RE: Possible new virus?

["Chris Berry" <compjma () hotmail com>]

> From: "David Gillett" <gillettdavid () fhda edu>
>   Chris, please stop and think for just a moment!!!

I don't have a threaded email reader so cut me a little slack.  (I'm working 
on setting up a qmail system, but right now I'm stuck with hotmail)  I've 
gone back and re-read the original message in the archives.  So far the only 
thing that makes me suspicious is this:

"I wouldn't think twice if it hadn't happened to 3 computers from 3 
different vendors in 2 days"

My first thought would be some sort of power problem, but that might be 
because of my hardware background.

>   The original poster has not (yet) provided an answer to this
> CRITICAL question:
> > >Do you know if the fans are still in fact running?
>   All he has described is a MESSAGE on the screen (and accompanying
> noise) CLAIMING that the fans have died.

True, he said: "The symptom was an error while still in text mode before 
booting"

Now the way I interpret that is that he is on the POST screen and the HDD 
hasn't even been accessed yet, but I could be wrong or he could have been 
imprecise, but yeah, we need to know if the fan is really not working.  
Honestly though, if his motherboard is screaming at him, I'd be highly 
surprised if it was.  Though I suppose you might be able to write a virus 
that accessed the speaker, I think that would still fit in the available 
space.

>   I could write a boot-sector virus that spat out a message that
> the moon was made of green cheese.

You have a point, one good test would be disconnect the hard drive and see 
if you still get the message.  Congradulations by the way, not everyone has 
the kind of skills necessary to write something like that.

> Whether my virus *could* actually
> turn the moon into green cheese or not would be completely
> independent of whether you had caught my boot virus or not!

Hmm, if you can do that, we need to hire you, our company could branch out 
into moon cheese sales.

>   (I seem to recall a family of viruses that attempted to re-flash
> the BIOS.  Machines that were supposed to have different BIOS versions
> might not, after attack by such a virus....)

Now that would be nasty, don't you usually have to set a jumper or something 
before doing that or do the new ones let you do it from software?  I haven't 
bothered to upgrade a BIOS since about 1995, just not worth it with prices 
the way the are now.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Conciousness: that annoying time between naps."

_________________________________________________________________
Need more e-mail storage? Get 10MB with Hotmail Extra Storage.   
http://join.msn.com/?PAGE=features/es


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
- Precisely Define and Implement Network Security 
- Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------