
so.

It appears to be a trojan of some sort.

Anyone got any suggestions of cleaning the sumbitch, other than a full
hard drive format..which means I have to format at least 14
drives...sigh

The #@$%!!! kid lost all acess to the network..his computer has been
removed from the net, and its not a computer Im going to fix. This was
the last straw.....his box just became a doorstop.

Gunner

Gunner wrote in
:

My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A

Its infected virtually every .exe file in both my server and my
personal computer. Im posting from my non-networked laptop.

It only effects flles with a .exe extension, but thats thousands of
files on all 4 computers on the network. There is very little info on
the net about it, AVG has only been able to detect it for a week or
so.

It appears to be a trojan of some sort.

Anyone got any suggestions of cleaning the sumbitch, other than a full
hard drive format..which means I have to format at least 14
drives...sigh

The #@$%!!! kid lost all acess to the network..his computer has been
removed from the net, and its not a computer Im going to fix. This was
the last straw.....his box just became a doorstop.

Gunner



http://securityresponse.symantec.com...w32.licum.html

--
Anthony

You can't 'idiot proof' anything....every time you try, they just make
better idiots.

Remove sp to reply via email

http://www.machines-cnc.net:81/

Gunner wrote:
My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A

Its infected virtually every .exe file in both my server and my
personal computer. Im posting from my non-networked laptop.

It only effects flles with a .exe extension, but thats thousands of
files on all 4 computers on the network. There is very little info on
the net about it, AVG has only been able to detect it for a week or
so.

It appears to be a trojan of some sort.

Anyone got any suggestions of cleaning the sumbitch, other than a full
hard drive format..which means I have to format at least 14
drives...sigh

The #@$%!!! kid lost all acess to the network..his computer has been
removed from the net, and its not a computer Im going to fix. This was
the last straw.....his box just became a doorstop.

Gunner

Well AVG can detect it but presumably *NOT* 'cure' it yet It *should*
be able to remove it and then you'd just be lacking the .exes.
Personally I'd concentrate on getting the most critical systems cleaned
first and disconnect the data cables to drives I dont need acccess to
yet to prevent any risk of reinfection. While you are wrestling with
the first computer, AVG may well come out with a repair utility you can
use on the rest of them.


A good approach would be take a spare drive, install it as C: (Primary
IDE, Master) (OR SCSI ID:0 if thats your setup :-) ) on a pc with all
the infected drives disconnected. MAKE SURE THE BOOT ORDER DOES *NOT*
INCUDE anything other than the floppy, CD and first hard drive. Make
sure there are *NO* infected machines live on the network. If you are
running XP then download a copy of the full SP2 and burn it to CD on
your known clean laptop. If you dont have a CD burner, but do have an
external drive that can take ~1/3 Gb that will do. Also burn to CD AVG,
its updates, your preferred firewall + updates, Lavasoft AdAware SE
personal edition + updates, and anything else you need in the way of
security software. *** Now disconnect the internet ***. Install the OS
in the normal way booting from ORIGINAL microsoft CD media (or if not
possible, at least making a fresh set of boot floppies from the original
media). When you've got it up, install all the security software and
updates you put on CD, then reconnect the Internet and let it at MS
update till its done and at the updates for all the security software.

Now you have a known clean, up to date well protected PC. If you have
another spare drive and a drive image program, a bootable backup image
copy of it would be a good idea. Put it on the shelf for next time, It
will only need updates to be immediately useable.

Now comes the dicey step: Remove the infected drives ONE AT A TIME and
connect them as second drive in the clean machine you've just set up.
(Primary IDE, Slave) (OR SCSI ID:1). *Dont* get it wrong as if it boots
from the infected drive, all is lost. Now boot up and let AVG at the
infected drive. Let it quarantine all it finds. Repeat with AdAware +
anything else you want to scan with. Double check with another
antivirus (an online one will do). Save the detection logs.
Repeat on the other drives until you've got that machine done.
NOw if you are on the same OS version as the formerly infected machine,
copy all .exes in and below 'Windows' and 'Program Files' to the bootup
drive you cleaned. Now reinstall the drives. With any luck if you
copied the .exes from the clean machine it will boot well enough to get
in and start sorting stuff out. If its XP or a different OS version to
your clean machine you'll have to install windows again OVER the data on
the drives to get it bootable. Reinstall all damaged applications then
*uninstall* any you dont actually want :-)

Its ACTUALLY easier to format everything and start over :-( but this way
you keep every document etc. that wasnt infected except for settings
like internet passwords. A halfway house that may suit you, is to just
lift off the documents you want from each drive after scanning them onto
another drive then formatting them and oding a clean reinstall.

