Re: win2000 has spyware, can I logon with console repair and delete files to

• Previous message: mwebb: "Firewall Appliance"
• In reply to: Bradley1234: "Re: win2000 has spyware, can I logon with console repair and delete files to"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 21 Jan 2005 23:12:44 -0600

64 MB is really going to give slow performance with a lot of disk activity
to the page file on a W2K computer. If you can also increase your ram even
to just 96MB would improve performance quite a bit. Of course even more
would be better. You may be able to find cheap ram on Ebay for your laptop.
I agree that the new MS Spyware program looks very promising. You can not
save critical updates from the current installation unless you downloaded
and have the actual .exe files, but you can download them to disk using the
catalog option. The links below explain more. If you do a new install, first
install the service back before you do critical updates and do not connect
to the internet until you have some sort of firewall protection. --- Steve

http://support.microsoft.com/default.aspx?kbid=323166

"Bradley1234" <someone@yahoo.com> wrote in message
news:rRjId.3657$BL3.2260@trnddc01...
> Right I turned off print/file sharing and disabled most all accounts.
>
> I still got viruses but Norton said it q'd them. One day it said hey,
> there
> are some files claiming to be Norton AV .exe or .dll files but they are in
> the wrong place, looks like mal-ware thats renamed itself to Norton file
> names.
>
> Then I downloaded the Microsoft beta spyware blocker, it works awesome!
> dont know the url right now
>
> the system is still super slow, but there is only 64Mb of ram and a 2.1G
> disk. The default graphics was just grindingly slow, I ran some HP.com
> online test and it found what drivers I need, ran a bit faster, but
> clicking
> on Start and it stays indented for about 3 seconds, click back arrow on
> the
> ie browser? the back button slowly moves, then it goes out for a few
> seconds, then returns, anyway I think of it as a large PDA
>
> Is there some way to save the windows updates for my win2000 to a CD and
> use
> them next time? Ill probably get a new hard drive and install.... again.
>
> Ive got all these critical updates, can they be saved?
>
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:epLM7nM$EHA.1392@tk2msftngp13.phx.gbl...
>> I forgot how bad a dialup connection sucks! Anyhow Zone Alarm makes a
> decent
>> free for personal use firewall and it is fairly easy to configure. I
>> would
>> also check to see if you have file and print sharing enabled on your
> laptop.
>> If you do and you do not need to share files with anyone be sure to
> disable
>> it. It also sometimes helps to boot into safe mode to do malware/parasite
>> detection and removal. In a pinch you can enable tcp/ip filtering for tcp
>> ONLY as a rudimentary firewall. To do that open network connection
>> properties, go to tcp/ip properties/advanced/options and then properties
> for
>> tcp/ip filtering. Select enable tcp/ip filtering and in the first section
>> for tcp ports select permit only and leave the list blank. That will act
> as
>> a crude stateful firewall for TCP [without any download!] . Do not do the
>> same for UDP as you will lose your dns name resolution for the internet.
>> Just keep in mind that you have it enabled and disable it after you
> install
>> a firewall. --- Steve
>>
>> http://www.snapfiles.com/Freeware/security/fwfirewall.html -- Zone Alarm
>> available here.
>> http://www.microsoft.com/athome/security/protect/default.aspx -- Protect
>> your PC tips from MS.
>>
>>
>> "Bradley1234" <someone@yahoo.com> wrote in message
>> news:NTRGd.1327$Hg6.85@trnddc09...
>> > Aha, thanks Steven that helps. I ended up reformatting the drive
>> > yesterday,
>> > its a laptop with a super small 2.1G disk. It insists on making 2
> drives,
>> > so I changed the fdisk setup, first by deleting all partitions, then
>> > loading
>> > msdos, tried to load win2000 but it wouldnt boot from the cd, (some cpu
>> > glitch) deleted the partitions again well anyway I changed them by 1,
>> > hoping
>> > that would throw off the file indexing mechanism
>> >
>> > loaded SP4 which I thought enough to buy from Microsoft; then loaded
>> > Norton
>> > AV, did the live updates, 24Mb of stuff, and yanked the network cable
>> > as
>> > soon as that loaded
