UBCD Nssi tool

Talk about anything related to the UBCD, PC troubleshooting etc.

Moderators: Icecube, StopSpazzing

Post Reply
Posts: 1
Joined: Sun Apr 29, 2012 9:17 pm

UBCD Nssi tool

#1 Post by ninja1201 » Sun Apr 29, 2012 9:22 pm

I'm wondering, I have tried using the NSSI tool on UBCD and it reports a virus in memory ... any clues/etc. on this one? I have the latest ISO and most all the tools work properly. NSSI is the only one that flakes out. I am using it on a old Pentium 3, 1Ghz w/256mb RAM + its an old Compaq. I've tried the tool on other computers and NSSI reports the same .. no virus in memory as its a clean load/etc. directly from a CDR.

Posts: 4
Joined: Wed Nov 06, 2013 10:11 am

Re: UBCD Nssi tool

#2 Post by serge » Fri Nov 08, 2013 9:45 am

We've got almost the same problem on several PCs with Intel CPUs (old and new PCs, laptops and thinkpads with different BIOSes, with small RAM and others with up to 16gb RAM, no matter if a HDD or SSD is plugged in or not, and no matter if WinXP, 7, 8 or Ubuntu is installed).

When starting NSSI (UBCD 5.2.6 and 5.2.7) from a bootable CDRom the first message on red ground and with a really big white exclamation mark says while the pc is making a long and loud beep:

An active virus has been probably detected in memory! You should run some good antivirus program and check your system!

Of course we did several scans with bootable rescue CDs (Desinfec't2013.1, Bitdefender and Avira rescue CD) finding nothing.
Because in the past months some strange behaviors occured, for example two OCZ SSDs (Agility3 and Vector) died completely and cannot be mounted again with any Data-recovery tool, we suspect that there could be something wrong, although the virus scans weren't positive. Perhaps it is really a wicked virus in RAM, hopefully not the badBIOS...
It could be UBCD running from RAM which is detected as a virus by the subsequently started NSSI. That would be an answer. Is it?

Help could be given by you, the UBCD users out there:

Can anybody confirm that this warning pops up at every machine every time?

Can anybody go through the code of NSSI and specify what the tool detects in the case of this warning?

Thanks a lot for your attention

Posts: 826
Joined: Sat May 08, 2010 5:26 am

Re: UBCD Nssi tool

#3 Post by ady » Sat Nov 09, 2013 8:22 am

For the following comments, I assume you have already checked that the NSSI tool is “intact” and that you have a “clean” UBCD.

Quoting from http://www.ultimatebootcd.com/news.html

17 Nov 2003 (almost 10 years ago)
... it keeps saying that a memory-resident virus has been found...
Another similar topic (Jun 10, 2003; more than 10 years ago)
http://www.911cd.net/forums/lofiversion ... /t849.html

Posts: 4
Joined: Wed Nov 06, 2013 10:11 am

Re: UBCD Nssi tool

#4 Post by serge » Mon Nov 11, 2013 7:31 am

Thanks for the reply. I read these postings that say one should ignore the warning or turn it off. The entry of 17 Nov 2003 was new to me.

The Download MD5 checksum of UBCD 5.2.7 is correct: 8bcf534293d35d9820739c377a68afe2

I didn't md5-check my UBCD 5.2.6 (also with NSSI 0.60.45 on it) and didn't check the old UBCD 4.1.1 (with NSSI 0.59). Those two versions are burned on CD, so I think I cannot check the md5 without the original downloaded iso-files, can I?

I'll check the md5 in future every time with every download - that's generally a good idea. All the firmware and BIOS updates for any product I updated in the past were downloaded from the official manufacturer websites and I never had a single problem with the downloads or the update-processes. I never did any experiment with FW and BIOS and ran the machines in most of the time in default mode (never overclocked or installed RAID or something like that).

With all three UBCDs and both versions of NSSI it looks like this when ended NSSI:

Checking integrity of NSSI.EXE .... OK
Detecting Anti-Stealth INT13 ...... Unusable
Starting Dynamic Overlay System ... OK (65264)
Loading Overlay - XMS ............. OK

End of Program ...
Press any key to continue . . .

NSSI.exe seems to be ok, what Anti-Stealth INT13 is, I don't know if this is relevant that it's marked as "unusable".

Posts: 4
Joined: Wed Nov 06, 2013 10:11 am

Re: UBCD Nssi tool

#5 Post by serge » Mon Nov 11, 2013 7:40 am

UPDATE: NSSI is not always warning:

NSSI on the old Thinkpad doesn't warn at all anymore. I don't know why yet, but I tape every step I do so it should be possible to reconstruct what happened. I need a little time for that.

