What the hell?!?
May. 27th, 2004 11:22 pm![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
jedisamui.livejournal.com posting in ![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
techrecoveryOk, I was sent out on a call today where this guy had gotten the new virus that is ONLY effecting Dell computers and customers.
And he called the Dell technical support line with me there and shoved the phone in my face so that I could hear the recording. And it said (paraphrasing) that dell is being slammed with calls because of this and that their staff is not trained for viruses and how to fix this issue. It goes on to say that customers should use there browser to surf to mcafee or symantec or calling them for further assistance.
Here's the funny thing. The recording describes the virus and its symptoms (which prevent the user from booting the computer up) but doesn't identify the virus.
So....here's the description that this guy has.
During the boot, the PC loads the WIN XP splash screen and then blue screens with an error that states that there is a Registry Error. This happens whether the PC is booted into safe mode, dos prompt, or normal. I've tried booting off a virus CD, but the CD doesn't recognize the HD (probably due to the format FAT32 vs NTFS). I did try another HD using the original as a slave, and running virus scan, spyware scan. The drive results were clean except for a handful of spyware titles that were removed.
However....I'm curious. Has any of our wonderful Dell tech friends that visit this community, know the name of this virus, and/or a possible solution/removal tool for it? I searched the web but was coming up with nada.
Otherwise, I am forced to safe this guys stuff and reformat/reload. Which super sucks.
And he called the Dell technical support line with me there and shoved the phone in my face so that I could hear the recording. And it said (paraphrasing) that dell is being slammed with calls because of this and that their staff is not trained for viruses and how to fix this issue. It goes on to say that customers should use there browser to surf to mcafee or symantec or calling them for further assistance.
Here's the funny thing. The recording describes the virus and its symptoms (which prevent the user from booting the computer up) but doesn't identify the virus.
So....here's the description that this guy has.
During the boot, the PC loads the WIN XP splash screen and then blue screens with an error that states that there is a Registry Error. This happens whether the PC is booted into safe mode, dos prompt, or normal. I've tried booting off a virus CD, but the CD doesn't recognize the HD (probably due to the format FAT32 vs NTFS). I did try another HD using the original as a slave, and running virus scan, spyware scan. The drive results were clean except for a handful of spyware titles that were removed.
However....I'm curious. Has any of our wonderful Dell tech friends that visit this community, know the name of this virus, and/or a possible solution/removal tool for it? I searched the web but was coming up with nada.
Otherwise, I am forced to safe this guys stuff and reformat/reload. Which super sucks.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
I have a friend....
Date: 2004-05-27 08:45 pm (UTC)~M~
no subject
Date: 2004-05-27 08:48 pm (UTC)I have heard of this "virus" first here, and I have a dell laptop, behind a router, is the router going to protect me and is there a patch out? Damm, if I didn't need this for on site work I would be putting Knoppix-std on this thing.
Not a virus...
Date: 2004-05-27 08:51 pm (UTC)Here's how to recover from this 9 times out of 10:
You need to manually restore the registry from the last restore point.
You'll need a Win2k Workstation CD if this is an XP system. Trust me. You can't get into the "System Volume Information" folder if the CD matches the OS.
1) Boot from your cd and go into the Recovery Console. Pick the right windows folder. You'll get a prompt.
2) chkdsk. if the file system was corrected, type exit to reboot and see if it comes up. If not, boot back into into the console and proceed with step 3.
3) cd \system~1\_resto~1 to get to the restore points. dir and look for the highest numbered RPxxx folder from before the crash. cd into this folder, then cd snapshot
4) type the following. Answer yes to any nags:
rename \windows\system32\config\system system.bad
rename \windows\system32\config\software software.bad
copy _registry_machine_system \windows\system32\config\system
copy _registry_machine_software \windows\system32\config\software
5) exit to reboot.
all should be well.
no subject
Date: 2004-05-27 09:02 pm (UTC)no subject
Date: 2004-05-28 12:21 am (UTC)no subject
Date: 2004-05-28 10:47 am (UTC)no subject
Date: 2004-05-28 06:21 pm (UTC)play the mighty mouse theme music.
It's mostly Dimension systems. See that earlier post whats-his-name, the guy with all the spyware knowledge did, regarding the mutation of CoolWebSearch.
The reason the uppity-ups don't know it's a virus is b/c it's NOT. It's a spyware prog gone out of control. I've passed the word up the chain, though, so something should be done about it.
Oh, and hardware support, the guys who _don't charge_ for the phone calls, *aren't* trained for virus support. It's basic OS support and hardware. There *is* an advanced OS support, but it's fee-based.
Re: Not a virus...
Date: 2004-05-28 06:23 pm (UTC)2) That's the bluescreen nonsense you and I were talking about earlier. I was there the first day the calls started rolling in.
3) not necessarily affecting *just* Dell's. It *does* however, only target WinXP/2K machines. Mostly XP, though.
no subject
Date: 2004-05-28 07:17 pm (UTC)Here's Symantec's removal tools page. Good luck!
http://securityresponse.symantec.com/avcenter/tools.list.html