Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 26 Nov 2014, 04:59
All times are UTC - 4
 Forum index » Off-Topic Area » Security
I got wacked real good x 3 (SOLVED)
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 2 of 8 Posts_count   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8 Next
Author Message
technosaurus


Joined: 18 May 2008
Posts: 4379

PostPosted: Thu 04 Mar 2010, 02:20    Post_subject:  

Barry has recently posted some stuff on his blog for flashing the BIOS using freedos and some other utils... fortunately his usage was just to fix minor hardware compatibility issues with the gecko edubook

http://bkhome.org/blog/?viewDetailed=01400

_________________
Web Programming - Pet Packaging 100 & 101
Back to top
View user's profile Send_private_message 
obxjerry


Joined: 29 Jan 2010
Posts: 394
Location: Louisville, Kentucky

PostPosted: Thu 04 Mar 2010, 13:49    Post_subject:  

OK, I've gone from looking for leads to having to chose my next move, great improvement. I tried SBM but it didn't boot, Like most people working with floppy disks is a distant memory. I'm thinking I should have done more than copy the download to floppy. I had trouble accessing the manual but I have it now. It's hard when you're working with your third and fourth string computers

CMOS lists IDE primary master as Maxtor 2RO10 H1 and IDE secondary master as CD-ROM 52x/AKH. In BIOS sequence they're HDD and CD-ROM. The CD drive has a Puppy CD that has always booted in the past. Messing with BIOS is new territory for me so I'll need baby steps on that.

It's confession time. I see 3 possible ways the computers got infected. First, they all caught it in the wild.

Second, my son brought his infected tower. I connected and disconnected it in one of my systems several times and, without thinking, I connected it to our network. The second computer I discovered with the virus is the one that was out when his was in. The two could not have been connected at the same time.

The third and I think most likely, I spread the virus with floppies. His computer was running XP. I burned a start disk on our XP computer. His said it couldn't find the COMMAND.COM file. I put it back into ours, searched for the the file, didn't find it, so I burned it again. Now his does boot to A command prompt. I didn't boot our computer with the floppy. I know that's a no-no. I thought I was safe as long as I didn't boot up from the floppy.

When he brought his computer it had a Windows 98 startup disk in it. The computer that his was taking the place of is a Puppy and ME dual boot. I'm thinking ME burns the same startup disk as 98 so I swapped it back in and burned a startup disk over that disk.

In addition to those floppies I have 2 floppies that get Basiclinux 1.8 running. I'm sure more can be done with these tools than I know how to do.

I'm thinking if the virus is carried on the floppies it should be able to be found there. Is that a possibility?

No memory sticks have been swapped. I was thinking ahead. If the computers were beyond repair, what could I salvage? In my researching viruses on line, I saw the bit about RAM not being 100.00% safe and I passed that on.

Since there has been no RAM switch I'm thinking there is no possibility of a CL latency problem. Am I right?

I don't have 3 opticals connected. In my desperation to get the CD drive to boot I made it first, second and third on the boot sequence. Of course that didn't help.

Honestly, I don't know what the symptoms were on the second of our computers to get the virus.

The third, I had caught up all of the XP updates, ran an Avast scan, downloaded Kaspersky Rescue Disk for the other computers and was running it on that one. It booted fine. I set it to scan the C drive (hard drive). It saw the hard drive as D. It scanned a couple of hours getting about half way through and froze. I restarted it, It ran a couple of hours making it a little further and froze again. Then it wouldn't boot so I shut it down.

We have been watching our financial accounts and changing passwords. Nothing sinister so far. We didn't have firewalls, don't allow file sharing and were running Avast free edition. It worked up until now. Using wireless I see 2 to 4 networks with no security at all so there are worse than me.

I realize all concerned are anxious to get to the bottom of this. Unfortunately, my time has limits. This may take a while.

Thanks as always
Back to top
View user's profile Send_private_message 
obxjerry


Joined: 29 Jan 2010
Posts: 394
Location: Louisville, Kentucky

PostPosted: Thu 04 Mar 2010, 13:50    Post_subject:  

Sorry Double post
Back to top
View user's profile Send_private_message 
amigo

Joined: 02 Apr 2007
Posts: 2278

PostPosted: Thu 04 Mar 2010, 14:19    Post_subject:  

You need to 'burn' the floppy using 'dd', not simply copy the file to the floppy.

dd if=floppy.img of /dev/fd0 bs=512
Back to top
View user's profile Send_private_message 
prehistoric


Joined: 23 Oct 2007
Posts: 1304

PostPosted: Thu 04 Mar 2010, 15:05    Post_subject: creating floppy from image file  

What amigo means is that, under Linux, you need to open a terminal (as root) and use the command:
Code:
dd if=floppy.img of=/dev/fd0 bs=512

to create the SMB boot floppy. On most systems the block size defaults to 512 anyway.

