Jump to content

Infected with something - need some hekp please


Recommended Posts

Guest Urbane Tiger
Posted

I have several symptoms that make me think I have an infected system, it is a stand alone single user Intel 6600 on a

Gigabyte P965-S3 motherword - 3G Ram, 2x 250G disks, ADSL2+ connection to 'net. System is administered by me, its

owner, XP/Home-SP3, WU is on, Firewall is On, Defender & AVG Free is/was/are my malware shields. Full system scans are

run every day and internet functions in AVG and Defender are on.

 

Symptoms are as follows

 

1. Task Manager has been disabled in the Taskbar context menu - have tried to reinstate via services.msc in normal and

safe mode to no avail, also cannot load Task Manager with Ctl/AltDel. Ran ProcessExplorer and made it my Task Manager,

it can be invoked via keyboard but not via Taskbar.

 

2. I run Windows Live Mail (WLM) as my desktop mail client, when WLM starts I get a dialogue box telling me I should

compress the Outlook Express folders, this is spurious. I recently reformatted by hard disk and reinstalled Windows XP,

as part of the install process I disabled/uninstalled Outlook Express and Messenger as I knew I would be using the

equivalent Windows Live compenets. To date I have answer responded to this by clicking the Cancel button. Another

reason I think the dialogue box is spurious is that it also "pops up" when I run the Belarc system info program.

 

3. I dont use IE much - Firefox is my preferred browser. I cannot close Tabs in IE7, I'm sure I would have noticed

that had it always been so, sometimes IE spins when loading a page and the cancel (red diagonal cross) button wont

cease the transmission and cannot close IE itself, it must be killed via process explorer.

 

AVG found a downloader Trojan which I vaulted, Defender has not reported any problems.

 

I had already made the decision to upgrade this freeware collection of malware sheilds with a commercial product, after

some research I had more or less settled on the product from the Kapersky (K) - so I escalated the decision to get K

Internet Suite Version 7 (KIS7) which I've done.

 

I ran a full scan and KIS7 found 2 instances of the win32.Monder trojan which are in quarantine.

 

The various symptoms are still extant.

 

There were a couple of issues I wanted to raise in the support forum, K's forum requires that one a) installs

SysInternals GetSystemInfo, style_emoticons/ runs it and c) sends output with forum posting.

 

So I downloaded GetSysInfo, unxipped it, put it where all the other SysInternals programs are and ran it. It crashed,

not just the SysiInfernals program but the whole enchilada, XP blackout, kaputski. On restart XP sent a crash report to

MS it then tried to do something which also crashed, although get itself, this sent me into the "Apollo13 has a problem,

Houston process, I answered its questions - it suggested that I down load something to do with memory testing which I'd

need to burn into a CD as a bootable image and boot from that CD. I have NOT done that, a) I dont have an blank CD's style_emoticons/

I dont know how to burn an ordinary CD let alone a bootable one - and how do I know this is not another manfestatin of

the virus.

 

I'm thinking of rebuilding system, but would obviously prefer that I dont have to do that.

  • Replies 6
  • Created
  • Last Reply
Guest FromTheRafters
Posted

"Urbane Tiger" <urbane.tiger@tpg.com.au> wrote in message

news:sjlh04lebpi1n8m7j4r0i7gnnleoqcc276@4ax.com...<span style="color:blue">

>I have several symptoms that make me think I have an infected system, it is

>a stand alone single user Intel 6600 on a

> Gigabyte P965-S3 motherword - 3G Ram, 2x 250G disks, ADSL2+ connection to

> 'net. System is administered by me, its

> owner, XP/Home-SP3, WU is on, Firewall is On, Defender & AVG Free

> is/was/are my malware shields. Full system scans are

> run every day and internet functions in AVG and Defender are on.

