Re: anything to worry about??...

From: Ty (abc_at_hotmail.com)
Date: 09/02/03 

Date: Mon, 1 Sep 2003 17:12:58 -0700

hey thanks for all the help!! i really appreciated it! i
decided to reformat my entire computer. i was just tired
of the computer not booting up, but then eventually
booting up after a few manual reboots. everything is fine
right...i hope so. thanks again.

>-----Original Message-----
>I can't tell at this distance.
>
>It is possible for a trojan (that is, a piece of
software which allows an
>outside person to control your machine) to be active and
for your antivirus
>not to detect it.
>
>Antivirus products differ in their ability to detect
trojans, but I don't
>have a handle on which one is "best."
>
>If a trojan were involved (and as I said, I really can't
tell from your
>description--it is one possibility--) a good way to
limit its effectiveness
>would be to have a firewall in place:
>
>http://www.microsoft.com/security/protect/default.asp
>
>A firewall will both prevent outside communication into
your PC, and alert
>you to attempts of software (including the trojan) on
your PC to connect
>out.
>
>
>"Ty" <abc@hotmail.com> wrote in message
>news:004101c36f22$2f271ed0$a601280a@phx.gbl...
>> yea at some points when i turn on the computer, it
would
>> prompt those errors like i explained earlier, however i
>> would just manually reboot my computer (pushing the
tower
>> button) untill the computer would actually log onto my
>> computer. it was at this point that my norton antivirus
>> prompts me (as it loads) that there is possibly
someone or
>> something trying to disable my antivirus. i would just
>> reinstall norton and everything would work fine and the
>> full system scan would prove no virus' are on my
machine
>> with the latest virus definitions. at this point the
>> computer works fine, but the problem persists, not all
the
>> time, but sometimes, when i start up my computer, but
>> eventually i'd be able to log onto the desktop. it's
kind
>> of hard to explain. i'm just worried that someone
outside
>> could perhaps compromised my computer, even though the
>> antivirus proves there are no malicious virus on my
>> computer? i really appreciate your time and effort in
>> helping me clarify what's going on. thanks!
>> >-----Original Message-----
>> >I'm a bit lost here. Last I heard, the machine wasn't
>> able to boot to XP,
>> >and now you can read the event logs fine?
>> >
>> >I'm going to do a lookup on this one, but off hand
this
>> message doesn't
>> >sound abnormal.
>> >
>> >The suggestion to do an sfc /scannow may be a good one
>> however.
>> >
>> >Put the XP CD in the CD drive, go to a Command prompt,
>> and type:
>> >
>> >sfc /scannow <enter>
>> >(i.e. hit enter!)
>> >
>> >
>> >"Ty" <abc@hotmail.com> wrote in message
>> >news:04d601c36e8d$4c722920$a401280a@phx.gbl...
>> >> you've been extremely helpful! i did the system
event
>> log
>> >> and found that at the time of the occurence, the
error
>> was
>> >> a WINDOWS FILE PROTECTION error (EventID64008):
>> >>
>> >> "The protected system file c:\windows\system32
\es.dll
>> >> could not be verified as valid because Windows File
>> >> Protection is terminating. Use the SFC utility to
verify
>> >> the integrity of the file at a later time."
>> >>
>> >> could you explain this to me? thanks
>> >>
>> >> >-----Original Message-----
>> >> >This would appear to be a hardware problem.
>> >> >
>> >> >Open the case and check all the cables, in
particular
>> the
>> >> power and data
>> >> >cables (both ends of the data cable!) that connect
the
>> >> NTFS main drive to
>> >> >the motherboard and power supply.
>> >> >
>> >> >The machine appears not to be seeing the "main"
NTFS
>> >> drive.
>> >> >
>> >> >
>> >> >"Ty" <abc@hotmail.com> wrote in message
>> >> >news:0b7a01c36e39$78cd7d70$a601280a@phx.gbl...
>> >> >> ok thanks! so a virus is ruled out. however, it
>> >> actually
>> >> >> happened again yesterday. i have two hard
drives,
>> one
>> >> >> formatted with the NTSF format (main) and the
second
>> >> >> formatted with FAT32 (i took it from my old
computer
>> >> that
>> >> >> booted win98). the computer would boot up, but it
>> would
>> >> >> take me to a C:\ prompt, stating above that it's
>> running
>> >> >> windows 98. i checked the DIR of the C:\ drive
and
>> it
>> >> >> only listed items from that second FAT32
harddrive,
>> as
>> >> if
>> >> >> my FAT32 harddrive was the main drive with the
OS.
>> the
>> >> day
>> >> >> before, i was able to log onto xp fine, and had
