 sj |
||
|
||
Tech: Prev thread on virus diconnecting
|
|
|
||||||
|
Tech: Prev thread on virus diconnecting |
|
|||||
|
Subject: Tech: Prev thread on virus diconnecting From: pavane Date: 28 Mar 05 - 04:45 AM I am trying to find a recent thread on a virus which disconnected the PC from the net after a short time - my son thinks he has got the virus, but I can't find the old thread. Can someone point me to it? Thanks |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: JohnInKansas Date: 28 Mar 05 - 07:00 AM There have been a number of threads that could possibly be the one you're remembering, but I don't have any of them on trace. There currently are several different "infections" that could qualify, and you'd be better off getting current identification and removal instructions for what you actually have, rather than speculating based on old info. If possible, get your "infected" machine connected to: Symantec Security Check Click on the "Scan for Viruses" and see if it identifies a specific one as being present, then use "search" in the left sidebar of the same page to find info for that specific infection and get the instructions for removal. If the infected machine runs WinXP or WinME, it usually is necessary to turn off "System Restore" to avoid reinfection by anything that made Registry changes. Removal instructions should indicate when this is needed. If the removal involves more than a click or two, it is strongly recommended that you print the removal instructions and read them completely and carefully before you begin. If no infection is found by the Symantec/Norton scan, you probably may assume that your problem is not a "virus;" but you may still have Adware of Spyware. The free versions of Spybot and AdAware can be used to identify and remove most common infections of this sort. AntiVirus cannot usually deal with these, since they technically are not "viral." It is important that you have current versions of Spybot and AdAware with current definitions just as with AV programs. If you do not find a virus, and do not find known Adware/Spyware, then the probability is that you have a "hijack" program. Occasionally a virus will install one of these, and removing the virus by ordinary means won't necessary get rid of them. More commonly, they get installed by "trickery" that induces you to "click something," which tells your machine it's a program you want. If you reach the point where this appears to be the problem, the best methods of removal become strongly dependent on what you find; and general "guessing about" is not likely to be too helpful. John |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: pavane Date: 28 Mar 05 - 09:41 AM Thanks John. He has already run anti-virus, Spybot and Adaware, but cannot stay connected long enough to download upgrades. He does run XP. |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: GUEST,Stilly River Sage Date: 28 Mar 05 - 09:07 PM What kind of connection does he have? If he has DSL, sometimes with a problem like that the best thing to do is to turn off the power to the modem. I think they call this "power cycle," but turn it off for more than a couple of seconds (take time to go get a drink of water or something) then turn it back on. Sometimes you can end up having to use the restart button, but not usually. Turning off the entire system won't hurt, actually. But at any rate, often times the modem (that may have been messed up for several days) will come back it's old self. If you have problems with a dialup modem, then your line may be noisy. We have discussed that within the last few months. I would suggest selecting all of the TECH threads and use the drop down window to show threads from the last several months, or even 365 days. There aren't than many TECH threads when compared to all of the others. The thread I'm thinking of was started by someone with a problem similar to what you're describing now. Good luck. SRS |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: GUEST,Sorch Date: 28 Mar 05 - 10:07 PM Well, with the front door down, Supersearch doesn't work. When it comes back, I'll see what I can find. |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: pavane Date: 29 Mar 05 - 01:56 PM We do have dial-up, and two other machines connected do not have this problem. The speed of the line makes searching painfully slow! |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: JohnInKansas Date: 29 Mar 05 - 02:18 PM Pavane – The only threads I find that you've posted to since last November, that relate to anything remotely similar, are: Tech: Web problems Tech: Where does Netscape keep the mail files? Tech: Getting data off crashed computer Probably the first one, a difficulty staying connected, is the only one directly applicable. The "fix" there was a cleanup of phone wiring. John |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: pavane Date: 29 Mar 05 - 03:02 PM John, I don't think I posted to it, I just browsed. In the current case, there are three machines using the line, and only