I'm new to this list, having been referred to it by the administrator of the Bugtraq general list. In working on a department PC running Win98 late last week, some very strange behavior was observed. The machine has been infected with viruses, worms, and what-have-you several times, and it was time to remove and re-install software associated with Microsoft Office that had become corrupt. The machine apparently did not behave normally during the entire job. Specifically, at one point the screen suddenly went blank and then there appeared a grey rectangle in the middle that occupied about 2/3 of the area. This rectangle slowly "fell over backwards" but not quite all the way. When it stopped moving, it began to "break up" and the "pieces" drifted off the screen. After a moment, the black screen returned to the normal desktop. Scans of the machine with the Command Software virus detection engine and a recent definition file did not turn up anything, but whatever it is may be affecting the function of the scanner. My questions is: Has anyone seen anything like this and know what it may mean? I am specifically interested to put a name on it so that I can find out what sort of threat, if any, this represents to other machines in the network. From the infor- mation I have, I don't have a clue where to start looking. The user doesn't want the machine formatted and rebuilt because it's inconvenient for him at the moment. I'm not in a position to force him to co-operate, as I don't have responsibility for the PCs in our department, but there are other options open to me if there is a significant threat. This is also why I haven't laid hands on the machine, booted from a clean floppy, and scanned from that condition. Thanks for reading this far, and if you have any advice or information I'd very much like to read it. Write to me directly if you wish. Best regards, Neil Dickey, Ph.D. Research Associate/Sysop Geology Department Northern Illinois University DeKalb, Illinois 60115 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 27 2001 - 12:54:47 PDT