not
>> >> >> changed or unplugged any cables. could this be
>> >> associated
>> >> >> with the hardware issue you referred to as the
main
>> >> cause
>> >> >> of this problem? thanks greatly!
>> >> >>
>> >> >> >-----Original Message-----
>> >> >> >I'm not worried about viruses, then. The
problem
>> you
>> >> >> describe could
>> >> >> >definitely be a hardware issue, or perhaps a
>> software
>> >> >> conflict of some sort.
>> >> >> >
>> >> >> >Event log: Right-click My Computer, and choose
>> Manage.
>> >> >> >Click the Plus in front of Event Viewer, and
then
>> click
>> >> >> on System
>> >> >> >
>> >> >> >Look through the system events for ones
surrounding
>> the
>> >> >> time that you saw
>> >> >> >the blue-screen error.
>> >> >> >Look at items with a Red X Error type, or yellow
>> >> triangle
>> >> >> Warning type.
>> >> >> >
>> >> >> >I haven't got a crash-type event in my own log
to
>> look
>> >> at-
>> >> >> -but you will see
>> >> >> >a typical pattern of events at boot time, so
maybe
>> find
>> >> >> the boot after the
>> >> >> >crash, and look backwards to see if anything
useful
>> was
>> >> >> recorded.
>> >> >> >
>> >> >> >Sometimes the driver or system file involved in
the
>> >> crash
>> >> >> will be recorded
>> >> >> >in the blue-screen message, which may also make
it
>> to
>> >> the
>> >> >> system log
>> >> >> >depending on the kind of crash--(i.e. whether
the
>> >> system
>> >> >> was able to do the
>> >> >> >recording!)
>> >> >> >
>> >> >> >"Ty" <abc@hotmail.com> wrote in message
>> >> >> >news:0d0501c36cdc$98af8330$a001280a@phx.gbl...
>> >> >> >> thanks for the reply. how would i go about
>> checking
>> >> my
>> >> >> >> system event log? and what should i be looking
>> for in
>> >> >> it?
>> >> >> >> i used liveupdate to update the virus
definitions
>> >> (the
>> >> >> >> latest one was 8/20/03) and then scanned my
whole
>> >> entire
>> >> >> >> computer which gave word that there were no
>> errors.
>> >> >> >>
>> >> >> >>
>> >> >> >> >-----Original Message-----
>> >> >> >> >This isn't typical of Blaster, FWIW.
>> >> >> >> >
>> >> >> >> >When you get those blue screen errors, it is
a
>> good
>> >> >> idea
>> >> >> >> to record at least
>> >> >> >> >the first few lines of what's on there.
>> >> >> >> >
>> >> >> >> >You may find the details in your system event
>> log,
>> >> >> though.
>> >> >> >> >
>> >> >> >> >Are your Norton virus signatures up to date?
>> >> >> >> >
>> >> >> >> >You might want to scan with an alternative
online
>> >> >> >> scanner, just for a second
>> >> >> >> >opinion:
>> >> >> >> >
>> >> >> >> >http://housecall.antivirus.com
>> >> >> >> >
>> >> >> >> >"Ty" <abc@hotmail.com> wrote in message
>> >> >> >> >news:068c01c36c64$4b3a7ec0
$a601280a@phx.gbl...
>> >> >> >> >> well, i turned on my computer today (for
the
>> >> second
>> >> >> time
>> >> >> >> >> today..the first time everything went
fine) and
>> >> >> realized
>> >> >> >> >> that it is not booting up. i have xp and
it
>> went
>> >> >> >> through
>> >> >> >> >> the data check (stage 1, 2, and 3 checks)
and
>> it
>> >> >> finds
>> >> >> >> >> numerous errors...it the pops up a blue
screen
>> >> >> giving me
>> >> >> >> >> some error..well, i reboot, and then
everything
>> >> works
>> >> >> >> fine
>> >> >> >> >> until it pops up another error: "invalid
>> boot.ini
>> >> >> file
>> >> >> >> >> booting from C:\windows" and it reboots.
the
>> >> thing
>> >> >> is
>> >> >> >> it
>> >> >> >> >> keeps doing this (rebooting). is this what
the
>> >> >> blaster
>> >> >> >> >> worm virus does? because i wasn't sure.
well,
>> >> after
>> >> >> a
>> >> >> >> few
>> >> >> >> >> more hours of this, i finally get the
computer
>> to
>> >> log
>> >> >> >> onto
>> >> >> >> >> my desktop, however my norton antivirus
>> prompts me
>> >> >> that
>> >> >> >> it
>> >> >> >> >> is possible that an attacker might be
trying to
>> >> >> disable
>> >> >> >> my
>> >> >> >> >> antivirus...so i did what symantec.com
said to
>> do
>> >> and
>> >> >> >> >> everytihng is fine..now that norton works
fine
>> >> (as it
>> >> >> >> >> seems), i scanned my whole comp and there
were
>> no
>> >> >> >> viruses.
>> >> >> >> >> does this mean that there are no virus? and
>> that i
>> >> >> >> >> shouldn't worry? any info would be greatly
>> >> >> appreciated!!
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >.
>> >> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >.
>> >> >> >
>> >> >
>> >> >
>> >> >.
>> >> >
>> >
>> >
>> >.
>> >
>
>
>.
>