Ok whats up with this now??
- rovingcowboy
- Posts: 1504
- Joined: Wed Dec 18, 2002 10:14 pm
Ok whats up with this now??
not me but my friend ,, ? no really it is my friend not me really.. not cut that out.
put really he is the one that has the old hp that is set up with troubles out the ears??
he now has the trouble of it wont let him run any antivirus , antispyware, updates, or even do any registry editing.
all it does when he trys to do those things is open the program then it shuts on him faster then he can click start or enter??
i thought it might be low swap file so i upped it for him to 500 mbs as he has a small hard drive. but that did not work either.
now we both think it might be a trojan?? but not sure and it wont run anything to let us find out??
this is the windows98 os upgraded to windows xp, so it is not really a computer set up for xp. could that be causing the troubles??
anyone know what to do in order to get it to run some sort or anitvirus program becasuse it is also stopping nortons cdrom from running its set up??
Archived topic from Iceteks, old topic ID:1993, old post ID:16432
roving cowboy/ keith
Ok whats up with this now??
You might try checking the battery, reseat the memory and check to see if the fans are operating. If the system is trying to reboot constantly, that's a sign of one of the Blaster viruses. Did he check system compatibility before loading XP?
Archived topic from Iceteks, old topic ID:1993, old post ID:16434
Archived topic from Iceteks, old topic ID:1993, old post ID:16434
- manadren_it
- Posts: 1810
- Joined: Wed Jan 01, 2003 6:48 pm
Ok whats up with this now??
My first thought on this would be either a corrupt system file or a virus rojanspyware or maybe a memory problem. If you can find a virus scanner that can run from a boot disk, that's the first thing I"d try. Also while your at it, do a thorough memory scan using a good memory tester that, again, loads from a boot disk [that I can actually get you if you need one]
Archived topic from Iceteks, old topic ID:1993, old post ID:16436
Archived topic from Iceteks, old topic ID:1993, old post ID:16436
- rovingcowboy
- Posts: 1504
- Joined: Wed Dec 18, 2002 10:14 pm
Ok whats up with this now??
nope not going to work, as it wont let floppies go in the a drive all seems to be blocked by something.?
must be a trojan?
Archived topic from Iceteks, old topic ID:1993, old post ID:16456
must be a trojan?
Archived topic from Iceteks, old topic ID:1993, old post ID:16456
roving cowboy/ keith
Ok whats up with this now??
Definitely sounds like a trojan. If your friend has internet access try these online scanners. At least you won't have to fight with an install. If you are denied access to these sites you may have MyDoom.
You may be able to stop the trojan from running temporarily but going to safemode and cleaning up msconfig.
The following sites offer scanning services online for people who suspect they may have a virus.
http://securityresponse.symantec.com/ go about halfway down the page and click on the link "CHECK FOR SECURITY RISKS" You will be given the option to scan for virus or check your security. It will not remove the virus but it will identify it for you and tell you where it is located on your system. You can then follow manual remove instructions. Works with Explorer 5.0, Netscape 4.5 or Safari 1.0 or higher.
http://www.mcafee.com Choose "MCAFEE FREESCAN" on the right hand side of the page. IE users only.
http://housecall.trendmicro.com/ choose "SCAN NOW ITS FREE" supports IE and Netscape browsers.
Archived topic from Iceteks, old topic ID:1993, old post ID:16459
You may be able to stop the trojan from running temporarily but going to safemode and cleaning up msconfig.
The following sites offer scanning services online for people who suspect they may have a virus.
http://securityresponse.symantec.com/ go about halfway down the page and click on the link "CHECK FOR SECURITY RISKS" You will be given the option to scan for virus or check your security. It will not remove the virus but it will identify it for you and tell you where it is located on your system. You can then follow manual remove instructions. Works with Explorer 5.0, Netscape 4.5 or Safari 1.0 or higher.
http://www.mcafee.com Choose "MCAFEE FREESCAN" on the right hand side of the page. IE users only.
http://housecall.trendmicro.com/ choose "SCAN NOW ITS FREE" supports IE and Netscape browsers.
Archived topic from Iceteks, old topic ID:1993, old post ID:16459
Ok whats up with this now??
I think the problem is getting the pc to run long enough to troubleshoot.
Archived topic from Iceteks, old topic ID:1993, old post ID:16460
Archived topic from Iceteks, old topic ID:1993, old post ID:16460
Ok whats up with this now??
I appologize from reading his initial post I assumed he meant the programs would shut instantly upon starting them.