one has the problem. But thanks for looking. |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: JohnInKansas Date: 29 Mar 05 - 03:28 PM pavane - If you have three machines all using the same 'phone line, are you: a. using them one at a time with the separate modems in each machine? b. have a router or other interface? c. using Wndows' built-in Internet Connection Sharing (ICS)? If your AV program doesn't detect a virus now, you can be pretty safe in assuming there is no active virus on the machine that has the problem. New crud appears almost daily, but the AV people do a really good job of keeping up. You may have had a virus that managed to install a payload (worm or other junk) before the AV got the virus itself; but the AV should still detect most kinds of payload "infections." The odds are in favor of a noisy 'phone line, possibly just the cord that plugs the modem for the problem machine into to 'phone line or a problem with the modem in that machine, assuming that's your hookup. Modems are one of the most susceptible components to "external surge damage" in most computers. Even with separate 'phone line surge suppression, out Kansas T-storms have taken out a couple of ours - with no damage to anything else. John |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: mandoleer Date: 29 Mar 05 - 03:37 PM I can go with the noisy line one, as I had a week or two of dropout and difficulty connecting, but if other machines are connected to the same line, shouldn't be that. Unless the connection in the house is duff to that one machine. Other possibility is dialer. Get WinPatrol and click on 'Current Tasks' and see what is running. I also recommend BHO Demon to check on browser helpers. (SmartShopper can be deactivated with this - that little nasty can even prevent you getting into My Computer and My Documents!) WinPatrol also tells you when something is installing itself - more useful to you in the future, I know, but it's well worth having. I put it on machines I'm cleaning up, along with Demon, SpyBot and AdAware. (Have just finished one where they hadn't updated AV for 3 years. 11 Trojans, 807 Critical Objects, about 40-50 things in SpyBot, and we could do nothing until Demon had disabled SMRT! About the only thing they didn't have was CoolWeb.) |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: pavane Date: 30 Mar 05 - 02:25 AM Three machines with their own modems, using the line at different times. We hope to go to a shared broadband connection soon, but we have a problem with the phone company at the moment. (Here in the UK, after the opening up of the phone market, we chose a supplier. Another supplier has taken over our line, based on a supposed verbal contract made over the phone with my wife, who says she did NOT agree to this. So we are not paying any phone bills until they can produce actual evidence of a contract) Also, I just loaded Spybot and AdAware on a machine which had NEVER been connected, and got a number of Critical objects. |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: GUEST,Stilly River Sage Date: 30 Mar 05 - 10:27 AM pavane, "Slamming" is illegal over here, and it was a common practice among the phone companies. They took any kind of contact as a willingness on your part to have your phone service switched. ATT did it to me one time, taking my long distance service from MCI. I called and harangued them, and of course they played dumb, but my service was switched back the next month, and I think I reported it to the state attorney general's office, or whoever was taking those reports at the time. They still try to do it, but people are pretty wise to it now. As a thought--phone wire is cheap. It might be worth your effort to change out the line from the wall to the computer just to see if that makes a difference. You can buy pre-cut pieces of phone cable here with the ends in place for a few dollars at the hardware store, the electronics store, even the grocery store. When problem solving, always try the cheap fixes first. It saves so much grief later. Does your house line run in the attic or basement where you can get a look at it? A visit to that line might also be fruitful. Good luck. SRS |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: pavane Date: 30 Mar 05 - 05:04 PM Well, I am hoping that I will get free phone calls until they admit it, as I am not paying their bills! If they try to sue for the money, they will have to prove in court that I had a contract. Over here, there is a regulatory body to whom you can address complaints if the company doesn't sort it within 12 weeks. On the technical front, don't think it is the wire, as 2 other machines work OK. |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: JohnInKansas Date: 30 Mar 05 - 05:49 PM SRS - Slamming still goes on to some extent in the US, but most of the services have encouraged customers to sign up to "anti-slamming" contracts that specifically state that your service is not ever to be changed without written notice to your current provider. Without