We're assuming you extracted the img file from the zip archive first.

You want to be careful with dd because it will do exactly what you tell it, even if you tell it to destroy a hard-drive filesystem. It writes to the raw device.

If you have a W*****s system running, you can create the boot floppy by downloading and running an exe file which does the writing for you.

Your copy operation merely placed data inside an existing file system on the floppy. It did not create the parts of the file system needed to make a bootable diskette.

Once you get a bootable floppy, you will need to learn a little bit about the program. Exactly what you do with it will depend on exactly what configuration you have, and which things are working. Learning to do this in a situation like yours is awkward. It is much easier to learn on a system without serious problems before you venture into unfamiliar territory.
Back to top
View user's profile Send_private_message 
Aitch


Joined: 04 Apr 2007
Posts: 6825
Location: Chatham, Kent, UK

PostPosted: Thu 04 Mar 2010, 16:35    Post_subject:  

obxjerry

I realise you're getting a lot of advice, but I think we all understand the principles we are trying to convey

If you aren't able to get a linux running to do a dd from console, but have a boot floppy that will get you to dos, try rawrite2

http://www.fdos.org/ripcord/rawrite/rawrite2.exe

Or, if you can only get a windoze setup running, try rawwritewin, which will need unzipping before use

http://www.fdos.org/ripcord/rawrite/rawwritewin-0.7.zip

more info on smartbootmanager here

http://linux.simple.be/tools/sbm

I found this SBM image more reliable than the one at sourceforge, but can't explain it
Writing an image to floppy, is like burning a CD ISO, you don't just copy files to the floppy, as the all-important boot info will not be installed & it won't work

SBM will enable you to boot from any device, though I'm puzzled that you confusingly say,
Quote:
CMOS lists IDE primary master as Maxtor 2RO10 H1 and IDE secondary master as CD-ROM 52x/AKH. In BIOS sequence they're HDD and CD-ROM.

and later,
Quote:
I don't have 3 opticals connected. In my desperation to get the CD drive to boot I made it first, second and third on the boot sequence. Of course that didn't help.


For preference, if possible, 1st, floppy, then CD, then HDD, is a simple sequence for you to use, but SBM will overcome even bios problem device booting

& I hope you're remembering to save settings in bios?

Simple to overlook the obvious, when you're a bit flummoxed

Good Luck

Aitch Smile
Back to top
View user's profile Send_private_message 
out_fisherman

Joined: 06 Oct 2009
Posts: 17

PostPosted: Thu 04 Mar 2010, 18:02    Post_subject: One more thing....  

obxjerry -

Seems obvious, yet might get overlooked.....after following the
advice on HOW to write a boot disk, be SURE to set the little
write-protect tab on the diskette B4 you put it into ANY machine.
This in fact is hardware write-protect, which no virus can get
around as it is 'AND-ed' with the "write" signal line within
the floppy drive. If you don't do this, the virus might instantly
infect the floppy as well. It might well make the boot sequence
crash (cause they can't "get-you") but then you will have another
clue. (If in fact your BIOS is corrupt, it may try to copy itself to any
drive it detects which is WRITEABLE, like the floppy.) Not being
able to write the floppy may be a condition the virus-writers
didn't plan for - resulting in a crash. Just my $.02.
Back to top
View user's profile Send_private_message 
obxjerry


Joined: 29 Jan 2010
Posts: 394
Location: Louisville, Kentucky

PostPosted: Thu 04 Mar 2010, 18:56    Post_subject:  

Bootable disks is not something I do a lot. I do have a XP laptop with a floppy drive. Am I right in thinking I can open the exe. file I downloaded and burn that to floppy? Or do I need to burn an image? The manual makes it sound much more entailed than that.