Also if he goes to safe mode and cuts back what is running or uses safemode with networking he will should be able to run the virus checks as listed above.
Archived topic from Iceteks, old topic ID:1993, old post ID:16461
Also if he goes to safe mode and cuts back what is running or uses safemode with networking he will should be able to run the virus checks as listed above.
Archived topic from Iceteks, old topic ID:1993, old post ID:16461
Ok whats up with this now??
Safe mode may work, I'm not that familiar with it since luckily, I've never had to use it.
If he's using XP, system restore will have to be turned off in order to clean up any virus/trojan that may be running.
Cowboy, we're shooting in the dark here, give us some more info!
Archived topic from Iceteks, old topic ID:1993, old post ID:16462
If he's using XP, system restore will have to be turned off in order to clean up any virus/trojan that may be running.
Cowboy, we're shooting in the dark here, give us some more info!
Archived topic from Iceteks, old topic ID:1993, old post ID:16462
Ok whats up with this now??
http://linuxiso.org
and never worry about that problem again.
Archived topic from Iceteks, old topic ID:1993, old post ID:16465
and never worry about that problem again.
Archived topic from Iceteks, old topic ID:1993, old post ID:16465
Ok whats up with this now??
Archived topic from Iceteks, old topic ID:1993, old post ID:16466
- rovingcowboy
- Posts: 1504
- Joined: Wed Dec 18, 2002 10:14 pm
Ok whats up with this now??
I am gittin' ya the info as fast as i can get it my self?
but lady tech is right it is just the programs stopping as fast as we can start them.
ok
UPDATE.
some how he got the norton to run long enough to clean out a worm that was there.
so he we were online yesturday with the old win98 and he was fixing and cleaning up the computer from the junk that was in there.
he said he had to uninstall norton as it did not work right after it got the worm out.
so i had him reinstall it then try to get the xp online. he did get it online and norton started the updates it needed.
great we got it licked it is going to work for us. WRONG
it needed rebooted after norton updated so he did. and he tried to get back online so i could send him a file to clean up the junk on his computer. (as the floppie still dont work) the dangbalsted thing said warning zonealarm has found an error with your system and has blocked system from internet connetion.
he tried shutting down zone alarm and got
warning your system has errors and can not connect.
now it is right back to square one.? and the antivirus program shuts down 2 to 3 seconds after he trys to start it.
don't know if he had system restore turned off before he cleaned it with norton ? will get him to do that today we are going to try again.
us verses the windows xp computer
:dualguns2.gif: :greenballgun.gif: :hugegun2.gif: :hugegun3.gif: :hugegun4.gif: :hugegun5.gif: :hugeinsanegun.gif:
Archived topic from Iceteks, old topic ID:1993, old post ID:16517
but lady tech is right it is just the programs stopping as fast as we can start them.
ok
UPDATE.
some how he got the norton to run long enough to clean out a worm that was there.
so he we were online yesturday with the old win98 and he was fixing and cleaning up the computer from the junk that was in there.
he said he had to uninstall norton as it did not work right after it got the worm out.
so i had him reinstall it then try to get the xp online. he did get it online and norton started the updates it needed.
great we got it licked it is going to work for us. WRONG
it needed rebooted after norton updated so he did. and he tried to get back online so i could send him a file to clean up the junk on his computer. (as the floppie still dont work) the dangbalsted thing said warning zonealarm has found an error with your system and has blocked system from internet connetion.
he tried shutting down zone alarm and got
warning your system has errors and can not connect.
now it is right back to square one.? and the antivirus program shuts down 2 to 3 seconds after he trys to start it.
don't know if he had system restore turned off before he cleaned it with norton ? will get him to do that today we are going to try again.
us verses the windows xp computer
:dualguns2.gif: :greenballgun.gif: :hugegun2.gif: :hugegun3.gif: :hugegun4.gif: :hugegun5.gif: :hugeinsanegun.gif:
Archived topic from Iceteks, old topic ID:1993, old post ID:16517
roving cowboy/ keith
- rovingcowboy
- Posts: 1504
- Joined: Wed Dec 18, 2002 10:14 pm
Ok whats up with this now??
everything is on hold with this troublesome computer for about a week or two.
no need to work on a soultion too fast now.
my friend was coming back from work or going to work or at work some where today, he slipped on the ice.
got a messed up shoulder, injured his face around the eyes. and got a concussion, and the doctors told him they found he has higy blood pressure and are wanting to check for blocked arteries for fear of him getting a heart attack.
he / his wife / his kid / one of them saved all the emails with your questions and soulitions in and they will get to them when he is well.
so besides all this other stuff he seems to be in a real mess. i thank you all on his behalf for answering and trying to help. and when he is able if he desides to continue with this xp computer of his. he will get in touch with me and start were we left off.
but in the mean time if you find the answers to the above dont forget to post them here so i can get them and save them for him.
thanks.