>

> Symptoms are as follows

>

> 1. Task Manager has been disabled in the Taskbar context menu - have

> tried to reinstate via services.msc in normal and

> safe mode to no avail, also cannot load Task Manager with Ctl/AltDel. Ran

> ProcessExplorer and made it my Task Manager,

> it can be invoked via keyboard but not via Taskbar.

>

> 2. I run Windows Live Mail (WLM) as my desktop mail client, when WLM

> starts I get a dialogue box telling me I should

> compress the Outlook Express folders, this is spurious. I recently

> reformatted by hard disk and reinstalled Windows XP,

> as part of the install process I disabled/uninstalled Outlook Express and

> Messenger as I knew I would be using the

> equivalent Windows Live compenets. To date I have answer responded to

> this by clicking the Cancel button. Another

> reason I think the dialogue box is spurious is that it also "pops up" when

> I run the Belarc system info program.

>

> 3. I dont use IE much - Firefox is my preferred browser. I cannot close

> Tabs in IE7, I'm sure I would have noticed

> that had it always been so, sometimes IE spins when loading a page and the

> cancel (red diagonal cross) button wont

> cease the transmission and cannot close IE itself, it must be killed via

> process explorer.

>

> AVG found a downloader Trojan which I vaulted, Defender has not reported

> any problems.

>

> I had already made the decision to upgrade this freeware collection of

> malware sheilds with a commercial product, after

> some research I had more or less settled on the product from the Kapersky

> (K) - so I escalated the decision to get K

> Internet Suite Version 7 (KIS7) which I've done.

>

> I ran a full scan and KIS7 found 2 instances of the win32.Monder trojan

> which are in quarantine.

>

> The various symptoms are still extant.

>

> There were a couple of issues I wanted to raise in the support forum, K's

> forum requires that one a) installs

> SysInternals GetSystemInfo, style_emoticons/ runs it and c) sends output with forum

> posting.

>

> So I downloaded GetSysInfo, unxipped it, put it where all the other

> SysInternals programs are and ran it. It crashed,

> not just the SysiInfernals program but the whole enchilada, XP blackout,

> kaputski. On restart XP sent a crash report to

> MS it then tried to do something which also crashed, although get itself,

> this sent me into the "Apollo13 has a problem,

> Houston process, I answered its questions - it suggested that I down load

> something to do with memory testing which I'd

> need to burn into a CD as a bootable image and boot from that CD. I have

> NOT done that, a) I dont have an blank CD's style_emoticons/

> I dont know how to burn an ordinary CD let alone a bootable one - and how

> do I know this is not another manfestatin of

> the virus.

>

> I'm thinking of rebuilding system, but would obviously prefer that I dont

> have to do that.</span>

 

Personally, I would prefer to flatten/rebuild. You might achieve the

same results by hitting it with everything you can (David Lipman's

tool would be a great start), but your confidence level will suffer

because of the unknown malware the downloader trojan might

have downloaded and installed.

Guest Malke
Posted

Urbane Tiger wrote:

<span style="color:blue">

> I have several symptoms that make me think I have an infected system, it

> is a stand alone single user Intel 6600 on a

> Gigabyte P965-S3 motherword - 3G Ram, 2x 250G disks, ADSL2+ connection to

> 'net. System is administered by me, its

> owner, XP/Home-SP3, WU is on, Firewall is On, Defender & AVG Free

> is/was/are my malware shields. Full system scans are run every day and

> internet functions in AVG and Defender are on.

>

> Symptoms are as follows

>

> 1. Task Manager has been disabled in the Taskbar context menu - have

> tried to reinstate via services.msc in normal and

> safe mode to no avail, also cannot load Task Manager with Ctl/AltDel. Ran

> ProcessExplorer and made it my Task Manager, it can be invoked via

> keyboard but not via Taskbar.

