I have a tech support question about my comp...

[Aaron]

Hey guys, I haven't been here in a while, and well, anyway, I've been having trouble with my computer and I think someone here might be able to help me, because, hey, you know stuff  

Anyway, here's my problem.  When my comp is on, every two or three minutes, the whole thing hangs up for about 15 seconds.  Annoying.

I have no background programs running except MSN Messenger.  I've gone to msconfig and killed all of the startup stuff except MSN Messenger and the System Tray.  There's nothing in my StartUp Folder.

Anyway, last time I went to msconfig I found this interesting thing:  There's a program there (under the startup tab) that is checked called "Driver32" and it runs c:windowssystemSCam32.exe - I thought this might be the problem, so I unchecked it.  When I restarted, it was checked again... so I erased the file, only to find that it had been replaced when I restarted.  That might be the problem?  But I couldn't get rid of it.  I even searched through the registry for stuff relating to it and found nothing.

And sometimes the problem just disappears, only to come back when I restart my computer again.

[Threesixty]

Hmm...I wonder if it's some kind of Spyware?

What about the Config.sys and the Autoexec.bat?

[This message has been edited by Threesixty (edited July 27, 2001).]

[Aaron]

I ran Ad-Aware 4.55 to kill the Spyware and it didn't seem to help, but I haven't restarted yet, and I might go check for a new version.

Config.sys is.... empty?  There's nothing there.  Never looked at it before, so I don't know if that is unusal, but I am using a laptop with wierd hardware.

Autoexec.bat, I killed it, it didn't help any.

[Aaron]

I downloaded Ad-Aware 5.5, it is scanning now and so far its found a lot of spyware that 4.55 didn't find, so maybe this'll work.  I'm gonna scan, restart, and scan again and see if I get rid of my problem.

[halkun]

Ummm, I think you have a virus, it running out of your recycle bin and has a registry link to execute after every EXE file. I've seen a billion of these things over the last couple of days (I work for an ISP) You may want to get a scanner or something.

[halkun]

Too add to my last comment, the reason it's hanging is beacuse SCam32.exe is trying to send files on your HD out to buddies in your address book. Go online and close all of your apps and see if there is any activity while you are online (look at the two computers in the lower right hand corner) if one or both of them are going while not running any internet apps, you have an active virus.

[Threesixty]

The config.sys is usually empty with win98 on up. autoexec.bat is usaully empty too, but a lot of third party programs still like to throw stuff in there.

I thought it might be a virus, too....but I figured it was scanned already....

It's probably the new one. I've heard about...let me see if I can find where I found the info...I thought I read it here, but I guess I didn't.....

Ha I found it...Aaron you going to want this. You definetly have the virus. It's called Sircam virus.

   http://www.sarc.com/avcenter/venc/data/[email protected]" TARGET=_blank>http://www.sarc.com/avcenter/venc/data/[email protected]    

here's an article (I haven't viewed either link yet...I just pulled it from AMDzone.
    http://www.hwextreme.com/NewsPub/Stories/2001/07/24/9959709941.shtml" TARGET=_blank>http://www.hwextreme.com/NewsPub/Stories/2001/07/24/9959709941.shtml    

I read it at AMDzone just this Monday.....I really thought someone had posted it here.

what I read Monday:
Will everyone please check their systems for the Sircam virus. This is getting silly. For those of you that don't have it, or are smart enough not to open every attachement sent to you, thanks. For those of you who got infected, please take the proper measures. Check     http://www.theregister.co.uk/content/56/20553.html" TARGET=_blank>this story     for some more info. It also has a link to Symantec with removal instructions.

If you go to the THIS STORY link, You'll find that it's a real nasty virus. Sends the virus threw it's own E-mail program, so you don't see it. It not only gets e-mails from your address book, but from you internet temp folders, too.....

You'd better start sending E-mails to those people in your Address book about this info. I was one of the victims of the, "I luv you bug" at my work. (not my system). Seems these guys like copying that virus.

[This message has been edited by Threesixty (edited July 27, 2001).]

[Caddberry]

try a little free antivirus scanner.. and get updates for it.. usually you can get free demo versions.. you wont have to spend money..

[eerrrr]

I use InoculateIT PE, it's a complete free virus scanner with free updates for virus' and stuff. I think  http://antivirus.cai.com" TARGET=_blank>this  is the site. Doing AutoDownload for virus updates is really fast on it, for some reason it goes at around 5 KB/sec on my 33.6K. What I want to know is why does everyone open those attachments? Most people know that some virus' get to you from their friends' emails, so when you see a dodgy email from a friend's address reply to them first and ask them about it. Thats what I do.

[Yuna]

IF You want play save, then..
Backup all of your personal and important files (except Exe and Com - maybe they have infected too) and do the Low level Format.

Thats all, i do these because one years ago i had a BIOS Virus just like that.

And don't trust Anti Virus, because in some rare circumtances they act like a "File Washer" or False Alarm Notification.

[This message has been edited by Yuna (edited July 27, 2001).]

[Aaron]

Ok, here's the deal.  I have a virus scanner (Norton AntiVirus) and I'm about to run a full system scan.  My virus definition file was last updated October 30, 2000 and I can't update it any more because I've reached the limit of my free updates.

