Infected with something - need some hekp please

[Urbane Tiger]

I have several symptoms that make me think I have an infected system, it is a stand alone single user Intel 6600 on a
Gigabyte P965-S3 motherword - 3G Ram, 2x 250G disks, ADSL2+ connection to 'net. System is administered by me, its
owner, XP/Home-SP3, WU is on, Firewall is On, Defender & AVG Free is/was/are my malware shields. Full system scans are
run every day and internet functions in AVG and Defender are on.

Symptoms are as follows

1. Task Manager has been disabled in the Taskbar context menu - have tried to reinstate via services.msc in normal and
safe mode to no avail, also cannot load Task Manager with Ctl/AltDel. Ran ProcessExplorer and made it my Task Manager,
it can be invoked via keyboard but not via Taskbar.

2. I run Windows Live Mail (WLM) as my desktop mail client, when WLM starts I get a dialogue box telling me I should
compress the Outlook Express folders, this is spurious. I recently reformatted by hard disk and reinstalled Windows XP,
as part of the install process I disabled/uninstalled Outlook Express and Messenger as I knew I would be using the
equivalent Windows Live compenets. To date I have answer responded to this by clicking the Cancel button. Another
reason I think the dialogue box is spurious is that it also "pops up" when I run the Belarc system info program.

3. I dont use IE much - Firefox is my preferred browser. I cannot close Tabs in IE7, I'm sure I would have noticed
that had it always been so, sometimes IE spins when loading a page and the cancel (red diagonal cross) button wont
cease the transmission and cannot close IE itself, it must be killed via process explorer.

AVG found a downloader Trojan which I vaulted, Defender has not reported any problems.

I had already made the decision to upgrade this freeware collection of malware sheilds with a commercial product, after
some research I had more or less settled on the product from the Kapersky (K) - so I escalated the decision to get K
Internet Suite Version 7 (KIS7) which I've done.

I ran a full scan and KIS7 found 2 instances of the win32.Monder trojan which are in quarantine.

The various symptoms are still extant.

There were a couple of issues I wanted to raise in the support forum, K's forum requires that one a) installs
SysInternals GetSystemInfo, b) runs it and c) sends output with forum posting.

So I downloaded GetSysInfo, unxipped it, put it where all the other SysInternals programs are and ran it. It crashed,
not just the SysiInfernals program but the whole enchilada, XP blackout, kaputski. On restart XP sent a crash report to
MS it then tried to do something which also crashed, although get itself, this sent me into the "Apollo13 has a problem,
Houston process, I answered its questions - it suggested that I down load something to do with memory testing which I'd
need to burn into a CD as a bootable image and boot from that CD. I have NOT done that, a) I dont have an blank CD's b)
I dont know how to burn an ordinary CD let alone a bootable one - and how do I know this is not another manfestatin of
the virus.

I'm thinking of rebuilding system, but would obviously prefer that I dont have to do that.

 

[FromTheRafters]

