I apologize for the previous blank post - my hand slipped.
Recently I've had to reinstall Windows several times due to problems with virus attacks, particularly the Blaster worm. Now I continue to have crashes with stop error messages. All the messages appear to be different. I thought there might be driver problems. I tried downloading the patch to SoundBlaster - it appeared to download, but then there was an error in installation. I tried reactivating all my products (NAV 2004, Windows XP, Word 2002, McAfee Firewall) They appeared to be reactivated. I did notice that there's a malware that will prevent downloads, but some of these things were going on prior to even getting online. I haven't reinstalled Spybot or HijackThis or installed AdAware. I have installed SpyWatcher. I've deleted the files it caught. I've installed all the Windows Updates to date including critical updates. (I was able to do this.)
Other things I've done - a complete hardware diagnostic with the Dell diagnostic disk that came with my system - everything's healthy. Opened the box and took out the system fan and cleaned with compressed air. (diagnostic was done after this, so no damage was done in the above cleaning process).
The only thing I haven't done is update the drivers (as mentioned above I'm having difficulty doing this) except the BIOS and this was done as an attempt to solve above problems and I haven't tested the power supply or taken it out to clean its fan (I'm a bit nervous about this - can I vacuum the fan opening from the outside first?). I was saving that for last.
Any help or suggestions or other things to try would be great. Is this some deeply buried virus/trojan that couldn't be taken out with a reformat and repartition? Or is it just some problems with my software due to the frequent changes?
Use these to remove Malware (Virus, Spyware and Adware).
1)
SpyBot Search and Destroy After installing SpyBot Search & Destroy, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all the items it marks in red.
2)
Get Ad-Aware After installing Ad-Aware, and before running the program, first press “check for updates now".
Click "Connect" and install all updated components available. Click 'Finish'.
Press "Scan Now", then 'next', and let Ad-Aware scan your drives.
It will find a number of "bad" files and registry keys. Click 'Next' again.
Check all found items, and click 'next' once more.
It will ask you whether you'd like to remove all checked items. Click OK.
Always reboot the computer between each program - both of these may find things that they need to have a reboot of the machine to clear - please reboot and let them finish .
Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary. Then run, scan, save log, then in notepad copy the FULL log by copy and paste as a reply to this post and an expert with HijackThis Knowldge, will have a go at giving advice. Please note the list of experts names below, very few forum regulars here have had this training.
DO NOT FIX ANYTHING WITH HIJACKTHIS WITHOUT EXPERT ADVICE, most of what it finds you need for normal MS Windows tasks.
Known Spyware HijackThis fighters in DellTalk - If you are, and are not on the list please PM Me.
TomCoyote (of
http://tomcoyote.org/forums/index.php fame)
YoKenny (Accredited Expert at TomCoyotes)
baskar1234 (Teaching Assistant at TomCoyotes, Trusted Advisor Spywareinfo)
ChrisRLG (Classroom Coordinator at TomCoyotes, Trusted Advisor Spywareinfo)
Tuxedo Jack (Teaching Assistant at TomCoyotes, Trusted Advisor Spywareinfo)
Yellowhammer (Trusted Advisor at Net-Integration, First Responder at Computer Cops)
tashi (Helper at Spywareinfo, in training at TomCoyotes)
therock247uk (In Training at TomCoyotes and Spywareinfo)
irelynmisses (In Training at TomCoyotes and Spywareinfo)
Texruss (In Training at TomCoyotes and Spywareinfo)
I, and the other hijack experts mentioned above, are in all those sites (and more) with the same login names. You might get one of us at those sites also to anwser your log, but other experts will also be available.
Here is the HJT file. I wasn't able to download and install spybot or AdAware and the updates to my SpySweeper program didn't install, so I found I'd copied the HJT program to CD and was able to run it from there:
Logfile of HijackThis v1.97.7 Scan saved at 2:39:51 PM, on 4/14/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Here (I hope) is the correct version of the HJT file:
Logfile of HijackThis v1.97.7 Scan saved at 5:22:08 PM, on 4/14/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Spybot s&d, Ad-aware Run weekly - or after a heavy internet session.
