Guest Urbane Tiger Posted April 18, 2008 Posted April 18, 2008 I have several symptoms that make me think I have an infected system, it is a stand alone single user Intel 6600 on a Gigabyte P965-S3 motherword - 3G Ram, 2x 250G disks, ADSL2+ connection to 'net. System is administered by me, its owner, XP/Home-SP3, WU is on, Firewall is On, Defender & AVG Free is/was/are my malware shields. Full system scans are run every day and internet functions in AVG and Defender are on. Symptoms are as follows 1. Task Manager has been disabled in the Taskbar context menu - have tried to reinstate via services.msc in normal and safe mode to no avail, also cannot load Task Manager with Ctl/AltDel. Ran ProcessExplorer and made it my Task Manager, it can be invoked via keyboard but not via Taskbar. 2. I run Windows Live Mail (WLM) as my desktop mail client, when WLM starts I get a dialogue box telling me I should compress the Outlook Express folders, this is spurious. I recently reformatted by hard disk and reinstalled Windows XP, as part of the install process I disabled/uninstalled Outlook Express and Messenger as I knew I would be using the equivalent Windows Live compenets. To date I have answer responded to this by clicking the Cancel button. Another reason I think the dialogue box is spurious is that it also "pops up" when I run the Belarc system info program. 3. I dont use IE much - Firefox is my preferred browser. I cannot close Tabs in IE7, I'm sure I would have noticed that had it always been so, sometimes IE spins when loading a page and the cancel (red diagonal cross) button wont cease the transmission and cannot close IE itself, it must be killed via process explorer. AVG found a downloader Trojan which I vaulted, Defender has not reported any problems. I had already made the decision to upgrade this freeware collection of malware sheilds with a commercial product, after some research I had more or less settled on the product from the Kapersky (K) - so I escalated the decision to get K Internet Suite Version 7 (KIS7) which I've done. I ran a full scan and KIS7 found 2 instances of the win32.Monder trojan which are in quarantine. The various symptoms are still extant. There were a couple of issues I wanted to raise in the support forum, K's forum requires that one a) installs SysInternals GetSystemInfo, style_emoticons/ runs it and c) sends output with forum posting. So I downloaded GetSysInfo, unxipped it, put it where all the other SysInternals programs are and ran it. It crashed, not just the SysiInfernals program but the whole enchilada, XP blackout, kaputski. On restart XP sent a crash report to MS it then tried to do something which also crashed, although get itself, this sent me into the "Apollo13 has a problem, Houston process, I answered its questions - it suggested that I down load something to do with memory testing which I'd need to burn into a CD as a bootable image and boot from that CD. I have NOT done that, a) I dont have an blank CD's style_emoticons/ I dont know how to burn an ordinary CD let alone a bootable one - and how do I know this is not another manfestatin of the virus. I'm thinking of rebuilding system, but would obviously prefer that I dont have to do that. Quote
Guest FromTheRafters Posted April 18, 2008 Posted April 18, 2008 "Urbane Tiger" <urbane.tiger@tpg.com.au> wrote in message news:sjlh04lebpi1n8m7j4r0i7gnnleoqcc276@4ax.com...<span style="color:blue"> >I have several symptoms that make me think I have an infected system, it is >a stand alone single user Intel 6600 on a > Gigabyte P965-S3 motherword - 3G Ram, 2x 250G disks, ADSL2+ connection to > 'net. System is administered by me, its > owner, XP/Home-SP3, WU is on, Firewall is On, Defender & AVG Free > is/was/are my malware shields. Full system scans are > run every day and internet functions in AVG and Defender are on. > > Symptoms are as follows > > 1. Task Manager has been disabled in the Taskbar context menu - have > tried to reinstate via services.msc in normal and > safe mode to no avail, also cannot load Task Manager with Ctl/AltDel. Ran > ProcessExplorer and made it my Task Manager, > it can be invoked via keyboard but not via Taskbar. > > 2. I run Windows Live Mail (WLM) as my desktop mail client, when WLM > starts I get a dialogue box telling me I should > compress the Outlook Express folders, this is spurious. I recently > reformatted by hard disk and reinstalled Windows XP, > as part of the install process I disabled/uninstalled Outlook Express and > Messenger as I knew I would be using the > equivalent Windows Live compenets. To date I have answer responded to > this by clicking the Cancel button. Another > reason I think the dialogue box is spurious is that it also "pops up" when > I run the Belarc system info program. > > 3. I dont use IE much - Firefox is my preferred browser. I cannot close > Tabs in