"Urbane Tiger" <urbane.tiger@tpg.com.au> wrote in message
news:sjlh04lebpi1n8m7j4r0i7gnnleoqcc276@4ax.com...
>I have several symptoms that make me think I have an infected system, it is
>a stand alone single user Intel 6600 on a
> Gigabyte P965-S3 motherword - 3G Ram, 2x 250G disks, ADSL2+ connection to
> 'net. System is administered by me, its
> owner, XP/Home-SP3, WU is on, Firewall is On, Defender & AVG Free
> is/was/are my malware shields. Full system scans are
> run every day and internet functions in AVG and Defender are on.
>
> Symptoms are as follows
>
> 1. Task Manager has been disabled in the Taskbar context menu - have
> tried to reinstate via services.msc in normal and
> safe mode to no avail, also cannot load Task Manager with Ctl/AltDel. Ran
> ProcessExplorer and made it my Task Manager,
> it can be invoked via keyboard but not via Taskbar.
>
> 2. I run Windows Live Mail (WLM) as my desktop mail client, when WLM
> starts I get a dialogue box telling me I should
> compress the Outlook Express folders, this is spurious. I recently
> reformatted by hard disk and reinstalled Windows XP,
> as part of the install process I disabled/uninstalled Outlook Express and
> Messenger as I knew I would be using the
> equivalent Windows Live compenets. To date I have answer responded to
> this by clicking the Cancel button. Another
> reason I think the dialogue box is spurious is that it also "pops up" when
> I run the Belarc system info program.
>
> 3. I dont use IE much - Firefox is my preferred browser. I cannot close
> Tabs in IE7, I'm sure I would have noticed
> that had it always been so, sometimes IE spins when loading a page and the
> cancel (red diagonal cross) button wont
> cease the transmission and cannot close IE itself, it must be killed via
> process explorer.
>
> AVG found a downloader Trojan which I vaulted, Defender has not reported
> any problems.
>
> I had already made the decision to upgrade this freeware collection of
> malware sheilds with a commercial product, after
> some research I had more or less settled on the product from the Kapersky
> (K) - so I escalated the decision to get K
> Internet Suite Version 7 (KIS7) which I've done.
>
> I ran a full scan and KIS7 found 2 instances of the win32.Monder trojan
> which are in quarantine.
>
> The various symptoms are still extant.
>
> There were a couple of issues I wanted to raise in the support forum, K's
> forum requires that one a) installs
> SysInternals GetSystemInfo, b) runs it and c) sends output with forum
> posting.
>
> So I downloaded GetSysInfo, unxipped it, put it where all the other
> SysInternals programs are and ran it. It crashed,
> not just the SysiInfernals program but the whole enchilada, XP blackout,
> kaputski. On restart XP sent a crash report to
> MS it then tried to do something which also crashed, although get itself,
> this sent me into the "Apollo13 has a problem,
> Houston process, I answered its questions - it suggested that I down load
> something to do with memory testing which I'd
> need to burn into a CD as a bootable image and boot from that CD. I have
> NOT done that, a) I dont have an blank CD's b)
> I dont know how to burn an ordinary CD let alone a bootable one - and how
> do I know this is not another manfestatin of
> the virus.
>
> I'm thinking of rebuilding system, but would obviously prefer that I dont
> have to do that.

Personally, I would prefer to flatten/rebuild. You might achieve the
same results by hitting it with everything you can (David Lipman's
tool would be a great start), but your confidence level will suffer
because of the unknown malware the downloader trojan might
have downloaded and installed.

 

[Malke]

Urbane Tiger wrote:

> I have several symptoms that make me think I have an infected system, it
> is a stand alone single user Intel 6600 on a
> Gigabyte P965-S3 motherword - 3G Ram, 2x 250G disks, ADSL2+ connection to
> 'net. System is administered by me, its
> owner, XP/Home-SP3, WU is on, Firewall is On, Defender & AVG Free
> is/was/are my malware shields. Full system scans are run every day and
> internet functions in AVG and Defender are on.
>
> Symptoms are as follows
>
> 1. Task Manager has been disabled in the Taskbar context menu - have
> tried to reinstate via services.msc in normal and
> safe mode to no avail, also cannot load Task Manager with Ctl/AltDel. Ran
> ProcessExplorer and made it my Task Manager, it can be invoked via
> keyboard but not via Taskbar.
>
> 2. I run Windows Live Mail (WLM) as my desktop mail client, when WLM
> starts I get a dialogue box telling me I should
> compress the Outlook Express folders, this is spurious. I recently
> reformatted by hard disk and reinstalled Windows XP, as part of the
> install process I disabled/uninstalled Outlook Express and Messenger as I
> knew I would be using the
> equivalent Windows Live compenets. To date I have answer responded to
> this by clicking the Cancel button. Another reason I think the dialogue
> box is spurious is that it also "pops up" when I run the Belarc system
> info program.
>
> 3. I dont use IE much - Firefox is my preferred browser. I cannot close
> Tabs in IE7, I'm sure I would have noticed
> that had it always been so, sometimes IE spins when loading a page and the
> cancel (red diagonal cross) button wont cease the transmission and cannot
> close IE itself, it must be killed via process explorer.
>
> AVG found a downloader Trojan which I vaulted, Defender has not reported
> any problems.
>
> I had already made the decision to upgrade this freeware collection of
> malware sheilds with a commercial product, after some research I had more
> or less settled on the product from the Kapersky (K) - so I escalated the
> decision to get K Internet Suite Version 7 (KIS7) which I've done.
>
> I ran a full scan and KIS7 found 2 instances of the win32.Monder trojan
> which are in quarantine.
>
> The various symptoms are still extant.
>
> There were a couple of issues I wanted to raise in the support forum, K's
> forum requires that one a) installs SysInternals GetSystemInfo, b) runs it
> and c) sends output with forum posting.
>
> So I downloaded GetSysInfo, unxipped it, put it where all the other
> SysInternals programs are and ran it. It crashed,
> not just the SysiInfernals program but the whole enchilada, XP blackout,
> kaputski. On restart XP sent a crash report to MS it then tried to do
> something which also crashed, although get itself, this sent me into the
> "Apollo13 has a problem, Houston process, I answered its questions - it
> suggested that I down load something to do with memory testing which I'd
> need to burn into a CD as a bootable image and boot from that CD. I have
> NOT done that, a) I dont have an blank CD's b) I dont know how to burn an
> ordinary CD let alone a bootable one - and how do I know this is not
> another manfestatin of the virus.
>
> I'm thinking of rebuilding system, but would obviously prefer that I dont
> have to do that.

