Reinstall?

At startup, I get a message, "This version of Serv-U is out of date..." Since there is no mention of such program in Add/Remove Programs or in the registry, I looked up the vendor and called tech support. I was advised that this means my computer has been hacked, and that I should reinstall Windows from scratch. I am naturally loathe to do this, because of the work re-installing and re-tailoring all my software. But I have other anomalies/clutter I'm not sure how to handle.

Can't re-install PC-Cillin, which I tried to remove when WD's EZ-Install wouldn't work (fixed that, I used Maxtor's MaxBlast). Despite the fact that I've followed the instructions to manually uninstall PC-Cillin and it doesn't show up in Registry, InstallShield only attempts uninstall, then fails announcing that it was interrupted; it does not give me an install option. So at present I have no virus protection.

Before the attempt to start Serv-U, I get two pop-up windows, "Execution of the specified command has failed." What command? There is no MSConfig these days, so nothing should be attempting execution.

At startup, Linksys WLAN Monitor and C-Media Mixer show up in the System Tray. Neither gives configuration options to prevent this.

WinNT is more than 6.5 gb. I suppose this is because I opted to provide for backout when installing the Win2KService Packs. There are several files over 1 gb with "config" in their name in the dllcache directory.

Can all this be worked out, or do I have to start a very painful reinstall?

Thanks
Mike

 

Ouch. Double ouch.

I'd need to do some research before offering suggestions on this one and it's just too late tonight but if no one has come up with a fix for you by tomorrow evening, I'll take a stab at it.

Do hold off on the reinstall for a little while though. It may wind up being your only solution but we aren't to the "last resort" stage just yet.

As to the lack of msconfig, take a look at this thread and the suggestion by Mike Here.

 

If you have indeed been hacked and have to re-install.

I suggest:

Disconnect the machine from the Internet and after the re-install of the OS make the next two items an Anti-Virus and a firewall.

Then and only then allow it to reconnect and make the AV the FIRST thing to get updated. The Firewall may or may not have updates.

Any good AV software will do at this time. And once it is installed check for updates DAILY ( every day ). My AVG has had updates three ( 3 ) days in a row.

And if you happen to be on DSL or Cable invest in a Router/Switch ( well worth the investment ) to put inbetween the machine and the Modem.

Also if you are on DSL or Cable it is not a good idea to uninstall/reinstall any AV software while connected.

As of this time it is a FULL TIME ( #1 priority ) job keeping on top of things.

I myself use 98SE and XP but I do not think Win2K is any different.

BillyBob

 

Okay, some progress. After installing Startup Control Panel (and tipping Mike 5 bucks), I unchecked all the "All User" programs, as they were not listed on my W2K laptop. Now the three messages at startup do no occur.

Understandable that some stuff would have accumulated over a period of years and migration 3.2->98->2000, and progressive service packs. The following are no longer executed (omitting path data):

hiddenrun.exe mdll.exe
Mixer.exe /startup
M "Stylus CX3200 "
Intarnet32.exe [Isn't this a suspicious spelling?]
NeroCheck.exe
RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"qttask.exe" -atboottime
rmtcfg.exe
setup.bat
mdll.exe
secure.bat
mobsynch.exe /logon [Actually it looks like it inserted a second of these, and it is checked]
realsched.exe -osboot
explorer.exe
WUSB11B.exe

PC-Cillin still won't install or uninstall. In Add/Remove Programs, both Change and Delete are greyed out. This is still my greatest concern, as I consider the machine vulnerable to virus at the present time (I have installed the most recent critical Windows updates).

There are still these huge files in WinNT. In System32\dllcache, I have conf.2003-w29 at nearly 2gb, conf.2003-w34 at 1.5 gb and conf.2003-w35, well over a gb. Is this normal?

I am hoping that one of the files removed from startup tkes care of the potential hacking problem. Thanks for getting me this far. Further observations/advice appreciated.

Mike

 

Forget the add/remove for the moment. Can you do an install of the AV app from media? It might fix things.

But my opinion on this system and considering the number of upgrades you've done is that you would be better served backing up your personal data somewhere and booting from the 2K CD (if the BIOS offers the option) or a set of install floppies then doing a format and reinstall.

Pain in the hindparts to be sure but I think the end result will be well worth the effort.

Assuming your 2K CD does not contain the latest SP, you'll save yourself some grief if you have access to a CD burner and burn yourself a slipstreamed version of the OS to include the SP you intend to apply. With equipment the age yours must be to have started pre Win9X, I'd suggest setting up the CD with SP3 though. After it's loaded and running properly you can apply SP4 if you want but that way if it caused problems, you could back it off.

SP4 has been rock solid on some systems and a horror on others - to the point I'm expecting SP4a any day now. I wouldn't start fresh with it unless you knew the system liked it.

 

Yes, I'm still tottering on the brink about a re-install. The AV will not install from media, and other s/w, such as Norton (which is available through the university where I am p/t faculty) advises against installing over other AV. Trend Micro is cooperative - maybe we can get this thing clean enough to re-load PC-cillin.