>

> 2. I run Windows Live Mail (WLM) as my desktop mail client, when WLM

> starts I get a dialogue box telling me I should

> compress the Outlook Express folders, this is spurious. I recently

> reformatted by hard disk and reinstalled Windows XP, as part of the

> install process I disabled/uninstalled Outlook Express and Messenger as I

> knew I would be using the

> equivalent Windows Live compenets. To date I have answer responded to

> this by clicking the Cancel button. Another reason I think the dialogue

> box is spurious is that it also "pops up" when I run the Belarc system

> info program.

>

> 3. I dont use IE much - Firefox is my preferred browser. I cannot close

> Tabs in IE7, I'm sure I would have noticed

> that had it always been so, sometimes IE spins when loading a page and the

> cancel (red diagonal cross) button wont cease the transmission and cannot

> close IE itself, it must be killed via process explorer.

>

> AVG found a downloader Trojan which I vaulted, Defender has not reported

> any problems.

>

> I had already made the decision to upgrade this freeware collection of

> malware sheilds with a commercial product, after some research I had more

> or less settled on the product from the Kapersky (K) - so I escalated the

> decision to get K Internet Suite Version 7 (KIS7) which I've done.

>

> I ran a full scan and KIS7 found 2 instances of the win32.Monder trojan

> which are in quarantine.

>

> The various symptoms are still extant.

>

> There were a couple of issues I wanted to raise in the support forum, K's

> forum requires that one a) installs SysInternals GetSystemInfo, style_emoticons/ runs it

> and c) sends output with forum posting.

>

> So I downloaded GetSysInfo, unxipped it, put it where all the other

> SysInternals programs are and ran it. It crashed,

> not just the SysiInfernals program but the whole enchilada, XP blackout,

> kaputski. On restart XP sent a crash report to MS it then tried to do

> something which also crashed, although get itself, this sent me into the

> "Apollo13 has a problem, Houston process, I answered its questions - it

> suggested that I down load something to do with memory testing which I'd

> need to burn into a CD as a bootable image and boot from that CD. I have

> NOT done that, a) I dont have an blank CD's style_emoticons/ I dont know how to burn an

> ordinary CD let alone a bootable one - and how do I know this is not

> another manfestatin of the virus.

>

> I'm thinking of rebuilding system, but would obviously prefer that I dont

> have to do that.</span>

 

And you're getting all this after you've done a clean install of Windows

because of previous infection? I must be misunderstanding your post. You

must have downloaded something bad, perhaps some dodgy codecs so you could

watch something maybe?

 

I don't understand your penultimate paragraph; you seem pretty

computer-savvy and yet you say you don't know how to burn a CD? If you just

mean you don't know how to burn a CD on an infected system, you wouldn't do

that anyway. You always get all tools, updates, etc. on a known-clean

computer that isn't connected to the infected one in any way.

 

I'll give you my standard malware removal steps, but as "FromTheRafters"

said you may just want to flatten and rebuild. Make really sure you aren't

installing something that is malware and just reinfecting yourself. Or you

may want a professional to take a look. Having someone who knows what

they're doing take a look at the system always has the possibility of being

more efficient and accurate than getting input from people who can't

actually see the computer. That said, here you go:

 

Go through these general malware removal steps systematically -

http://www.elephantboycomputers.com/page2....emoving_Malware

 

Include scanning with David Lipman's Multi_AV and follow instructions to do

all scans in Safe Mode.

 

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions

http://tinyurl.com/yoeru3 - download link and more instructions

 

You can also check to see if there are targeted removal steps for your

malware here:

Bleeping Computer removal how-to's -

http://www.bleepingcomputer.com/forums/forum55.html

 

When all else fails, get guided help. Choose one of the specialty forums

listed at the first link. Register and read its posting FAQ. You will

generally be asked to:

 

1. Download and execute HiJack This! (HJT) -

http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

 

2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word

wrap"

 

3. Download/run Deckard's System Scanner -

http://www.techsupportforum.com/sectools/Deckard/dss.exe

 

4. Save the scan results (Main.txt and Extra.txt)

 

5. And then post the contents of Main.txt and Extra.txt in your post at the

forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS.