this agreement, a "verbal contract" with a new provider was/is "legal" so when the new provider claimed you had agreed your chosen provider had no choice about letting them claim the contract. If you've given them an anti-slam authorization, they have legal grounds to refuse to relinquish the service contract. Of course this doesn't help much if a predatory company simply buys the company you have your service contract with - as has just happened to us. pavane - Remember that the wire you use to plug into your one phone jack (assumed to be a wall socket?) is part of the "phone system" the computer is using. If you use a different wire for the computer with the problem, that wire may be a suspect. The phone lead-wires used in the US are "semi-flexible" but use solid wire - not stranded - so it's not uncommon for the wire to "work-harden" and produce high resistance or intermittent areas if flexed repeatedly, as happens when one is connected/disconnected a few times. The socket the leadwire plugs into on the computer may also have something as simple as a dirty contact. The connectors used in the US use "contacts" that consist essentially of a bent-over piece of wire, and they're prone to slight misalignment of the "tips" within the socket - and on the plug on the end of the leadwire. As noted previously, modems are one of the more "fragile" components in recent PCs, so it is possible that the problem is with the modem itself, in the machine that's giving you problems. Several of the modem manufacturers used to run "modem test" sites you could hook up to to let them check out your modem, but I've had difficulty locating one recently in the US, and have no idea what might be available for UK users. You might Google from one of the working machines to see if you can find anything of the sort. If you can identify the maker of the modem that's installed, you'd want to look for something by that manufacturer if possible(?). System Information (Start - Programs - Accessories - System Inforamation on recent Win versions) may give you an ID, or Hardware Manager/Device Manager depending on the OS involved. There was a thread not too long ago in which one of our 'catters was concerned about "clicks and clanks" on a phone line - and whether someone was tapping in. A UK service for checking phone line quality was suggested. I didn't find the thread with a quick look, but I don't believe it had a "Tech" header(?). Perhaps someone will remember it and can give you a pointer to it? I believe the test they mentioned was only for voice, but confirming that the voice line is clean would eliminate (or at least reduce) concern about general line quality issues. You mentioned a problem with downloading Spybot and Ad Aware on the problem machine, due to inability to stay connected. Either of these can be downloaded and "saved" on another machine for transfer instead of doing a direct install. Unfortunately both are too large to fit on a floppy, so you'd need another format (CD? or ZIP?) that both machines can handle to "sneaker-net" the transfer of the downloaded files to the problem machine for installation. Ad Aware's latest version downloads at about 2.5 MB, but unzips to about 4 MB installed, The Spybot download may be a little larger, although the installed space is about the same. The current version of Ad Aware, if you right click on the file and look at properties for the installed Ad-Aware.exe file, is 6.2.0.206. (The current free version is called Ad-Aware SE Personal.) If you have anything older, a reinstall will get you most of the newer signatures, although you'll still want to check for signature updates frequently once you get things working. Spybot should show, for the SpybotSD.exe file, a version number of 1.3.0.12 or something very similar. If older, you should reinstall if possible, and again - get updates regularly when you can. John |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: pavane Date: 31 Mar 05 - 08:38 AM Thanks for your suggestions. We now think it may be a worm or virus similar to the old Blaster worm. Every time he makes a new dial-up connection, the allowed connection time is cut, and the disconnect time is fairly consistent, which makes hardware problems unlikely. On the Slamming problem, we have been promised a copy (not a transcript) of the recorded conversation, but have received nothing yet (And I don't think it exists). Until it is produced, there is no way I will pay any bills, as there is no contract. (Who was it said that said a verbal contract wasn't worth the paper it was written on?) |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: JohnInKansas Date: 31 Mar 05 - 10:55 AM pavane - Since he runs WinXP, he can use the Microsoft Malicious Software Removal Tool to search for and remove Blaster and/or Bagle, Berbew, Blaster, Bropia, DoomJuice, Gaobot, Goweh, Korgo, Mydoom, Nachi, Netsky, Randex, Sasser, Sober, Sobig, Zafi, Zindos (currently). The tool is available from several Microsoft sources. The tool can be run directly from Microsoft