AnimeSuki Forums

Register Forum Rules FAQ Members List Social Groups Search Today's Posts Mark Forums Read

Go Back   AnimeSuki Forum > AnimeSuki & Technology > Tech Support

Notices

Reply
 
Thread Tools
Old 2008-02-04, 13:41   Link #21
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
I really haven't a clue how you are scanning something like C:>; it just doesn't exist in Linux. The only thing I can think of is that you are again somehow looking at the Wine setup.

Up above you report that /dev/sda2 is mounted as /media/sda2. You need to scan that, as in "clamscan -r /media/sda2", which uses the -r switch to recurse down through the directory tree.

Before doing that, I suggest that you run the "freshclam" command to update your virus definitions to the most recent available. You may need to do this as "root" (see above).
__________________
SeijiSensei is offline   Reply With Quote
Old 2008-02-05, 07:10   Link #22
Chrono Helix
Senior Member
 
 
Join Date: Jan 2008
I did a clamscan of the entirety of my Windows folder, and it found one infected file. Unfortunately I wasn't watching the scanning process, so I don't know which one it was. Is there an easy way to check?
Chrono Helix is offline   Reply With Quote
Old 2008-02-05, 08:04   Link #23
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
Run it again with the -i switch to list only the infected files, e.g., "clamscan -i -r /media/sda".
SeijiSensei is offline   Reply With Quote
Old 2008-02-05, 10:44   Link #24
Chrono Helix
Senior Member
 
 
Join Date: Jan 2008
It identified /media/sda2/windows/system32/drivers/etc/hosts as an infected file. It's a 5.6kb text document. I removed it from the computer and put it into my HDD, but I still can't login to the computer.
Chrono Helix is offline   Reply With Quote
Old 2008-02-05, 11:47   Link #25
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
The hosts file contains a list of hostname<-->IP address mappings that overrule the results obtained from standard domain name lookups. It's a common hack since you can direct attempts to visit www.yourbank.com to some phony page designed to look like yourbank.com but is really a site designed by criminals to obtain your banking credentials.

That said, the hosts file doesn't have anything to do with logging in, so that's not the root of your problem. I really think you should try one of those Windows-based rescue disks and see if you do better with them. ClamAV isn't really designed to detect the sorts of malware that's affecting you. For that, you need things like Spybot Search and Destroy and AdAware, and they run on Windows.

When you say you can't log in, does that also mean you can't boot up in "Safe Mode" (hit F8 I believe during the Windows startup)? If you can enter Safe Mode, then get yourself copies of Spybot and AdAware and run them from safe mode. (A quick Google search will locate both pieces of software, and they're both free.) That may be all you need to do.
__________________
SeijiSensei is offline   Reply With Quote
Old 2008-02-05, 12:57   Link #26
Chrono Helix
Senior Member
 
 
Join Date: Jan 2008
I've tried Windows-based rescue disks, but I'm unable to access my hard disk with any of them. That's why I was forced to try out Knoppix, which worked.

Safe Mode doesn't prevent help, unfortunately.
Chrono Helix is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 21:04.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
We use Silk.