 

Standard disclaimer: I can't see and test your computer myself, so these are

just suggestions based on many years of being a professional computer tech;

suggestions based on what you've written. You should not take my

suggestions as a definitive diagnosis. If you can't do the work yourself

(and there is no shame in admitting this isn't your cup of tea), take the

machine to a professional computer repair shop (not your local equivalent

of BigComputerStore/GeekSquad). Please be aware that not all local shops

are skilled at removing malware and even if they are, your computer may be

so infested that Windows will need to be clean-installed. If possible, have

all your data backed up before you take the machine into a shop.

 

Malke

--

MS-MVP

Elephant Boy Computers

www.elephantboycomputers.com

Don't Panic!

Guest Urbane Tiger
Posted

On Fri, 18 Apr 2008 13:46:56 -0700, Malke <malke@invalid.invalid> wrote:

<span style="color:blue">

>Urbane Tiger wrote:

><span style="color:green">

>> I have several symptoms that make me think I have an infected system, it

>> is a stand alone single user Intel 6600 on a

>> Gigabyte P965-S3 motherword - 3G Ram, 2x 250G disks, ADSL2+ connection to

>> 'net. System is administered by me, its

>> owner, XP/Home-SP3, WU is on, Firewall is On, Defender & AVG Free

>> is/was/are my malware shields. Full system scans are run every day and

>> internet functions in AVG and Defender are on.

>>

>> Symptoms are as follows

>>

>> 1. Task Manager has been disabled in the Taskbar context menu - have

>> tried to reinstate via services.msc in normal and

>> safe mode to no avail, also cannot load Task Manager with Ctl/AltDel. Ran

>> ProcessExplorer and made it my Task Manager, it can be invoked via

>> keyboard but not via Taskbar.

>>

>> 2. I run Windows Live Mail (WLM) as my desktop mail client, when WLM

>> starts I get a dialogue box telling me I should

>> compress the Outlook Express folders, this is spurious. I recently

>> reformatted by hard disk and reinstalled Windows XP, as part of the

>> install process I disabled/uninstalled Outlook Express and Messenger as I

>> knew I would be using the

>> equivalent Windows Live compenets. To date I have answer responded to

>> this by clicking the Cancel button. Another reason I think the dialogue

>> box is spurious is that it also "pops up" when I run the Belarc system

>> info program.

>>

>> 3. I dont use IE much - Firefox is my preferred browser. I cannot close

>> Tabs in IE7, I'm sure I would have noticed

>> that had it always been so, sometimes IE spins when loading a page and the

>> cancel (red diagonal cross) button wont cease the transmission and cannot

>> close IE itself, it must be killed via process explorer.

>>

>> AVG found a downloader Trojan which I vaulted, Defender has not reported

>> any problems.

>>

>> I had already made the decision to upgrade this freeware collection of

>> malware sheilds with a commercial product, after some research I had more

>> or less settled on the product from the Kapersky (K) - so I escalated the

>> decision to get K Internet Suite Version 7 (KIS7) which I've done.

>>

>> I ran a full scan and KIS7 found 2 instances of the win32.Monder trojan

>> which are in quarantine.

>>

>> The various symptoms are still extant.

>>

>> There were a couple of issues I wanted to raise in the support forum, K's

>> forum requires that one a) installs SysInternals GetSystemInfo, style_emoticons/ runs it

>> and c) sends output with forum posting.

>>

>> So I downloaded GetSysInfo, unxipped it, put it where all the other

>> SysInternals programs are and ran it. It crashed,

>> not just the SysiInfernals program but the whole enchilada, XP blackout,

>> kaputski. On restart XP sent a crash report to MS it then tried to do

>> something which also crashed, although get itself, this sent me into the

>> "Apollo13 has a problem, Houston process, I answered its questions - it

>> suggested that I down load something to do with memory testing which I'd

>> need to burn into a CD as a bootable image and boot from that CD. I have

>> NOT done that, a) I dont have an blank CD's style_emoticons/ I dont know how to burn an

>> ordinary CD let alone a bootable one - and how do I know this is not

>> another manfestatin of the virus.