IE7, I'm sure I would have noticed > that had it always been so, sometimes IE spins when loading a page and the > cancel (red diagonal cross) button wont > cease the transmission and cannot close IE itself, it must be killed via > process explorer. > > AVG found a downloader Trojan which I vaulted, Defender has not reported > any problems. > > I had already made the decision to upgrade this freeware collection of > malware sheilds with a commercial product, after > some research I had more or less settled on the product from the Kapersky > (K) - so I escalated the decision to get K > Internet Suite Version 7 (KIS7) which I've done. > > I ran a full scan and KIS7 found 2 instances of the win32.Monder trojan > which are in quarantine. > > The various symptoms are still extant. > > There were a couple of issues I wanted to raise in the support forum, K's > forum requires that one a) installs > SysInternals GetSystemInfo, style_emoticons/ runs it and c) sends output with forum > posting. > > So I downloaded GetSysInfo, unxipped it, put it where all the other > SysInternals programs are and ran it. It crashed, > not just the SysiInfernals program but the whole enchilada, XP blackout, > kaputski. On restart XP sent a crash report to > MS it then tried to do something which also crashed, although get itself, > this sent me into the "Apollo13 has a problem, > Houston process, I answered its questions - it suggested that I down load > something to do with memory testing which I'd > need to burn into a CD as a bootable image and boot from that CD. I have > NOT done that, a) I dont have an blank CD's style_emoticons/ > I dont know how to burn an ordinary CD let alone a bootable one - and how > do I know this is not another manfestatin of > the virus. > > I'm thinking of rebuilding system, but would obviously prefer that I dont > have to do that.</span> Personally, I would prefer to flatten/rebuild. You might achieve the same results by hitting it with everything you can (David Lipman's tool would be a great start), but your confidence level will suffer because of the unknown malware the downloader trojan might have downloaded and installed. Quote
Guest Malke Posted April 18, 2008 Posted April 18, 2008 Urbane Tiger wrote: <span style="color:blue"> > I have several symptoms that make me think I have an infected system, it > is a stand alone single user Intel 6600 on a > Gigabyte P965-S3 motherword - 3G Ram, 2x 250G disks, ADSL2+ connection to > 'net. System is administered by me, its > owner, XP/Home-SP3, WU is on, Firewall is On, Defender & AVG Free > is/was/are my malware shields. Full system scans are run every day and > internet functions in AVG and Defender are on. > > Symptoms are as follows > > 1. Task Manager has been disabled in the Taskbar context menu - have > tried to reinstate via services.msc in normal and > safe mode to no avail, also cannot load Task Manager with Ctl/AltDel. Ran > ProcessExplorer and made it my Task Manager, it can be invoked via > keyboard but not via Taskbar. > > 2. I run Windows Live Mail (WLM) as my desktop mail client, when WLM > starts I get a dialogue box telling me I should > compress the Outlook Express folders, this is spurious. I recently > reformatted by hard disk and reinstalled Windows XP, as part of the > install process I disabled/uninstalled Outlook Express and Messenger as I > knew I would be using the > equivalent Windows Live compenets. To date I have answer responded to > this by clicking the Cancel button. Another reason I think the dialogue > box is spurious is that it also "pops up" when I run the Belarc system > info program. > > 3. I dont use IE much - Firefox is my preferred browser. I cannot close > Tabs in IE7, I'm sure I would have noticed > that had it always been so, sometimes IE spins when loading a page and the > cancel (red diagonal cross) button wont cease the transmission and cannot > close IE itself, it must be killed via process explorer. > > AVG found a downloader Trojan which I vaulted, Defender has not reported > any problems. > > I had already made the decision to upgrade this freeware collection of > malware sheilds with a commercial product, after some research I had more > or less settled on the product from the Kapersky (K) - so I escalated the > decision to get K Internet Suite Version 7 (KIS7) which I've done. > > I ran a full scan and KIS7 found 2 instances of the win32.Monder trojan > which are in quarantine. > > The various symptoms are still extant. > > There were a couple of issues I wanted to raise in the support forum, K's > forum requires that one a) installs SysInternals GetSystemInfo, style_emoticons/ runs it > and c) sends output with forum posting. > > So I downloaded GetSysInfo, unxipped it, put it where all the other > SysInternals programs are and ran it. It crashed, > not just the SysiInfernals program but the whole enchilada, XP blackout, > kaputski. On restart XP sent a crash report to MS it then tried to do > something which also crashed, although get itself, this sent me into the > "Apollo13 has a problem, Houston process, I answered its questions - it > suggested that I down load something to do with memory testing which I'd > need to burn into a CD as a bootable image and boot from that CD. I have > NOT done that, a) I dont have an blank CD's style_emoticons/ I dont know how to burn an > ordinary CD let alone a bootable one - and how do I know this is not > another manfestatin of the virus. > > I'm thinking of rebuilding system, but would obviously prefer that I dont > have to do that.