The hard drive is the Maxtor. It has XP on it. I'm thinking my tool of choice is Puppy on the CD. I can set boot sequence any way I want and get out of BIOS, go back in to BIOS and it's still the way I set it. The CD-ROM 52x/AKH, I'm thinking is my only optical drive. I said, I want it, I want it, I want it. It doesn't make sense but I did it. Floppy will boot (if it has a bootable disk) unless it is not in the boot sequence AND check for 40 or 80 lines is disabled.

Write protecting the floppies is something I thought of. At 40 cents apiece I don't know that I would take any chances.
Back to top
View user's profile Send_private_message 
out_fisherman

Joined: 06 Oct 2009
Posts: 17

PostPosted: Thu 04 Mar 2010, 19:39    Post_subject: Wacked...  

Concern over topic-for-forum here, but with my background
I can't help it......to moderators - I apologize.....

obxjerry

It can get confusing swapping drives around, from one
machine to another, and STRAPPING MATTERS.
You have 2 IDE channels, each with a MASTER and a SLAVE
scheme. Pulling a CD out of machine-x who is strapped as
'master' and putting it into a machine where it is the second
drive on the same channel as the main HDD won't work -
your main HDD is (and should be) "master"
I hope I'm not being condescending here, but we all get
confused once in a while. Best bet for CD drives is
"cable select" - then it will attach itself to the proper port.
(Provided your main HDD is NOT strapped 'cable-select')
I always strap my HDD as 'master'.

Now for your XP laptop - if you can write a bootable floppy
with it (and this PC is not infected), go for it. I don't know what
.exe file you have, but XP can write you a bootable floppy
easily. It has been a while for me with XP, but I know the option
is out there...under system tools, I think.
Once you get that floppy, set the write-protect tab right away.
There is no reason any program needs to write to it.
If you can boot from it, you will wind up at a screen which
looks like:
A:\
Type "C:\"

If you can get there, then you need to know a few DOS
commands to get your data off the drive and transfer it to
somewhere else, using the DOS copy command. At this point
you may/may not be able to access the place/drive you want
to transfer data to. From here on it may get complicated - and
like I said before......I would just FDISK the thing, install
some flavor of Linux, and sleep well.

I would be very interested to find out the resolution here,
as this seems to be a very nasty virus. Having fixed computer
motherboards for several years, I am familiar with the failure
modes - but this doesn't fit any of the symptoms I can remember
Keep us posted....
Back to top
View user's profile Send_private_message 
obxjerry


Joined: 29 Jan 2010
Posts: 394
Location: Louisville, Kentucky

PostPosted: Thu 04 Mar 2010, 21:22    Post_subject:  

out_fisherman, thanks for your interest and help. I am assuming the drive swapping you are talking about is when and if I get to removing hard drives and putting them in another computer.

So far, with the startup disks I have, typing from the A prompt [letter]:\ gets me "invalid drive specification". Hopefully when I have a working SBM disk I'll get somewhere.
Back to top
View user's profile Send_private_message 
Aitch


Joined: 04 Apr 2007
Posts: 6825
Location: Chatham, Kent, UK

PostPosted: Thu 04 Mar 2010, 21:59    Post_subject:  

obxjerry

See my previous post, which explains SBM writing to floppy
It should NOT be an exe, but an image

unless they've changed things on the sourceforge site

....but the link to SBM that I gave is an image, which has to be written as a bootable image to floppy with either of the utilities in dos/rawrite2 or windoze/rawwritewin, or the dd command in linux

I don't quite understand why mention is made of the CD drive replacement, but if you are simply exchanging one CD drive for another, to see if it will boot, then, since yours is already master, it is on a separate cable to the hard drive, so it won't matter if the replacement is set to master or slave

visual guide, should you need it

http://www.helpwithpcs.com/upgrading/installing_cd_recorder.htm

For now, getting an SBM boot disk working, is a good start

Aitch Smile
Back to top
View user's profile Send_private_message 
out_fisherman

Joined: 06 Oct 2009
Posts: 17

PostPosted: Thu 04 Mar 2010, 22:15    Post_subject: Drives....  

obxjerry-

Drive-swapping.....No - your assumption is wrong....
CD drives, as well as Hard-Disk Drives, have a strapping
option on their backside, right by the place where the
cable plugs in. Often it will look exactly like the strapping
options of a hard drive. You might see things like
"MS SL CS" or the like, which stand for Master, Slave,
Cable Select.....I'll try to lay it out here - you have 2
channels, each of which has a Master and a Slave -
Logically, it looks like this:

Primary -
-Master
- ....Slave
Secondary -
- Master
- ....Slave

Rules - you cannot have 2 drives (either HDD OR CD-ROM)
strapped as the same level on any channel.
- you CAN have both strapped to Master IF they are
on different channels (IE - One on Primary, one
on secondary).
How to tell ?? Each channel is on a separate CABLE.
If your cpmputer has only ONE big, fat cable from the
motherboard to the drives, then you must strap the
drives for Master/Slave combination. OR - add another
cable to the motherboard....if you have this option.
In this day of cheaper-is-better, I wouldn't be surprised to
see motherboard MFRs just omit the second IDE channel.
Oh well - what can you do? Just keep in mind the idea that
have 4 possible combinations, 2 for each of 2 channels.
I hope I have helped....somehow.
Back to top
View user's profile Send_private_message 
out_fisherman

Joined: 06 Oct 2009
Posts: 17

PostPosted: Thu 04 Mar 2010, 22:19    Post_subject: Sorry Aitch - -  

I guess I was composing while you were responding -
didn't mean to walk on you......
Back to top
View user's profile Send_private_message 
prehistoric


Joined: 23 Oct 2007
Posts: 1304

PostPosted: Thu 04 Mar 2010, 23:26    Post_subject: a blast from the past?  

We've had some confusion about all the advice, and I may have contributed some. What I was talking about with the exe file was, if he used a W*****s machine to create the boot floppy, he could download an exe file designed to create a boot floppy on such a machine. In this case, he can avoid cli commands. Though, under Linux the command is very simple, as amigo showed.

Another approach here, since our friend is familiar with Puppy, would be to avoid the W*****s world as much as possible, and boot Puppy on CD, or USB drive, using a wakepup2 floppy. I've used this on machines where the BIOS didn't cooperate with me, but I've never tried it when the BIOS has been clobbered. Does wakepup2 need anything from the BIOS beyond the ability to boot from floppy?

I am now thinking this malware is "a blast from the past". There was a similar thing over a decade ago which was spread by transferring floppies from one machine to another -- which rarely happens with new machines. Having both the hard drive and CD boot routines clobbered in the BIOS, while still being able to boot from floppy, makes sense if the virus needs the floppy to reproduce itself. We could have the original floppy virus resurfacing, or we could be seeing old malware as the "payload" of recent malware, which normally spreads over the Internet.
Back to top
View user's profile Send_private_message 
obxjerry


Joined: 29 Jan 2010
Posts: 394
Location: Louisville, Kentucky

PostPosted: Fri 05 Mar 2010, 12:43    Post_subject:  

Just to check in. I am engaging in Einstein's definition of insanity, "doing the same thing over and over and expecting a different outcome" i.e. fiddling with the one computer. I'm looking online for reports of viruses similar to the one I have. I'm researching use of SBM. I'm trying to wrap my head around strapping and what has raised a red flag concerning that.

I do reread the posts here and things do sink in the eighth or ninth time I read them. Sorry Aitch, I blew by your SBM advice the first few times. Rawrite, RawWrite and I have met before and we ain't friends. Maybe this time will be better.

I have always used InfraReader to burn image disks. It is on one of the unusable computers. I couldn't remember the name so that took some searching on the web. I don't see that it burns floppies. No help there.

Computers I have up and running; I have a laptop with a CD drive (not CD-R), no floppy. It is running Puppy and 98se. It had been in the closet for years until Puppy brought it back to use.

I have a laptop with a CD drive (not CD-R) and a floppy drive. It is running XP Pro. I paid $50 for it less than 2 weeks ago. It's fine couch surfing but pushed too hard the processor gets hot and it freezes. I have some Arctic Silver 5 and have improved it but I doubt I can boot Puppy yet.

I can't swap the floppy drive to the other laptop. Both have USB ports and I do have an uninfected flash drive.

I did find this http://www.pcguide.com/vb/showthread.php?t=41498 It's an old post by Sylvander on how to compile a SBM bootable floppy. That's a possible path if RawWrite doesn't work for me.

On the plus side we've seen no indications any info has been mined from our computers.

I'm multitasking as I write this. Something I don't do well so I'm sure there are things I'm leaving out.

Take care
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 2 of 8 Posts_count   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1115s ][ Queries: 13 (0.0061s) ][ GZIP on ]