>> >
>> > I had changed all security settings so that nobody can logon from the
>> > network, created guest account with long username and long pwd, must
>> > use
>> > ctrl/alt/del to logon, and whatever seemed right
>> >
>> > never got the sasser worm this time.
>> >
>> > But fell asleep doing the norton update as it took an hour, then it was
>> > beeping, found backdoor ? worm and ? beagle or ? worm blah blah
>> >
>> > today did full scan, found 4 viruses and it says it cleaned them. it
> had
>> > a
>> > popup saying Windows updatez.exe was infected and kept generating it
>> > faster than I could click okay
>> >
>> > so its sitting here behaving for a while, but its not on the network.
>> > Firewall? yes no doubt. I dont have one but they are very important.
> Im
>> > so out of the loop on how to manage win2000, I dont know if there is a
>> > free
>> > one, my dsl CD claimed to have one by MSN8 or ? but there is no setup
>> > window.
>> >
>> > Well one thing for sure, viruses didnt just go away like a fad, they
> seem
>> > to
>> > be more prevalent than ever
>> > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>> > news:uejdREF$EHA.2192@TK2MSFTNGP14.phx.gbl...
>> >> Well if it had that much malware on it and it was my computer, I would
>> >> backup my needed data and do a fresh install to a formatted drive. If
>> >> your
>> >> computer has some backdoor root kits it could be very difficult to
> detect
>> >> and remove them. If you do a reinstall be sure to take steps to
>> >> prevent
>> >> future infections. The main vulnerabilities are not using a properly
>> >> configured firewall, not using a strong password for user accounts,
>> >> not
>> >> keeping current with virus definitions and not scanning ALL email
>> >> attachments, using too loose security settings for IE, and not keeping
>> >> current with critical updates at Windows Updates.
>> >>
>> >> Sounds like you are like me and like to check things out to try and
>> >> figure
>> >> out what is going on. If so, try downloading some free tools from
>> >> SysInternals. In particular user Process Explorer, TCPView, and
> Autoruns.
>> > PE
>> >> can show the processes and map them to the owner executables and in
>> >> properties of a process show what service it is if any. Be very
>> >> suspicious
>> >> of any process [ that has a path to a file] that does not show a
>> >> publisher
>> >> name for the executable. Autoruns will show startup
> application/services
>> >> from various places on your system and TCPView will show what
> executable
>> > is
>> >> using a port. --- Steve
>> >>
>> >> http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
>> >>
>> >> "Bradley1234" <someone@yahoo.com> wrote in message
>> >> news:jRAGd.957$J6.834@trnddc02...
>> >> > Hey thanks for that Steven. Im checking those websites now.
>> >> >
>> >> > The laptop was super duper infected. (is that the right way to say
>> >> > it?)
>> >> > I
>> >> > would start with dir a*.exe
>> >> >
>> >> > then let it show the exe names, and since Ive used DOS a lot over
>> >> > the
>> >> > years
>> >> > rather than spend time in a useful way, like at the beach, the odd
>> >> > named
>> >> > ones I typed in and would delete spyware ones.
>> >> >
>> >> > But then I couldnt get into the registry manually, the regsvr32 /u
>> >> > "filename" wouldnt work, in fact regsvr32 shows in the directory but
>> > wont
>> >> > execute at all
>> >> >
>> >> > I had downloaded the trendmicro virus scan thing you mentioned the
>> >> > night
>> >> > it
>> >> > happened. the download took almost an hour and it was so bad that
> one
>> >> > mouse
>> >> > click took at least 30 seconds to have any effect.
>> >> >
>> >> > doing cntrl/alt/del gets the control screen thing (windows2000 pro)
>> > after
>> >> > 5
>> >> > seconds, but click on task manager would cause that box to disappear
>> >> > and
>> >> > nothing would happen, well except the disk would be going full speed
> at
>> >> > something.
>> >> >
>> >> > I was going to start it up and see what happened, but the most bad
> .exe
>> >> > and
>> >> > .dll files I found, and the fact I cannot unregister them, or even
> find
>> >> > where the registry is at? (under a limited dos prompt) I put the
>> > original
>> >> > win2000 CD in there and am fixing it manually.
>> >> >
>> >> > It would report: hey dude, this isnt the original NTOSKRNL32 that I
> put
>> > in