>>

>> I'm thinking of rebuilding system, but would obviously prefer that I dont

>> have to do that.</span>

>

>And you're getting all this after you've done a clean install of Windows

>because of previous infection? I must be misunderstanding your post. You

>must have downloaded something bad, perhaps some dodgy codecs so you could

>watch something maybe?

>

>I don't understand your penultimate paragraph; you seem pretty

>computer-savvy and yet you say you don't know how to burn a CD? If you just

>mean you don't know how to burn a CD on an infected system, you wouldn't do

>that anyway. You always get all tools, updates, etc. on a known-clean

>computer that isn't connected to the infected one in any way.

>

>I'll give you my standard malware removal steps, but as "FromTheRafters"

>said you may just want to flatten and rebuild. Make really sure you aren't

>installing something that is malware and just reinfecting yourself. Or you

>may want a professional to take a look. Having someone who knows what

>they're doing take a look at the system always has the possibility of being

>more efficient and accurate than getting input from people who can't

>actually see the computer. That said, here you go:

>

>Go through these general malware removal steps systematically -

>http://www.elephantboycomputers.com/page2....emoving_Malware

>

>Include scanning with David Lipman's Multi_AV and follow instructions to do

>all scans in Safe Mode.

>

>http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions

>http://tinyurl.com/yoeru3 - download link and more instructions

>

>You can also check to see if there are targeted removal steps for your

>malware here:

>Bleeping Computer removal how-to's -

>http://www.bleepingcomputer.com/forums/forum55.html

>

>When all else fails, get guided help. Choose one of the specialty forums

>listed at the first link. Register and read its posting FAQ. You will

>generally be asked to:

>

>1. Download and execute HiJack This! (HJT) -

>http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

>

>2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word

>wrap"

>

>3. Download/run Deckard's System Scanner -

>http://www.techsupportforum.com/sectools/Deckard/dss.exe

>

>4. Save the scan results (Main.txt and Extra.txt)

>

>5. And then post the contents of Main.txt and Extra.txt in your post at the

>forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS.

>

>Standard disclaimer: I can't see and test your computer myself, so these are

>just suggestions based on many years of being a professional computer tech;

>suggestions based on what you've written. You should not take my

>suggestions as a definitive diagnosis. If you can't do the work yourself

>(and there is no shame in admitting this isn't your cup of tea), take the

>machine to a professional computer repair shop (not your local equivalent

>of BigComputerStore/GeekSquad). Please be aware that not all local shops

>are skilled at removing malware and even if they are, your computer may be

>so infested that Windows will need to be clean-installed. If possible, have

>all your data backed up before you take the machine into a shop.

>

>Malke</span>

 

 

Thanks for this - I'll follow your suggestions, I've already run HJT

 

Yes I'm fairly savvy, got first job in IT in '68 at Control Data writing Fortran, got first "personal" computer in late

'70's (PDP8), got first used internet connect in early '80s, just after I got my very own XT in '83. Got Windows 2,1

when it came out, you can probably guess the rest. I have never, to my uncertain knowledge, been infected with anything

prior to this week. Until recently I only used text based mail, I've never had MS Office and I am careful with respect

web browsing, no online shopping etc. I think I know where the download trojans came from - foolishly clicked on a

flash video (I run FF with Flashblock) on a site I thought I could trust - should have checked first.

 

The previous rebuild was initiated by significant system upgrade - more memory, more disk (two now, two more in the

wings so that I can stripe & mirror) and a new tube. Also I wasn't happy with my folder structure, ie the rebuild was

not due to infection.

 

I am sure I could create the CD, its just that I've not done so. I'm an ardent iconoclast, both visually and audially -

so I dont watch movies, videos, look at pictures or listen to recorded music - if its not the living flesh then as far

as I'm concerned it doesn't exist, hence CD's are not something I use, except as a media from which to install sofware.

