lokokkee

Twice my PC has been hit by a virus inspite of having WinXP firewall on, Norton AV (auto-update every week) and Zone Alarm installed. These are the symptoms: Norton AV gets switched off, my internet connection gets altered, preventing access (I am using ADSL, the dialup modem and ADSL option got blanked off, leaving only the always on network connection, which I can't use). It also deleted all the system restore points, so I can't do a system restore as the first recovery option. Reinstalling Windows and Norton AV did not fix the problem, and only a clean install removed the bug. It also somehow wiped out the ID address mark of floppy disks (whatever that is), rendering the drive unusable, apparently to prevent downloading of antidote from another PC to run the fix. I have checked the description of the virus on the various most-wanted list and none matches, anyone got any idea?
Thanks.

farmer1

You could possibly be one of the first tragets by a script kiddy.

I believe Jack Clark is quite uptodate on all this virus stuff.

Autocar

The clap

JackClark

Thought I'd replied to this! The last answer was quite long, here's a summary.

Switching off protection is a new'ish trick, but a common one.
Switching off Floppy access is a strange one, CD would be better.

As you've wiped it I doubt you have a sample left on there.

I'll have a chat tomorrow, the Floppy behaviour might single one out.

lokokkee

JC, thanks for the info. I had backupped the user settings to my d: drive before formatting the c: system disc. When I did a clean install, every thing was working fine, but once I copied the user settings back, the Norton AV got disabled again. Apparently, there is a file hidden in the all user settings that reactivated the attack. Deleting the Symantec file from it fixed the problem. The floppy disk problem only oncurred on disks that I used while the PC was infected. New disks and the drive is OK after the clean install. By the way, what is an ID address on the floppy?

My question is how did such a thing happen to get past Zone Alarm firewall and the Norton AV, which has been updated since the first attack more than a month ago. I can't possibly be the only one affected and the AV services have not been informed and incorporated it into their virus files? I get my fair share of spam and other suspicious mail, but as a rule, they are deleted without being opened. Mail from Outlook Express is scanned by Norton AV, while hotmail has its built in scanner.

Until I find out what it is, I am adopting a defensive approach. Only WinXP is installed on the c: drive , program files go to d: and user data goes to e:, which is a separate physical drive. Hopefully, the next attack only requires reinstalling WinXP and not all the other programs, which takes all night.