Archived topic from Iceteks, old topic ID:1993, old post ID:16543
roving cowboy/ keith
Ok whats up with this now??
Sorry to hear the bad news about your friend. Tell him to take it easy and get well soon, as the pc is not going anywhere...he needs to take care of himself first.
We'll be around whenever he is ready to continue.
Archived topic from Iceteks, old topic ID:1993, old post ID:16547
We'll be around whenever he is ready to continue.
Archived topic from Iceteks, old topic ID:1993, old post ID:16547
- rovingcowboy
- Posts: 1504
- Joined: Wed Dec 18, 2002 10:14 pm
Ok whats up with this now??
you know that he must have got something knock in to that brain of his.
because he would not rest like the doctor and all of us told him to do.
he kept working at the computer and got it scanned online before it crashed.
housecalls or antivirus.com has posted that he has got the newest version of this.
trojon back door so now i will have to walk him through the steps to remove it.
then all might be good again. by the way norton and others can not find the newst one of this. just trend micro. this new one even shuts down zonealarm.exe and lots of other ones it is a bad one.
QUICK LINKS Solution
--------------------------------------------------------------------------------
Virus type: Worm
Destructive: No
Aliases: W32/Agobot.CQ, Worm.Win32.Agobot.205824, W32/Gaobot.BZ.worm
Pattern file needed: 715
Scan engine needed: 5.600
Overall risk rating: Low
--------------------------------------------------------------------------------
Reported infections: Low
Damage Potential: High
Distribution Potential: High
--------------------------------------------------------------------------------
Description:
This memory-resident worm exploits certain vulnerabilities to propagate across networks. Like the earlier AGOBOT variants, it takes advantage of the following Windows vulnerabilities:
Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
IIS5/WEBDAV Buffer Overflow vulnerability
RPC Locator vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-007
It attempts to log in on systems using a predefined list of user names and passwords.
It also has backdoor capabilities and may execute malicious commands on the host machine. It terminates antivirus-related processes and dropped files by other malware. It also steals CD keys of certain game applications.
It only runs on Windows NT, 2000 and XP
Solution:
AUTOMATIC REMOVAL INSTRUCTIONS
To automatically remove this malware from your system, please use Trend Micro Damage Cleanup Services.
MANUAL REMOVAL INSTRUCTIONS
Identifying the Malware Program
To remove this malware, first identify the malware program.
Scan your system with your Trend Micro antivirus product.
NOTE all files detected as WORM_AGOBOT.BU.
Trend Micro customers need to download the latest pattern file before scanning their system. Other Internet users may use Housecall, Trend Micro’s free online virus scanner.
Terminating the Malware Program
This procedure terminates the running malware process from memory.
Open Windows Task Manager.
To do this, press
CTRL+SHIFT+ESC, and click the Processes tab.
In the list of running programs, locate the process:
WUMP.EXE
Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
*NOTE: On systems running Windows 9x/ME, Task Manager may not show certain processes. You may use a third party process viewer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing during startup.
Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Configuration Loader = "wump.exe"
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>RunServices
In the right panel, locate and delete the entry:
Configuration Loader = "wump.exe"
Close Registry Editor.
NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.
Additional Windows ME/XP Cleaning Instructions
Running Trend Micro Antivirus
Scan your system with Trend Micro antivirus and delete all files detected as WORM_AGOBOT.BU. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro’s free online virus scanner.
Applying Patches
Download the latest patch. Information and download links on the vulnerabilities exploited by the malware can be found at the following links:
Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-007
Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business or home PC.
Archived topic from Iceteks, old topic ID:1993, old post ID:16732
because he would not rest like the doctor and all of us told him to do.
he kept working at the computer and got it scanned online before it crashed.
housecalls or antivirus.com has posted that he has got the newest version of this.
trojon back door so now i will have to walk him through the steps to remove it.
then all might be good again. by the way norton and others can not find the newst one of this. just trend micro. this new one even shuts down zonealarm.exe and lots of other ones it is a bad one.