Your next problem will be keeping your son OFF your PCs, It may be
easier to figure out how to give him (limited) internet access on his
box so he doesn't try to use one of your boxes to get on the net :-(
It definately needs to be behind a 'milspec' firewall he cant tamper
with so that he cant run any dodgy per server stuff and possibly loose
you your net access and on a completely different LAN to your machines
that doesnt interoperate. Me, I'd lock him down behind a proxy server,
with a seperate network card feeding his box. Software602 Lansuite is
free for five users and can do the job if you set it up in a paranoid
frame of mind. He wont be happy cause you can set it up so anything
except http: and https: is *dead* *and* blacklist any site you dont
like. If he wants his box cleaned, format it, hand him the Windows CD,
tell him his box is clean, 'now reload your windows and restore from
your backups' *EVIL* VBG.

--
Ian Malcolm. London, ENGLAND. (NEWSGROUP REPLY PREFERRED)
ianm[at]the[dash]malcolms[dot]freeserve[dot]co[dot]uk [at]=@, [dash]=- &
[dot]=.
*Warning* SPAM TRAP set in header, Use email address in sig. if you must.

"Gunner" Try this before you panic old friend
http://securityresponse.symantec.com...w32.licum.html

good luck and dont go to hard on the kid

In misc.survivalism Gunner wrote:
My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A

Ummm.....What does the firewall have to do with anythng? Why would he
have to turn off the firewall to download something?

And the REAL question is: Why didn't your antivirus software pick it up
before it couls do any damage? Didn't you have the latest definitions
installed?

With all due respect, I doubt that this is your kid's fault.



--
Why don't presidents fight the war?
Why do they always send the poor?

-- System of a Down

wrote:

In misc.survivalism Gunner wrote:

My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A


Ummm.....What does the firewall have to do with anythng? Why would he
have to turn off the firewall to download something?

And the REAL question is: Why didn't your antivirus software pick it up
before it couls do any damage? Didn't you have the latest definitions
installed?

With all due respect, I doubt that this is your kid's fault.



Possibly not.
This is new very nasty virus, and many defeat AV programs from working.
W.32 is old, works, and this new version has not been cracked yet.
Patience, Gunner. The fix is coming.

wws

Gunner wrote:
My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A

Its infected virtually every .exe file in both my server and my
personal computer. Im posting from my non-networked laptop.

It only effects flles with a .exe extension, but thats thousands of
files on all 4 computers on the network. There is very little info on
the net about it, AVG has only been able to detect it for a week or
so.

It appears to be a trojan of some sort.

Anyone got any suggestions of cleaning the sumbitch, other than a full
hard drive format..which means I have to format at least 14
drives...sigh


Just a heads up on the format option (should that be the rout that you
take);

Be sure to go the extra step and F Disk the drive too.
I have found that many PC Pelages will manage to dodge the format
attack, but cannot dodge the F Disk assault.

Gunner,
It looks like the virus has several different names (depending on who's
AV site you ask) but the W32/Gaelicum.A file that you mentioned appears to
be a "separate" trojan/virus that's downloaded by the real Gael/Licum virus.
Look here at "Licum":
http://www.symantec.com/avcenter/ven...w32.licum.html
Or McAfee calls it "Gael":
http://us.mcafee.com/virusInfo/defau...virus_k=134857
Sadly, the patch for what this thing exploits has been available since
2003: http://www.microsoft.com/technet/sec.../MS03-026.mspx
Both sites have some troubleshooting/removal info... but it doesn't look
like much fun.
Hopefully these links will at least point you in the right direction to
find a solution.
David


"Gunner" wrote in message
...
My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A

Its infected virtually every .exe file in both my server and my
personal computer. Im posting from my non-networked laptop.

It only effects flles with a .exe extension, but thats thousands of
files on all 4 computers on the network. There is very little info on
the net about it, AVG has only been able to detect it for a week or
so.

It appears to be a trojan of some sort.