I did check and it is sending info while I am idle, looks like a virus sign.  It sends something out at quite regular intervals (about every two seconds) but its never anything very big.  If the virus I have is older than Oct 30, I'm about to catch it, but if its not, can anyone suggest a free (or demo) scanner that would?

I'll post here if I find it.

Also, fortunatly, I use Hotmail for e-mail and I doubt it'll be able to use that to send e-mails out (I dunno if its smart enough to get through the web interface, especially as it was redesigned just days ago).  I also have access to Hotmail through Outlook, but my current ISP blocks Hotmail support through Outlook (I have not the slightest idea why, but they're not doing it intentionally) so Mr. Virus can't send e-mail through that.

[Aaron]

Oh wait, I see your link, I'm gonna try that first.

[Aaron]

Oh man, thanks!  I think that worked.  The Driver SCam32.exe thingy is gone, and now nothing is being sent over my internet connection that I don't know about.

I wonder where I could have cought it - I haven't recieved any suspicious e-mail attachments recently, it just showed up.  I was gone for 10 days recently, though, I bet someone in my family managed to catch it then, b/c that's about when it showed up.

Thanks Threesixty for knowing about it and giving me the tool to fix it  

[Aaron]

But dang, I'm still getting those hangs.  Any other ideas?

[Aaron]

Ok, it wasn't the virus's fault that the hangs were occuring.  I identified the e-mail that had the virus in it (an e-mail sent to me yesterday) and I've been having hangs since before I got it.

[Aaron]

One last post

eerrrr: That site you gave says that they've stopped giving it out but they still give virus updates to people who have it.

[eerrrr]

Darn it, I forgot about that. Sorry. But hey, you managed to add 6 extra posts to your rank from not editing your posts. Goog job...?

EDIT: You doubleposted, eerrrr.

And yeah, remember we can edit & delete our own posts if you're registered?

-Ficedula

[This message has been edited by ficedula (edited July 27, 2001).]

[Threesixty]

I'm not sure if you can actually delete here, but you can edit.

And that third links says that it attaches itself to other executable progams....maybe it got a major one or something? Guess it's time for a reformat of the HD and installing windows from scratch.

If you read that link....(open the third link)
"Because the virus has its own email engine, copies of emails sent will not show up in a user's email client sent file."

The links says that it uses it's own E-mail program. Who knows...maybe it automaticly makes an account somewhere, or it just finds an open account within your IP connection.

[ficedula]

Once you connect to the 'net, your password is held in memory. For dial-up accounts at least, *any* program that wants the password can get it. Easily. So if your ISP provides a free email account ... extract the server details from Outlook, ask Windows for the password, and away it goes.

Oh; you didn't used to be able to delete your own posts here (only mods could) but registered users have been able to delete their own posts for a while now. Can't remember exactly when it got turned on.

[Sukaeto]

As far as your hanging problem:  What version of Windows are you running?  Does it sound like your hard drive is grinding away during the hangup?

[eerrrr]

Sorry fice. I was expecting like a triple post cos I submitted it then stopped it cos I forgot to add something. Then when I pressed submit the second time i kinda accidently did a double click.  

[Aaron]

I'm running a laptop using Windows 98 SE.  I have *all* of the updates and stuff from  http://windowsupdate.microsoft.com" TARGET=_blank>http://windowsupdate.microsoft.com   and I am running almost no programs (MSN Messenger only) and have disabled everything in the startup section of MSConfig except MSN Messenger and the system tray.  The virus is gone.

The hanging starts within minutes after my computer is turned on.  Sometimes it happens about every two minutes, but sometimes the hangs are more than ten minutes apart.  When it hangs, I can still move the mouse, the hard drive doesn't sound like it is grinding away (in fact, if it was grinding, it stops for the duration of the hang).  Whatever I click or type during the hang all happens at once after the computer comes back.  All sound stutters except MIDI (it continues playing normally), which is kind of wierd, since I use the Yamaha Software MIDI Synthesizer that comes with FF7, so something apparently still works while the hang is going on.

EDIT: Thought I might say that a little better.

[This message has been edited by Aaron (edited July 28, 2001).]

[Aaron]

Actually, now I think its a virus.  Not that Sircam Worm thing, another one.

I was using my computer and I decided to sync it up with my Palm handheld device.  I use ISDN to connect to the internet and only have one serial port, and my handheld device and ISDN modem both use a serial port.  I told it to disconnect and it wouldn't, so I unplugged the ISDN modem.  The computer still said it was connected and kept sending data off (about 4k every 2 minutes) for two hours, before I restarted it.  Seems like my virus is trying to do something on the internet (forward itself probably).  My October 30, 2000 Norton Virus Definition file did not detect it after I did a full hard drive scan.  There is nothing suspicious in MSConfig and I am about to go digging deep in the registry.

If ANYONE knows any free virus scanner that would detect this, or a program to remove this particular virus (that is if you think you know what I have), please post here, or more preferably, e-mail me at [email protected] .

It still could be other things besides a virus, I guess.

[ficedula]

One thing you could try is Zonealarm. It's a free firewall I use (or, you could get another firewall). It won't remove viruses, but it *does* tell you which programs are attempting to access the 'net, and blocks them out unless you give specific permission. So it'll at least tell you which program is trying to access the 'net, and you can maybe find out whether that program has been altered.

It's a good idea to have something like this installed anyway.

[J*** H*******]

Message.