Security Basics mailing list archives

RE: virus removal help

From: "Hagen, Eric" <ehagen () DenverNewspaperAgency com>
Date: Fri, 7 Nov 2003 11:53:02 -0700
This probably belongs in a tech-support group rather than a security
discussion group...

The virus you're probably talking about is called HTML.Redlof.A according to
Symantec.  It is installed in user files, such as HTML, PHP, ASP, JSP and
VBS files as well as in the Kernel.dll and Kernel32.dll.

Formatting the hard-disk will COMPLETELY destroy this virus.  Upon
reinstalling windows, your BIOS antivirus checking erroniously reports
"potential virus activity" because the system is trying to write to the boot
record, which is not typical behavior BUT is NORMAL for the Windows
installation procedure.

The problems with your system folders and with the Primary Controller
(probably the hard disk controller??) is likely more to do with drivers or
with the Installation procedure than what happened with the virus.

Make sure you install a modern virus scanner and keep it updated to prevent
future infections.

Eric Hagen

-----Original Message-----
From: komal [mailto:agencies_ad1 () sancharnet in]
Sent: Friday, November 07, 2003 7:56 AM
To: security-basics () securityfocus com
Subject: virus removal help


Hi!
My computer was infected by html.redoff virus. I deleted every html and at
last format my computer but while installing windows I receive warning
message that your boot sector is about to be modified if I press yes then at
next reboot my system directory is deleted and I am unable to start my
machine if I press other keys then I boot and work but in device manger my
primary controller is disabled (I.e yellow icon) .I have installed latest
anti virus .
Any help will be appreciated

Thank you
komal




---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to

simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------
Current thread:

virus removal help komal (Nov 07)
- <Possible follow-ups>
- RE: virus removal help Hagen, Eric (Nov 07)