Re: Funky machine
- From: SoCo6 <SoCo6@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 21 May 2006 11:15:02 -0700
Thanks, Lots of great info. It's been a learning experinace. Especially in
that the Web is like the wild west and, like the beginnings of the west, good
citizens had to bring the law with them.
I hate to keep asking for more, but if you have any input on the below it
would be appreciated.
Flattening:
From boot from XP cd, Delete partions & kill power withoutshutdown(supposedly to stop memory based virus from re-writing)
Format drives using format command from cd.
(I think there maybe more but my reference doesn't have all the syntax??)
Re-install
Install another license of the trend 3 pack I just bought for the new system.
Scan from the network with internet off.
Scan from clean machine to safe-mode with networking of suspect??
If clean, go on-line, update.
Should Xp install from CD with no network connection?
If, not any pointers on monitoring the switch above from another machine.
(the web interface the switch uses isn't very friendly and doesn't as much
info as I'd like.)
Thanks again you been a great help,
Scott
"Steven L Umbach" wrote:
Sounds like you have your hands full. The info in the link below may be.
helpful in restoring security settings to default defined levels using
secedit if you can run it as malware may have changed user rights and
permissions for administrators though that in itself will not remove any
malware. It is also worth a try to boot into Safe Mode to attempt repairs
and do malware/spyware scans. You can try downloading and installing Windows
Updates directly from the update download site but again that may not have
much effect on your problems. Trend Micro has a great free malware detection
and removal utility called Sysclean that does not need to be installed that
you might want to try. You just download it and the latest pattern file to a
common folder, unzip the patter file, and then run Sysclean. In your case a
clean install is most likely going to be the best and shortest path to
success. --- Steve
http://www.trendmicro.com/download/dcs.asp --- Sysclean
http://www.trendmicro.com/download/pattern.asp --- TM pattern files
http://support.microsoft.com/default.aspx?scid=kb;EN-US;313222 --- using
secedit to restore all default defined security settings. Just copy and
paste the command into a command screen on your computer and hit enter.
"SoCo6" <SoCo6@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6C56B3FB-6850-4FD9-89EB-A9E743A0F11D@xxxxxxxxxxxxxxxx
Hey Steve, thanks, I'd like to put a few screen shots out but the bugger
is
being resistant to that. This bug is very defensive and has made nothing
easy. I can't look at the logs because "this client doesn't have the
permissions to view security logs." Can't Add\remove Win componets by
same,
yet I'm the only admin I can see on the system.
I'm trying Ms support for the update problem & a privledge reset tool
didn't
work for the same reason.
I went thru the steps and the system failed to install the new genuine
tool
up until the 18th. As I seen lately, no other updates can be seen until
that
tool is installed. Do you agree? I checked the update & history everyday
and
it only showed failure and one success. After installing Halflife2,
Autodate
somehow installed the updates for the past 6 months on the 15th when I had
auto update off and didn't see, download, or install any of these.
I'm getting ready to try to flatten it again to get the malware to it's
most
primitive and try to capture or kill it with a network above monitoring
the
traffic.
Any ideas on that would again be greatly appreciated,
s.
"Steven L Umbach" wrote:
With dual boot operating systems it depends on the operating systems
being
used. If they are all Windows operating systems you want to install the
oldest operating system first as the newer operating system may overwrite
files in the root directory and if the files are versions that the
operating
system does not understand you will have failure upon booting into the
operating system.
Always make sure that you have some sort of firewall protection enabled
before you ever connect to the internet with any of your operating
systems
and be sure to download and install critical security updates from
Windows
Updates after you install your service pack. Make it a habit to check the
logs via Event Viewer after an install and thereafter to see if any
problems
are shown that may need attention and also check Device Manager for any
hardware issues. The link below has tips on how to help you secure your
computer. If you have any more specific questions on install procedures
let
me know. --- Steve
http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx
"SoCo6" <SoCo6@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:71E042D5-A01D-4F70-AC97-99D1007C6741@xxxxxxxxxxxxxxxx
Hey Steve,
There are no cfiles that I know of but but I'll look into it. Also, any
leads on flattening order of op's \ procedures would be appreciated.
Thanks for the time,
Scott
"Steven L Umbach" wrote:
There would not be any files encrypted with EFS unless a user using
the
computer intentionally did so. You can use the cipher command to check
for
encrypted files and folders. --- Steve
"SoCo6" <SoCo6@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F521B76B-C4FC-4087-92D3-1118337801D3@xxxxxxxxxxxxxxxx
Thanks, how do you decrypt EFS? This system was new & patched and
never
on-line. This system, and large sample of new retail small build
hardware,
as been flatten hard many times.
Update, Made the mistake of updating Norton sys05.
A clean reboot;
Lost connect to on-board hardware firewall but not web(still behind
network)
Windows Explorer shutdown by DEP, sent error report.
Anyway thanks,
Scott
"Steven L Umbach" wrote:
I meant to say that any EFS encrypted files should be decrypted
before
an
new install of the operating system to insure the user can access
them
in
the new operating system. --- Steve
"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:ra6dnVdNzuZUcPrZRVn-rw@xxxxxxxxxxxxxx
You seem to have multiple issues that could be a result of
multiple
malware infections. I suggest that you have your data files
backed
up
and
files encrypted with EFS encrypted first and then have a clean
install
of
the operating system done. It probably would be a good idea to
document
current cmos settings for the motherboard and then choose default
settings
before installing the new operating system. Steps in the link
below
need
to be taken to minimize chances of future operating system
oblems. ---
Steve
http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx
"SoCo6" <SoCo6@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D351AA5A-FE44-4509-961C-964DD3E38845@xxxxxxxxxxxxxxxx
Can't validate. XpPro
Multiple shop repair yields following: current to oldest.
No update when put on-line long time after repair behind
hardware
firewalled
network while typing on another system.
After shop never on-line: (Note: am only admin I see on a
standalone
set
of
xp)
Start|Control Panel| etc to Event Viewer |Security
"Unable to complete the operation on "Security". A required
privledge
is
not
held by this client."
Limited login odd will be locked out for logs full, let it run
for
a
bit
with screen saver and clears.
ADD/Remove Windows Component
"Setup was unable to open information file hidei with carrot top
BOX
BOX
Contact your system administrator. The specific error code is
0x7b
at
line
2088999411."
System will not load Xp without hardware failure unless:
Network present at boot
All BIOS enabled.
Specific failures relate to BIOS Shadowing & ACPI
Resetting, changing every insanely possible piece of hardware
fails
but
put
on network loads mostly cleanly.
Stopping IM messenger for one boot, lost video card and dual
boot
causing
a
shop repair to fix.
- Follow-Ups:
- Re: Funky machine
- From: Steven L Umbach
- Re: Funky machine
- References:
- Re: Funky machine
- From: Steven L Umbach
- Re: Funky machine
- From: Steven L Umbach
- Re: Funky machine
- From: SoCo6
- Re: Funky machine
- From: Steven L Umbach
- Re: Funky machine
- From: SoCo6
- Re: Funky machine
- From: Steven L Umbach
- Re: Funky machine
- From: SoCo6
- Re: Funky machine
- From: Steven L Umbach
- Re: Funky machine
- Prev by Date: Re: Granting access to NTFS drive
- Next by Date: Re: Granting access to NTFS drive
- Previous by thread: Re: Funky machine
- Next by thread: Re: Funky machine
- Index(es):
Relevant Pages
|