And you're getting all this *after* you've done a clean install of Windows
because of previous infection? I must be misunderstanding your post. You
must have downloaded something bad, perhaps some dodgy codecs so you could
watch something maybe?

I don't understand your penultimate paragraph you seem pretty
computer-savvy and yet you say you don't know how to burn a CD? If you just
mean you don't know how to burn a CD on an infected system, you wouldn't do
that anyway. You always get all tools, updates, etc. on a known-clean
computer that isn't connected to the infected one in any way.

I'll give you my standard malware removal steps, but as "FromTheRafters"
said you may just want to flatten and rebuild. Make really sure you aren't
installing something that is malware and just reinfecting yourself. Or you
may want a professional to take a look. Having someone who knows what
they're doing take a look at the system always has the possibility of being
more efficient and accurate than getting input from people who can't
actually see the computer. That said, here you go:

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://tinyurl.com/yoeru3 - download link and more instructions

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, get guided help. Choose one of the specialty forums
listed at the first link. Register and read its posting FAQ. You will
generally be asked to:

1. Download and execute HiJack This! (HJT) -
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

2. Disable Notepad's word wrap - In Notepad.exe Format --> uncheck "Word
wrap"

3. Download/run Deckard's System Scanner -
http://www.techsupportforum.com/sectools/Deckard/dss.exe

4. Save the scan results (Main.txt and Extra.txt)

5. And then post the contents of Main.txt and Extra.txt in your post at the
forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS.

Standard disclaimer: I can't see and test your computer myself, so these are
just suggestions based on many years of being a professional computer tech
suggestions based on what you've written. You should not take my
suggestions as a definitive diagnosis. If you can't do the work yourself
(and there is no shame in admitting this isn't your cup of tea), take the
machine to a professional computer repair shop (not your local equivalent
of BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may be
so infested that Windows will need to be clean-installed. If possible, have
all your data backed up before you take the machine into a shop.

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!

 

[Urbane Tiger]

On Fri, 18 Apr 2008 13:46:56 -0700, Malke <malke@invalid.invalid> wrote:

>Urbane Tiger wrote:
>
>> I have several symptoms that make me think I have an infected system, it
>> is a stand alone single user Intel 6600 on a
>> Gigabyte P965-S3 motherword - 3G Ram, 2x 250G disks, ADSL2+ connection to
>> 'net. System is administered by me, its
>> owner, XP/Home-SP3, WU is on, Firewall is On, Defender & AVG Free
>> is/was/are my malware shields. Full system scans are run every day and
>> internet functions in AVG and Defender are on.
>>
>> Symptoms are as follows
>>
>> 1. Task Manager has been disabled in the Taskbar context menu - have
>> tried to reinstate via services.msc in normal and
>> safe mode to no avail, also cannot load Task Manager with Ctl/AltDel. Ran
>> ProcessExplorer and made it my Task Manager, it can be invoked via
>> keyboard but not via Taskbar.
>>
>> 2. I run Windows Live Mail (WLM) as my desktop mail client, when WLM
>> starts I get a dialogue box telling me I should
>> compress the Outlook Express folders, this is spurious. I recently
>> reformatted by hard disk and reinstalled Windows XP, as part of the
>> install process I disabled/uninstalled Outlook Express and Messenger as I
>> knew I would be using the
>> equivalent Windows Live compenets. To date I have answer responded to
>> this by clicking the Cancel button. Another reason I think the dialogue
>> box is spurious is that it also "pops up" when I run the Belarc system
>> info program.
>>
>> 3. I dont use IE much - Firefox is my preferred browser. I cannot close
>> Tabs in IE7, I'm sure I would have noticed
>> that had it always been so, sometimes IE spins when loading a page and the
>> cancel (red diagonal cross) button wont cease the transmission and cannot
>> close IE itself, it must be killed via process explorer.
>>
>> AVG found a downloader Trojan which I vaulted, Defender has not reported
>> any problems.
>>
>> I had already made the decision to upgrade this freeware collection of
>> malware sheilds with a commercial product, after some research I had more
>> or less settled on the product from the Kapersky (K) - so I escalated the
>> decision to get K Internet Suite Version 7 (KIS7) which I've done.
>>
>> I ran a full scan and KIS7 found 2 instances of the win32.Monder trojan
>> which are in quarantine.
>>
>> The various symptoms are still extant.
>>
>> There were a couple of issues I wanted to raise in the support forum, K's
>> forum requires that one a) installs SysInternals GetSystemInfo, b) runs it
>> and c) sends output with forum posting.
>>
>> So I downloaded GetSysInfo, unxipped it, put it where all the other
>> SysInternals programs are and ran it. It crashed,
>> not just the SysiInfernals program but the whole enchilada, XP blackout,
>> kaputski. On restart XP sent a crash report to MS it then tried to do
>> something which also crashed, although get itself, this sent me into the
>> "Apollo13 has a problem, Houston process, I answered its questions - it
>> suggested that I down load something to do with memory testing which I'd
>> need to burn into a CD as a bootable image and boot from that CD. I have
>> NOT done that, a) I dont have an blank CD's b) I dont know how to burn an
>> ordinary CD let alone a bootable one - and how do I know this is not
>> another manfestatin of the virus.
>>
>> I'm thinking of rebuilding system, but would obviously prefer that I dont
>> have to do that.
>
>And you're getting all this *after* you've done a clean install of Windows
>because of previous infection? I must be misunderstanding your post. You
>must have downloaded something bad, perhaps some dodgy codecs so you could
>watch something maybe?
>
>I don't understand your penultimate paragraph you seem pretty
>computer-savvy and yet you say you don't know how to burn a CD? If you just
>mean you don't know how to burn a CD on an infected system, you wouldn't do
>that anyway. You always get all tools, updates, etc. on a known-clean
>computer that isn't connected to the infected one in any way.
>
>I'll give you my standard malware removal steps, but as "FromTheRafters"
>said you may just want to flatten and rebuild. Make really sure you aren't
>installing something that is malware and just reinfecting yourself. Or you
>may want a professional to take a look. Having someone who knows what
>they're doing take a look at the system always has the possibility of being
>more efficient and accurate than getting input from people who can't
>actually see the computer. That said, here you go:
>
>Go through these general malware removal steps systematically -
>http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
>Include scanning with David Lipman's Multi_AV and follow instructions to do
>all scans in Safe Mode.
>
>http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
>http://tinyurl.com/yoeru3 - download link and more instructions
>
>You can also check to see if there are targeted removal steps for your
>malware here:
>Bleeping Computer removal how-to's -
>http://www.bleepingcomputer.com/forums/forum55.html
>
>When all else fails, get guided help. Choose one of the specialty forums
>listed at the first link. Register and read its posting FAQ. You will
>generally be asked to:
>
>1. Download and execute HiJack This! (HJT) -
>http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
>
>2. Disable Notepad's word wrap - In Notepad.exe Format --> uncheck "Word
>wrap"
>
>3. Download/run Deckard's System Scanner -
>http://www.techsupportforum.com/sectools/Deckard/dss.exe
>
>4. Save the scan results (Main.txt and Extra.txt)
>
>5. And then post the contents of Main.txt and Extra.txt in your post at the
>forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS.
>
>Standard disclaimer: I can't see and test your computer myself, so these are
>just suggestions based on many years of being a professional computer tech
>suggestions based on what you've written. You should not take my
>suggestions as a definitive diagnosis. If you can't do the work yourself
>(and there is no shame in admitting this isn't your cup of tea), take the
>machine to a professional computer repair shop (not your local equivalent
>of BigComputerStore/GeekSquad). Please be aware that not all local shops
>are skilled at removing malware and even if they are, your computer may be
>so infested that Windows will need to be clean-installed. If possible, have
>all your data backed up before you take the machine into a shop.
>
>Malke