QUICK LINKS Solution
--------------------------------------------------------------------------------
Virus type: Worm
Destructive: No
Aliases: W32/Agobot.CQ, Worm.Win32.Agobot.205824, W32/Gaobot.BZ.worm
Pattern file needed: 715
Scan engine needed: 5.600
Overall risk rating: Low
--------------------------------------------------------------------------------
Reported infections: Low
Damage Potential: High
Distribution Potential: High
--------------------------------------------------------------------------------
Description:
This memory-resident worm exploits certain vulnerabilities to propagate across networks. Like the earlier AGOBOT variants, it takes advantage of the following Windows vulnerabilities:
Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
IIS5/WEBDAV Buffer Overflow vulnerability
RPC Locator vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-007
It attempts to log in on systems using a predefined list of user names and passwords.
It also has backdoor capabilities and may execute malicious commands on the host machine. It terminates antivirus-related processes and dropped files by other malware. It also steals CD keys of certain game applications.
It only runs on Windows NT, 2000 and XP
Solution:
AUTOMATIC REMOVAL INSTRUCTIONS
To automatically remove this malware from your system, please use Trend Micro Damage Cleanup Services.
MANUAL REMOVAL INSTRUCTIONS
Identifying the Malware Program
To remove this malware, first identify the malware program.
Scan your system with your Trend Micro antivirus product.
NOTE all files detected as WORM_AGOBOT.BU.
Trend Micro customers need to download the latest pattern file before scanning their system. Other Internet users may use Housecall, Trend Micro’s free online virus scanner.
Terminating the Malware Program
This procedure terminates the running malware process from memory.
Open Windows Task Manager.
To do this, press
CTRL+SHIFT+ESC, and click the Processes tab.
In the list of running programs, locate the process:
WUMP.EXE
Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
*NOTE: On systems running Windows 9x/ME, Task Manager may not show certain processes. You may use a third party process viewer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing during startup.
Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Configuration Loader = "wump.exe"
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>RunServices
In the right panel, locate and delete the entry:
Configuration Loader = "wump.exe"
Close Registry Editor.
NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.
Additional Windows ME/XP Cleaning Instructions
Running Trend Micro Antivirus
Scan your system with Trend Micro antivirus and delete all files detected as WORM_AGOBOT.BU. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro’s free online virus scanner.
Applying Patches
Download the latest patch. Information and download links on the vulnerabilities exploited by the malware can be found at the following links:
Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-007
Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business or home PC.
Archived topic from Iceteks, old topic ID:1993, old post ID:16732
roving cowboy/ keith
- rovingcowboy
- Posts: 1504
- Joined: Wed Dec 18, 2002 10:14 pm
Ok whats up with this now??
after we got this informatiation in my last post we tried to get rid of it. by doing what it said.
but the hacker had some how moved everything? so i did the old standby.
REM: it out in the config.sys file that caught the son of a gun
still though once he got it booted he tired to run norton av again this time it found another worm???
i think there might be more then 2 just might be loaded with them.
still as the one listed in the last post is not in the wild it had to come in through the morpheous program as his boy was getting songs from the internet throught that.
looks like he got lots more then songs.
but we are slowing getting this thing working he was able to use hotmail on it the other day. he has been busy on other work last couple days. plus trying to heal up after his fall. but he wont stop or rest ?? he is just going to mess around and make it worse i told him but he still goes out in his metal shop and runs the machines with his sore arm eye and head.
will let you know more when i get more.
Archived topic from Iceteks, old topic ID:1993, old post ID:17047
roving cowboy/ keith
- rovingcowboy
- Posts: 1504
- Joined: Wed Dec 18, 2002 10:14 pm
Ok whats up with this now??
that bump in the head must have done something to him?
he has been trying now to get 5 computers going all of which he got for free.
most of which dont work or have more virus's in.
all seem to have sram in them and 250 mb hard drives.
and he wants to upgrade them to windows 98.
got him to understand that wont work now we are trying to get one of them formated and reinstalled with win95.
but the computer wont see the floppy drive as the a drive it sees it as the b drive.
he said it did see the a drive before but when he changed the floppy out to get one that worked it changed to b drive and wont go back to a drive or atleast we cant find out how to get it back in win95.
he really needs to get new stuff but he is as broke as me and he is trying this on his own mostly so that is good for learning but it is a pain to get things to work.
just wanted to let you know what was going on now.
Archived topic from Iceteks, old topic ID:1993, old post ID:17835
he has been trying now to get 5 computers going all of which he got for free.
most of which dont work or have more virus's in.
all seem to have sram in them and 250 mb hard drives.
and he wants to upgrade them to windows 98.
got him to understand that wont work now we are trying to get one of them formated and reinstalled with win95.
but the computer wont see the floppy drive as the a drive it sees it as the b drive.
he said it did see the a drive before but when he changed the floppy out to get one that worked it changed to b drive and wont go back to a drive or atleast we cant find out how to get it back in win95.
he really needs to get new stuff but he is as broke as me and he is trying this on his own mostly so that is good for learning but it is a pain to get things to work.
just wanted to let you know what was going on now.
