Help Please

available as a server?

u got some useless processes that are slowing down your computer. On ME you can untick them from loading up when your computer does. I have none running so my comp ****s up a lot.

Apache server is a pretty big file, take that off for starts.

Wizz

 

And,
Has your son used MSN messanger?

If so look in C:\mydocuments\recievedfiles, see if anything suspicous in there...
and check your download folder, for aol its, Crogramfiles\Aol7.0(ur version)\downloads.

Wizz

 

Christer.

They asked for server rights? are you on about acting as a trojan server?

MSN needs access to the internet other wise it wont work, so it doesnt work fine does it .

( kinda got mixed up in 2 conovs ere )

Wizz

 

ME!

Bleep is running 2k Pro?

Mike

 

see wot i mean lol!


Wizz

 

Bleep

BTW: give me more details on the exact symptoms you have now. All you have said is it is not right since the incident.

The best way to do this is to temporarily not run some of these processes to see if they are a problem. Some we can eliminate outright.

So here is the best program to simply do this, get and install it

Startup control http://www.mlin.net/StartupCPL.shtml


Once installed use it to totally remove these:


this totally usleless
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

These are not nessesary to run full time as they will start anyway when you start the program from the start menu.

AdaptecDirectCD = "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe "

CreateCD50 = C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r


Now just uncheck the below items to stop them from starting when you boot up. Rechcking will put them back later if needed.

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]
AbsoluteShield Internet Eraser.lnk = C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe

NeroCheck = C:\WINNT\system32\NeroCheck.exe

SpeedTouch USB Diagnostics = "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

LoadQM = loadqm.exe

msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

RoboForm = "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "

WrCtrl = "C:\Program Files\WinRoute Pro\wrctrl.exe "

Now in HiJackThis

you should get rid of these three items

Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\ycomp5_0_2_4.dll - {13F537F0-AF09-11d6-9029-0002B31F9E59}

(no name) - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll - {724d43a9-0d85-11d4-9908-00400523e39a}

SysShield IE Popup Blocker - C:\Program Files\SysShield Tools\Internet Eraser\PKExt.dll - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80}

After doing the above reboot to put them into effect and test for 3 things.

1. problem resolution
2. some "important" program we disabled that needs to be put back
3. general internet connectivity, does it stll work and is it fast and stable.

The Zone Alarm and WinRoute Pro are both firewalls so you have some duplications here. I would suggest only one unless you have some legit reason for having 2.

Your decision which one to remove. My "suggestion only" here is keep WinRoute as it is a Kerio product and has additional features tha ZA does not.

Even togather they did not stop you incident. Unless you installed one or both of these afterwards.


Your move!

Mike

 

Christer

No the OS makes no difference in most cases. But there are some exceptions. You did know that blaster only hit 2k, 2003 server and xp, yes!

So in that case yes.

But my mention of ME in this thread was because you and wiz were specificly mentioning ME in Bleeps thread, before Bleep disclosed they were using 2k only in the last message.

Maybe confusing to Bleep.

Mike

 

i well confused now lol. u guys r too high tech for me lol so ill leave u guys to it.

Wizz

 

Christer

Technically they may be different. The end result is the same.

You would be well advised to think of them as the same.

Giving something especially like MS Word permission to go out is not exactly the same as a true server process. Again if you don't know for sure, best to think of it that way also.

Hopefully Bleep only gave permission to go out and answers a prompt for any incoming for MS Word etc.

And for sure the Firewall permissions are relative here. But that will come next. Almost to much thrown on them already. So that will be a seperate step.

Now MSN messenger is another story. It would be cumbersome to have to grant permissions even for only incoming.

A quandry leading to a calculated risk because you have decided you can't live without MSN messenger. This should be followed by other more stringent security. Such as an increased importantance of Virus updates and scanning, tighter control of the Firewall permissions. Not set and forget, but review them and trim them.

Ah come on , you know this now....

Mike

 

Hi guys.

I have downloaded and run every program mentioned in this thread.

The problem remains.

What is happening is something is starting up separate windows. As I type there is a separate window to my C:\Documents and Settings folder opened up, and the properties for this (BBS) page are displayed. The process is totally random.

I'm thinking of re-installing Windows 2000, will that get rid of the wee begger?

If I do have to re-install, all I really need to keep are my Outlook Express e-mail folders for each account as there really are some important e-mails in there. Any ideas how to do this effectively?

And how come this virus or whatever it is is so elusive?

I keep saying this, but I really am grateful that you are taking the time to help.

 

I don't think it is relevant, but the window that I referred to above is the C:\Documents and Settings\All Users\Start Menu folder using Windows Explorer.

I would like to spend 5 minutes with the a$$holes that write these virus things.

 

Bleep

Confirm to me that you installed Startup Control panel.

Then used it to remove the programs I advised, and unchecked the others.

Then rebooted.

BTW Bleep where do you live and are you male or female before I mess up again and call a him a her or her a him? Smile!

I think you may be in Euorpe?

Mike

 

****. Mike I had overlooked that as I downloaded and run all of the other stuff.

I will do that tonight when I get home.

I am a male person (allegedly), living in the North of England.

My real name is Blep, but that sounds silly so I call myself Bleep (err.. Joking).

I will get back to you after I have done the above.



Thanks,
Bleep

 

Good Bleep

This is what should pin it down.

As to reinstalling, well...

Sounds to me as you have a complex setup. Maybe hard to rebuild and get everything back like it is now. (Without the problems of course).

I just don't see that this is caused by a Virus. You stated that when it began this you ran all the patches Virus and Trojan/worm scan without results.

This is a configuration problem and would probably not be fixed in a repair install. The only sure way to get this by reinstall, would be a full install with format.

Too soon for that yet!

The proceedure with Startup Control panel will allow you to remove a few of the obvious useless programs. But allow you to prevent some of the others from running when you start up.

If all is well after this then we will know that one of the programs we dealt with in Startup control panel was the problem.

I do not believe it to be Oracle as you brother has not been around for a few months and it was OK till now!

If you were going to do anything drastic like uninstall I would uninstall the Apache web server.

You never said why you had this. Bleep Apache is a huge program to host a WWW site. Computers using this program are usually dedicated to just that program and things to do with maintaining a web site. Other words not normally used for day to day web browsing , games, word processing etc.

Using Startup control panel will disable this program. If all is well after Startup Control panel then this is the first program I would consider uninstalling.

If your son needs it perhaps if it does fix the problem then reinstalling later may fix it.

Additionally I would get rid of one f the Firewalls (Zone Alarm or WinRoute) as they do the same basic function and therefore have the possibility of conflicting with each other.

Mike

PS as to missing this. I can understand. We did have a debate (mostly Academic) with many messages pertaining only generally with your problem so there are many messages to go thru. But that is how the BBS works. People are learning while thinking about your prpblem.

 

mflynn ==Mike , Blep I mean Bleep
I see cool web schredder was recomended in the beginning of this thred,
theres a new version out v1.11 cwshredder that may or may not help

Lonny

 

Sorry Mike, I was called away on family business last week and have just returned to work this morning.

I will do what you have suggested so far and report back.

Thanks.

Bleep