No doubt about the hw here. Like the OS, it has gone through progressive refresh and is currently about 1 year old 1 ghz ASUS PIII with 120 gb hdd. SP4 running solid (the media is old, but updates install with no problem), and boot from CD is straightforward.

As you can see from my prior post the sw is a bit like our DNA - it's picked up a lot of vestigial stuff along the way, although those startup files are now deactivated. And those big files > 1 gb in WinNT seem just plain stupid - the entire Windows directory (wonder why the name is different?) on my W2K SP4 laptop is less than 1 gb.

When we get a new PC at work, it is a matter of weeks getting things straightened out. In this case, trying to remember paramaters set 5 or more years ago, I foresee more like months. But if I can't solve the AV situation, off we'll go.

Thanks for your thoughtful inputs.

Mike

 

You've got the intellectual juices flowing. Think I'll work both the "install" and "don't install" path. Posting here so others can check my logic and also if you keep your system long enough you'll find the need to do a massive cleanup or replacement. Here's the way it looks:

Back up all data, then do incremental backup daily. This is easier said than done, because you might not know initially, or remember, where all data is. For example, SPSS data is somewhere in the SPSS directories, I believe under the program itself. But with time, it should all come back to you.

Next install OS on d:, then do all updates. Do not select the option to permit uninstall, because this will create files that will be around forever. If the system hangs, you can always start over and update to the last good point.

Install AV on d: and bring current. Set automatic updates for booting from either drive.

One by one, dig out the media, install and update applications on d:. Copy over the data for testing and configuration purposes, but do all work on c: and continue the update regimen.

Copy over bookmarks and configuration files, but do not set up mail accounts on d: (avoid multiple inbox, etc, which would be very difficult to combine). Now using bookmarks and just playing, hit a bunch of websites to get prompted to for all the necesary plugins (eg, flash, Adobe reader) to get the browser fully functional.

Continue to experiment with d:, to get it to desired level of functionality. When comfortable with a new risk level, begin cleaning out suspect files from c: (use d: as a model; if the file isn't there, it might not be needed). Keep in mind that this might completely destroy the system on c:, so wait until d: is at an acceptable level of maturity. Defrag both drives occasionally.

If/when happy with c:, stop. If instead happy with d:, set up the mail accounts, copy over mail files and restore data to d: Clone back to c: (with MaxBlast or whatever).

Leave router as-is for the entire exercise.

This looks to me like the least risk way of cleaning out all the junk that has accumulated over eight or so years, and minimzing virus vulnerability. Obviously a big job, and undoubtably I've not thought of something. Further comments and suggestions welcome. Newt and BillyBob, thanks for getting the thought process going. And for anyone who reads this post, I highly recommend Startup Control.

Mike

 

One caution. On C:\ there is a hidden system read-only file named boot.ini. It keeps track of all the sources on your PC for a bootable OS. It will identify your OS load on D: and will point to it. Moving that load to C: will cause the PC not to boot. You'd need to modify boot.ini but that's fairly simple since it's a text file and fairly short. And there won't be a copy on D: so a clone of the D: setup to C: won't start.

Another caution - regardless of where the OS load you boot from is located, there are some essential startup files located on C: that will go missing if you clone from a good install on D:. Again, you wind up with a PC that just can't start.

Neither of the above is a deal killer though. You can work around both - but only if you know the problem exists - so I told you.

 

Nothing worthwhile comes easy, it seems. Thanks for the heads-up. I would hate to go to all that work and end up with an unbootable system.

 

Probably once you get everything loaded and swap the drives, Fixboot and fixmbr (same page) are a couple of things you want to make use of.

 

Newt, I'll keep your tips handy as I start the project. I wonder now, if I characterise drive usage correctly, rather than with the unthinking terminology I used in my previous post, how cevere the problems you alerted me to.

I realize that I call Drive 1 (primary master) and Drive 2 (secondary master) c: and d:, because that is how I normally see them. But for the work I envision...

c: drive d:drive
Boot from Drive 1 1 2
BIOS disable drive 1 2 none

When working with 2, there is no d:. Am I correct in assuming there would be no boot reference to d: when I clone over 2 to 1?

 

Not sure I understand what you are saying/asking in that last post. Maybe restate it for me?

 

I'll try. Forgot what HTML would do to the post.

Actually, when loading OS or applications and/or booting from the secondary drive (main drive disconnected through bios), computer is operating as a single drive machine - c: only. It's only when booting from primary drive that there is a d:, and no OS files should be referenced or modified on d:.

So when the cloning step occurs, it seems that no files referring to d: would appear on the now-refreshed primary drive.

 

OK. Got it. But still don't think I got it. As follows:

- if you have a system with the non-XP OS loaded on C: partition (drive or part of drive, no difference) and you later add XP for a dual boot system by putting XP on D: (or some other partition other than C, XP will write certain files to C: by default. Essential start-up files that pretty much demand to be housed on C: regardless of what else is there.

- the boot.ini file on C: (where it's pretty much gotta be) will have an entry something like
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect
except that the disk number will be different or the partition number if you have the drive partitioned. But something pointing to other than where my example here points.

You can certainly get around all of this (as mentioned earlier) but unless you have, I don't see how an OS load on D: could boot if C: was unplugged.