Identification needed ...

From: Neil Dickey (neilat_private)
Date: Mon Aug 27 2001 - 12:11:02 PDT

Next message: Sebastian Ip: "Everything and the kitchen sink."

Previous message: axess: "Re: Re : Large scale scan of port 2401"
Next in thread: Reeves, Michael (GEAE, Compaq): "RE: Identification needed ..."
Reply: Reeves, Michael (GEAE, Compaq): "RE: Identification needed ..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm new to this list, having been referred to it by the
administrator of the Bugtraq general list.

In working on a department PC running Win98 late last week,
some very strange behavior was observed.  The machine has
been infected with viruses, worms, and what-have-you several
times, and it was time to remove and re-install software
associated with Microsoft Office that had become corrupt.
The machine apparently did not behave normally during the
entire job.

Specifically, at one point the screen suddenly went blank
and then there appeared a grey rectangle in the middle that
occupied about 2/3 of the area.  This rectangle slowly "fell
over backwards" but not quite all the way.  When it stopped
moving, it began to "break up" and the "pieces" drifted off
the screen.  After a moment, the black screen returned to
the normal desktop.  Scans of the machine with the Command
Software virus detection engine and a recent definition file
did not turn up anything, but whatever it is may be affecting
the function of the scanner.

My questions is:  Has anyone seen anything like this and know
what it may mean?  I am specifically interested to put a name
on it so that I can find out what sort of threat, if any, this
represents to other machines in the network.  From the infor-
mation I have, I don't have a clue where to start looking.

The user doesn't want the machine formatted and rebuilt because
it's inconvenient for him at the moment.  I'm not in a position
to force him to co-operate, as I don't have responsibility for
the PCs in our department, but there are other options open to
me if there is a significant threat.  This is also why I haven't
laid hands on the machine, booted from a clean floppy, and
scanned from that condition.

Thanks for reading this far, and if you have any advice or
information I'd very much like to read it.  Write to me
directly if you wish.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Sebastian Ip: "Everything and the kitchen sink."
Previous message: axess: "Re: Re : Large scale scan of port 2401"
Next in thread: Reeves, Michael (GEAE, Compaq): "RE: Identification needed ..."
Reply: Reeves, Michael (GEAE, Compaq): "RE: Identification needed ..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 27 2001 - 12:54:47 PDT