Anyone got any suggestions of cleaning the sumbitch, other than a full
hard drive format..which means I have to format at least 14
drives...sigh

The #@$%!!! kid lost all acess to the network..his computer has been
removed from the net, and its not a computer Im going to fix. This was
the last straw.....his box just became a doorstop.

Gunner

"CanopyCo" wrote in message
oups.com...

Gunner wrote:
My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A

Its infected virtually every .exe file in both my server and my
personal computer. Im posting from my non-networked laptop.

It only effects flles with a .exe extension, but thats thousands of
files on all 4 computers on the network. There is very little info on
the net about it, AVG has only been able to detect it for a week or
so.

It appears to be a trojan of some sort.

Anyone got any suggestions of cleaning the sumbitch, other than a full
hard drive format..which means I have to format at least 14
drives...sigh


Just a heads up on the format option (should that be the rout that you
take);

Be sure to go the extra step and F Disk the drive too.
I have found that many PC Pelages will manage to dodge the format
attack, but cannot dodge the F Disk assault.


"F Disk"??

What is this?

Where do I find out more about it?

"Gunner" wrote in message
...
My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A
snip

Like I tell my computer customers: "What did you do before you had
computers?...do that!"
Fdisk, format, install fresh OS. You DO have back-ups of anything
important! When everything is perfect again, burn a DVD image. I feel your
pain! If you screw around trying to fix it all you will spend three times
the amount of time.

In misc.survivalism Lee Michaels wrote:

"F Disk"??

What is this?

Where do I find out more about it?


Google?

--
Why don't presidents fight the war?
Why do they always send the poor?

-- System of a Down

"Rifleman" wrote in message
...

"Gunner" Try this before you panic old friend
http://securityresponse.symantec.com...w32.licum.html

good luck and dont go to hard on the kid



Bull****. Go hard on the kid. Then ease up. This is something important
that he has to learn. Or you could just keep letting him download stuff and
keep cleaning up viruses. In the meantime, losing personal information and
having your computer used as a spambot for sending porn.

Oh, I forget. You're from Kalifornia. Better check with the kid first and
see how he feels about himself on this. Then check with the child
psychologist in your area. Then check with the CPS. It could be entirely
possible that YOU are the one they will go hard on for allowing this to
happen to your innocent child!

Steve

wrote in message
...
In misc.survivalism Lee Michaels wrote:

"F Disk"??

What is this?

Where do I find out more about it?


Google?



Ask in a newsgroup?

Steve

Gunner wrote:
My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A

Its infected virtually every .exe file in both my server and my
personal computer. Im posting from my non-networked laptop.

It only effects flles with a .exe extension, but thats thousands of
files on all 4 computers on the network. There is very little info on
the net about it, AVG has only been able to detect it for a week or
so.

It appears to be a trojan of some sort.

Anyone got any suggestions of cleaning the sumbitch, other than a full
hard drive format..which means I have to format at least 14
drives...sigh

The #@$%!!! kid lost all acess to the network..his computer has been
removed from the net, and its not a computer Im going to fix. This was
the last straw.....his box just became a doorstop.

Gunner

I thought you ran linux? Oh well.

My wife does that a lot. She has the only windows machine on my net.

I made backup of a complete, clean, fresh install on DVD. When she
downloads a virus/trojan/spyware, I just back up a few of her files and
then fdisk her disk and then re-install. And I make sure her machine
cannot touch any other machine on the network. No SAMBA, no nothing.

Windows is not worth the trouble. It's a petri dish for virii.

Windows is not worth the trouble. It's a petri dish for virii.

Agreed.

http://www.apple.com

Erik

PS, Apple even came out with multi button mice yesterday!

On Wed, 3 Aug 2005 09:14:07 -0500, "David Courtney"
wrote:

Gunner,
It looks like the virus has several different names (depending on who's
AV site you ask) but the W32/Gaelicum.A file that you mentioned appears to
be a "separate" trojan/virus that's downloaded by the real Gael/Licum virus.
Look here at "Licum":
http://www.symantec.com/avcenter/ven...w32.licum.html
Or McAfee calls it "Gael":
http://us.mcafee.com/virusInfo/defau...virus_k=134857
Sadly, the patch for what this thing exploits has been available since
2003: http://www.microsoft.com/technet/sec.../MS03-026.mspx
Both sites have some troubleshooting/removal info... but it doesn't look
like much fun.
Hopefully these links will at least point you in the right direction to
find a solution.
David

My computers are current in their patches, and current in AV updates.
It was the last AVG update that caught the bug. It appears that this
is some new version, that is fresh on the market.

