Re: Funky machine

Hi Scott. My comments are inline


"SoCo6" <SoCo6@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B9B6FEFA-5198-4320-90B0-B652BC6BD9EE@xxxxxxxxxxxxxxxx
Thanks, Lots of great info. It's been a learning experinace. Especially in
that the Web is like the wild west and, like the beginnings of the west,
good
citizens had to bring the law with them.

I hate to keep asking for more, but if you have any input on the below it
would be appreciated.

Flattening:
From boot from XP cd, Delete partions & kill power without
shutdown(supposedly to stop memory based virus from re-writing)

Yes I would boot from XP cd howerver I would not kill power. I have never
heard of the need to do such and would not want to jepordize the
installation. I have done a LOT of installs. You will have the opportunity
to delete and repartition during operating system install which is what I
would do. Select the size partition you want for the first install and then
format and do NOT use fast format. Proceed with installation of the
operating system. I assume here you are installing from genuine Windows
install disk and not a copy you got somehwere that may not be wholesome.


Format drives using format command from cd.
(I think there maybe more but my reference doesn't have all the syntax??)
Re-install
Install another license of the trend 3 pack I just bought for the new
system.
Scan from the network with internet off.
Scan from clean machine to safe-mode with networking of suspect??
If clean, go on-line, update.

Yes you should install the operating system while the computer is not
connected to any network connection - even your LAN. Install Service Pack2
if it is not part of the install disk or if you have it on media. Service
Pack2 will by default enable the Windows Firewall but verify that it is
enabled and no exceptions are allowed at this time. If you need to install
SP2 from Windows Updates make SURE that the Windows Firewall is enabled
first. Install your antivirus program. Now with the Windows Firewall enabled
connect to the network and go directly to Windows Updates to download and
install your critical security updates. After that is done which will
require a reboot immediatley update your antivirus definitions. Then install
your applications and data. Use your virus scan to scan the media that you
have your data files stored on before restoring to your computer. Scan any
application files that are not on authentic install disk from the publisher
before you install them. Though I wold not expect a problem at this point
you can now scan the whole computer with your applications and data files
retored. --- Steve

Should Xp install from CD with no network connection?
If, not any pointers on monitoring the switch above from another machine.
(the web interface the switch uses isn't very friendly and doesn't as much
info as I'd like.)
Thanks again you been a great help,
Scott

"Steven L Umbach" wrote:

Sounds like you have your hands full. The info in the link below may be
helpful in restoring security settings to default defined levels using
secedit if you can run it as malware may have changed user rights and
permissions for administrators though that in itself will not remove any
malware. It is also worth a try to boot into Safe Mode to attempt repairs
and do malware/spyware scans. You can try downloading and installing
Windows
Updates directly from the update download site but again that may not
have
much effect on your problems. Trend Micro has a great free malware
detection
and removal utility called Sysclean that does not need to be installed
that
you might want to try. You just download it and the latest pattern file
to a
common folder, unzip the patter file, and then run Sysclean. In your case
a
clean install is most likely going to be the best and shortest path to
success. --- Steve

http://www.trendmicro.com/download/dcs.asp --- Sysclean
http://www.trendmicro.com/download/pattern.asp --- TM pattern files
http://support.microsoft.com/default.aspx?scid=kb;EN-US;313222 ---
using
secedit to restore all default defined security settings. Just copy and
paste the command into a command screen on your computer and hit enter.

"SoCo6" <SoCo6@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6C56B3FB-6850-4FD9-89EB-A9E743A0F11D@xxxxxxxxxxxxxxxx
Hey Steve, thanks, I'd like to put a few screen shots out but the
bugger
is
being resistant to that. This bug is very defensive and has made
nothing
easy. I can't look at the logs because "this client doesn't have the
permissions to view security logs." Can't Add\remove Win componets by
same,
yet I'm the only admin I can see on the system.

I'm trying Ms support for the update problem & a privledge reset tool
didn't
work for the same reason.

I went thru the steps and the system failed to install the new genuine
tool
up until the 18th. As I seen lately, no other updates can be seen
until
that
tool is installed. Do you agree? I checked the update & history
everyday
and
it only showed failure and one success. After installing Halflife2,
Autodate
somehow installed the updates for the past 6 months on the 15th when I
had
auto update off and didn't see, download, or install any of these.

I'm getting ready to try to flatten it again to get the malware to it's
most
primitive and try to capture or kill it with a network above monitoring
the
traffic.

Any ideas on that would again be greatly appreciated,
s.

"Steven L Umbach" wrote:

With dual boot operating systems it depends on the operating systems
being
used. If they are all Windows operating systems you want to install
the
oldest operating system first as the newer operating system may
overwrite
files in the root directory and if the files are versions that the
operating
system does not understand you will have failure upon booting into the
operating system.

