James ''Wez'' Weatherall
Thu Sep 18 16:12:00 2003
> Thanks for the response. Part of the problem may be my
> terminology. What I was getting at bootup was not actually a
> "splash" screen, but was a start-up screen (at least labeled
> WinVNC). It had numerous options such as allow remote
> control, etc. The cancel button did not seem to keep it from loading.
Ahhhh. Yes, I understand what you mean now. Sorry, should have realised.
One of the virus variants places WinVNC on the user's system, hidden away
somewhere, but doesn't bother configuring it properly, which causes the
giveaway "WinVNC Options" dialog to appear.
> Good news is that WinVNC (and Deloder) now appear to be gone.
> Thanks to the suggestions of a couple of others on the list.
Top marks for helpful folks on the list! :)
> I now come with hat in hand with a new problem, which I
> realize is not related to this group. After removing Deloder
> and Winvnc, my system (W2K w/
> NTFS) has developed some sort of instability. Random and
> unpredictable "death" with immediate re-boot. This isn't a
> shutdown, it acts like the power switch had been held down.
> but a reboot immediately follows. Sounds viral to me, but I
> and the latest updated Norton can't find anything. WELL, let
> me modify that statement. One of the things that seems to
> fairly reliably cause this problem is running Norton, and I'm
> uncertain if it has ever actually been able to finish since I
> removed WinVNC. The system (even with Deloder) was
> completely stable prior to the removal.
This sounds dubious. My first suggestion in these cases is that you remove
any software that involves kernel-level hooking, if possible - virus
checkers are a classic example - and then install the latest OS service
pack. If that doesn't work, try "fixing" the installation with the standard
OS repair tools, just to make sure missing/corrupted files are replaced,
then reinstall the service pack and reinstall your virus checker, etc.
Obviously, this should all be done off the network!
Finally, if reinstalling service packs and kernel-level apps doesn't help,
look to hardware or other dodgy patches. Some of Microsoft's own bugfix
patches introduce other bugs, and you might have installed one at the same
time as getting the virus, by coincidence. You might also simply have a
hardware failure that has coincidentally shown up because the machine has
been rebooted more often than usual, for instance.
I recently had a machine start rebooting during the boot sequence just after
having installed a new USB device - turned out that the device had probably
pushed my already dodgy motherboard capacitors over the edge & they had
brown gunk oozing out...
Hope some of that helps!
Wez @ RealVNC Ltd.