Malicious Software Removal Tool. In the form offered here, I believe the the tool runs once, then deletes itself. If he can't keep a connection, links at this site should take you to a place where you can download, install, and run the tool manually, so you should be able to download the tool with another machine and move it to his for installation and run. Once he gets his connection up, he can authorize auto update from the Microsoft Update center, and the tool will download the latest version, run, and delete, automatically on a monthly basis. In WinXP, Ctl-Alt-Del opens Task Manager, and the second tab, Processes, will show Msblast.exe running if he has Blaster infection. If it's not there, the problem probably is something else. John |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: pavane Date: 01 Apr 05 - 07:34 AM Ok well it isn't Blaster then! No sign of msblast.exe, nor anything else which appears suspicious. Thanks for that tip. |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: JohnInKansas Date: 01 Apr 05 - 08:45 AM One of the handy utilities when you run into malware problems, that you should get at the first opportunity and keep handy just in case, is HijackThis. It's available from a number of places on the web, but one that appears to have the current "latest version" is at Computer Guy. You'll find quite a lot of anticrud stuff listed here, but you need to scroll down to the Hijack This download. If you get it from another site – or in fact from this one – there's a button in the program to check for updates, and you should use it if there's any question whether you have the latest. It's only about a 213 KB download (hijackthis1991.exe) and there's no installation, so you can download the file to your working machine and sneaker-net it on a floppy to other machines. The essential thing that Hijack This does for you is to create a log of a very large number of things that are going on with your computer. Numerous volunteer web sites, if you follow their instructions carefully and completely will look at the Hijack This log and try to tell you what to do to get fixed. Nearly all of the help sites that use it also will demand that you run Spybot SD and Ad Aware SE before you run any log that you send them so it's well to have both of these programs onboard and updated before something gets broken. If you make yourself a Hijack This log when your machine is running ok, and save it for a reference point, a new log when you have a problem may give you a lot of info about what's "suddenly popped up" on your machine. Note that the program uses the same default filename for the log every time, so if you want to save one you need to rename it before the next run. Hijack This can be used to make changes so caution is advised if you decide to tell it to "fix stuff," but just running it to get the log is harmless, and potentially very helpful. If you have a log from sometime when the machine was working, you don't have to know what all the stuff means. Anything that's different when you run it after you get a problem can be examined to make much better informed SWAGs about where your problems are. John |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: Sorcha Date: 01 Apr 05 - 11:41 AM I would have sworn I either posted to it or started it. Now I can't find it either. |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: mandoleer Date: 01 Apr 05 - 02:09 PM Do try switching the modem connecting wires before getting into too much heavy stuff. Put a cable you know is good in and see if the problem stays. Then consider changing the modem. They're only about £12 or £15 from a computer fair. Modems CAN go duff, as can cables. You will then have the latest v dot whatever into the bargain. As to the machine that had never been connected, SpyBot and AdAware are not known for giving false positives. There are quite a few programs that do - and a good site like Major Geeks bans them - but they're all commercial ones trying to frighten you into buying. Let me know what they found on the unconnected machine. I'm interested... But do try BHO Demon and WinPatrol - both can be downloaded onto CD easily and put on to the affected machine. WinPatrol can stop any process running if you tell it. Put it on and let me know what it's finding. (I'm part of an unofficial crusade to put a stop to the bastards that put this stuff out - no financial gain in it for us but a great satisfaction when another machine is secured against them.) |
|
Subject: RE: Tech: Prev thread on virus diconnecting From: Stilly River Sage Date: 01 Apr 05 - 02:42 PM I can second the advice about the modem. I had one die in my last machine--I think the computer itself was running too hot. It died right before I had to replace the power supply because the fan in there wasn't running properly. If your computer has been in a situation where the air circulation isn't good, or in a room that is or was hot, give this some consideration. Modems are as easy to change as a lightbulb. SRS |
| Translate Thread |