Always make sure that you have some sort of firewall protection
enabled
before you ever connect to the internet with any of your operating
systems
and be sure to download and install critical security updates from
Windows
Updates after you install your service pack. Make it a habit to check
the
logs via Event Viewer after an install and thereafter to see if any
problems
are shown that may need attention and also check Device Manager for
any
hardware issues. The link below has tips on how to help you secure
your
computer. If you have any more specific questions on install
procedures
let
me know. --- Steve

http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx

"SoCo6" <SoCo6@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:71E042D5-A01D-4F70-AC97-99D1007C6741@xxxxxxxxxxxxxxxx
Hey Steve,

There are no cfiles that I know of but but I'll look into it. Also,
any
leads on flattening order of op's \ procedures would be appreciated.

Thanks for the time,
Scott

"Steven L Umbach" wrote:

There would not be any files encrypted with EFS unless a user using
the
computer intentionally did so. You can use the cipher command to
check
for
encrypted files and folders. --- Steve


"SoCo6" <SoCo6@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F521B76B-C4FC-4087-92D3-1118337801D3@xxxxxxxxxxxxxxxx
Thanks, how do you decrypt EFS? This system was new & patched and
never
on-line. This system, and large sample of new retail small build
hardware,
as been flatten hard many times.

Update, Made the mistake of updating Norton sys05.

A clean reboot;
Lost connect to on-board hardware firewall but not web(still
behind
network)
Windows Explorer shutdown by DEP, sent error report.

Anyway thanks,
Scott

"Steven L Umbach" wrote:

I meant to say that any EFS encrypted files should be decrypted
before
an
new install of the operating system to insure the user can
access
them
in
the new operating system. --- Steve


"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:ra6dnVdNzuZUcPrZRVn-rw@xxxxxxxxxxxxxx
You seem to have multiple issues that could be a result of
multiple
malware infections. I suggest that you have your data files
backed
up
and
files encrypted with EFS encrypted first and then have a clean
install
of
the operating system done. It probably would be a good idea to
document
current cmos settings for the motherboard and then choose
default
settings
before installing the new operating system. Steps in the link
below
need
to be taken to minimize chances of future operating system
oblems. ---
Steve

http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx

"SoCo6" <SoCo6@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D351AA5A-FE44-4509-961C-964DD3E38845@xxxxxxxxxxxxxxxx
Can't validate. XpPro
Multiple shop repair yields following: current to oldest.
No update when put on-line long time after repair behind
hardware
firewalled
network while typing on another system.

After shop never on-line: (Note: am only admin I see on a
standalone
set
of
xp)
Start|Control Panel| etc to Event Viewer |Security
"Unable to complete the operation on "Security". A required
privledge
is
not
held by this client."

Limited login odd will be locked out for logs full, let it
run
for
a
bit
with screen saver and clears.

ADD/Remove Windows Component
"Setup was unable to open information file hidei with carrot
top
BOX
BOX
Contact your system administrator. The specific error code is
0x7b
at
line
2088999411."

System will not load Xp without hardware failure unless:
Network present at boot
All BIOS enabled.
Specific failures relate to BIOS Shadowing & ACPI
Resetting, changing every insanely possible piece of hardware
fails
but
put
on network loads mostly cleanly.

Stopping IM messenger for one boot, lost video card and dual
boot
causing
a
shop repair to fix.


















.

Relevant Pages

  • Re: SP2 what a bunch of @#$!!!
    ... I installed SP 2 but lost network connectivity as a result, ... so i forced a hardware reboot. ... My last resort was a repair re-install of windows SP-1 from the original CD. ... end of the install after it had written a lot of stuff to the disk. ...
    (microsoft.public.vstudio.development)
  • Re: Windows cannot find C: (doc) Make sure you typed the name cor
    ... default printer back to my brother network printer. ... Windows cannot print due to a problem with the current printer setup ... uninstall the printer driver, and then install the latest version of ... from Outlook email - it opens a blank page in Word 2007 and you ...
    (microsoft.public.word.application.errors)
  • Re: Is your system Hacked/Owned
    ... > There are a number of ways to tell if your Windows system is hacked. ... > Select Start, Control Panel, Network, and if you see two ... > have found the hackers love to install a bunch of their crap here. ...
    (comp.security.firewalls)
  • Re: Have Win98SE OEM on laptop, want WinXP Home upgrade now - Does OEM
    ... for file sharing with existing network - network currently consists of one ... Whatever I did caused Windows to complain that Windows ... Second fresh install Saturday. ... | XP Home when it costs 99 dollars when you can get the OEM XP Home for 89 ...
    (microsoft.public.windowsxp.general)
  • Re: Windows 98 wont connect w/ XP printer on network; file sharing OK
    ... shared name matches W98 setting ... I ran the Windows XP Network Setup Wizard on Computer 1 ... Norten firewall is off, Windows ... >Windows XP and all sorts of bad things could happen if I install it. ...
    (microsoft.public.windowsxp.network_web)