TVCH FORUMS HOME . JOIN . FAN CLUBS . ABOUT US . CONTACT . CHAT  
Bomis   Quick Links   TOPICS . TREE-VIEW . SEARCH . HELP! . NEWS . PROFILE
Archive through December 20, 2003

The TVClubHouse: Archives: 2004 January - Arpil: Computer Problems? Ask here... (ARCHIVES): Archive through December 20, 2003 users admin

Author Message
Babyruth

Wednesday, December 17, 2003 - 11:22 pm   Edit Post Move Post Delete Post View Post    
Comcast was just bought by Microsoft?

Draheid

Wednesday, December 17, 2003 - 11:24 pm   Edit Post Move Post Delete Post View Post    
Babyruth: No, I was teasing Reader on who to blame for her computer problem. lol, sorry to have mislead you! :)

Babyruth

Wednesday, December 17, 2003 - 11:45 pm   Edit Post Move Post Delete Post View Post    
okey dokey

Juju2bigdog

Wednesday, December 17, 2003 - 11:49 pm   Edit Post Move Post Delete Post View Post    
Well, and howdy-do. I have been continuing to use the infected computer, and I was trying to copy and paste a newspaper article from the web into Word, and all of a sudden I got a red and blue dos-looking screen that said Norton had detected Keylogger Trojan virus C:\WINDOWS\MSTO32.DDL. It asked me what I wanted to do and gave me a bunch of choices. I selected Repair, and it said it couldn't repair. So I selected Quarantine, couldn't quarantine, so I selected Delete, couldn't delete, so I selected Exclude, and the screen cleared up.

I think I will restart the computer when I am done here and run another Norton scan overnight just for fun.

Draheid

Wednesday, December 17, 2003 - 11:55 pm   Edit Post Move Post Delete Post View Post    
Juju: click here to read Norton's information on this problem. Here are the 'basic' instructions for removal:
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Restart the computer in Safe mode or VGA mode.
4. Run a full system scan and delete all the detected files.
5. Delete the value that was added to the registry.
6. Resetting the Internet Explorer home page.


Hope that helps - the page has more detailed instructions to help you through the process.

Weinermr

Thursday, December 18, 2003 - 12:18 am   Edit Post Move Post Delete Post View Post    
Juju,

I have a Windows 98 CD, so if you need any Windows 98 files replaced, I may be able to send them to you.

Juju2bigdog

Thursday, December 18, 2003 - 9:34 am   Edit Post Move Post Delete Post View Post    
Weinermr, thanks for the offer. I have Windows ME on the infected computer, AND I have a CD and a laptop with Windows ME. I should be okay in that regard. I think where the Windows 98 confusion comes in is from before when I was trying to restore Bigdog's play computer that has Windows 98, and I have no CD for that one. bigdog's computer is fine this time.

Further update - Okay, so last night AFTER all of the above blather, I got a Norton update download, and it detected the msto32.dll trojan virus right away and let me "Exclude" it, whatever that means.

Last thing I typed here was I was going to shut down, restart, and run another Norton scan, of which I had run two the day before, BEFORE the latest update, but AFTER an update earlier in the week. As I re-started the computer, I got a popup alert from Norton detecting the second virus, in svchost.exe, which it called Backdoor.Tofger or Backdoor.T ofger. It couldn't repair that one, but it let me quarantine it.

Thus far this morning, computer seems to be running fine.

Dra, thanks for finding that Norton page. I will go study it later in the day.

So ... it appears I was lucky enough to catch a brand new virus that Norton just put out an update for last night. With all the Christmas stuff that is going around, my guess is it was something in one of those. Fasten your seatbelts, folks, we could be in for a rocky ride with other folks getting it too.

Bob2112

Thursday, December 18, 2003 - 11:55 pm   Edit Post Move Post Delete Post View Post    
Dawg: (and anyone else)

I've been doing a little research given the latest surge in trojan and keystroke capture programs of late and came across something interesting that I have not heard many people discuss. I don't have the link here at home, but the gist of what I read said that virus scan programs don't do a good job detecting trojan horse programs as they do for other types of viruses.

There are several program that specialize in identifying and cleaning trojan horses and two of them were much superior to the rest. One was very complicated and aimed towards very advanced users (like companies with an IT staff), but the other was almost as good and easy for the average user to install and run.

The program is called Trojan Hunter and it has a 30 day trial available for download.

Just yesterday my daughter encountered an AIM virus on our laptop and I believe it added a link to her AIM profile that may have downloaded a trojan horse also. I downloaded the software and was able to detect and fix the trojan.

I also downloaded an evaluation version Panda Titanium Antivirus 2004 to try in place of my Norton antivirus. I read some good things about it, but I'm not sure yet if it's better, worse or the same as Norton. It did clean up the AIM virus and allow my daughter to fix her profile.

