Send the firewall info to me directly: rkinner AT att DOT net
subject: DELL Robertlo
Also
Shutdown all programs. Rightclick on the clock and select Task Manager then Processes then click twice on CPU. The top process should now be System Idle with over 95% of the CPU Usage. IF not what are the top three and what % do they have?
What i cannot understand about this MS04-011__lsass__Exploit is, I called Dell and they put the computer back to factory spec. on I think 1/31/06. And this ms is still popping up in the red box warning from trend micro.
I thought doing this Restore using dell pc restore by symantec would take care of the problem. Now i am thinking maybe it has something to do with this boot sector and these bootable disk. Maybe that is how this is getting inn What makes boot viruses especially nasty is that even if all the files on the system are cleaned and the memory is cleaned, the next time the computer is restarted, the whole infection will come back unless and until the boot sector itself has been cleaned. Besides cleaning the c:\ boot sector, if you ever have a boot virus, be sure to clean every floppy diskette, ZIP, and other removable, bootable disk that you have. You may also want to run a quick scan of the boot sector of any floppies or disks before using them to start your computer (including game disks!).
I do not know how to do this clean up the c boot sector or how to clean every disk. also i do not know hot to run a quick scan on the boot sector of any floppies or disk before using them to start the computer9 including games.
Besides using Dell PC Restore by symantec.. Which did not work to solve this problem,
Maybe;
This will work?
I have the Reinstallation dvd/ cd's
1 Windows XP Media Center Edition 2005 with update rollup2
Remember that if you restore to factory specs you lose all of the Microsoft updates you may have gotten since you bought it. You need to turn on the firewall and go directly to windowsupdate.microsoft.com and get all of the updates before going any where else. Otherwise you can quickly pick up a new infection.
I sort of doubt it's a boot sector virus but you can use a clean pc to download f-prot for dos to a floppy and then use the floppy to boot your PC. It should be able to check for boot sector viruses anyway.
I think I would download Zone Alarm's free firewall and then decline to let it preconfigure itself to let IE out. That way when anything wanted to go to the internet it would have to ask and you would get a clue as to what is going on.
and choose the one on the far right and then decline the trial version if asked. You want the completely free one for home users. You will probably need to turn off the Trend firewall while running Zone Alarm.
I'm wondering if what Trend is screaming about is an incoming packet that tries to exploit the security hole that they keep talking about. That would just mean that someone out there has the infection and their infection is trying to spread itself. It does not mean that you have a weakness or are infected. You will see these with Zone Alarm as attempts to reach your PC on port 139 or 445 often in conjunction with an icmp ping. Zone Alarm will block these. I see them so often on dialup that I turn off the alert. Only when I'm on the company network do I turn the alerts on.
I am really confussed now. What should i do? Also Is there a possiblilty Trend micro PC-cillin Internet Security 12 That is on this computer when i bought it is not working correctly? It is a 90 day trial that came with the computer that expires 2/13/06.
Also What computer security would I buy when this expires?
Ron (still have not received your log but did reply to your PMs)
A Few Recommendations:
Make sure you have System Restore running (toggle it off and On today to get rid of any bad stuff it may have retained) and then you can just go back to an earlier time if you hit a bad site.
One way to make an infection more obvious is to check everything in your current HijackThis and Add to Ignore List then set up Hijackthis to run at boot and to show you if it finds anything new.
Make sure you have removed any older versions of Java or JRE with Control Panel, Add/Remove Programs. Updates do not remove the older versions which have exploitable flaws.
If you are not running the latest version of Adobe you should consider updating. There are reports of a loophole for hackers in pre 7.03 versions. As an alternative you can dump adobe completely and use fox-it instead: http://www.foxitsoftware.com/pdf/rd_intro.php
For the benfit of anyone following this thread. I received his log and it is obvious that the threat is from outside. His computer is not infected. This is what I sent him:
"It's what I thought. You are being attacked by a couple of other computers that
are probably infected with something. You do not have a problem on your
computer. Trend is playing Chicken Little and claiming the sky is falling. The
owners of the computers with IP addresses:
63.236.245.174
and
63.236.244.106
are infected with something. Or they just could be poorly setup. I notice the
same IP addresses also hit you on port 135 and Trend did not get upset even tho
that is just as bad. I would get Zone Alarm and dump Trend."
Your PC does not have an infection. Someone else on your ISP's network has an infection and their infection is trying to connect to your machine in order to infect it. Trend is being stupid. As long as you have a firewall running you should be safe from attacks like that.
If you go to
http://windowsupdate.microsoft.com and get all of the currently available updates you can be sure that you no longer are vulnerable to the exploit.
