A survey, shows that less then 40% of the British public feel they are well informed about science.

New Articles - Earth's Carbon Cycle Ultra Sonic Frogs Environmental Niche & Dinosaurs Seismic Waves Global Warming Life Support Systems Introduction to the Big Bang The Problem of Acid Rain

Our science section is in production with a proposed 1 Mar 07 "Grand launch" date.


The Linux Convert site explains how, even today, building your own linux box can be cheaper than getting an off the shelf Windows PC. There is a new article on why you should use linux there now.

New articles: Firewall Bypass Attack Snort For Newbies Malware and Intrusions Intrusion Detection Systems Malware, Trojans and Virus infections and Infection Removal

If you have any comments or suggestions for topics we should cover under the technology banner then please stop by the discussion board and let us know.

Malware / Trojan / Virus Part Two

By Heather - Page 2

Success through ancient wisdom

Following instructions found on the Internet, I got hijackthis and ewido.

hijackthis was good at identifying dubious processes but stopping these made little impact. Ewido found everything it was supposed to but also didn't manage to get rid of the very last hostile process even after a few passes had been made and the PC rebooted several times. At this stage, the malware erupted into an explosion of endlessly replicating processes with silly names

From the anti-virus program and Ewido logs, I identified the last unkillable process to be 'Nail.exe' in the windows/prefetch directory. Ewido kept killing it but it was able to instantly start itself off from an other file. This suggests that the malware had a defence built into it which was doing something like "On deletion, copy the file to 'someotherdirectory/blah.exe' and run that. On deletion of 'blah.exe', copy it to 'Nail.exe' and run that again

There genuinely seemed to be no way to get rid of Nail.exe. It was even totally blatantly obvious - all the protection programs were pointing at it but couldn't delete it

On the "when all else fails, use the Command line" principle, I used run then cmd then a few old DOS commands to attack it.

First dir blah*.*/s on every drive to find and then del delete almost every rogue program that had been set up by the malware and identified by the av software. This had no impact on Nail.exe.

I checked its attributes with attrib na*.* from the directory I found it in. I tried to take off all system, read-only, hidden attributes but it still wouldn't let itself be destroyed

This is the bit where old DOS knowledge was the answer (confirmed ten minutes later by a post on a bulletin board that advised the same thing)

Take an innocuous text file and overwrite Nail.exe by using copy innocoustextfile.txt Nail.exe

Do this to every manifestation of Nail.exe you can spot using dir Nai*.*/s

Reboot and run ewido, hijackthis, your av program etc to make sure its not hiding in the registry. You can fix the registry and any stray attempts to run it again at a leisurely pace. Even if it tried to run, it will just find a non-executable and stop

Happy ending

The hard disks were saved. I had to bite the bullet and buy a new motherboard /CPU/different RAM/ box with a stronger PSU. (Cost about 300 and I couldn't afford the black one with flashing lights that looks like the helmets the robots used to wear in Battlestar Galactica). I learned I really had to use a firewall and update my AV, I learned to be more careful about downloading and proved that extinct knowledge might still be useful. I also got to visit a lot of brilliant sites and forums with advice on how to deal with malware and lists of what you should look out for.

Malware, Trojans and Virus Infections - Page 1

XHTML CSS level 2 W3 Sites Any Browser GEO Url


RSS Feed

News Provided By The BBC