Thanks for this - I'll follow your suggestions, I've already run HJT

Yes I'm fairly savvy, got first job in IT in '68 at Control Data writing Fortran, got first "personal" computer in late
'70's (PDP8), got first used internet connect in early '80s, just after I got my very own XT in '83. Got Windows 2,1
when it came out, you can probably guess the rest. I have never, to my uncertain knowledge, been infected with anything
prior to this week. Until recently I only used text based mail, I've never had MS Office and I am careful with respect
web browsing, no online shopping etc. I think I know where the download trojans came from - foolishly clicked on a
flash video (I run FF with Flashblock) on a site I thought I could trust - should have checked first.

The previous rebuild was initiated by significant system upgrade - more memory, more disk (two now, two more in the
wings so that I can stripe & mirror) and a new tube. Also I wasn't happy with my folder structure, ie the rebuild was
not due to infection.

I am sure I could create the CD, its just that I've not done so. I'm an ardent iconoclast, both visually and audially -
so I dont watch movies, videos, look at pictures or listen to recorded music - if its not the living flesh then as far
as I'm concerned it doesn't exist, hence CD's are not something I use, except as a media from which to install sofware.

But as you and "FromThe Rafters" have said the safest thing is to rebuild and that's what I'll probably do. However
I'll go through the process you've outlined first. I'm sure it will educate me on an aspect of computing that, until
now, I have thankfully avoided, and at times I've even wondered if it was all just I 'con.

Oh I found another problem. The Display Properties->Screen Saver keeps getting reset to None, and Display
Properties->Desktop Tab wedges, sometimes the exit button will work, other times I have to get Process Explorer out in
order to kill the rundll32 instance in which Display Properties is running.

 

[Malke]

Urbane Tiger wrote:

> Yes I'm fairly savvy, got first job in IT in '68 at Control Data writing
> Fortran, got first "personal" computer in late
> '70's (PDP8), got first used internet connect in early '80s, just after I
> got my very own XT in '83. Got Windows 2,1
> when it came out, you can probably guess the rest. I have never, to my
> uncertain knowledge, been infected with anything
> prior to this week. Until recently I only used text based mail, I've
> never had MS Office and I am careful with respect
> web browsing, no online shopping etc. I think I know where the download
> trojans came from - foolishly clicked on a flash video (I run FF with
> Flashblock) on a site I thought I could trust - should have checked first.
>
> The previous rebuild was initiated by significant system upgrade - more
> memory, more disk (two now, two more in the
> wings so that I can stripe & mirror) and a new tube. Also I wasn't happy
> with my folder structure, ie the rebuild was not due to infection.
>
> I am sure I could create the CD, its just that I've not done so. I'm an
> ardent iconoclast, both visually and audially - so I dont watch movies,
> videos, look at pictures or listen to recorded music - if its not the
> living flesh then as far as I'm concerned it doesn't exist, hence CD's are
> not something I use, except as a media from which to install sofware.
>
> But as you and "FromThe Rafters" have said the safest thing is to rebuild
> and that's what I'll probably do. However
> I'll go through the process you've outlined first. I'm sure it will
> educate me on an aspect of computing that, until now, I have thankfully
> avoided, and at times I've even wondered if it was all just I 'con.
>
> Oh I found another problem. The Display Properties->Screen Saver keeps
> getting reset to None, and Display Properties->Desktop Tab wedges,
> sometimes the exit button will work, other times I have to get Process
> Explorer out in order to kill the rundll32 instance in which Display
> Properties is running.

My best suggestion to you is to flatten and rebuild. Purchase an external
hard drive and imaging software such as Acronis True Image and image your
new install. Store the image on the external hard drive. This makes
restoration of your perfectly working system a matter of minutes.

http://michaelstevenstech.com/cleanxpinstall.html - Clean Install How-To
http://www.elephantboycomputers.com/page2.html#Reinstalling_Windows - What
you will need on-hand

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!