Then I would get Zone Alarm and save it to the desktop. Then disconnect from the internet and uninstall Trend. Then install Zone Alarm. Then you can connect to the internet again.
Finally the computer is fine. Here is what i finally had to do to stop the pop-up and notifications the Network emergency center has detected a virus and has blocked it.
First off I i got rid of trend micro pc- cillin internet security 12. then i downloaded AVG and zone alarm and spybot s&d.. Well I thought the noitfications where too much from trend micro but they where nothing compared to zone alarm.
Zone alarm was blocking everthing every 5 minutes 10 minutes 15 minutes.
Solution; AS PER RON'S suggestion if i were to restore to factory specs.
I took the computer back to factory specs. Meaning I Restored
the computer to the operating state it was in when i purchased the computer.
Using Dell TM Restore by Symantec. I had done this before about 2 times but still had the problem because, TREND MICRO is the first thing that comes back up on the screen and one automatically clicks on the agreement licence and trend micro starts working. ( this is a NO NO NO...)
One gets very confussed with all the popup's to click on when the computer is restored.' First thing that come up is TREND MICRO. everyone has to click on the DISAGREE on the licence agreement, and then go directly to MICROSOFT and download all the updates!!!!!
I had to go back and check several time to make sure i had all the up dates . It takes about 2 hour to do this using dial up to connect to the internet. WARNING.... If you do not have all the update from microsoft you will still have the same problems.
Next I got all the updates from Dell. Then a shut down the computer and rebooted it and this time agreed to tren-micro pc-cillin internet security 12.
The internet is a dangerous place these days as you saw from the alarms. At least with Zone Alarm it was not telling you that your computer was infected. Just that it was under attack but these days that is normal. That is why I strongly recommend thaat everyone run a firewall.
Ron
A few recommendations:
Make sure you have System Restore running (toggle it off and On today to get rid of any bad stuff it may have retained)
and then you can just go back to an earlier time if you hit a bad site.
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx One way to make an infection more obvious is to check everything in your current HijackThis and Add to Ignore List then set up Hijackthis to run at boot and to show you if it finds anything new.
RKinner
2 Intern
•
5.9K Posts
0
February 2nd, 2006 00:00
I think what you are seeing is a false positive in reaction to one of HP's stupid programs that checks every 15 minutes for an update.
Check these two then Fix Checked.
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Reboot afterwards and see if the problem stops.
If it doesn't help you can restore them by Hijackthis, View List of Backups then check them and Restore.
Ron
RKinner
2 Intern
•
5.9K Posts
0
February 2nd, 2006 17:00
Send the firewall info to me directly: rkinner AT att DOT net
subject: DELL Robertlo
Also
Shutdown all programs. Rightclick on the clock and select Task Manager then Processes then click twice on CPU. The top process should now be System Idle with over 95% of the CPU Usage. IF not what are the top three and what % do they have?
Ron
Robertlo
12 Posts
0
February 2nd, 2006 17:00
Ron,
I check the two things you said to check and them fix checked and reboot last night at 10pm.
This morning I got more pop-ups saying ;
Network virus emergency center detected and blocked a network virus
advise preforming a manual scan and activate the energency lock.
for MS04-011__LSAAS__EXPLOIT. I Tried to post the firewall f rom Trend micro
but it is over 20000 charters. Thought that might help you.
Robert 2/2/06 2;13pm
Robertlo
12 Posts
0
February 2nd, 2006 21:00
RKinner
2 Intern
•
5.9K Posts
0
February 2nd, 2006 23:00
Robertlo
12 Posts
0
February 3rd, 2006 02:00
Robertlo
12 Posts
0
February 3rd, 2006 10:00
Ron
I am really confussed now. What should i do? Also Is there a possiblilty Trend micro PC-cillin Internet Security 12 That is on this computer when i bought it is not working correctly? It is a 90 day trial that came with the computer that expires 2/13/06.
Also What computer security would I buy when this expires?
Thanks Robert 2/2/06 7:39am
RKinner
2 Intern
•
5.9K Posts
0
February 3rd, 2006 16:00
I have heard some really good things about kaspersky's.
http://usa.kaspersky.com/downloads/trial-versions.php
There are also several free antivirus programs.
avast
http://www.avast.com/eng/download-avast-home.html
avg
http://free.grisoft.com/doc/1
If you use one of the free programs and zone alarm and add Microsoft AntiSpy
http://www.microsoft.com/athome/security/downloads/default.mspx
and/or
Spybot S&D
http://www.safer-networking.org/en/download/index.html
You should be OK.
Ron (still have not received your log but did reply to your PMs)
A Few Recommendations:
Make sure you have System Restore running (toggle it off and On today to get rid of any bad stuff it may have retained)
and then you can just go back to an earlier time if you hit a bad site.