</span> And you're getting all this after you've done a clean install of Windows because of previous infection? I must be misunderstanding your post. You must have downloaded something bad, perhaps some dodgy codecs so you could watch something maybe? I don't understand your penultimate paragraph; you seem pretty computer-savvy and yet you say you don't know how to burn a CD? If you just mean you don't know how to burn a CD on an infected system, you wouldn't do that anyway. You always get all tools, updates, etc. on a known-clean computer that isn't connected to the infected one in any way. I'll give you my standard malware removal steps, but as "FromTheRafters" said you may just want to flatten and rebuild. Make really sure you aren't installing something that is malware and just reinfecting yourself. Or you may want a professional to take a look. Having someone who knows what they're doing take a look at the system always has the possibility of being more efficient and accurate than getting input from people who can't actually see the computer. That said, here you go: Go through these general malware removal steps systematically - http://www.elephantboycomputers.com/page2....emoving_Malware Include scanning with David Lipman's Multi_AV and follow instructions to do all scans in Safe Mode. http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions http://tinyurl.com/yoeru3 - download link and more instructions You can also check to see if there are targeted removal steps for your malware here: Bleeping Computer removal how-to's - http://www.bleepingcomputer.com/forums/forum55.html When all else fails, get guided help. Choose one of the specialty forums listed at the first link. Register and read its posting FAQ. You will generally be asked to: 1. Download and execute HiJack This! (HJT) - http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe 2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word wrap" 3. Download/run Deckard's System Scanner - http://www.techsupportforum.com/sectools/Deckard/dss.exe 4. Save the scan results (Main.txt and Extra.txt) 5. And then post the contents of Main.txt and Extra.txt in your post at the forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS. Standard disclaimer: I can't see and test your computer myself, so these are just suggestions based on many years of being a professional computer tech; suggestions based on what you've written. You should not take my suggestions as a definitive diagnosis. If you can't do the work yourself (and there is no shame in admitting this isn't your cup of tea), take the machine to a professional computer repair shop (not your local equivalent of BigComputerStore/GeekSquad). Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. If possible, have all your data backed up before you take the machine into a shop. Malke -- MS-MVP Elephant Boy Computers www.elephantboycomputers.com Don't Panic! Quote
Guest Urbane Tiger Posted April 19, 2008 Posted April 19, 2008 On Fri, 18 Apr 2008 13:46:56 -0700, Malke <malke@invalid.invalid> wrote: <span style="color:blue"> >Urbane Tiger wrote: ><span style="color:green"> >> I have several symptoms that make me think I have an infected system, it >> is a stand alone single user Intel 6600 on a >> Gigabyte P965-S3 motherword - 3G Ram, 2x 250G disks, ADSL2+ connection to >> 'net. System is administered by me, its >> owner, XP/Home-SP3, WU is on, Firewall is On, Defender & AVG Free >> is/was/are my malware shields. Full system scans are run every day and >> internet functions in AVG and Defender are on. >> >> Symptoms are as follows >> >> 1. Task Manager has been disabled in the Taskbar context menu - have >> tried to reinstate via services.msc in normal and >> safe mode to no avail, also cannot load Task Manager with Ctl/AltDel. Ran >> ProcessExplorer and made it my Task Manager, it can be invoked via >> keyboard but not via Taskbar. >> >> 2. I run Windows Live Mail (WLM) as my desktop mail client, when WLM >> starts I get a dialogue box telling me I should >> compress the Outlook Express folders, this is spurious. I recently >> reformatted by hard disk and reinstalled Windows XP, as part of the >> install process I