 

[M]

Urbane Tiger wrote:
> On Fri, 18 Apr 2008 13:46:56 -0700, Malke <malke@invalid.invalid> wrote:
>
>> Urbane Tiger wrote:
>>
>>> I have several symptoms that make me think I have an infected system, it
>>> is a stand alone single user Intel 6600 on a
>>> Gigabyte P965-S3 motherword - 3G Ram, 2x 250G disks, ADSL2+ connection to
>>> 'net. System is administered by me, its
>>> owner, XP/Home-SP3, WU is on, Firewall is On, Defender & AVG Free
>>> is/was/are my malware shields. Full system scans are run every day and
>>> internet functions in AVG and Defender are on.
>>>
>>> Symptoms are as follows
>>>
>>> 1. Task Manager has been disabled in the Taskbar context menu - have
>>> tried to reinstate via services.msc in normal and
>>> safe mode to no avail, also cannot load Task Manager with Ctl/AltDel. Ran
>>> ProcessExplorer and made it my Task Manager, it can be invoked via
>>> keyboard but not via Taskbar.
>>>
>>> 2. I run Windows Live Mail (WLM) as my desktop mail client, when WLM
>>> starts I get a dialogue box telling me I should
>>> compress the Outlook Express folders, this is spurious. I recently
>>> reformatted by hard disk and reinstalled Windows XP, as part of the
>>> install process I disabled/uninstalled Outlook Express and Messenger as I
>>> knew I would be using the
>>> equivalent Windows Live compenets. To date I have answer responded to
>>> this by clicking the Cancel button. Another reason I think the dialogue
>>> box is spurious is that it also "pops up" when I run the Belarc system
>>> info program.
>>>
>>> 3. I dont use IE much - Firefox is my preferred browser. I cannot close
>>> Tabs in IE7, I'm sure I would have noticed
>>> that had it always been so, sometimes IE spins when loading a page and the
>>> cancel (red diagonal cross) button wont cease the transmission and cannot
>>> close IE itself, it must be killed via process explorer.
>>>
>>> AVG found a downloader Trojan which I vaulted, Defender has not reported
>>> any problems.
>>>
>>> I had already made the decision to upgrade this freeware collection of
>>> malware sheilds with a commercial product, after some research I had more
>>> or less settled on the product from the Kapersky (K) - so I escalated the
>>> decision to get K Internet Suite Version 7 (KIS7) which I've done.
>>>
>>> I ran a full scan and KIS7 found 2 instances of the win32.Monder trojan
>>> which are in quarantine.
>>>
>>> The various symptoms are still extant.
>>>
>>> There were a couple of issues I wanted to raise in the support forum, K's
>>> forum requires that one a) installs SysInternals GetSystemInfo, b) runs it
>>> and c) sends output with forum posting.
>>>
>>> So I downloaded GetSysInfo, unxipped it, put it where all the other
>>> SysInternals programs are and ran it. It crashed,
>>> not just the SysiInfernals program but the whole enchilada, XP blackout,
>>> kaputski. On restart XP sent a crash report to MS it then tried to do
>>> something which also crashed, although get itself, this sent me into the
>>> "Apollo13 has a problem, Houston process, I answered its questions - it
>>> suggested that I down load something to do with memory testing which I'd
>>> need to burn into a CD as a bootable image and boot from that CD. I have
>>> NOT done that, a) I dont have an blank CD's b) I dont know how to burn an
>>> ordinary CD let alone a bootable one - and how do I know this is not
>>> another manfestatin of the virus.
>>>
>>> I'm thinking of rebuilding system, but would obviously prefer that I dont
>>> have to do that.
>> And you're getting all this *after* you've done a clean install of Windows
>> because of previous infection? I must be misunderstanding your post. You
>> must have downloaded something bad, perhaps some dodgy codecs so you could
>> watch something maybe?
>>
>> I don't understand your penultimate paragraph you seem pretty
>> computer-savvy and yet you say you don't know how to burn a CD? If you just
>> mean you don't know how to burn a CD on an infected system, you wouldn't do
>> that anyway. You always get all tools, updates, etc. on a known-clean
>> computer that isn't connected to the infected one in any way.
>>
>> I'll give you my standard malware removal steps, but as "FromTheRafters"
>> said you may just want to flatten and rebuild. Make really sure you aren't
>> installing something that is malware and just reinfecting yourself. Or you
>> may want a professional to take a look. Having someone who knows what
>> they're doing take a look at the system always has the possibility of being