>> >> > here originally, whats up with that? should I like, replace it or
>> >> > what?
>> >> > and
>> >> > I said do it
>> >> >
>> >> > then it said this file and that file and.... so I clicked all and it
>> > just
>> >> > finished updating and is rebooting win2000. lets see what it does
>> > now...
>> >> >
>> >> > its booting very slowly, now there is an arrow against the blue
> screen,
>> >> > now
>> >> > its starting up, now an hourglass, applying security policy... I can
>> > check
>> >> > the football score and get some coffee while Im waiting... okay its
>> > asking
>> >> > for my old password to logon? okay, lets see, just an arrow against
>> > blue,
>> >> > super slow
>> >> >
>> >> > now it drew a box to load personal settings, took 1 second to draw
> the
>> >> > box,
>> >> > lines filled now the music, some disk activity, now its drawing the
>> >> > desktop,
>> >> > but why is it going so slow? its a p3 at 450... now arrow and
>> > hourglass,
>> >> > disk chugging
>> >> >
>> >> > clicks take a very long time, ctrl/alt/del and task manager? hmm
>> >> > nothing
>> >> > is
>> >> > happening, now its running trend micro virus scan...
>> >> >
>> >> > it only found 1 virus, 00004146.exe
>> >> >
>> >> > now lets look at add/remove programs
>> >> >
>> >> > BullsEye Network
>> >> > Silicon Motion display driver
>> >> > WebRebates (by TopRebates.com)
>> >> > Winad Client
>> >> > Windows SR 2.0
>> >> >
>> >> >
>> >> > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>> >> > news:uLBr35$%23EHA.4072@TK2MSFTNGP10.phx.gbl...
>> >> >> The best way is to use tools such as AdAware or the beta version of
>> >> >> Microsoft's spyware remover AND to scan your computer with your
>> > antivirus
>> >> >> program being sure to update it's definition files first. The new
>> >> >> MS
>> >> > product
>> >> >> has a "protect" mode to help prevent spyware installation. I have
> had
>> >> > pretty
>> >> >> good luck with it and it is available at the link below. Normally
> you
>> > do
>> >> > not
>> >> >> need to reinstall the operating system unless your antivirus
>> >> >> program
>> >> >> finds
>> >> >> significant problems with malware such as trojans, worms, and
> viruses
>> >> >> indicating a highly compromised system that may also have
> undetectable
>> >> > back
>> >> >> doors such as root kits installed on it. --- Steve
>> >> >>
>> >> >>
> http://www.microsoft.com/athome/security/spyware/software/default.mspx
>> >> >> http://mvps.org/winhelp2002/unwanted.htm --- tips to help reduce
>> >> > parasites
>> >> >> [spyware, adware, hijacks]
>> >> >>
>> >> >> "Bradley1234" <someone@yahoo.com> wrote in message
>> >> >> news:58yGd.5570$c%6.4380@trnddc03...
>> >> >> > delete files to wipe out the spybot stuff?
>> >> >> >
>> >> >> > its my laptop, the first time I used it at a hotel on business,
> the
>> >> >> > room
>> >> >> > thing said to visit this website, click OK and YES to every
>> >> >> > question,
>> >> > then
>> >> >> > enjoy the internet.
>> >> >> >
>> >> >> > Guess what? It was saying yes to upload spyware and trojans into
> my
>> >> >> > computer.
>> >> >> >
>> >> >> > I contacted the hotel and they played innocent saying we dont
> know,
>> > its
>> >> > a
>> >> >> > secure and safe service, you must have visited "bad" sites or
>> >> >> > something.
>> >> >> > It was my first experience with spyware/spybot stuff, going to
>> >> > add/remove
>> >> >> > programs, it showed 3 or 4 which I tried to remove, it said
>> >> >> > please
>> >> > answer
>> >> >> > these questions and forward them to us: why do you want to
>> >> >> > uninstall?
>> >> > 1.
>> >> >> > system too slow 2. dont like popups
>> >> >> > etc...
>> >> >> >
>> >> >> > So my question is, now Im going to fix my laptop, used the
>> >> >> > win2000
>> >> >> > CD
>> >> >> > to
>> >> >> > boot up and have a console prompt. Is there a common way you
>> >> >> > know
>> >> >> > about
>> >> >> > to
>> >> >> > delete the spyware bugs and fix the install? Do I have to delete
>> >> >> > all
>> >> > and
>> >> >> > start over? Use the disk utility to write all zeros?
>> >> >> >
>> >> >> > thanks in advance
>> >> >> >
>> >> >> >
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>

• Previous message: mwebb: "Firewall Appliance"
• In reply to: Bradley1234: "Re: win2000 has spyware, can I logon with console repair and delete files to"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]