 

But as you and "FromThe Rafters" have said the safest thing is to rebuild and that's what I'll probably do. However

I'll go through the process you've outlined first. I'm sure it will educate me on an aspect of computing that, until

now, I have thankfully avoided, and at times I've even wondered if it was all just I 'con.

 

Oh I found another problem. The Display Properties->Screen Saver keeps getting reset to None, and Display

Properties->Desktop Tab wedges, sometimes the exit button will work, other times I have to get Process Explorer out in

order to kill the rundll32 instance in which Display Properties is running.

Guest Malke
Posted

Urbane Tiger wrote:

<span style="color:blue">

> Yes I'm fairly savvy, got first job in IT in '68 at Control Data writing

> Fortran, got first "personal" computer in late

> '70's (PDP8), got first used internet connect in early '80s, just after I

> got my very own XT in '83. Got Windows 2,1

> when it came out, you can probably guess the rest. I have never, to my

> uncertain knowledge, been infected with anything

> prior to this week. Until recently I only used text based mail, I've

> never had MS Office and I am careful with respect

> web browsing, no online shopping etc. I think I know where the download

> trojans came from - foolishly clicked on a flash video (I run FF with

> Flashblock) on a site I thought I could trust - should have checked first.

>

> The previous rebuild was initiated by significant system upgrade - more

> memory, more disk (two now, two more in the

> wings so that I can stripe & mirror) and a new tube. Also I wasn't happy

> with my folder structure, ie the rebuild was not due to infection.

>

> I am sure I could create the CD, its just that I've not done so. I'm an

> ardent iconoclast, both visually and audially - so I dont watch movies,

> videos, look at pictures or listen to recorded music - if its not the

> living flesh then as far as I'm concerned it doesn't exist, hence CD's are

> not something I use, except as a media from which to install sofware.

>

> But as you and "FromThe Rafters" have said the safest thing is to rebuild

> and that's what I'll probably do. However

> I'll go through the process you've outlined first. I'm sure it will

> educate me on an aspect of computing that, until now, I have thankfully

> avoided, and at times I've even wondered if it was all just I 'con.

>

> Oh I found another problem. The Display Properties->Screen Saver keeps

> getting reset to None, and Display Properties->Desktop Tab wedges,

> sometimes the exit button will work, other times I have to get Process

> Explorer out in order to kill the rundll32 instance in which Display

> Properties is running.</span>

 

My best suggestion to you is to flatten and rebuild. Purchase an external

hard drive and imaging software such as Acronis True Image and image your

new install. Store the image on the external hard drive. This makes

restoration of your perfectly working system a matter of minutes.

 

http://michaelstevenstech.com/cleanxpinstall.html - Clean Install How-To

http://www.elephantboycomputers.com/page2....talling_Windows - What

you will need on-hand

 

Malke

--

MS-MVP

Elephant Boy Computers

www.elephantboycomputers.com

Don't Panic!

Posted

Urbane Tiger wrote:<span style="color:blue">

> On Fri, 18 Apr 2008 13:46:56 -0700, Malke <malke@invalid.invalid> wrote:

> <span style="color:green">

>> Urbane Tiger wrote:

>><span style="color:darkred">

>>> I have several symptoms that make me think I have an infected system, it

>>> is a stand alone single user Intel 6600 on a

>>> Gigabyte P965-S3 motherword - 3G Ram, 2x 250G disks, ADSL2+ connection to

>>> 'net. System is administered by me, its

>>> owner, XP/Home-SP3, WU is on, Firewall is On, Defender & AVG Free

>>> is/was/are my malware shields. Full system scans are run every day and

>>> internet functions in AVG and Defender are on.

