Jump to content

StudioT

Members
  • Posts

    23
  • Joined

  • Last visited

Reputation

0 Neutral

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    SomersetUK
  1. Thanks for that, Jean. I wouldn't describe the result as productive - even the Winternals RR forum failed to reach a conclusion.
  2. Over the weekend my Win2k computer acquired Vxgame, Zhelatin and Tibbs trojans. At least one was protected by the wincom rootkit. During cleaning I discovered the following registry entry HKLM\software\Xanthic\{EA85997E-F0A5-F38F-C44B-1D1A619FAE56} was inaccessible due to null entry. The entry was removed by proper use of regdelnull. I have never heard of Xanthic, no other pc on my network has the key. However googling does not throw up nefarious activity by this outfit. So I was interested in any further information available. The pc concerned is now clean.
  3. I posted for interest No I wasn't impressed with their reply either. Nosirrah, shouldn't you be tucked up now, or don't you ever sleep? Cheers
  4. Fo interest this is Hitachi's reply, they had the same information posted here and were commendably quick to reply. Since I didn't actually ask the reason, just comment their interest in premature, but post warranty failure is evident. I note they haven't ruled out malware. I am well aware that my actions will (should) have destroyed any way of distinguishing so maybe it was just one of those things and the drive will carry on for years, maybe not. I am also aware that sometime you have to run check disk several times to get a result, an observation that may be of interest to others.
  5. NoSirrah, Thank you for that explanation. I am a generalist, not a specialist like yourself and no two of the problems I fix are the same. Advanced Setup No insinuation or insult was intended, any more than (I hope) your comment about wishful thinking.
  6. Well thank you for your comments - time will tell if the problem happens again. Meanwhile I am interested in the idea that MBAM is somehow less effective on secondary drives Does this apply to attached (USB) drives?
  7. I didn't say I identified any malware. MBAM happened to be on the machine I slaved the drive to and, yes, it failed to finish a scan locking the machine and forcing user intervention with the power button. From the number of different disk checking tests I described I hoped it would be obvious that my first choice was simply corrupt data on the drive. I put a lot of effort into fixing or isolating this but the drive steadfastly refused to play. However it equally steadfastly operated smartly in safemode and in slowly diagnostic mode. It also operated in other respects very well as a slave. I didn't mention but the drive was a 40G travelstar, about half full. Thre was in in-date copy of Macafee (A-virus only I think) on the drive. My experience of failures concords with the 'bathtub curve' and this drive is the wrong age for either high. The drive behaviour showed none of the sluggishness or noise I normally associate with failing drives either. So I thought that maybe the drive was faulty, and maybe there is malware I haven't come across, that can do this and just maybe someone else might be interested. After all I have seen malware that can halt a Norton or Macafee scan, move about and morph on a drive. So why not malware that can halt checkdisk? I have asked Hitachi for their opinion.
  8. It's easy to make generalisations, hedged by caveats. I was hoping for better discussion with some reasoned train of thought. It doesn't seem to be OK now . It is OK now. It passed a rigorous soak test. However you may be right but I can't explain all the results I got, let alone those I posted Why did MBAM fail? Why does safe mode work reliably? In fact why did everything work until I tried any process which involved a 'scan' whether under the control of an outside operating system or not, and how did it halt the outside OS? And why are service people suddenly seeing an increase in Check Disk failures?
  9. Thanks for the suggestions, I've already resolved the problem itself, this is by way of inquest as there seem to be suddenly a lot of pcs about which refuse Check Disk or similar. This Hitachi hard drive was dated 2006 and so was really too young to die. SMART analysis reported perfect mechanics etc. Pc booted to XP desktop where it froze, except for mouse movement. XP would boot happily to safe mode where it would generally work OK, except that Check Disk halted the system at several attempts. Check Disk also bombed out from Bart PE, several Linux and DR DOS cds When the hard drive was removed and conected to another system Check Disk again halted the system, as did defrag. All the files on the drive were present and accessible to be read by the other system. Interestingly when the drive was scanned with MBAM on this second system it halted the system with and 'unexpected error'. A simple Fdisk format also halted the system. The Hatachi analyser presented some corrupt sectors. However when asked to fix this the program ran for a while then halted the system with an 'unexpected error' If it was just corrupt MBR windows would not load at all, if just corrupt files somewhere on the drive then Check Disk or Hitachi Analyser should have been able to fix it. This is why I suspected malware and asked the question. I finally fixed it by using a low level formatter which ignores the current structure and systematically erases and checks each location for the entire disk. After this I was able to create and format a new partition without problem and reinstall XP cleanly. SMART again reports everything hunky dory with the drive.
  10. I have heard of, but never seen, malware that can survive a volume format. I was wondering if anyone has come across malware that can survive a low level format (reinitialisation)? I recently had a drive that with some blocks the resisted recovery by checkdisk and even the manufacturer's (Hitachi) own drive software. It also resisted format by normal means.
  11. It will not do what antifreeze doesThey both cool your engine. I believe I said that I come across businesses that want to avoid paying, despite the licence conditions in some if not all free AVware. MBAM has a powerful driver for removal and is going to be adding a second backup DOR driver within 2 weeksI look forward to testing the new version.
  12. Comparing water and antifreeze is not a fair comparison because they do not contain any of the same chemicals.At last someone has actually addressed my points, even if I don't agree with her! I don't see why the comparison is invalid. In both cases the comparison is a free alternative against a 'paid extra for ' addition. Incidentally many garages in the UK are making money hand over fist with sky high rates for the oil used in an oil change and now 'engine flushing agent' on top. I think you have you figures skewed here. Firstly any version of Windows costs more over here. The fancier versions of Vista will set you back up to
  13. As a service engineer I am am often asked for free(ware) protection or told 'Ive heard program X can do it for free and is much better'. Now I happen to think that buyers are much better served in the AV and AM market than by supplier(s) of operating systems. Certainly prices are much more affordable (reasonable). Perhaps it's the competition. Anyway I usually put it like this "When you take your automobile for its annual service, do you ask the garage to only use water, not antifreeze in the radiator, in order to save a few pennies? Compared to your investment in hardware and software why begrudge the relatively small cost of protection." Comments welcome
  14. Now I've found them the notification choices on this site are more comprehensive than with Vbulletin. There are some very sensible additions.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.