Gunner


"Gunner" wrote in message
.. .
My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A

Its infected virtually every .exe file in both my server and my
personal computer. Im posting from my non-networked laptop.

It only effects flles with a .exe extension, but thats thousands of
files on all 4 computers on the network. There is very little info on
the net about it, AVG has only been able to detect it for a week or
so.

It appears to be a trojan of some sort.

Anyone got any suggestions of cleaning the sumbitch, other than a full
hard drive format..which means I have to format at least 14
drives...sigh

The #@$%!!! kid lost all acess to the network..his computer has been
removed from the net, and its not a computer Im going to fix. This was
the last straw.....his box just became a doorstop.

Gunner

On Wed, 03 Aug 2005 09:09:43 -0700, Stuart Grey
wrote:

Gunner wrote:
My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A

Its infected virtually every .exe file in both my server and my
personal computer. Im posting from my non-networked laptop.

It only effects flles with a .exe extension, but thats thousands of
files on all 4 computers on the network. There is very little info on
the net about it, AVG has only been able to detect it for a week or
so.

It appears to be a trojan of some sort.

Anyone got any suggestions of cleaning the sumbitch, other than a full
hard drive format..which means I have to format at least 14
drives...sigh

The #@$%!!! kid lost all acess to the network..his computer has been
removed from the net, and its not a computer Im going to fix. This was
the last straw.....his box just became a doorstop.

Gunner

I thought you ran linux? Oh well.

I have a linux box..which at the moment will not recognize that the
modem, which it does recognize and dials, is what I want to use for
internet access. It dials out properly and when I try to browse or use
Pan, or any internet acess program..cant find the net. I was using a
proxy server via one of the MS boxes prior to scrounging an external
modem.

My wife does that a lot. She has the only windows machine on my net.

I made backup of a complete, clean, fresh install on DVD. When she
downloads a virus/trojan/spyware, I just back up a few of her files and
then fdisk her disk and then re-install. And I make sure her machine
cannot touch any other machine on the network. No SAMBA, no nothing.

Windows is not worth the trouble. It's a petri dish for virii.

If I had a DVD recorder, Id have made DVD backups. I dont.

Gunner

On Wed, 03 Aug 2005 07:35:24 GMT, Gunner
wrote:

My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A

I would start by formatting the kid and then password protecting
everything.

Several conditions seem to be needed in addition to the kid downloading an
unknown exe.

The patch MS issued to protect against this is 2 years old; and from what I
read all current AV engines catch this (Symantec, McAfee and Zone Alarm) IF
you keep you subscription up to date.

So it looks like the OS must be behind in its updates and the AV program
turned off or the definitions out of date.

As for, in this day and age, downloading unverified third party "exe" files
onto an unquarantined computer; well that is the kid going for the Darwin
award. Couple that with disabling the firewall (and the AV program?)
presumably because of an access denial alert and I think you have a winner.

My kid is 17 and I have made sure these things are understood; as well as
the fact that it takes a lot of effort to erase stuff from computers, that I
can track the websites visited very easily at either the hard or soft
firewalls, and that any network paid by for by someone else is #not# private
and that employers in particular have a right to read everything done on
their equipment and network.

None of this stuff is taught in the schools and I want my kid to fully
understand "safe" computing and that the workplace (or anyone else's
computer) is not someplace to engage in private computing. And that there
are some things you simply do not want on computer because you don't who
will wind up having access to it. Personally, if I can't fix the problem
myself I will get what I need off the drive and buy a new drive; erasing and
then physically damaging the drive by drilling through it.

I know have a system where once a month I clone my drive. Takes 30 minutes
and when my drive fails next I will not be in a panic over how to restore
from backups (remember finding out your tapes were unreadable?). I just
install the clone and try to lift the recent data files off the damaged
drive.

--
Regards,
Dewey Clark
http://www.historictimekeepers.com
Restorations, Parts for Hamilton M21s, Products for Craftsmen
Makers of Historic Timekeepers Ultrasonic Clock Cleaning Solution

"Gunner" wrote in message
...
My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A

Its infected virtually every .exe file in both my server and my
personal computer. Im posting from my non-networked laptop.

