Re: My Microsoft and Windows Security Questions
From: Canapril (Canapril_at_discussions.microsoft.com)
Date: 01/16/05
- Next message: Canapril: "Re: Mcsft&"
- Previous message: Xylophone: "Re: DSL connection - 'TV windows' have disappeared"
- In reply to: Malke: "Re: My Microsoft and Windows Security Questions"
- Next in thread: Canapril: "Re: Mcsft&"
- Reply: Canapril: "Re: Mcsft&"
- Reply: Canapril: "Re: Microsoft/Window Hijack This file"
- Reply: Malke: "Re: My Microsoft and Windows Security Questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 16 Jan 2005 11:45:02 -0800
Ok, here is what I did...I may have to post this in 3 parts as I did a lot of
work.
-- Free version of Ad-Aware SE Personal,--
10 seconds into the program
I get an illegal operation prompt for Explorer
Details:
EXPLORER caused an invalid page fault in
module <unknown> at 0000:10043ca4.
Registers:
EAX=0148ff58 CS=0197 EIP=10043ca4 EFLGS=00010246
EBX=0148ff58 SS=019f ESP=01450038 EBP=01450058
ECX=014500dc DS=019f ESI=8193066c FS=2b67
EDX=bff76855 ES=019f EDI=01450104 GS=0000
Bytes at CS:EIP:
Stack dump:
bff76849 01450104 0148ff58 01450120 014500dc 01450210 bff76855 0148ff58
014500ec bff87fe9 01450104 0148ff58 01450120 014500dc 10043ca4 014502c8
--------------------------------------------
--Then I get an illegal operation for Rundll32 while Ad-aware is still
working--
Details:
RUNDLL32 caused an invalid page fault in
module KERNEL32.DLL at 0197:bff886e7.
Registers:
EAX=c00309c8 CS=0197 EIP=bff886e7 EFLGS=00010212
EBX=0063fda8 SS=019f ESP=00540000 EBP=00540014
ECX=c00309c4 DS=019f ESI=8192c730 FS=2d8f
EDX=bff76855 ES=019f EDI=005400bc GS=0000
Bytes at CS:EIP:
57 33 f6 8b 38 8b 19 89 75 f8 39 77 54 0f 84 1c
Stack dump:
8192c730 0063fda8 00000000 00000000 00000000 005400a4 bff87f0a 00000001
0000000e 005400bc 005400d8 00540280 8192c730 0063fda8 00000000 00000000
---------------------------------------------------
--While At Windows Update at Microsoft --
here is what happens..while downloading update
I get in my face advertisements while re-uploading the update SP1
Which by the way I have done this 3 times already
I get in my face advertisements while re-uploading the update SP1 are:
Ad for ARMORIE-nictechnetworks
Ad forPC adaware
Ad for Registry Cleaner
Ad for Spyblock
SearchResults without using a search engine are,
Visa?
CreditReports Search Results without using a search?
Casino Ads Search Results without using a search?
Ad forAmerican Singles
------------------------------------------
-While running Ad-aware I get a prompt claiming that I need the product
Spyspotter, you know the one that self install itself to a computer without
asking.
----------------------------
Ad-Aware Scan Summary:
-CoolWebSearch (55 objects)TAC rating 10
-Elitum.ElitebarBHO (46 objects) TAC rating 5
-Hijacker.TopConverting (10 objects) TAC rating 5
-IBIS Toolbar (3 objects) TAC rating 5
-SCBar(51 objects) TAC rating 3
-Ebates MoneyMaker (1 object) TAC rating 4
-Search Miracle (20 objects) TAC rating 5
-Tracking Cookie (9 objects) TAC rating 3
-SahAgent (5 Objects) TAC rating 9
-Redirected hostfile entry (3 objects) TAC rating 3
-Possible Browser Hijack ATTEMPT (1 Object) TAC rating 3
object =File
Free online Music , Problematic url discovered
zestyfind com cgi-bin search
-MRU List (32 Objects Total)
mostly all HKEYs
------------------------------------------------------
-Running Norton WinDoctor on Windows found:
Missing Microsoft Shared Files
Microsoft Shared. DLL Error
SOFTWARE/Microsoft/Windows/CurrentVersion/SharedDLLs
refers to a missing file" C:/Windows/Downloaded Program Files /dwnldr.dll"
Solutions to Repair.
1.Delete the file
2. Go into the Registry to Manually repair it
My questions is...If the file is missing how can I find it to fix it.
If they can't find it, why would I be able to?
---------------------------------------------
-Norton Disk Doctor
Partition Table -OK
Boot Record - OK
File Structure -OK
Directory Structure-OK
Compressed Disk - Skipped did yesterday OK
Surface Test -Skipped did yesterday OK
----------------------------
Full pop up ads showing up on my Desktop
without me opening my browser.
