back on the 29th i started up my computer and went to my d drive to get in to my music and the files was renamed random meaningless stuff with random characters and i could not get in to the file. when i tryed moving stuff and it said something about parameters not found and when i tryed opening a file it would bring up that “open with” menu. one file that should of had only 3 folders in it said it had 20 and the files sizes was all messed with. one file says its 141 gigs when every thing is on a 60 gig harddrive, but when i click the drive from all of them it show the file size it should. some files show a - in front of the file size and the dates are all messed with too. iv got one file that says its from 85 and one from 27. iv scaned it with avast free and zonelab suite but it shows nothing and now my whole d drive is like that. im lost and need to know what to do. any one know what this is and if i can fix it?
Hi craige,
This could be something with the characteristics of a logical bomb. Where did it come from, how did you detect it?
A logical bomb is a program section intentionally harmful having very varied effects:
* high waste of system resources (memory, hard disk, CPU, etc.);
* fast destruction of as many files as possible (overwriting them to prevent users from getting their content back);
* underhand destruction of one file from time to time, to remain hidden as long as possible;
* attack on system security (implementation of too soft access rights, sending of password file to an internet address, etc.);
* use of the machine for computing terrorism, such as DDoS (Distributed Denial of Service) like mentioned in the already famous article [GIBSON 01];
* inventory of license numbers concerning the applications on the disk and sending them to the software developer.
In some cases the logical bomb can be written for a specific target system on which it will attempt to steal confidential information, to destroy particular files, or to discredit an user taking on his identity. The same bomb executing on any other system will be harmless.
The logical bomb can also try to physically destroy the system where it lies in. The possibilities are rather few but they do exist (CMOS memory deletion, change in modem flash memory, destructive movements of heads on printers, plotters, scanners, accelerated move of hard disks read heads…)
To carry on with the “explosive” metaphor, let us say a logical bomb requires a detonator to be activated. As a matter of fact, running devastating actions from Trojan horse or virus at first launch is a bad tactic as far as efficiency is concerned. After installing the logical bomb, it is better for it to wait before exploding. This will increase the “chances” to reach other systems when it is about virus transmission; and when it is about Trojan horse, it prevents the user for making too easily the connection between the new application installation and the strange behavior of his machine.
Like any harmful action, the release mechanism can be varied: ten days delay after installation, removal of a given user account (lay-off), keyboard and mouse inactive for 30 minutes, high load in the print queue… there is no lack of possibilities ! The most famous Trojan horses are the screen savers even if they are a bit hackneyed today. Behind an attractive look, these programs are able to harm without being disturbed, especially if the logical bomb is only activated after one hour, which almost ensures the user is no more in front of his computer.
polonus
i dont know where it came from but i found it by getting on one day and all my files were messed up. can you recomend a program or some thing to try and fix this?
heres a little more info its a 98 and iv had it for about 2 years, im building a new computer. any ways iv got zonelab security suite and had sygate, so i dont know where this would of come from. and yes today i had to leave around 8 and came back at 12 and my computer was froze at 9:43. is there any thing i can do to save the drive? or stop this from spreading?
Hi Craige :
Were you using a P2P to download the music ? if yes,
which one ?
iv used bitlord a few time and have that peerguardian thing with it. did that do something?
i scaned my d drive again with avast and i get “specified file path is invalid” on every thing in d
Hi Craige :
I think you have something more serious than a "virus";
since you put on that "Security Suite", you may want to
ask on their forums at :
http://forum.zonelabs.org/zonelabs/board?board.id=inst .
I just visited there & got the impression they are NOT
geared to help their "Users" with any serious problem(s),
so I recommend you go where there are some Malware
Experts, such as the forums at www.landzdown.com .
As to P2P programs, they have a "history" of puting bad
"stuff" on their users computers UNLESS you use a
safe & "cleaner" alternative, such as Shareaza from
www.shareaza.com .
When you have a "Security Suite", it includes an antivirus
and should NEVER have 2 different antivirus "running" on
the same computer, since they "conflict" with one another.
k thanks i will do that