It only effects flles with a .exe extension, but thats thousands of
files on all 4 computers on the network. There is very little info on
the net about it, AVG has only been able to detect it for a week or
so.

It appears to be a trojan of some sort.

Anyone got any suggestions of cleaning the sumbitch, other than a full
hard drive format..which means I have to format at least 14
drives...sigh

The #@$%!!! kid lost all acess to the network..his computer has been
removed from the net, and its not a computer Im going to fix. This was
the last straw.....his box just became a doorstop.

Gunner

Yep the same machine that failed to boot on the shuttle mission.
That was FUNNY.

--
Steve W.

"Erik" wrote in message
...

Windows is not worth the trouble. It's a petri dish for virii.

Agreed.

http://www.apple.com

Erik

PS, Apple even came out with multi button mice yesterday!



----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

On Wed, 03 Aug 2005 14:33:02 GMT, Tom Gardner wrote:

"Gunner" wrote in message
...
My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A
snip

Like I tell my computer customers: "What did you do before you had
computers?...do that!"
Fdisk, format, install fresh OS.

A brute-force sledgehammer approach is rarely warranted. If there's
important data on the box, that isn't backed up, fixing it rather than
starting over is the appropriate course of action. Time/budget willing,
of course. I've only had to resort to format/reinstall (thinks) about
5% of the time, and usually it was in conjunction with a "You know, you
could use a bigger hard drive anyway".


You DO have back-ups of anything
important! When everything is perfect again, burn a DVD image. I feel your
pain! If you screw around trying to fix it all you will spend three times
the amount of time.

But, if he has important data on the system disk, it may be time well
spent.

On Wed, 03 Aug 2005 16:46:50 GMT, Erik wrote:

Windows is not worth the trouble. It's a petri dish for virii.

Agreed.

http://www.apple.com

Erik

PS, Apple even came out with multi button mice yesterday!

Ehh...old news. You've been able to plug whatever the heck mouse into
an Apple for at least as long as they've been using USB. And, no driver
bull**** - it just works. But yeah, apple is now selling one; next time
I need a new mouse, I'll try one out.

Gunner wrote:

My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A

I did check a couple of sites like Larry did, and I didn't find
anything yet. I'm off sick, so I'm not really thinking up to par.
Would it be an utter disaster to re-format and reinstall the OS? It's
a serious question - I don't know how many programs and how much data
you have stored there. If it's not a big deal, this would be the
quickest and most effective solution. Also, I use Etrust antivirus
from Computer Associates. It's quite inexpensive (29.95 and 19.95 a
year to maintain the subscription). Even though you won't read much
about it, it is probably the best solution available, and we have the
documented evidence at work to back up that claim. Norton and all the
rest let a serious infection slip through one weekend, Etrust stopped
it. It's not the software, per se, it's the frequency of the updates.
Etrust always seems to get the early updates. Anyway, it's a matter
of opinion I guess. I also bought a second hard drive and use
software called Drive Image to make an image of my HD weekly. If you
could pinpoint when the infection occurred you could restore your
system back to a functioning state before that. My neighbor takes an
image every other day, but I think that's overkill. I keep several
weeks of images that I can go back to, and it will even let you
restore individual files. Quite a nice peice of software, and IIRC it
was $99.99 US. I always take an image before I install Windows
updates.

Gunner wrote:
My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A

Its infected virtually every .exe file in both my server and my
personal computer. Im posting from my non-networked laptop.

It only effects flles with a .exe extension, but thats thousands of
files on all 4 computers on the network. There is very little info on
the net about it, AVG has only been able to detect it for a week or
so.

It appears to be a trojan of some sort.

Anyone got any suggestions of cleaning the sumbitch, other than a full
hard drive format..which means I have to format at least 14
drives...sigh

The #@$%!!! kid lost all acess to the network..his computer has been
removed from the net, and its not a computer Im going to fix. This was
the last straw.....his box just became a doorstop.

Gunner



your kid fscked it your kid should fix it!
Possible solution is get the PC in safe mode.

Find out where the entry is for the virus in the registry entry then
delete it. on the clean non network PC download to a floppy avg scanner
for removing such pest then while the PC is in safe mode scan it from
the floppy.
it may require you to boot from the floppy i forget.