Spywareblaster & Spywareguard, first sets kill bits to stop known bad activeX controls installing, second acts like your AV to stop browser hijacks and installing of known badies.
Also ie-spyad (Link on my site), puts 4000 bad sites in your restricted (banned) sites list, to stop you accidentaly getting sent to a bad site, it has optional list of "bad" adult sites to install as well.
All those with links from my site. Do remember just like Anti-Virus they need to be updated regularly, I do mine weekly, Anti-Virus hourly.
With these and a firewall in place I have to try various bad sites when checking peoples hijackthis logs looking to sort bad from good, and I have not yet been infected. Still time for it to happen LOL.
Thanks for the extensive help and info. Unfortunately, yes, I continue to have problems. Maybe I'm in the wrong forum - it just seemed like there've been too many virus/spyware like actions. First the ongoing problems:
When I log on to my administrator account, I sometimes get the infamous blue screen. The stop error messages keep changing and admittedly I have yet to actually test my power supply, but it's only 2 years old.
My system will also crash occasionally when I am signed on and I'm getting different error messages (I haven't written them all down.)
I regularly get the registry recovery box (one of my registry entries has been replaced by a previous log or copy, etc.)
And finally, I'm unable to install updates to my anti-virus or anything else for that matter if it's been downloaded off the internet.
What I've attempted to correct the above (besides running HJT):
After my last clean install - cleaned out the inside of my box using appropriate anti-static precautions, including removing the system fan and cleaning with compressed air. Have also vacuumed the power supply through the vent on the outside.
Done a complete hardware diagnostic with the disk that came with my Dell (purchased around two years ago) - no problems.
Installed the Security Update by Microsoft from the CD and then ran Windows Update after applying the firewall that came with Windows. \
Reactivated Windows, installed Microsoft Works and reactivated Word2002. Installed NAV 2004, downloaded AV defs separately on floppy and installed, downloaded Live Update separately (the newer version) and installed. Managed to download one set of updates and that's it. Did a complete system scan.
Upgraded BIOS from A.0 to A06. Ran chkdsk /f. Installed Norton Utilities 2002 and did a system scan - I did clean up a lot with that, but it didn't solve the problems.
The only sites I visit regularly are hotmail, microsoft, symantec, and now dell. I also subscribe to a variety of PC newsletters from PCWorld and PCMag.
So, the only virus I know for sure that I was hit with was the Blaster Worm - twice at least. I've been trying to repair and diagnose problems since late January.
If I need to go to another forum let me know. I'd like to install those other spyware checkers but I'm having to download on Windows 95 - no CD burner, so can use floppy or zip, only my zipdisks don't seem to translate to XP. I actually have a brand new hard drive, but have put off installing until I can resolve whatever's going on right now to make sure that the same things don't happen with the new drive.
I'm pretty sure I reformatted - I deleted the partition and repartitioned. Booted directly from the CD. One thing that did happen when I did that was that the reactivation was bypassed and it was only later that I realized I needed to reactivate. At that point I did an upgrade with the CD and then was able to reactivate. The only thing that wasn't included in the partition was the 8MB of cache that's usually left on the hard drive.
Well I had another look at your log - and no I can't see any malware, or any sign of it.
I would try the windowsXP board for additional help. It may be that a fresh install may be your only remedy. If so - do activate the windows XP firewall before going for any updates.
If you still think it might be malware (deeper in system than hijackthis can see) you will need to do a startup list for me - they are very large - you may need to split into two posts to be able to post here. Hijackthis - config - misc tools. Check the two boxes below the 'startup log' button before running.
It's been awhile since I've posted here. Unfortunately, I have a full time job, am studying computers, and have a house to take care of. And occasionally having a life. Ok so you don't need to know all that.