>>>

>>> Symptoms are as follows

>>>

>>> 1. Task Manager has been disabled in the Taskbar context menu - have

>>> tried to reinstate via services.msc in normal and

>>> safe mode to no avail, also cannot load Task Manager with Ctl/AltDel. Ran

>>> ProcessExplorer and made it my Task Manager, it can be invoked via

>>> keyboard but not via Taskbar.

>>>

>>> 2. I run Windows Live Mail (WLM) as my desktop mail client, when WLM

>>> starts I get a dialogue box telling me I should

>>> compress the Outlook Express folders, this is spurious. I recently

>>> reformatted by hard disk and reinstalled Windows XP, as part of the

>>> install process I disabled/uninstalled Outlook Express and Messenger as I

>>> knew I would be using the

>>> equivalent Windows Live compenets. To date I have answer responded to

>>> this by clicking the Cancel button. Another reason I think the dialogue

>>> box is spurious is that it also "pops up" when I run the Belarc system

>>> info program.

>>>

>>> 3. I dont use IE much - Firefox is my preferred browser. I cannot close

>>> Tabs in IE7, I'm sure I would have noticed

>>> that had it always been so, sometimes IE spins when loading a page and the

>>> cancel (red diagonal cross) button wont cease the transmission and cannot

>>> close IE itself, it must be killed via process explorer.

>>>

>>> AVG found a downloader Trojan which I vaulted, Defender has not reported

>>> any problems.

>>>

>>> I had already made the decision to upgrade this freeware collection of

>>> malware sheilds with a commercial product, after some research I had more

>>> or less settled on the product from the Kapersky (K) - so I escalated the

>>> decision to get K Internet Suite Version 7 (KIS7) which I've done.

>>>

>>> I ran a full scan and KIS7 found 2 instances of the win32.Monder trojan

>>> which are in quarantine.

>>>

>>> The various symptoms are still extant.

>>>

>>> There were a couple of issues I wanted to raise in the support forum, K's

>>> forum requires that one a) installs SysInternals GetSystemInfo, style_emoticons/ runs it

>>> and c) sends output with forum posting.

>>>

>>> So I downloaded GetSysInfo, unxipped it, put it where all the other

>>> SysInternals programs are and ran it. It crashed,

>>> not just the SysiInfernals program but the whole enchilada, XP blackout,

>>> kaputski. On restart XP sent a crash report to MS it then tried to do

>>> something which also crashed, although get itself, this sent me into the

>>> "Apollo13 has a problem, Houston process, I answered its questions - it

>>> suggested that I down load something to do with memory testing which I'd

>>> need to burn into a CD as a bootable image and boot from that CD. I have

>>> NOT done that, a) I dont have an blank CD's style_emoticons/ I dont know how to burn an

>>> ordinary CD let alone a bootable one - and how do I know this is not

>>> another manfestatin of the virus.

>>>

>>> I'm thinking of rebuilding system, but would obviously prefer that I dont

>>> have to do that.</span>

>> And you're getting all this after you've done a clean install of Windows

>> because of previous infection? I must be misunderstanding your post. You

>> must have downloaded something bad, perhaps some dodgy codecs so you could

>> watch something maybe?

>>

>> I don't understand your penultimate paragraph; you seem pretty

>> computer-savvy and yet you say you don't know how to burn a CD? If you just

>> mean you don't know how to burn a CD on an infected system, you wouldn't do

>> that anyway. You always get all tools, updates, etc. on a known-clean

>> computer that isn't connected to the infected one in any way.

>>

>> I'll give you my standard malware removal steps, but as "FromTheRafters"

>> said you may just want to flatten and rebuild. Make really sure you aren't

>> installing something that is malware and just reinfecting yourself. Or you

>> may want a professional to take a look. Having someone who knows what

>> they're doing take a look at the system always has the possibility of being

>> more efficient and accurate than getting input from people who can't

>> actually see the computer. That said, here you go:

>>

>> Go through these general malware removal steps systematically -

>> http://www.elephantboycomputers.com/page2....emoving_Malware

>>

>> Include scanning with David Lipman's Multi_AV and follow instructions to do

>> all scans in Safe Mode.