If that doesn't work in the hacker industry they have a saying as the
cure all for all Microsoft viruses.
Install Linux problems solved.

Seriously it gets more involved and i do not have the time right now so
post a follow up here later if it works or doesn't.

Oh and the keys they list are very abbreviated for what your looking to
delete.

TSS

Lee Michaels wrote:
"CanopyCo" wrote in message
oups.com...
Gunner wrote:
My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A

Its infected virtually every .exe file in both my server and my
personal computer. Im posting from my non-networked laptop.

It only effects flles with a .exe extension, but thats thousands of
files on all 4 computers on the network. There is very little info on
the net about it, AVG has only been able to detect it for a week or
so.

It appears to be a trojan of some sort.

Anyone got any suggestions of cleaning the sumbitch, other than a full
hard drive format..which means I have to format at least 14
drives...sigh

Just a heads up on the format option (should that be the rout that you
take);

Be sure to go the extra step and F Disk the drive too.
I have found that many PC Pelages will manage to dodge the format
attack, but cannot dodge the F Disk assault.


"F Disk"??

What is this?

Where do I find out more about it?



it is spelled wrong it is fdisk .
TSS

On Wed, 03 Aug 2005 14:16:55 -0500, the seventh sign
wrote:

Lee Michaels wrote:
"CanopyCo" wrote in message
oups.com...
Gunner wrote:
My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A

Its infected virtually every .exe file in both my server and my
personal computer. Im posting from my non-networked laptop.

It only effects flles with a .exe extension, but thats thousands of
files on all 4 computers on the network. There is very little info on
the net about it, AVG has only been able to detect it for a week or
so.

It appears to be a trojan of some sort.

Anyone got any suggestions of cleaning the sumbitch, other than a full
hard drive format..which means I have to format at least 14
drives...sigh

Just a heads up on the format option (should that be the rout that you
take);

Be sure to go the extra step and F Disk the drive too.
I have found that many PC Pelages will manage to dodge the format
attack, but cannot dodge the F Disk assault.


"F Disk"??

What is this?

Where do I find out more about it?



it is spelled wrong it is fdisk .
TSS

doesn't exist under Windows XP, but then gunner said he is running
linux.

On Wed, 03 Aug 2005 14:50:24 -0500, Lawrence Glickman wrote:
On Wed, 03 Aug 2005 14:16:55 -0500, the seventh sign
wrote:

it is spelled wrong it is fdisk .
TSS

doesn't exist under Windows XP, but then gunner said he is running
linux.

He's obviously _not_ running Linux on the virus-infested system in
question. He gave the system specs earlier of the infested windows box.

On 3 Aug 2005 19:52:42 GMT, Dave Hinz wrote:

On Wed, 03 Aug 2005 14:50:24 -0500, Lawrence Glickman wrote:
On Wed, 03 Aug 2005 14:16:55 -0500, the seventh sign
wrote:

it is spelled wrong it is fdisk .
TSS

doesn't exist under Windows XP, but then gunner said he is running
linux.

He's obviously _not_ running Linux on the virus-infested system in
question. He gave the system specs earlier of the infested windows box.

It still doesn't exist under Windows XP, and he said at one time he
has XP Pro on one of his machines *(server? I dunno).

Lg

CanopyCo wrote:

Be sure to go the extra step and F Disk the drive too.
I have found that many PC Pelages will manage to dodge the format
attack, but cannot dodge the F Disk assault.

I prefer to use a disc wipe program. Installations on or storage to used
hard drives seem a little flaky otherwise.

On Wed, 03 Aug 2005 14:53:49 -0500, Lawrence Glickman wrote:
On 3 Aug 2005 19:52:42 GMT, Dave Hinz wrote:

On Wed, 03 Aug 2005 14:50:24 -0500, Lawrence Glickman wrote:

doesn't exist under Windows XP, but then gunner said he is running
linux.

He's obviously _not_ running Linux on the virus-infested system in
question. He gave the system specs earlier of the infested windows box.

It still doesn't exist under Windows XP, and he said at one time he
has XP Pro on one of his machines *(server? I dunno).

Hard to know or care. Regardless of what the tool used in whatever
version of VirusOS he's running, arguing over how the "reformat the
disk" command is spelled in whatever variety of windows, is silly.