1.Pharmacutical
2.PC Spyware ads
3.Smiley Central
4.Columbia House
5.Fun Web
Deleted Free Music Online icon from Desktop (its not in programs in ctrl
panel)
--------------
-CWShredder
Found:CWS.BootConf
Found: Svchost32
---------------
- Norton Diagnostic
tested
CDROM Not Ready, Keyboard, Keypad, Memory, Modem NO, Mouse, PCSpeaker,
PCMIA, Printer, Serial Port, Sound Card, System Board, Video. All OK
-------------------
---Norton's System Check
-Norton's Registry Doctor: Registry Integrity -Done
-Norton Disk Integrity: C: -C
-Windows Registry Scan:
ActiveX/COM Sections
ActiveX/COM SubKeys S
Application Paths Section
Device Drivers Section
Fonts Section
Help Section
Microsoft Shared Section
Run Sections
Sound Customization Section
Symantec Shared Section
Uninstall Section
VxD Section
Common Program Locations
MS-D)S Program Shortcut Scan: C-C
Shorcut Scan: C-C
Free Space Scan: C: -C
Disk Fragmentation: C: -C
Norton Rescue: Fileset Age
Search Recycle Bin for missing files
Search all hard drives for missing files
Detect drive letter changes
Detect directories that have moved
Ignore missing files on removable drives
------------------
That's it , now for Part 2
Canapril
"Malke" wrote:
> Canapril wrote:
>
> > I've been having a lot of problems with my PC since after Christmas.
> > I've done everything imaginable to it, and still it Freezes up. I have
> > Win98, and use IE and I am only a Homeuser, I'm to the point where I
> > need advice from the experts.
> >
> > One of the many programs I used to fix it is the free Spybot Search &
> > Destroy, which finds problems and repairs them.
> > It also finds a lot of advertising groups and it repairs them but
> > these advertising or problems keep coming back, each time I restart my
> > computer. How many times do I have to take them off my computer before
> > they are really off.
> >
> (snippage)
>
> Here are malware removal instructions. Even though you've already done a
> lot of work, I don't know if you've 1) done the work with updated
> tools; 2) run all your scans in Safe Mode. So work through the steps
> methodically. After you've run Ad-aware and Spybot (again, updated and
> in Safe Mode) if you still have problems continue on with HijackThis.
> Again, make sure you are using the latest HijackThis. The links that
> follow the steps include a tutorial on using HijackThis and sites where
> you can post your logs to get expert help (do not post HJT logs in this
> newsgroup). Do not remove anything with HijackThis without that expert
> help.
>
> 1) Scan in Safe Mode with current version (not earlier than 2003)
> antivirus using updated definitions.
>
> 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> programs are free, so use them both since they complement each other.
> There is a new version of CWShredder from Intermute. I would not
> install the other Intermute programs, however. Alternately, there are
> CoolWebSearch malware removal steps at SilentRunners.
>
> Be sure to update these programs before running, and it is a good idea
> to do virus/spyware scans in Safe Mode. Make sure you are able to see
> all hidden files and extensions (View tab in Folder Options).
>
> HijackThis is an excellent tool to discover and disable hijackers, but
> it requires expert skill. See below for HijackThis links. A combination
> of HijackThis and About:Buster works well in removing the About:Blank
> homepage hijacker. Again, this is an expert tool and novices should get
> help with it.
>
> 3) If you are running Windows ME or XP, you should disable/enable System
> Restore because malware will be in the Restore Points. With ME, you
> must disable System Restore completely. With XP, you can delete all but
> the most recent (presumably clean) System Restore point from the More
> Options section of Disk Cleanup (Run>cleanmgr).
>
> 4) Make sure you've visited Windows Update and applied all security
> patches. Do not install driver updates from Windows Update.
>
> 5) Run a firewall.
>
> Links to help with malware:
>
> Software/Methods:
> http://www.safer-networking.org - Spybot Search & Destroy
> http://www.lavasoftusa.com - Ad-aware
> http://www.majorgeeks.com - good download site
> http://www.intermute.com/spysubtract/cwshredder_download.html
> http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
>
> HijackThis:
> http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
> Eshelman
> http://forum.aumha.org/
> http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
> forum
> http://www.wilderssecurity.com/
>
> General:
> http://forum.aumha.org/ - look under "Security" for various forums
> http://rgharper.mvps.org/cleanit.htm
> http://mvps.org/winhelp2002/unwanted.htm
> http://www.aumha.org/a/parasite.htm - The Parasite Fight
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> Malke
> --
> MS MVP - Windows Shell/User
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
>
- Next message: Canapril: "Re: Mcsft&"
- Previous message: Xylophone: "Re: DSL connection - 'TV windows' have disappeared"
- In reply to: Malke: "Re: My Microsoft and Windows Security Questions"
- Next in thread: Canapril: "Re: Mcsft&"
- Reply: Canapril: "Re: Mcsft&"
- Reply: Canapril: "Re: Microsoft/Window Hijack This file"
- Reply: Malke: "Re: My Microsoft and Windows Security Questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
