mIRC Home    About    Download    Register    News    Help

Print Thread
Joined: Apr 2004
Posts: 8
S
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
S
Joined: Apr 2004
Posts: 8
Hello, I have been using IRC for some time now and have enjoyed it a lot.

But recently, it is getting to the point to where if i leave it on for a long time, it's as if I am neglecting my computer's hardware, let me explain.

I try to help run a channel and help others with their pc issues but i can't w\o a hard drive!

I have been noticing that after so many days, usually less than a week, a get a virus - vbs.redlof.A has infected a file- folder.htt

When this happens, ALL files on that hard drive get wiped out!

this has happened i dont know how many times. The bad thing is, my antivirus only notices the virus AFTER everything is gone.

I can't keep reinstalling everything as it is pointless!

Has anyone else had this problem or know of a perm solution to stop this?

1 sec i may be talkin, next sec, error on drive x, corruption found, by that time everything is gone and that virus is spotted.

Joined: Jun 2003
Posts: 384
D
Fjord artisan
Offline
Fjord artisan
D
Joined: Jun 2003
Posts: 384
All I can suggest is:

Iif you are using an NT-based version of Windows (XP/2000/NT), then sandbox yourself by not using the computer as a user with Administrator privilages unless you are installing/removing/updating software. Use a restricted account for every day computer use.

Keep your AV software and firewall up-to-date.

Try not to click any websites you see being pasted into the channels you are in unless you know for certain that they are reputable.

Finally, don't accept any DCC's from people you don't know.

I've been abiding by these rulesfor years and have never (as far as I know) been infected with a virus. Good luck smile

Joined: Apr 2004
Posts: 8
S
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
S
Joined: Apr 2004
Posts: 8
well see, here is my situation-

I am running 2 pcs, 1 98 and 1 2000 pro.

They both have Norton Systemworks and Internet Security 2004 installed as well as Winternals Administrative Pak for Data Recovery\GetDataBack for NTFS\FAT32 and [email]Active@Partition[/email] for protection. That's how bad it irritates me.

Anyways, I have to accept some files such as pics, snapshots of people's pc a lot fo times to determine a problem tech-wise.

Well, in the DCC ingore part in preferences, i have chosen ACCEPT ONLY bmp, jpg, gif, tif, zip, rar, and mpg as sometimes i am sent some short clip videos for video editing as i do a little of that.

I have both pcs setup this way and have it set for auto-get for when i am not available at a specific time.

I just did set these settings after a loss last night. I figure by accepting only those, i should be fine?

It's weird because the Redlof virus is not a file, so it kinda freaks me out or maybe it is but deletes itself, i do not know honestly.

Oh and i never click links or accept anonymous files.
As a matter of fact, i rarely even bring up private messages, most of the time, i just close them w\o even seein what it says.

Joined: Jun 2003
Posts: 384
D
Fjord artisan
Offline
Fjord artisan
D
Joined: Jun 2003
Posts: 384
Redlof seems to be a visual basic virus.

It could be an infected office document, a bad website or some malware you are unwittingly running. Is there not a removal tool for this virus on one of the AV Software vendor's websites?

Joined: Apr 2004
Posts: 8
S
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
S
Joined: Apr 2004
Posts: 8
Well, the download directory set for IRC is strictly a Slave only drive.

NO OS resides on this HD.

The only thing that resides on the HD when files are still there are only the files that are accepted only thru IRc. There are no office documents on there.

I was reading about the virus on symantecs website but what it infects is mostly all registry but nothing that symantec says to delete is in the registry because the virus resides on slave only drive and cannot infect the main drive. It is also suppose to overwrite and replace the kernel file but virus fails to do that cuz it has no access to the main drive so it infects the folder.htt file(an html file) and thats it but when it does, all files are wiped off HD.

There is a patch for it but it doesnt work for me.

Norton is what i am using and it fails to remove automatically, cant quarantine and cant delete.

All i do is delete the folder.htt file and hope my files dont get erased everyday.

Joined: Jun 2003
Posts: 384
D
Fjord artisan
Offline
Fjord artisan
D
Joined: Jun 2003
Posts: 384
Well if it can't access the OS disk, you are presumably in no danger. Do your DCC records (if any) show who is sending you this file?

Joined: Apr 2004
Posts: 8
S
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
S
Joined: Apr 2004
Posts: 8
thats the funny part, i have looked, nothing.....

Joined: Jun 2003
Posts: 384
D
Fjord artisan
Offline
Fjord artisan
D
Joined: Jun 2003
Posts: 384
Try adding *.htt to mIRC's DCC ignore list:

ALT + O > DCC > Ignore > Method: Ignore only

If you ARE receiving this file thru mIRC, then this should explicitly block all attempts to send it to you.

Joined: Aug 2003
Posts: 1,831
I
Hoopy frood
Offline
Hoopy frood
I
Joined: Aug 2003
Posts: 1,831
This page may be of interest.
Also this post

"because the virus resides on slave only drive and cannot infect the main drive"
I certainly wouldn't place any faith in that statement. :tongue:


Joined: Apr 2004
Posts: 8
S
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
S
Joined: Apr 2004
Posts: 8
ready for my reply on that? hehe...