>> more efficient and accurate than getting input from people who can't
>> actually see the computer. That said, here you go:
>>
>> Go through these general malware removal steps systematically -
>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>
>> Include scanning with David Lipman's Multi_AV and follow instructions to do
>> all scans in Safe Mode.
>>
>> http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
>> http://tinyurl.com/yoeru3 - download link and more instructions
>>
>> You can also check to see if there are targeted removal steps for your
>> malware here:
>> Bleeping Computer removal how-to's -
>> http://www.bleepingcomputer.com/forums/forum55.html
>>
>> When all else fails, get guided help. Choose one of the specialty forums
>> listed at the first link. Register and read its posting FAQ. You will
>> generally be asked to:
>>
>> 1. Download and execute HiJack This! (HJT) -
>> http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
>>
>> 2. Disable Notepad's word wrap - In Notepad.exe Format --> uncheck "Word
>> wrap"
>>
>> 3. Download/run Deckard's System Scanner -
>> http://www.techsupportforum.com/sectools/Deckard/dss.exe
>>
>> 4. Save the scan results (Main.txt and Extra.txt)
>>
>> 5. And then post the contents of Main.txt and Extra.txt in your post at the
>> forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS.
>>
>> Standard disclaimer: I can't see and test your computer myself, so these are
>> just suggestions based on many years of being a professional computer tech
>> suggestions based on what you've written. You should not take my
>> suggestions as a definitive diagnosis. If you can't do the work yourself
>> (and there is no shame in admitting this isn't your cup of tea), take the
>> machine to a professional computer repair shop (not your local equivalent
>> of BigComputerStore/GeekSquad). Please be aware that not all local shops
>> are skilled at removing malware and even if they are, your computer may be
>> so infested that Windows will need to be clean-installed. If possible, have
>> all your data backed up before you take the machine into a shop.
>>
>> Malke
>
>
> Thanks for this - I'll follow your suggestions, I've already run HJT
>
> Yes I'm fairly savvy, got first job in IT in '68 at Control Data writing Fortran, got first "personal" computer in late
> '70's (PDP8), got first used internet connect in early '80s, just after I got my very own XT in '83. Got Windows 2,1
> when it came out, you can probably guess the rest. I have never, to my uncertain knowledge, been infected with anything
> prior to this week. Until recently I only used text based mail, I've never had MS Office and I am careful with respect
> web browsing, no online shopping etc. I think I know where the download trojans came from - foolishly clicked on a
> flash video (I run FF with Flashblock) on a site I thought I could trust - should have checked first.
>
> The previous rebuild was initiated by significant system upgrade - more memory, more disk (two now, two more in the
> wings so that I can stripe & mirror) and a new tube. Also I wasn't happy with my folder structure, ie the rebuild was
> not due to infection.
>
> I am sure I could create the CD, its just that I've not done so. I'm an ardent iconoclast, both visually and audially -
> so I dont watch movies, videos, look at pictures or listen to recorded music - if its not the living flesh then as far
> as I'm concerned it doesn't exist, hence CD's are not something I use, except as a media from which to install sofware.
>
> But as you and "FromThe Rafters" have said the safest thing is to rebuild and that's what I'll probably do. However
> I'll go through the process you've outlined first. I'm sure it will educate me on an aspect of computing that, until
> now, I have thankfully avoided, and at times I've even wondered if it was all just I 'con.
>
> Oh I found another problem. The Display Properties->Screen Saver keeps getting reset to None, and Display
> Properties->Desktop Tab wedges, sometimes the exit button will work, other times I have to get Process Explorer out in
> order to kill the rundll32 instance in which Display Properties is running.
>
CDC!

Colossus:The Forbin Project.

Used a CDC 469E in PHALANX CIWS.

 

[Leythos]

In article <#YSgDqJpIHA.3428@TK2MSFTNGP02.phx.gbl>,
nothing@nospamplease.com says...
> CDC!
>
> Colossus:The Forbin Project.
>
> Used a CDC 469E in PHALANX CIWS.

You quoted all of that to add just three lines ot text?

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)