Since I last posted however, I've done a number of things. I fdisked my hard drive and decided to install RedHat Linux 9 which I've had on hand for awhile and got the following messages: RAMDISK Compressed image in block 0. And Error 2 - cpio - Bad Magic.
I did the following things - installed new hard drive, installed another 256MB stick of memory - putting that in the first slot and added an Ethernet card - with router and subsequently broadband (linksys card and router). I reinstalled and reactivated XP. Renamed the catroot2 folder. Have Norton Internet Security and Norton Antivirus 2004 with all the latest updates. Ran Spybot and Adaware. Ran HiJackThis.
I've had a couple of blue screen errors all having to do with device drivers and/or memory (no problems per device manager), so I've been updating drivers. Most recently I got the following message again which I was getting constantly before I did the reinstall:
"One of the files containing the system's Registry data had to be recovered by use of a log or alternate copy. The recovery was successful."
Again, I'm posting this message to also the antivirus forum and in addition I'm adding the linux forum
Adiletante
11 Posts
0
April 12th, 2004 19:00
I apologize for the previous blank post - my hand slipped.
Recently I've had to reinstall Windows several times due to problems with virus attacks, particularly the Blaster worm. Now I continue to have crashes with stop error messages. All the messages appear to be different. I thought there might be driver problems. I tried downloading the patch to SoundBlaster - it appeared to download, but then there was an error in installation. I tried reactivating all my products (NAV 2004, Windows XP, Word 2002, McAfee Firewall) They appeared to be reactivated. I did notice that there's a malware that will prevent downloads, but some of these things were going on prior to even getting online. I haven't reinstalled Spybot or HijackThis or installed AdAware. I have installed SpyWatcher. I've deleted the files it caught. I've installed all the Windows Updates to date including critical updates. (I was able to do this.)
Other things I've done - a complete hardware diagnostic with the Dell diagnostic disk that came with my system - everything's healthy. Opened the box and took out the system fan and cleaned with compressed air. (diagnostic was done after this, so no damage was done in the above cleaning process).
The only thing I haven't done is update the drivers (as mentioned above I'm having difficulty doing this) except the BIOS and this was done as an attempt to solve above problems and I haven't tested the power supply or taken it out to clean its fan (I'm a bit nervous about this - can I vacuum the fan opening from the outside first?). I was saving that for last.
Any help or suggestions or other things to try would be great. Is this some deeply buried virus/trojan that couldn't be taken out with a reformat and repartition? Or is it just some problems with my software due to the frequent changes?
Adiletante
ChrisRLG
2 Intern
•
3.9K Posts
0
April 12th, 2004 20:00
1) SpyBot Search and Destroy
After installing SpyBot Search & Destroy, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all the items it marks in red.
2) Get Ad-Aware
After installing Ad-Aware, and before running the program, first press “check for updates now".
Click "Connect" and install all updated components available. Click 'Finish'.
Press "Scan Now", then 'next', and let Ad-Aware scan your drives.
It will find a number of "bad" files and registry keys. Click 'Next' again.
Check all found items, and click 'next' once more.
It will ask you whether you'd like to remove all checked items. Click OK.
Always reboot the computer between each program - both of these may find things that they need to have a reboot of the machine to clear - please reboot and let them finish .
Failing those solving your problems a post of a hijackthis log for the experts to advise.
HijackThis From Here
or one of these other links:-
http://www.merijn.org/files/hijackthis.zip
http://www.aluriasoftware.com/tools/hijackthis.zip
http://mjc1.com/mirror/hjt/
Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary. Then run, scan, save log, then in notepad copy the FULL log by copy and paste as a reply to this post and an expert with HijackThis Knowldge, will have a go at giving advice. Please note the list of experts names below, very few forum regulars here have had this training.
DO NOT FIX ANYTHING WITH HIJACKTHIS WITHOUT EXPERT ADVICE, most of what it finds you need for normal MS Windows tasks.
Known Spyware HijackThis fighters in DellTalk - If you are, and are not on the list please PM Me.
