[Essexboy]

It overwrites boot sectors of floppy disks and MBR of hard drive. It is also a file infector.  If it was present on your system then a lot of system files would be infected and any antivirus would be reporting infected files by the score 

 

So you would experience system failures as the files were infected, also as you are using Windows 7 then the system would be using EUFI which bypasses the MBR as now being redundant.  

 

I do not believe that you are infected from the log results that I have seen so far

[Advertisements]

In addition to the last question, I was wondering if there is anything I can do (ie, contacting Kaspersky maybe) to find out if this thing is for sure is a false positive.  It seems that I huge company like Kaspersky shouldn't really have those.  And furthering that, if  it truly is a false positive, then is there any way to get the software to stop detecting it and show that the computer is normal.  Thanks.

[onedailyguy]

In addition to the last question, I was wondering if there is anything I can do (ie, contacting Kaspersky maybe) to find out if this thing is for sure is a false positive.  It seems that I huge company like Kaspersky shouldn't really have those.  And furthering that, if  it truly is a false positive, then is there any way to get the software to stop detecting it and show that the computer is normal.  Thanks.

[onedailyguy]

Oh, and I meant to thank you for the explanation you gave in response to what a boot.nowrite is.  That helped me understand a lot more of what the issues would be if the system was infected.  Just a follow up to make sure i understand your last comment "then the system would be using EUFI which bypasses the MBR as now being redundant" - do you mean that windows 7 actually byspasses the MBR, so it's kind of like saying even if the MBR was infected, as long as windows 7 still boots properly, then infection isn't really an issue (aside from the fact that other files could get infected, which doesn't seem to be happening in my case)?

 

Also, I just wanted to clarify a question I asked in the previous post about possibly reporting this to Kaspersky.  What I was trying to say is that if Kaspersky doesn't have a record of this virus or the program is still saying the machine is infected even if it's not, then should I report it so they can update their databases, thereby helping future Kaspersky updates and other computers running Kasp and meanwhile they could also check to see if they consider it a threat in any way?

[Essexboy]

If, as it appears Kaspersky is no longer reporting it then I would suspect that a database update remove the false positive. No matter what antivirus is in use you will sometimes get a false positive result. If it does still report it then by all means send it to Kaspersky

For a slightly more detailed although still fairly broad brush read this page on EUFI:
http://www.extremete...ios-replacement

And this one :

http://www.howtogeek...place-the-bios/

Although the gist is that it replaces the BIOS it also (to all intents and purposes ) negates the need for the MBR



How is the computer behaving, any anomalies ?

[onedailyguy]

Sorry for the delay.  The computer is only 2 years old and has had various problems, but some started before the infection so I'm not sure how much of what I'm experiencing is due to the reported virus.  Anyhow, here's a list of generally what I've been experiencing:

1)  Over the 2 years, the system has crashed (blue screen) about 6 times, almost always after being put to sleep.

2)  The system has shut down, and/or restarted after being put to sleep.

2B) this has happened about 2-3 times since the virus was reported which has been over the last 2 months.

3)  Mouse lags - maybe 30-50 times over 2 years and 5-8times the last 2 months.  

4)  Computer incredibly slow to respond.  To open a web page, open word, change from one program to another, could take 5 minutes.  20-30times over 2 years, 5-8 times last 2 months.

4B)  3&4 usually happen when multiple programs are running, ie word and excel are open, 1-3 pdfs, picture gallery, 5-15 windows open in Chrome, wmp open but not playing.

5)  Internet incredibly slow to repsond.  When trying to search something on google, the computer could take 5 min to respond.  (similar to #4)

6)  Using picture gallery to edit a picture, occasionally runs slow - saves edit slow, opens picture slow, moves to next picture slow.  

 

Although I've experienced the above issues, I'd say the computer works pretty normally 80-90% of the time.  It would be great if it was 100%, but I'll admit that the system isn't exactly a really powerful one.  I can't really think of one single NEW problem it's had since reporting the virus, but it seems that many of the existing problems are possibly getting a bit worse.

 

If I can think of anything else, I'll let you know.  

 

Btw, the computer is running windows 7, with Celeron 877 1.4ghz, and 2gb ddr3 ram.  I know a celeron isn't great, but that's what she's got.

 

again, thanks for all your time to help me with this.

[onedailyguy]

Ok, one other small problem I thought of.  Sometimes, when the computer comes out of sleep, it takes a long time for the log in screen to come up.  Maybe 1-4minutes.  Once the log in screen appears, it could also take 1-2 minutes for the desktop to appear.  I remember this really didn't happen before the virus was reported.  It has happened maybe about 6 times since.  Nonetheless, windows has always booted successfully.

 

Also, fyi, I sometimes wait 2-3 weeks before installing updates.  I don't know if that could cause any of these symptoms.  Thanks again.

[Essexboy]

Do you experience the same problems when the computer is booted from cold and not sleep ?

[onedailyguy]

Well, I rarely boot it from cold, in fact, the only time I ever boot from cold is after updates, and that's really just a restart.  But as far as I can remember, no, these problems don't seem to happen after restarts.

[Essexboy]

That would tend to suggest that there is a lot of junk (temp files etc..) accumulating on the system. Is there any reason as to why you put it to sleep as opposed to turning it off

[onedailyguy]

Well, this computer is used a lot in offices and on the go (to and from work on public transport) and the same programs need to be open every day.  Plus, I might need several web pages for 1-2 weeks, and as I close them, I open new ones which are then needed for another 1-2 weeks.  It's much faster for me to always have these windows and programs open, instead of shutting down and then reopening.  That's why a just sleep it.  If you have a better idea on how I can have this stuff quickly on command and be able to shut the computer down more frequently, I'd like to know since the lack of shut downs and updates seems to cause it to run slow.

 

Thanks for those 2 webpages explaining the BIOS issue.  They helped me understand the way computers work better wrt to starting up.

 

So, have you concluded that my system is really not infected and actually the "file" that was put on the computer that Kasp is detecting as having a virus is really not infected?  If so, do you know how 1) i can get kasp to stop saying I have malware and 2) i can report this issue to kasp?  When I tried to send them a message months ago, all I found how to do is how to send them 1 file for them to check, but there wasn't a way that I saw to tell them about this false positive.

[Essexboy]

It is my opinion that the reports are a false positive, is Kaspersky still reporting ?

[onedailyguy]

Yes,  there's a message that "malware has been detected" and the main panel of kasp still shows infection.

[Essexboy]

Is this an old report or does it show on completion of a scan

[onedailyguy]

Well, I'm sure if I can call it an "old" report.  After I performed a full scan of the computer the moment of infection, it "found" the virus and showed "infection" (you can see this in the screen shot I sent previously).  After sleep or start up, Kasp flashes a small box for about 10sec that shows "malware detected".  These 2 items have continued since the first full scan.  However, when I scanned the computer recently, after we began contact and you requested the log, it didn't show or report any infection in the log/report, but the main Kasp page is still showing the virus.

[Essexboy]

There is something within the recovery partition that Kaspersky does not like. What is the operating system on the recovery partition i.e Xp, Vista or 7