Gunner wrote:

I have a linux box..which at the moment will not recognize that the
modem, which it does recognize and dials, is what I want to use for
internet access. It dials out properly and when I try to browse or use
Pan, or any internet acess program..cant find the net. I was using a
proxy server via one of the MS boxes prior to scrounging an external
modem.


Sounds like the problem I'm having with RedHat 7.2. (ISA modem, hardware
jumper for com port and IRQ)

On 3 Aug 2005 20:09:49 GMT, Dave Hinz wrote:

On Wed, 03 Aug 2005 14:53:49 -0500, Lawrence Glickman wrote:
On 3 Aug 2005 19:52:42 GMT, Dave Hinz wrote:

On Wed, 03 Aug 2005 14:50:24 -0500, Lawrence Glickman wrote:

doesn't exist under Windows XP, but then gunner said he is running
linux.

He's obviously _not_ running Linux on the virus-infested system in
question. He gave the system specs earlier of the infested windows box.

It still doesn't exist under Windows XP, and he said at one time he
has XP Pro on one of his machines *(server? I dunno).

Hard to know or care. Regardless of what the tool used in whatever
version of VirusOS he's running, arguing over how the "reformat the
disk" command is spelled in whatever variety of windows, is silly.

You misunderstand.

I am not arguing over spelling.

I am telling you and every one that FDISK does not EXIST under Windows
XP, in any of it's possible spellings...kabish?

Lg

On Wed, 03 Aug 2005 15:20:25 -0500, Lawrence Glickman wrote:
On 3 Aug 2005 20:09:49 GMT, Dave Hinz wrote:

Hard to know or care. Regardless of what the tool used in whatever
version of VirusOS he's running, arguing over how the "reformat the
disk" command is spelled in whatever variety of windows, is silly.

You misunderstand.

No, I don't.

I am not arguing over spelling.

Yes, you are.

I am telling you and every one that FDISK does not EXIST under Windows
XP, in any of it's possible spellings...kabish?

There is a command in XP to format a hard disk, which is analogous in
function to fdisk for the purposes of this discussion. The fact that
it's the wrong solution isn't changed by the fact that in XP it's called
something else.

Lawrence Glickman wrote:

On 3 Aug 2005 20:09:49 GMT, Dave Hinz wrote:

On Wed, 03 Aug 2005 14:53:49 -0500, Lawrence Glickman wrote:
On 3 Aug 2005 19:52:42 GMT, Dave Hinz wrote:

On Wed, 03 Aug 2005 14:50:24 -0500, Lawrence Glickman wrote:

doesn't exist under Windows XP, but then gunner said he is running
linux.

He's obviously _not_ running Linux on the virus-infested system in
question. He gave the system specs earlier of the infested windows box.

It still doesn't exist under Windows XP, and he said at one time he
has XP Pro on one of his machines *(server? I dunno).

Hard to know or care. Regardless of what the tool used in whatever
version of VirusOS he's running, arguing over how the "reformat the
disk" command is spelled in whatever variety of windows, is silly.

You misunderstand.

I am not arguing over spelling.

I am telling you and every one that FDISK does not EXIST under Windows
XP, in any of it's possible spellings...kabish?

I'll offer this advice only once, nothing against you Lawrence,
but the most effective way that I've found is to break out the
Win98 Install disks and FDISK the drive in question, especially
if it's a NTFS formatted drive, all by itself. *THEN* go back
and run FDISK /MBR *twice* to reset both copies of the master
boot record on the drive. Just my two dollars worth, viruses
suck and the people that write them are beneath contempt..

--As for W32/Gaelicum.A ..it's a "reload OS" situation, IMHO..

On 3 Aug 2005 20:24:52 GMT, Dave Hinz wrote:

On Wed, 03 Aug 2005 15:20:25 -0500, Lawrence Glickman wrote:
On 3 Aug 2005 20:09:49 GMT, Dave Hinz wrote:

Hard to know or care. Regardless of what the tool used in whatever
version of VirusOS he's running, arguing over how the "reformat the
disk" command is spelled in whatever variety of windows, is silly.

You misunderstand.

No, I don't.

I am not arguing over spelling.

Yes, you are.

I am telling you and every one that FDISK does not EXIST under Windows
XP, in any of it's possible spellings...kabish?