TomCoyote (of http://tomcoyote.org/forums/index.php fame)
YoKenny (Accredited Expert at TomCoyotes)
baskar1234 (Teaching Assistant at TomCoyotes, Trusted Advisor Spywareinfo)
ChrisRLG (Classroom Coordinator at TomCoyotes, Trusted Advisor Spywareinfo)
Tuxedo Jack (Teaching Assistant at TomCoyotes, Trusted Advisor Spywareinfo)
Yellowhammer (Trusted Advisor at Net-Integration, First Responder at Computer Cops)
tashi (Helper at Spywareinfo, in training at TomCoyotes)
therock247uk (In Training at TomCoyotes and Spywareinfo)
irelynmisses (In Training at TomCoyotes and Spywareinfo)
Texruss (In Training at TomCoyotes and Spywareinfo)
You could also go to one of the more specalist forums where more experts will be able to help.
http://tomcoyote.com/forums/index.php
http://forums.spywareinfo.com/index.php
http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi (Home of Spybot S&D)
http://boards.cexx.org/index.php
http://www.wilderssecurity.com/index.php
Do read the sites FAQ before posting, and advise your problem and what steps you have already done to try to cure your problem.
I, and the other hijack experts mentioned above, are in all those sites (and more) with the same login names. You might get one of us at those sites also to anwser your log, but other experts will also be available.
Adiletante
11 Posts
0
April 14th, 2004 20:00
Here is the HJT file. I wasn't able to download and install spybot or AdAware and the updates to my SpySweeper program didn't install, so I found I'd copied the HJT program to CD and was able to run it from there:
Logfile of HijackThis v1.97.7
Scan saved at 2:39:51 PM, on 4/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Messenger\msmsgs.exe
D:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dailyzen.com
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
Hope it helps.
Adiletante
ChrisRLG
2 Intern
•
3.9K Posts
0
April 14th, 2004 20:00
Your log is not complete - please retry and when the notepad come up, use:-
Menu, Edit, Select all, Menu, Copy,
Then paste to this message as a reply.
Adiletante
11 Posts
0
April 14th, 2004 23:00
Here (I hope) is the correct version of the HJT file:
Logfile of HijackThis v1.97.7
Scan saved at 5:22:08 PM, on 4/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dailyzen.com
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38080.6761805556
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab
ChrisRLG
2 Intern
•
3.9K Posts
0
April 15th, 2004 11:00
Your log is clean - are you having any problems. Please give any details. If not :-
=======================
How on earth did I get infected with all that spyware in the first place? http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?;act=ST;f=38;t=3051
Also available from here :- http://www.computercops.biz/postlite7736-.html or http://boards.cexx.org/viewtopic.php?t=957
--------------
Look at the info on my website regarding malware (Link below). Some things you can do to stop getting infected again:-
Spybot s&d, Ad-aware Run weekly - or after a heavy internet session.
Spywareblaster & Spywareguard, first sets kill bits to stop known bad activeX controls installing, second acts like your AV to stop browser hijacks and installing of known badies.
Also ie-spyad (Link on my site), puts 4000 bad sites in your restricted (banned) sites list, to stop you accidentaly getting sent to a bad site, it has optional list of "bad" adult sites to install as well.
All those with links from my site. Do remember just like Anti-Virus they need to be updated regularly, I do mine weekly, Anti-Virus hourly.
With these and a firewall in place I have to try various bad sites when checking peoples hijackthis logs looking to sort bad from good, and I have not yet been infected. Still time for it to happen LOL.
Adiletante
11 Posts
0
April 15th, 2004 12:00
Thanks for the extensive help and info. Unfortunately, yes, I continue to have problems. Maybe I'm in the wrong forum - it just seemed like there've been too many virus/spyware like actions. First the ongoing problems:
When I log on to my administrator account, I sometimes get the infamous blue screen. The stop error messages keep changing and admittedly I have yet to actually test my power supply, but it's only 2 years old.
My system will also crash occasionally when I am signed on and I'm getting different error messages (I haven't written them all down.)