NSSI on new Thinkpad didn't warn in this case:
Starting UBCD (in the following always the "clean" v.5.2.7 from CDRom), then using another system-tool (i.e. ASTRA or PC-Config), closing that tools and afterwards starting NSSI, no warning is given. BUT: I tried to redo the same and it was warning again.

Then trial and error, and wondering what happens: Using Hardware Detection Tool Hdt 0.5.2 several times before (using it, exit, using it, exit) and afterwards starting NSSI had the result, that NSSI didn't warn on the new Thinkpad.
When rebooting, it does not warn. I can reboot several times, starting NSSI: no warning. But: When doing a shutdown and wait a few seconds when the machine is off, turning on the PC again and starting UBCD-NSSI -> the warning is back again.

- System Speed Test 32 hangs, so there was only ctrl-alt-del possible.
- hwinfo does not start at all

Trying to start hwinfo v5.5.2 does not work, here the messages:
UBCD: Searching...
UBCD: Found! Installing HWINFO (System information tool)
Press any key to continue . . .

When trying again and again:

UBCD: Searching...
Press any key to continue . . .
UBCD: Searching...
Press any key to continue . . .

whereas the other tools can be started, most of them working quiet well. And on the old Thinkpad (on which the NSSI warning does not appear anymore) hwinfo works fine.

Another aspect:
NSSI 0.60.45 shows following Drive Details (when a SSD with usable NTFS-Win8-Partitions C: and D: is installed in the new Thinkpad):
A: Phantom Floppy Drive n/a n/a n/a n/a
B: Phantom Floppy Drive n/a n/a n/a n/a
Q: RAM Disk RAMDISK 16 MB 12.1 MB 3.9MB
T: CD-Rom Drive UBCD527 n/a n/a n/a

whereas NSSI 0.59 only shows:
A: Phantom Floppy Drive n/a n/a n/a n/a
B: Phantom Floppy Drive n/a n/a n/a n/a

It's an old version of course, which probably does not fit to the new hardware, I know.

Last but not least: NSSI 0.59 gives a red info-box like this:
Your version of Navrátil Software System Information is out of date. Pleas visit...
Followed by the warning:
System date is invalid. Your OS reports date 11/11/2013. Please correct ist.

So NSSI 0.59 does not give the virus warning, but the same wrong (what is j@, RSD PTR and Award Vista?) DMI Infos like NSSI 0.60.45 gives:

BIOS Details

DMI Information - BIOS Information
BIOS Release Date: [empty]
BIOS Start Segment: E000h

DMI Information - System Information
System Manufacturer: j@
Product Name: [empty]
Product Version: [empty]
Product Serial Number: [empty]

DMI Information - BIOS Information
System Manufacturer: `h
Product Name: [empty]
Product Version: [empty]
Product Serial Number: 3

DMI Information - System Enclosure Information
System Manufacturer: f3
Version: [empty]
Product Serial Number: f
Asset Number: [empty]

DMI Information - Processor Information
Processor Manufacturer: [empty]
Processor Version: [empty]
External Clock: n/a
Maximum Clock: n/a
Current Clock: n/a
Socket Designation: Award Vista

That's not everything I observed.
We are neither able to go into the program-codes nor deep into the technical specifications - we are just interested linux-windows-(mac)-users who fear the loss of data and hardware-crashes (like those two OCZ-SSDs which are really dead).

Is there somebody who never saw the virus-warning when using NSSI?

Posts: 4
Joined: Wed Nov 06, 2013 10:11 am

Re: UBCD Nssi tool

#6 Post by serge » Wed Nov 20, 2013 5:58 am

NSSI 0.60.45 (from UBCD and also downlaoded from navsoft.cz and started from USB flash drive) is not able to show correct data from Intel-Ivy-processors and newer. Therefore it's normal that it hangs when analysing the ISA-data. My posted DMI informations are also not correct, obviously because the processor is too new.

The virus warning appears even with brandnew PCs :shock: :D . I tested it like this: I bought a brandnew PC from a local shop with Ivy i3 processor. The package was sealed.
I videotaped the following, so researchers can ask me for evidence: I downloaded UBCD527, checked the md5 of the .iso and burned it. Then I unsealed and unpacked the untouched PC, connected only the enclosed mouse and keyboard and booted into BIOS. There I disabled secureboot and booted with UBCD (I didn't boot the preinstalled Windows8). Guess what happened: NSSI reported the virus warning.

Because it is not likely that fresh PCs, arbitrarily chosen from a local computer-discounters storage rack, have a preinstalled virus in memory. I must be a false warning.

But a rest of scepticism is still there:
1) The programs author wrote to me that in my cases he thinks it were false warnings, but it could be a correct alarm too. There's no certainty.
2) Unfortunately I couldn't reconstruct why on my old Thinkpad NSSI does not warn anymore.

Post Reply