For people that are not up to date with there virus scanning (and now trojan scanning), it's a good way to be up to date for the next month for free and hopefully the viruses, trojans and password/keystroke surge will ease after the holiday rush.

In any case, Trojan Hunter might do a better job finding and cleaning everything on your computers.

Juju2bigdog

Friday, December 19, 2003 - 12:15 am   Edit Post Move Post Delete Post View Post    
Yep, good idea, Bob. I was just astounded yesterday when I had run Norton/Symantec TWICE and didn't detect any viruses, yet the housecall one did. I was almost relieved when it detected the trojans because it explained all the screwy things I had going on.

Have not had a bit of trouble all day, since I excluded one and quarantined the other.

Hey, Dra?? Since Excluding one trojan and Quarantining the other seems to have worked, do you think I should still go ahead and try to follow the Norton/Symantec instructions you found for me? I have read them and printed them out. And thus far I have disabled System Restore and backed up my Windows Registry (should it be 9Mb?). I am just wondering whether it is necessary or whether it will even find any viruses, since I seemingly have them dealt with and the computer is operating fine?

Draheid

Friday, December 19, 2003 - 12:40 am   Edit Post Move Post Delete Post View Post    
Juju: *I* would complete the steps personally. Because the trojan adds entries to your registry and quarrantine only isolates the files but doesn't actually remove them, I would be afraid of the trojan having a 'failsafe' way of reactivating itself. I don't know this to be the case, it's just my theory of how it might work.

The alternative might be to try one of the programs Bob suggested and see if that will completely remove the trojan for you, saving you from the rest of the Norton instruction process.

Yes, the registry can be even larger then 9MB, in fact I just exported the registry on my computer and it's nearly 70 Megs! Yikes!! lol

Hope that helps.

Weinermr

Friday, December 19, 2003 - 8:15 am   Edit Post Move Post Delete Post View Post    
Is there somewhere to look up the what the "Blue Screen of Death" error codes mean?

I've been getting a healthy share of them lately so it's time to reinstall Windows, but I'm still curious about what the codes mean. Thanks!

Draheid

Friday, December 19, 2003 - 8:42 am   Edit Post Move Post Delete Post View Post    
Weinermr: Most of the codes you see on the BSoD are memory addresses which are typically unique to your computer, given the amount of memory you have installed, how it's configured, etc. The important pieces are the type of error (invalid page fault, fatal exception, etc.) and the program actually causing the error. You can usually enter those two pieces of information into google using the 'plus' and quotes around them (ie. +"fatal exception" +"msmon.vxd") and you will likely find more details that way. I've even gone as far as to copy the entire piece of information in to start and see what, if anything, comes back in the search. If nothing, then try removing small portions of the message until you find the information you need.

Of course, finding such information and actually making sense of it are two different things. If you are able to decipher the technobabble usually associated with the descriptions then this can be a useful way to learn more about your computer and possibly repair it more easily.

Hope that helps.

Juju2bigdog

Friday, December 19, 2003 - 8:52 am   Edit Post Move Post Delete Post View Post    
Thanks for the opinion, Dra. I may just try Bob's suggestion first, as I am a bit quivery about doing anything that messes with the registry. I am also intending to copy out parts of Bob's advice and send it to my friends, one of whom probably sent me something that had the viruses in the first place.

Weinermr

Friday, December 19, 2003 - 9:16 am   Edit Post Move Post Delete Post View Post    
Thanks Dra, I'll give it a try.

Juju2bigdog

Friday, December 19, 2003 - 11:53 am   Edit Post Move Post Delete Post View Post    
Downloaded and ran Trojan Hunter. The scan took a really long time.

Registry scan - no suspicious files found
Infile scan - no suspicious files found
Port scan - no suspicious open ports found
Memory scan - no trojans found in memory
File scan - no trojan files found

Bob2112

Friday, December 19, 2003 - 12:23 pm   Edit Post Move Post Delete Post View Post    
Sounds like your computer is all cleaned up.

It sure does take a long time to scan. The first steps go fast until the File Scan. It seems that all the anti-trojan programs run more slowly than the anti-virus programs. I guess identifying a trojan horse (which probably looks very much like most other executables) is more involved than identifying viruses.

My older PIII/700Mhz is running Win98 and the process hangs the computer after about 250,000 files. I don't know if it's a Win98 bug or what, but I didn't have problems running it under XP on the laptop. I'll have to have it scan individual directories instead of the entire C: to try and isolate where it is hanging.

Next week may be a good time for me to finally upgrade the older machine to XP. I've had the new hard drived and everything ready for quite a while, but do not look forward to installing all the software that I need on that machine. Ack!

Weinermr

Friday, December 19, 2003 - 12:30 pm   Edit Post Move Post Delete Post View Post    
Bob,

I'm about to do the same thing to my laptop which has Windows ME. I've been debating whether to upgrade to XP, or whether to do a clean install. I'm leaning towards doing a clean install. I'll lose some programs that way, but they aren't programs I can't live without.