disabled/uninstalled Outlook Express and Messenger as I >> knew I would be using the >> equivalent Windows Live compenets. To date I have answer responded to >> this by clicking the Cancel button. Another reason I think the dialogue >> box is spurious is that it also "pops up" when I run the Belarc system >> info program. >> >> 3. I dont use IE much - Firefox is my preferred browser. I cannot close >> Tabs in IE7, I'm sure I would have noticed >> that had it always been so, sometimes IE spins when loading a page and the >> cancel (red diagonal cross) button wont cease the transmission and cannot >> close IE itself, it must be killed via process explorer. >> >> AVG found a downloader Trojan which I vaulted, Defender has not reported >> any problems. >> >> I had already made the decision to upgrade this freeware collection of >> malware sheilds with a commercial product, after some research I had more >> or less settled on the product from the Kapersky (K) - so I escalated the >> decision to get K Internet Suite Version 7 (KIS7) which I've done. >> >> I ran a full scan and KIS7 found 2 instances of the win32.Monder trojan >> which are in quarantine. >> >> The various symptoms are still extant. >> >> There were a couple of issues I wanted to raise in the support forum, K's >> forum requires that one a) installs SysInternals GetSystemInfo, style_emoticons/ runs it >> and c) sends output with forum posting. >> >> So I downloaded GetSysInfo, unxipped it, put it where all the other >> SysInternals programs are and ran it. It crashed, >> not just the SysiInfernals program but the whole enchilada, XP blackout, >> kaputski. On restart XP sent a crash report to MS it then tried to do >> something which also crashed, although get itself, this sent me into the >> "Apollo13 has a problem, Houston process, I answered its questions - it >> suggested that I down load something to do with memory testing which I'd >> need to burn into a CD as a bootable image and boot from that CD. I have >> NOT done that, a) I dont have an blank CD's style_emoticons/ I dont know how to burn an >> ordinary CD let alone a bootable one - and how do I know this is not >> another manfestatin of the virus. >> >> I'm thinking of rebuilding system, but would obviously prefer that I dont >> have to do that.</span> > >And you're getting all this after you've done a clean install of Windows >because of previous infection? I must be misunderstanding your post. You >must have downloaded something bad, perhaps some dodgy codecs so you could >watch something maybe? > >I don't understand your penultimate paragraph; you seem pretty >computer-savvy and yet you say you don't know how to burn a CD? If you just >mean you don't know how to burn a CD on an infected system, you wouldn't do >that anyway. You always get all tools, updates, etc. on a known-clean >computer that isn't connected to the infected one in any way. > >I'll give you my standard malware removal steps, but as "FromTheRafters" >said you may just want to flatten and rebuild. Make really sure you aren't >installing something that is malware and just reinfecting yourself. Or you >may want a professional to take a look. Having someone who knows what >they're doing take a look at the system always has the possibility of being >more efficient and accurate than getting input from people who can't >actually see the computer. That said, here you go: > >Go through these general malware removal steps systematically - >http://www.elephantboycomputers.com/page2....emoving_Malware > >Include scanning with David Lipman's Multi_AV and follow instructions to do >all scans in Safe Mode. > >http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions >http://tinyurl.com/yoeru3 - download link and more instructions > >You can also check to see if there are targeted removal steps for your >malware here: >Bleeping Computer removal how-to's - >http://www.bleepingcomputer.com/forums/forum55.html > >When all else fails, get guided help. Choose one of the specialty forums >listed at the first link. Register and read its posting FAQ. You will >generally be asked to: > >1. Download and execute HiJack This! (HJT) - >http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe > >2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word >wrap" > >3. Download/run Deckard's System Scanner - >http://www.techsupportforum.com/sectools/Deckard/dss.exe > >4. Save the scan results (Main.txt and Extra.txt) > >5. And then post the contents of Main.txt and Extra.txt in your post at the >forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS. > >Standard disclaimer: I can't see and test your computer myself, so these are >just suggestions based on many years of being a professional computer tech; >suggestions based on what you've written. You should not take my >suggestions as a definitive diagnosis. If you can't do the work yourself >(and there is no shame in admitting this isn't your cup of tea), take the >machine to a professional computer repair shop (not your local equivalent >of BigComputerStore/GeekSquad). Please be aware that not all local shops >are skilled at removing malware and even if they are, your computer may be >so infested that Windows will need to be clean-installed. If possible, have >all your data backed up before you take the machine into a shop. > >Malke</span> Thanks for this - I'll follow your suggestions, I've already run HJT Yes I'm fairly savvy, got first job in IT in '68 at Control Data writing Fortran, got first "personal" computer in late '70's (PDP8), got first used internet connect in early '80s, just after I got my very own XT in '83. Got Windows 2,1 when it came out, you can probably guess the rest. I have never, to my uncertain knowledge, been infected with anything prior to this week. Until recently I only used text based mail, I've never had MS Office and I am careful with respect web browsing, no online shopping etc. I think I know where the download trojans came from - foolishly clicked on a flash video (I run FF with Flashblock) on a site I thought I could trust - should have checked first. The previous rebuild was initiated by significant system upgrade - more memory, more disk (two now, two more in the wings so that I can stripe & mirror) and a new tube. Also I wasn't happy with my folder structure, ie the rebuild was not due to infection. I am sure I could create the CD, its just that I've not done so. I'm an ardent iconoclast, both visually and audially - so I dont watch movies, videos, look at pictures or listen to recorded music - if its not the living flesh then as far as I'm concerned it doesn't exist, hence CD's are not something I use, except as a media from which to install sofware. But as you and "FromThe Rafters" have said the safest thing is to rebuild and that's what I'll probably do. However I'll go through the process you've outlined first. I'm sure it will educate me on an aspect of computing that, until now, I have thankfully avoided, and at times I've even wondered if it was all just I 'con. Oh I found another problem. The Display Properties->Screen Saver keeps getting reset to None, and Display Properties->Desktop Tab wedges, sometimes the exit button will work, other times I have to get Process Explorer out in order to kill the rundll32 instance in which Display Properties is running. Quote
Guest Malke Posted April 19, 2008 Posted April 19, 2008 Urbane Tiger wrote: <span style="color:blue"> > Yes I'm fairly savvy, got first job in IT in '68 at Control Data writing > Fortran, got first "personal" computer in late > '70's (PDP8), got first used internet connect in early '80s, just after I > got my very own XT in '83. Got Windows 2,1 > when it came out, you can probably guess the rest. I have never, to my > uncertain knowledge, been infected with anything > prior to this week. Until recently I only used text based mail, I've > never had MS Office and I am careful with respect > web browsing, no online shopping etc. I think I know where the download > trojans came from - foolishly clicked on a flash video (I run FF with > Flashblock) on a site I thought I could trust - should have checked first. > > The previous rebuild was initiated by significant system upgrade - more > memory, more disk (two now, two more in the > wings so that I can stripe & mirror) and a new tube. Also I wasn't happy > with my folder structure, ie the rebuild was not due to infection. > > I am sure I could create the CD, its just that I've not done so. I'm an > ardent iconoclast, both visually and audially - so I dont watch movies, > videos, look at pictures or listen to recorded music - if its not the > living flesh then as far as I'm concerned it doesn't exist, hence CD's are > not something I use, except as a media from which to install sofware. > > But as you and "FromThe Rafters" have said the safest thing is to rebuild > and that's what I'll probably do. However > I'll go through the process you've outlined first. I'm sure it will > educate me on an aspect of computing that, until now, I have thankfully > avoided, and at times I've even wondered if it was all just I 'con. > > Oh I found another problem. The Display Properties->Screen Saver keeps > getting reset to None, and Display Properties->Desktop Tab wedges, > sometimes the exit button will work, other times I have to get Process > Explorer out in order to kill the rundll32 instance in which Display > Properties is running.</span> My best suggestion to you is to flatten and rebuild. Purchase an external hard drive and imaging software such as Acronis True Image and image your new install. Store the image on the external hard drive. This makes restoration of your perfectly working system a matter of minutes. http://michaelstevenstech.com/cleanxpinstall.html - Clean Install How-To http://www.elephantboycomputers.com/page2....talling_Windows - What you will need on-hand Malke -- MS-MVP Elephant Boy Computers www.elephantboycomputers.com Don't Panic! Quote