I went through the entire instruction list on Sophos and found Nothing that it claims to have infected.

Again, as stated before, virus vbs.Redlof.A is detected only on slave drive on Folder.htt Only after files have been wiped off.

But, i am beginning to see that this may not be the main problem either.

Everytime something gets put on this slave drive, it becomes corrupted!

And i mean Anything! in a matter of hrs it's screwed.
I dont know why???

I have tried discussing this with other people including western digital and they have no idea why it is doing this.

There diagnostics tool indicates no problems which i do believe.

No signs of physical damage and no strange noise coming from drive.

The slave is patitioned into 3 parts. Part 1 and 3 are related to IRC downloads whereas Part2 isnt and only Part 1 and 3 are the ones that have problems, partition 2 has never had a corruption problem!

I have scanned, defragged, and all the other software i say i am running previously, i dont understand it.....


Joined: Apr 2004
Posts: 8
S
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
S
Joined: Apr 2004
Posts: 8
I have been meaning to post this message that i am about to say and i keep forgetting but now i remembered.

From your guys point of you, you may be lost so I need and will let you know the past experience has been with this HD as it may not be IRC related at this point in time.

Several months ago, it had Win2k Pro installed on it, fully operable running as a primary HD. At some point in time, it had gotten a virus, and then probably more than one as i remember. Being that i have a lot of Hds, i took it out and set it to slave and refused to access it at that time and ran another primary HD with win2k pro on it. I read that the virii on the infected drive could spread through a network w\o access. Well, before i took immediate action on this and before i even read that, i had a lot of music stored on this HD.

For some unknown cause, which if anyone of you would know why could resolve a big piece of my problem now, all of the music stored on the infected HD had "fragmented".

What i mean by that is, some songs would play half way through then the next 10 sec would be another part of a song in a totally different directory. Other songs had the wrong timeline and so on..
In other words, it's like formatting a HD then doin data recovery just to find out the recovered file is fragmented. Well, that is what happened to a lot of files at that time.

When i took immediate action, instead of fixing the virii, i just reformatted the whole drive to use as a storage drive. No more than 2-3 weeks later, everything started to get corrupted on it again, same type of fragmentation. I got mad like anyone else and re-partitioned it into 3 parts so the whole drive wouldnt get wiped again or as fast.

Now, partition 1 and 3 are beginning to reach the corruption phase constantly whereas partition 2 isnt at all.

Partition 1 and 3 are linked to IRC only....

Any ideas.....

Joined: Jul 2003
Posts: 742
Hoopy frood
Offline
Hoopy frood
Joined: Jul 2003
Posts: 742
:P use another client!!


http://MTec89Net.com
irc.freenode.net #MTec89Net
Joined: Nov 2003
Posts: 2,327
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Nov 2003
Posts: 2,327
i didnt think .htt (hypertext template) files were executable, if im right then it would surely be pointless to inject a virus into .htt files.


New username: hixxy
Joined: Apr 2004
Posts: 8
S
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
S
Joined: Apr 2004
Posts: 8
I have tried and used other clients, mIRC, Invision, Polaris, Excursion, SysReset, and another one, cant remember the name.

They all have had it happent to em. Basically those clients are just scripts of the original.

Joined: Jun 2003
Posts: 994
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Jun 2003
Posts: 994
Windows IRC clients Those you named are scripts for mIRC.


I refuse to engage in a battle of wits with an unarmed person. wink
Joined: Aug 2003
Posts: 1,831
I
Hoopy frood
Offline
Hoopy frood
I
Joined: Aug 2003
Posts: 1,831
.htt files are html, so vbs trojans can infect them.

Joined: Apr 2004
Posts: 8
S
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
S
Joined: Apr 2004
Posts: 8
Update....

I may know the problem now. I dont know if it is and wont know cuz i do not have the time to do a 3 minute swap, hehe, but read the following as this may be the answer-

When i had this Hd with win2k on it, it had gotten infected with at least 1 virus.

Then i took it out, made it slave on my other pc. Well, the pc it is having trouble with, the drivers for the Controller Card date back to 2001 and no other updates are available.

When running Western Digitals diagnostics test again, it said the HD was only 137GB even though it has 3 62 GB partitions on it!

I also like to add that the data corruption on the HD did not happen until after the HD was put into the other pc so that data corruption may not have been virus related.

I believe the controller card may be corrupting the HDs data.
It sounds good to me as i know this can happen.

I will only know after i go buy me some power splitters so i can hook it back up to my original pc and see if it fixes the problem after i reformat it again.

However, even when i do that, i need to reinstall win2k on the original pc since that pc is running win98 and this 200gb HD is a NTFS drive.

Joined: Nov 2003
Posts: 2,327
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Nov 2003
Posts: 2,327
noticed that after i posted, found "folder.htt". wink


New username: hixxy

Link Copied to Clipboard