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx
One way to make an infection more obvious is to check everything in your current HijackThis and Add to Ignore List then set up Hijackthis to run at boot and to show you if it finds anything new.
To avoid going to a bad site you might want to install IE-SpyAd and SpywareBlaster and make the other changes recommended at:.
http://www.mvps.org/winhelp2002/restricted.htm
I used to recommend Spybot's Immunize system but have recently learned it is not as good as the one at:
http://www.mvps.org/winhelp2002/hosts.htm
Always run a firewall. The one in XP SP2 is pretty good tho I think the free one from Zone Alarm is better.
http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_freedownloads
Turn on Autoupdates so you always get the latest patches from Windows.
Never hurts to do one of the free on line scans from Panda or Trend. They take a while but are pretty good.
www.pandasoftware.com/activescan/activescan.asp?
http://housecall.trendmicro.com/
In addition to Microsoft AntiSpy
http://www.microsoft.com/athome/security/downloads/default.mspx
I like to run Spybot S&D.
http://www.safer-networking.org/en/download/index.html
Also like to run AdAware once in a while.
http://www.lavasoftusa.com/software/adaware/
Get the latest version of
Java:
http://www.java.com/en/download/windows_automatic.jsp
Make sure you have removed any older versions of Java or JRE with Control Panel, Add/Remove Programs. Updates do not remove the older versions which have exploitable flaws.
If you are not running the latest version of Adobe you should consider updating. There are reports of a loophole for hackers in pre 7.03 versions.
As an alternative you can dump adobe completely and use fox-it instead:
http://www.foxitsoftware.com/pdf/rd_intro.php
Robertlo
12 Posts
0
February 5th, 2006 10:00
Ron,
I tried to send you the Firewall Log and It was returned to me from prostmaster undeliverable.
I sent it to rkinner@DOT.net Please sent me y our e-mail to me at rfl@cros.net And I will see if i can
resend at a correct e-mail address to you.
Thanks
Robert 2/5/06 7:31am
RKinner
2 Intern
•
5.9K Posts
0
February 5th, 2006 23:00
are probably infected with something. You do not have a problem on your
computer. Trend is playing Chicken Little and claiming the sky is falling. The
owners of the computers with IP addresses:
63.236.245.174
and
63.236.244.106
same IP addresses also hit you on port 135 and Trend did not get upset even tho
that is just as bad. I would get Zone Alarm and dump Trend."
RKinner
2 Intern
•
5.9K Posts
0
February 6th, 2006 23:00
Robertlo
12 Posts
0
February 6th, 2006 23:00
Ron,
If I uninstall Trend Micro and get another anti virus program. Will the new program get rid of the ms04-011 on my computer ?
Thanks Robert 8:12pm 2/6/06
Robertlo
12 Posts
0
February 11th, 2006 23:00
RKinner
2 Intern
•
5.9K Posts
0
February 12th, 2006 11:00
Make sure you have System Restore running (toggle it off and On today to get rid of any bad stuff it may have retained)
and then you can just go back to an earlier time if you hit a bad site.
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx
One way to make an infection more obvious is to check everything in your current HijackThis and Add to Ignore List then set up Hijackthis to run at boot and to show you if it finds anything new.
To avoid going to a bad site you might want to install IE-SpyAd and SpywareBlaster and make the other changes recommended at:.
http://www.mvps.org/winhelp2002/restricted.htm
I used to recommend Spybot's Immunize system but have recently learned it is not as good as the one at:
http://www.mvps.org/winhelp2002/hosts.htm
Always run a firewall. The one in XP SP2 is pretty good tho I think the free one from Zone Alarm is better.
Turn on Autoupdates so you always get the latest patches from Windows.
Never hurts to do one of the free on line scans from Panda or Trend. They take a while but are pretty good.
www.pandasoftware.com/activescan/activescan.asp?
http://housecall.trendmicro.com/
In addition to Microsoft AntiSpy
http://www.microsoft.com/athome/security/downloads/default.mspx
I like to run Spybot S&D.
http://www.safer-networking.org/en/download/index.html
Also like to run AdAware once in a while.
http://www.lavasoftusa.com/software/adaware/
Get the latest version of
Java:
http://www.java.com/en/download/windows_automatic.jsp
Make sure you have removed any older versions of Java or JRE with Control Panel, Add/Remove Programs. Updates do not remove the older versions which have exploitable flaws.
If you are not running the latest version of Adobe you should consider updating. There are reports of a loophole for hackers in pre 7.03 versions.
As an alternative you can dump adobe completely and use fox-it instead:
http://www.foxitsoftware.com/pdf/rd_intro.php