There is a command in XP to format a hard disk, which is analogous in
function to fdisk for the purposes of this discussion. The fact that
it's the wrong solution isn't changed by the fact that in XP it's called
something else.


It's called something else...

It is an integral part of the XP OS, and as such, the OS must be
installed before you can use it. It isn't like the stand-alone Fdisk
where you can boot to freeDos and partion the Hard drive. Big
difference.

I'm not going to argue with you Heinz ketchup. You're too thick (
according to all the ketchup ads I see on TV).

Lg

On Wed, 03 Aug 2005 15:32:14 -0500, Lawrence Glickman wrote:
On 3 Aug 2005 20:24:52 GMT, Dave Hinz wrote:

There is a command in XP to format a hard disk, which is analogous in
function to fdisk for the purposes of this discussion. The fact that
it's the wrong solution isn't changed by the fact that in XP it's called
something else.

It's called something else...

Yes, I _understand_ that.

It is an integral part of the XP OS, and as such, the OS must be
installed before you can use it. It isn't like the stand-alone Fdisk
where you can boot to freeDos and partion the Hard drive. Big
difference.

I suppose if you limit yourself to only fixing a system with that
system's corrupted system, that may be true.

I'm not going to argue with you Heinz ketchup. You're too thick (
according to all the ketchup ads I see on TV).

Wow. Haven't heard that, er, insult? since fourth grade.

As one of the previous links mentioned this was a DCOM RPC buffer
overflow exploit the fact that the firewall was disabled may have
allowed the system to be attacked by opening the port used by DCOM RPC.
Maybe nothing to do with downloading an infected .exe rather leaving MS
network facilities open to attack which then infects the .exes.

wrote:

In misc.survivalism Gunner wrote:

My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A


Ummm.....What does the firewall have to do with anythng? Why would he
have to turn off the firewall to download something?

And the REAL question is: Why didn't your antivirus software pick it up
before it couls do any damage? Didn't you have the latest definitions
installed?

With all due respect, I doubt that this is your kid's fault.

On 3 Aug 2005 20:40:54 GMT, Dave Hinz wrote:

On Wed, 03 Aug 2005 15:32:14 -0500, Lawrence Glickman wrote:
On 3 Aug 2005 20:24:52 GMT, Dave Hinz wrote:

There is a command in XP to format a hard disk, which is analogous in
function to fdisk for the purposes of this discussion. The fact that
it's the wrong solution isn't changed by the fact that in XP it's called
something else.

It's called something else...

Yes, I _understand_ that.

It is an integral part of the XP OS, and as such, the OS must be
installed before you can use it. It isn't like the stand-alone Fdisk
where you can boot to freeDos and partion the Hard drive. Big
difference.

I suppose if you limit yourself to only fixing a system with that
system's corrupted system, that may be true.

I'm not going to argue with you Heinz ketchup. You're too thick (
according to all the ketchup ads I see on TV).

Wow. Haven't heard that, er, insult? since fourth grade.

I know what gunner can do. He can go to the website of his hd mfgr.
and download hd utilities like the ones that came from the factory
with his hd.

I have winchester drives ( I think )...have to do a system query to
find out for sure with check-it, but, he can go to that website for
partioning programs, and then use freeDos.

Anyhow, long story short, OS Re-install, and all that rubbish, if he
doesn't have a recent "image."
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~
Now question, Dave, does re-installing an image put down multiple
partitions as well as the data inside those partitions?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~

Not that we know if he has an image. If he does not, shame shame
shame on somebody.

I keep images on a USB HD that I keep for backup. It is 120 giga
bytes in capacity. Multiple images so I can go back, and get it all,
without having to hunt down program discs and data files. I even back
up data files ( the ones small enough ) to thumb drives. Taking few
chances these days,

Lg
( what else can I remember from the 4th grade? lemesee.........
fingerpainting, music *class*, and marbles ;-)

I think I got a B+ in marbles and pencil sharpening.

LG

Kurt Lochner wrote:
viruses
suck and the people that write them are beneath contempt..

We should be able to poke the person responsible in the nose.

After 10,000 nose punches... ewwww.

Gunner wrote:
My $#@!! kid turned off the firewall (again) and downloaded something
with a nasty malware called W32/Gaelicum.A

What kind of firewall do you have?