Guest M Posted April 22, 2008 Posted April 22, 2008 Urbane Tiger wrote:<span style="color:blue"> > On Fri, 18 Apr 2008 13:46:56 -0700, Malke <malke@invalid.invalid> wrote: > <span style="color:green"> >> Urbane Tiger wrote: >><span style="color:darkred"> >>> I have several symptoms that make me think I have an infected system, it >>> is a stand alone single user Intel 6600 on a >>> Gigabyte P965-S3 motherword - 3G Ram, 2x 250G disks, ADSL2+ connection to >>> 'net. System is administered by me, its >>> owner, XP/Home-SP3, WU is on, Firewall is On, Defender & AVG Free >>> is/was/are my malware shields. Full system scans are run every day and >>> internet functions in AVG and Defender are on. >>> >>> Symptoms are as follows >>> >>> 1. Task Manager has been disabled in the Taskbar context menu - have >>> tried to reinstate via services.msc in normal and >>> safe mode to no avail, also cannot load Task Manager with Ctl/AltDel. Ran >>> ProcessExplorer and made it my Task Manager, it can be invoked via >>> keyboard but not via Taskbar. >>> >>> 2. I run Windows Live Mail (WLM) as my desktop mail client, when WLM >>> starts I get a dialogue box telling me I should >>> compress the Outlook Express folders, this is spurious. I recently >>> reformatted by hard disk and reinstalled Windows XP, as part of the >>> install process I disabled/uninstalled Outlook Express and Messenger as I >>> knew I would be using the >>> equivalent Windows Live compenets. To date I have answer responded to >>> this by clicking the Cancel button. Another reason I think the dialogue >>> box is spurious is that it also "pops up" when I run the Belarc system >>> info program. >>> >>> 3. I dont use IE much - Firefox is my preferred browser. I cannot close >>> Tabs in IE7, I'm sure I would have noticed >>> that had it always been so, sometimes IE spins when loading a page and the >>> cancel (red diagonal cross) button wont cease the transmission and cannot >>> close IE itself, it must be killed via process explorer. >>> >>> AVG found a downloader Trojan which I vaulted, Defender has not reported >>> any problems. >>> >>> I had already made the decision to upgrade this freeware collection of >>> malware sheilds with a commercial product, after some research I had more >>> or less settled on the product from the Kapersky (K) - so I escalated the >>> decision to get K Internet Suite Version 7 (KIS7) which I've done. >>> >>> I ran a full scan and KIS7 found 2 instances of the win32.Monder trojan >>> which are in quarantine. >>> >>> The various symptoms are still extant. >>> >>> There were a couple of issues I wanted to raise in the support forum, K's >>> forum requires that one a) installs SysInternals GetSystemInfo, style_emoticons/ runs it >>> and c) sends output with forum posting. >>> >>> So I downloaded GetSysInfo, unxipped it, put it where all the other >>> SysInternals programs are and ran it. It crashed, >>> not just the SysiInfernals program but the whole enchilada, XP blackout, >>> kaputski. On restart XP sent a crash report to MS it then tried to do >>> something which also crashed, although get itself, this sent me into the >>> "Apollo13 has a problem, Houston process, I answered its questions - it >>> suggested that I down load something to do with memory testing which I'd >>> need to burn into a CD as a bootable image and boot from that CD. I have >>> NOT done that, a) I dont have an blank CD's style_emoticons/ I dont know how to burn an >>> ordinary CD let alone a bootable one - and how do I know this is not >>> another manfestatin of the virus. >>> >>> I'm thinking of rebuilding system, but would obviously prefer that I dont >>> have to do that.</span> >> And you're getting all this after you've done a clean install of Windows >> because of previous infection? I must be misunderstanding your post. You >> must have downloaded something bad, perhaps some dodgy codecs so you could >> watch something maybe? >> >> I don't understand your penultimate paragraph; you seem pretty >> computer-savvy and yet you say you don't know how to burn a CD? If you just >> mean you don't know how to burn a CD on an infected system, you wouldn't do >> that anyway. You always get all tools, updates, etc. on a known-clean >> computer that isn't connected to the infected one in any way. >> >> I'll give you my standard malware removal steps, but as "FromTheRafters" >> said you may just want to flatten and rebuild. Make really sure you aren't >> installing something that is malware and just reinfecting yourself. Or you >> may want a professional to take a look. Having someone who knows what >> they're doing take a look at the system always has