Good luck with your upgrade!

Bob2112

Friday, December 19, 2003 - 1:04 pm   Edit Post Move Post Delete Post View Post    
I'm a big fan of the clean install. Too much old junk gets collected in the registry and other places and many things just don't upgrade cleanly.

Since I'll be installing a new hard drive, I'll be able to keep the old one intact and can always reboot to it in an emergency. I'll mount it as a data drive and copy the data I want after the new install. I only have a handful of programs that I need for work and then the rest will get installed as needed.

The kids are moaning about losing some game data, but I may be able to copy those data files over after they reinstall each game.

I'm guessing since you're updating a laptop, you are reusing the same hard drive. Your ME is not as old as my Win98, so you would have a better chance of an upgrade working than I would.

If you can save all you data files to another computer or on CD-ROM, then you may want to go the upgrade route and see how it works. Worst case would be that it doesn't go well and then you would have to do the new install anyway.

Good luck to you too!

Sasman

Friday, December 19, 2003 - 1:31 pm   Edit Post Move Post Delete Post View Post    
I upgraded my PC from ME to XP with few problems but for reasons to long to go into I first had to reformat the drive, then install ME and upgraded to XP.

Bob2112

Friday, December 19, 2003 - 2:05 pm   Edit Post Move Post Delete Post View Post    
So, effectively you did a new install, just with the extra step of having to install ME first.

Juju2bigdog

Saturday, December 20, 2003 - 10:18 am   Edit Post Move Post Delete Post View Post    
I swear these new keylogger trojan viruses are some of the weirdest I have seen. You will recall that I thought I got mine from a strange file Bigdog sent me and which I opened after scanning it for viruses at Yahoo. So I then went down to the cave and spent a whole bunch of time making sure Bigdog did not have the trojan viruses on his computer. Downloaded and ran the same anti-virus that detected mine when Norton failed to do so. He didn't have any.

So, a half hour ago, he had a strange failure with his Juno and came up to ask me about it. I cleared the error for him and had him restart his computer. Now he just came up again and said Norton told him he has the msto32.dll keylogger virus.

Weird, very weird. It has lain dormant for over a week in his computer, although he does use his less than I do mine. (rather large understatement, LOL)

Oh, and last night I was trying to find a music clip for Tess of Steve Winwood's Back in the High Life Again, and I was on a site that had lots of popups I hadn't killed yet, and things kept popping up, one of which must have been a request to install Lycos Side-Search toolbar, and I somehow clicked Yes by mistake, and I all of a sudden had the Lycos toolbar and couldn't get rid of it. I immediately went to Control Panel and uninstalled Lycos, but still had the toolbar, AND a lag in going to internet sites. I Googled it and found all sorts of complicated instructions involving editing the register, which I don't want to do. The sites also mentioned the Lycos toolbar gives about a 30 second lag in opening new sites, which was also happening here. I ran Adaware (spyware detector), and it found about 30 new suspicious files, all of which I deleted. Toolbar gone.

Sheesh, it is a jungle in here!

Not1worry

Saturday, December 20, 2003 - 11:49 am   Edit Post Move Post Delete Post View Post    
You aren't kidding, Juju! This computer has always been fine, but I can't figure out where all these popups are coming from. AdAware and Spybot haven't solved it I've gotten rid of all kinds of stuff and in the process I inadvertently erased the webdriver for BlasterBall 2. Grrrrrr.

Draheid

Saturday, December 20, 2003 - 12:54 pm   Edit Post Move Post Delete Post View Post    
Not1worry: Are you using a firewall on your computer?

If not, I highly recommend downloading and installing ZoneAlarm from ZoneLabs.com and install it on your computer. It is possible that you're dealing with another annoyance from Microsoft of an open port to an internal windows message system. This could be the exploit that others have seen and usually a firewall will close that port as well as protect your computer from many other potential problems.

You should also check the update status of Windows, make sure that the most current updates are installed, some of which may be security related issues.

Hope that helps.

PS: Click Here for a direct download of the latest Free ZoneAlarm.

Dipo

Saturday, December 20, 2003 - 3:27 pm   Edit Post Move Post Delete Post View Post    
Dra: quick question, I am trying to set up a microsoft mail account on my laptop, thru the mail section of the control panel. Anyway it is asking for the outgoing mail SMTP server and I am not sure what goes in this field.

Any ideas??? Thanks in advance.

Draheid

Saturday, December 20, 2003 - 3:58 pm   Edit Post Move Post Delete Post View Post    
Dipo: The outgoing server is usually exactly the same as the incoming server so if you're using something like 'yourisp.net' for internet access, you would probably enter mail.yourisp.net in both incoming and outgoing server settings.

Hope that helps - if not, check your ISP's website for their FAQ where you should be able to find the exact settings.