[SGVLUG] AV Guard Virus

juanslayton @dslextreme.com juanslayton at dslextreme.com
Fri Oct 21 16:50:05 PDT 2011 

Yeah, Dan, I did pretty much what you said, backed up data by hooking the
drive up to another machine, then did a clean ubuntu install on the drive.
Original machine won't boot with or without the drive.  I've replaced the
machine with a new HP, so my current interest is mostly curiousity, to
discover how that virus can wipe out BIOS firmware (not to mention the power
supply hardware on my mother's machine.)  But if you're interested I'd be
glad to bring it along next month.

On Fri, Oct 21, 2011 at 3:46 PM, Dan Buthusiem <dan.buthusiem at gmail.com>wrote:

> Did you manage to successfully back up your data from that drive? If
> so, then I would recommend re-connecting that drive to the computer
> you used for the backup, then formatting that laptop drive. That
> should take care of the virus, if it's just affecting that drive.
>
> Now, with that drive outside of your laptop, you should still be able
> to successfully POST and boot your laptop with removable drives
> (optical disk, flash, usb hdd, etc). If you can boot without that
> drive connected, at least you can narrow your boot issues to being
> something with that hard drive. I troubleshot a laptop a few months
> ago that couldn't always boot from anything until I removed the hard
> drive. After a quick trip to Fry's for a new disk and a long stop at
> Wendy's to reload the OS, problem solved.
>
> If you haven't solved it by then, I should have time to poke at it at
> BC after our next meeting.
>
>
> On Fri, Oct 21, 2011 at 10:17, Harold Totten <haroldtotten at gmail.com>
> wrote:
> > Have you used AVG or other rescue disk?
> > Harold
> >
> >
> > On Tue, Oct 18, 2011 at 7:52 PM, juanslayton @dslextreme.com
> > <juanslayton at dslextreme.com> wrote:
> >>
> >> Could use a little advice myself; apologies for the length of the
> comment.
> >>
> >> On Tuesday, October 4, I used my Linux machine (Fedora 13 or 14) for
> >> various things, including bumbling around the suspect site (which I will
> >> refrain from naming).  Closed down the machine in good condition, and
> drove
> >> to Arizona the next day.
> >>
> >> Used Mom's computer (Windows XP) for various things, including visiting
> >> the suspect site and using a link there to forward material to a friend
> in
> >> Stockton (also running Windows).  Left the machine running for a while,
> and
> >> when I came back, found the screen frozen.  Rebooted manually and found
> a
> >> display "AV Guard," purporting to be an anti-virus program that had
> >> identified malware on our system that it could remove (for a fee).  Of
> >> course, AV Guard is itself a virus.
> >>
> >> And a fairly sophisticated one, I should say.  It not only blocked
> >> anti-virus programming resident in the computer; it also redirected my
> >> attempts to download anti-malware on line.  It repeatedly froze the
> machine,
> >> until ultimately it simply refused to boot at all.  No response to the
> power
> >> switch, just a blinking green led on the power supply.  We sent that
> machine
> >> back to the store; I haven't yet heard the outcome.
> >>
> >> Of course we called our friends in Stockton and warned them not to
> >> download our e-mail.  Too late, they were already dealing with the AV
> >> Guard.  After our warning, they took it to a local pro, who removed it
> for
> >> about $45.  Well, those were Windows machines, we expect that kind of
> >> vulnerability from Redmond.  I run Linux, should have little to worry
> about.
> >>
> >> Guess again.  Drove back to Azusa, got home Friday night.  And my Linux
> >> box, which was working perfectly when I shut it down on Tuesday, refused
> to
> >> boot.  It would spin up for a few seconds, then immediately shut down,
> >> before even getting a screen display.  It would not boot with
> installation
> >> disks from Slackware, Ubuntu, or Fedora.  Would not boot with live
> Fedora.
> >> Tried to boot with live Ubuntu and managed to get a few lines of text
> before
> >> the screen froze.
> >>
> >> So I pulled the hard drive (this was on my laptop), stuck it in my
> >> desktop, saved important files on a memory stick, and did a clean
> >> installation of Ubuntu.  Put
> >>  the hard drive back into the laptop and tried to boot.  No luck.
> >>
> >> I'm left with 3 questions:
> >> 1)  How can this virus hose the BIOS so one machine will not boot, and
> >> another appears to have a failed power supply.
> >> 2)  Is there any way to revive my laptop, short of replacing the mother
> >> board?
> >> 3)  Any of you guys need a nearly new battery for an Acer Extensa 1000?
> >
> >
> >
> > --
> > "poverty is violence against the oppressed"
> >
> > Harold Totten
> > http://www.HaroldTotten.com
> > Tujunga, California
> >
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.sgvlug.net/pipermail/sgvlug/attachments/20111021/e4e1af00/attachment.html

More information about the SGVLUG mailing list