the possibility of being >> more efficient and accurate than getting input from people who can't >> actually see the computer. That said, here you go: >> >> Go through these general malware removal steps systematically - >> http://www.elephantboycomputers.com/page2....emoving_Malware >> >> Include scanning with David Lipman's Multi_AV and follow instructions to do >> all scans in Safe Mode. >> >> http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions >> http://tinyurl.com/yoeru3 - download link and more instructions >> >> You can also check to see if there are targeted removal steps for your >> malware here: >> Bleeping Computer removal how-to's - >> http://www.bleepingcomputer.com/forums/forum55.html >> >> When all else fails, get guided help. Choose one of the specialty forums >> listed at the first link. Register and read its posting FAQ. You will >> generally be asked to: >> >> 1. Download and execute HiJack This! (HJT) - >> http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe >> >> 2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word >> wrap" >> >> 3. Download/run Deckard's System Scanner - >> http://www.techsupportforum.com/sectools/Deckard/dss.exe >> >> 4. Save the scan results (Main.txt and Extra.txt) >> >> 5. And then post the contents of Main.txt and Extra.txt in your post at the >> forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS. >> >> Standard disclaimer: I can't see and test your computer myself, so these are >> just suggestions based on many years of being a professional computer tech; >> suggestions based on what you've written. You should not take my >> suggestions as a definitive diagnosis. If you can't do the work yourself >> (and there is no shame in admitting this isn't your cup of tea), take the >> machine to a professional computer repair shop (not your local equivalent >> of BigComputerStore/GeekSquad). Please be aware that not all local shops >> are skilled at removing malware and even if they are, your computer may be >> so infested that Windows will need to be clean-installed. If possible, have >> all your data backed up before you take the machine into a shop. >> >> Malke</span> > > > Thanks for this - I'll follow your suggestions, I've already run HJT > > Yes I'm fairly savvy, got first job in IT in '68 at Control Data writing Fortran, got first "personal" computer in late > '70's (PDP8), got first used internet connect in early '80s, just after I got my very own XT in '83. Got Windows 2,1 > when it came out, you can probably guess the rest. I have never, to my uncertain knowledge, been infected with anything > prior to this week. Until recently I only used text based mail, I've never had MS Office and I am careful with respect > web browsing, no online shopping etc. I think I know where the download trojans came from - foolishly clicked on a > flash video (I run FF with Flashblock) on a site I thought I could trust - should have checked first. > > The previous rebuild was initiated by significant system upgrade - more memory, more disk (two now, two more in the > wings so that I can stripe & mirror) and a new tube. Also I wasn't happy with my folder structure, ie the rebuild was > not due to infection. > > I am sure I could create the CD, its just that I've not done so. I'm an ardent iconoclast, both visually and audially - > so I dont watch movies, videos, look at pictures or listen to recorded music - if its not the living flesh then as far > as I'm concerned it doesn't exist, hence CD's are not something I use, except as a media from which to install sofware. > > But as you and "FromThe Rafters" have said the safest thing is to rebuild and that's what I'll probably do. However > I'll go through the process you've outlined first. I'm sure it will educate me on an aspect of computing that, until > now, I have thankfully avoided, and at times I've even wondered if it was all just I 'con. > > Oh I found another problem. The Display Properties->Screen Saver keeps getting reset to None, and Display > Properties->Desktop Tab wedges, sometimes the exit button will work, other times I have to get Process Explorer out in > order to kill the rundll32 instance in which Display Properties is running. > </span> CDC! Colossus:The Forbin Project. Used a CDC 469E in PHALANX CIWS. Quote
Guest Leythos Posted April 22, 2008 Posted April 22, 2008 In article <#YSgDqJpIHA.3428@TK2MSFTNGP02.phx.gbl>, nothing@nospamplease.com says...<span style="color:blue"> > CDC! > > Colossus:The Forbin Project. > > Used a CDC 469E in PHALANX CIWS.</span> You quoted all of that to add just three lines ot text? -- - Igitur qui desiderat pacem, praeparet bellum. - Calling an illegal alien an "undocumented worker" is like calling a drug dealer an "unlicensed pharmacist" spam999free@rrohio.com (remove 999 for proper email address) Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.