>>

>> http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions

>> http://tinyurl.com/yoeru3 - download link and more instructions

>>

>> You can also check to see if there are targeted removal steps for your

>> malware here:

>> Bleeping Computer removal how-to's -

>> http://www.bleepingcomputer.com/forums/forum55.html

>>

>> When all else fails, get guided help. Choose one of the specialty forums

>> listed at the first link. Register and read its posting FAQ. You will

>> generally be asked to:

>>

>> 1. Download and execute HiJack This! (HJT) -

>> http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

>>

>> 2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word

>> wrap"

>>

>> 3. Download/run Deckard's System Scanner -

>> http://www.techsupportforum.com/sectools/Deckard/dss.exe

>>

>> 4. Save the scan results (Main.txt and Extra.txt)

>>

>> 5. And then post the contents of Main.txt and Extra.txt in your post at the

>> forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS.

>>

>> Standard disclaimer: I can't see and test your computer myself, so these are

>> just suggestions based on many years of being a professional computer tech;

>> suggestions based on what you've written. You should not take my

>> suggestions as a definitive diagnosis. If you can't do the work yourself

>> (and there is no shame in admitting this isn't your cup of tea), take the

>> machine to a professional computer repair shop (not your local equivalent

>> of BigComputerStore/GeekSquad). Please be aware that not all local shops

>> are skilled at removing malware and even if they are, your computer may be

>> so infested that Windows will need to be clean-installed. If possible, have

>> all your data backed up before you take the machine into a shop.

>>

>> Malke</span>

>

>

> Thanks for this - I'll follow your suggestions, I've already run HJT

>

> Yes I'm fairly savvy, got first job in IT in '68 at Control Data writing Fortran, got first "personal" computer in late

> '70's (PDP8), got first used internet connect in early '80s, just after I got my very own XT in '83. Got Windows 2,1

> when it came out, you can probably guess the rest. I have never, to my uncertain knowledge, been infected with anything

> prior to this week. Until recently I only used text based mail, I've never had MS Office and I am careful with respect

> web browsing, no online shopping etc. I think I know where the download trojans came from - foolishly clicked on a

> flash video (I run FF with Flashblock) on a site I thought I could trust - should have checked first.

>

> The previous rebuild was initiated by significant system upgrade - more memory, more disk (two now, two more in the

> wings so that I can stripe & mirror) and a new tube. Also I wasn't happy with my folder structure, ie the rebuild was

> not due to infection.

>

> I am sure I could create the CD, its just that I've not done so. I'm an ardent iconoclast, both visually and audially -

> so I dont watch movies, videos, look at pictures or listen to recorded music - if its not the living flesh then as far

> as I'm concerned it doesn't exist, hence CD's are not something I use, except as a media from which to install sofware.

>

> But as you and "FromThe Rafters" have said the safest thing is to rebuild and that's what I'll probably do. However

> I'll go through the process you've outlined first. I'm sure it will educate me on an aspect of computing that, until

> now, I have thankfully avoided, and at times I've even wondered if it was all just I 'con.

>

> Oh I found another problem. The Display Properties->Screen Saver keeps getting reset to None, and Display

> Properties->Desktop Tab wedges, sometimes the exit button will work, other times I have to get Process Explorer out in

> order to kill the rundll32 instance in which Display Properties is running.

> </span>

CDC!

 

Colossus:The Forbin Project.

 

Used a CDC 469E in PHALANX CIWS.

Guest Leythos
Posted

In article <#YSgDqJpIHA.3428@TK2MSFTNGP02.phx.gbl>,

nothing@nospamplease.com says...<span style="color:blue">

> CDC!

>

> Colossus:The Forbin Project.

>

> Used a CDC 469E in PHALANX CIWS.</span>

 

You quoted all of that to add just three lines ot text?

 

--

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...