WARNING: Virus detected!

[dunderklumpen]

Yesterday me good old norton detected a virus in the file Skin017 in Daoc folder. I also detected same vorus somewhere in woindows.. i didnt pay much attention as i usually get 3-4 per day but my firewall and norton usually beats it.. I put both file in quarantine as i did not want to remove them just then..

Weell.. i played on my other cpu and all was happy until today when logged in again... then i get download of file Skin017.. Of fear i just turned Daoc down and is running another virus check.. Im getting the very creepy msg.." You must restart your computer for the new system settings"...


If you got any ideas pls tell me...

The file download can be due to that the original file is in quarantine?

Need help here from someone who know DAoC sys

 

[[Cerebus]]

Have you reported this to Rightnow?

They might respond quickly to this.

 

[dunderklumpen]

how?

 

[Gef]

Whats the virus's name?

 

[dunderklumpen]

Bwaa... didnt pay any attention to it.. just put it in quarantine and so.. cant check name of virus at the mo.. It said virus name b4.. now it just say Unknown

Correct filename:

\Mythic\Figures\skin\Skin017.mpk

 

[old.Anpu]

Those files only contain gfx data and no executable code tho, so I guess its just a coincidence that it matches a virus pattern.
Don't think a virus would infect random non-executables (ie. no .exe .dll etc) esp not just one file out of the folder. So unless the virus is in the daoc executable too I wouldnt worry about it.

/Anpu

/edit bad spelling

 

[dunderklumpen]

Hmmmm...

Why did my system settings change then??..

Do update automaticly correct and download any missing files in the mythic folder?? Id like to remove the (possibly) infected file as it cannot be mended.. just for being secure..

 

[old.Anpu]

The updater downloads missing or newer files on startup of daoc.
But it doesnt change any system settings, so I dont know where that comes from.
Maybe you have a virus somewhere else, but its sure not in the gfx file.

/Anpu

 

[dunderklumpen]

I will delete the grafixfile now then.. just to be sure...

 

[Dsjoords]

I don't know, my F-secure didn't find anything.

 

[old.Hardbein]

I run CA e-trust and work with Viruses all day. There is nothing wrong with the patch from mythic....nore the file u mentioned here. I deleted the file u mentioned and checked the file again...fresh from GOA, but still nothing to report.

My guess is that ur system is already infected by a trjoan (some trojans "confuse" or set ur existing AV system "out of order") and will infect popular files like *.jpg, *.bmp,*.doc and files that r used a lot (hay u play DAoC so I guess those r the most used files on ur system ) Files will also be given a hidden extension so it makes the file executable....and will therefore spread further through ur system. I suggest u DL a propper AV-scanner, not the ordinary ones like Norton, F-Prot, Norman etc.......but would recomend Computer Associates e-Trust v.6.0 and Trend Micros PC-Cillin 2002.

Free Trial SW here:
e-Trust AV
Trend Micro

If u dont wanna DL a new AV prog...try use this free (Java)scanner from Trend Micro......(quite good imo) but gives u no real-time scanning.
House Call

GL on ur hunt for those nasty bastards If viruses were worth RP's I would sure be the no.1 RP holder on Pryd.....but im not

edit: typos

 

[dunderklumpen]

ty will do

 

[dunderklumpen]

GREAT.. Its heavily infected at the mo... The virus ahas infected norton antivirus at the mo.. cannot start it nor enter internet...

 

[old.Jadow]

Safedisk time. Norton 2002 and 2001 both have bootable CD's with safety stuff written into them. If you use the downloaded version, I'm assuming you followed the advice and made a safe floppy disk for just this kind of eventuality?

Failing that, using your other PC, download PANDA which has a very low system footprint and install that from CD (burn it if necessary). This will clear anything from your boot sector and memory, leaving you free to run Norton.

Jadow
Level 50 Infiltrator
Order of The Knights Templar

 

[old.seb1024]

alt is from a dos promt use "fdisk /mbr" without the quotes which will reset your boot block
as with all things computer related Did you make a backup?
No well tough! you can always format and start again but boot from a cd for the reinstall so you not using an infected boot disk