I regularly get the registry recovery box (one of my registry entries has been replaced by a previous log or copy, etc.)
And finally, I'm unable to install updates to my anti-virus or anything else for that matter if it's been downloaded off the internet.
What I've attempted to correct the above (besides running HJT):
After my last clean install - cleaned out the inside of my box using appropriate anti-static precautions, including removing the system fan and cleaning with compressed air. Have also vacuumed the power supply through the vent on the outside.
Done a complete hardware diagnostic with the disk that came with my Dell (purchased around two years ago) - no problems.
Installed the Security Update by Microsoft from the CD and then ran Windows Update after applying the firewall that came with Windows. \
Reactivated Windows, installed Microsoft Works and reactivated Word2002. Installed NAV 2004, downloaded AV defs separately on floppy and installed, downloaded Live Update separately (the newer version) and installed. Managed to download one set of updates and that's it. Did a complete system scan.
Upgraded BIOS from A.0 to A06. Ran chkdsk /f. Installed Norton Utilities 2002 and did a system scan - I did clean up a lot with that, but it didn't solve the problems.
The only sites I visit regularly are hotmail, microsoft, symantec, and now dell. I also subscribe to a variety of PC newsletters from PCWorld and PCMag.
So, the only virus I know for sure that I was hit with was the Blaster Worm - twice at least. I've been trying to repair and diagnose problems since late January.
If I need to go to another forum let me know. I'd like to install those other spyware checkers but I'm having to download on Windows 95 - no CD burner, so can use floppy or zip, only my zipdisks don't seem to translate to XP. I actually have a brand new hard drive, but have put off installing until I can resolve whatever's going on right now to make sure that the same things don't happen with the new drive.
Hope that wasn't too long. Thanks again.
Adiletante.
ChrisRLG
2 Intern
•
3.9K Posts
0
April 15th, 2004 13:00
Adiletante
11 Posts
0
April 15th, 2004 13:00
I'm pretty sure I reformatted - I deleted the partition and repartitioned. Booted directly from the CD. One thing that did happen when I did that was that the reactivation was bypassed and it was only later that I realized I needed to reactivate. At that point I did an upgrade with the CD and then was able to reactivate. The only thing that wasn't included in the partition was the 8MB of cache that's usually left on the hard drive.
ChrisRLG
2 Intern
•
3.9K Posts
0
April 16th, 2004 08:00
Well I had another look at your log - and no I can't see any malware, or any sign of it.
I would try the windowsXP board for additional help. It may be that a fresh install may be your only remedy. If so - do activate the windows XP firewall before going for any updates.
If you still think it might be malware (deeper in system than hijackthis can see) you will need to do a startup list for me - they are very large - you may need to split into two posts to be able to post here.
Hijackthis - config - misc tools.
Check the two boxes below the 'startup log' button before running.
Adiletante
11 Posts
0
June 30th, 2004 16:00
It's been awhile since I've posted here. Unfortunately, I have a full time job, am studying computers, and have a house to take care of. And occasionally having a life. Ok so you don't need to know all that.
Since I last posted however, I've done a number of things. I fdisked my hard drive and decided to install RedHat Linux 9 which I've had on hand for awhile and got the following messages: RAMDISK Compressed image in block 0. And Error 2 - cpio - Bad Magic.
I did the following things - installed new hard drive, installed another 256MB stick of memory - putting that in the first slot and added an Ethernet card - with router and subsequently broadband (linksys card and router). I reinstalled and reactivated XP. Renamed the catroot2 folder. Have Norton Internet Security and Norton Antivirus 2004 with all the latest updates. Ran Spybot and Adaware. Ran HiJackThis.
I've had a couple of blue screen errors all having to do with device drivers and/or memory (no problems per device manager), so I've been updating drivers. Most recently I got the following message again which I was getting constantly before I did the reinstall:
"One of the files containing the system's Registry data had to be recovered by use of a log or alternate copy. The recovery was successful."
Again, I'm posting this message to also the antivirus forum and in addition I'm adding the linux forum