Archived topic from Iceteks, old topic ID:1993, old post ID:17835
roving cowboy/ keith
Ok whats up with this now??
Glad to hear from you...was about to send flowers, thought you had died!
I know nothing about old pcs, and can't keep up with the new ones either.
Archived topic from Iceteks, old topic ID:1993, old post ID:17837
I know nothing about old pcs, and can't keep up with the new ones either.
Archived topic from Iceteks, old topic ID:1993, old post ID:17837
- rovingcowboy
- Posts: 1504
- Joined: Wed Dec 18, 2002 10:14 pm
Ok whats up with this now??
oh ok thanks wren.
i have been here every day, just as a guest and not posting was busy and just looking for any questions for help that i might have been able to answer fast or that one and only post that might have said
hey roving cowboy git yon ovjhar an seat a spael.
Archived topic from Iceteks, old topic ID:1993, old post ID:17841
i have been here every day, just as a guest and not posting was busy and just looking for any questions for help that i might have been able to answer fast or that one and only post that might have said
hey roving cowboy git yon ovjhar an seat a spael.
Archived topic from Iceteks, old topic ID:1993, old post ID:17841
roving cowboy/ keith
Ok whats up with this now??
Toc hange the floppy from B drive back to A drive just change it's position on the cable. Floppies get their drive letter from their physical cable position. The OS has no control. If you look at the floppy cable you'll see it has a split and a twist in it. Any drives connected below the twist are B drive any above the twist are A drive.
Hope that helps
Archived topic from Iceteks, old topic ID:1993, old post ID:17846
Hope that helps
Archived topic from Iceteks, old topic ID:1993, old post ID:17846
- rovingcowboy
- Posts: 1504
- Joined: Wed Dec 18, 2002 10:14 pm
Ok whats up with this now??
i think that is it ladytech, i did ask him if he put it back in the same place he said yes but he might not have done so on the cable.?
being 1800 miles away it is hard to see what is going on and i forgot to ask the question in detail.
will ask him that today for sure as it will make things a lot easier
Archived topic from Iceteks, old topic ID:1993, old post ID:17853
being 1800 miles away it is hard to see what is going on and i forgot to ask the question in detail.
will ask him that today for sure as it will make things a lot easier
Archived topic from Iceteks, old topic ID:1993, old post ID:17853
roving cowboy/ keith
- rovingcowboy
- Posts: 1504
- Joined: Wed Dec 18, 2002 10:14 pm
Ok whats up with this now??
not that ladytech
it seems that he has this trouble
small floppy sits on top of the large one there is a small ribbin comes out of the small floppy that plugs into the top of the large one
looks like he has one floppy pair with one gray cable that has all plugs for all drives on it and it is the wide gray cable
small floppy has cable connection to the large floppy.
that means there is a jumper on the large floppy somewhere we have to change.
Archived topic from Iceteks, old topic ID:1993, old post ID:17855
it seems that he has this trouble
small floppy sits on top of the large one there is a small ribbin comes out of the small floppy that plugs into the top of the large one
looks like he has one floppy pair with one gray cable that has all plugs for all drives on it and it is the wide gray cable
small floppy has cable connection to the large floppy.
that means there is a jumper on the large floppy somewhere we have to change.
Archived topic from Iceteks, old topic ID:1993, old post ID:17855
roving cowboy/ keith
- rovingcowboy
- Posts: 1504
- Joined: Wed Dec 18, 2002 10:14 pm
Ok whats up with this now??
floppys were switched as to which was the master floppy and which was the slave floppy.
he just did not want to tear the computer apart again but i made him do it.
Archived topic from Iceteks, old topic ID:1993, old post ID:17856
he just did not want to tear the computer apart again but i made him do it.
Archived topic from Iceteks, old topic ID:1993, old post ID:17856
roving cowboy/ keith
- Red Squirrel
- Posts: 29209
- Joined: Wed Dec 18, 2002 12:14 am
- Location: Northern Ontario
- Contact:
Ok whats up with this now??
Yeah you have to set it in the bios too. Drive A 1.44 floppy and not drive B, otherwise it ingores the A drive even if it's connected and looks for a B.
Archived topic from Iceteks, old topic ID:1993, old post ID:17857
Archived topic from Iceteks, old topic ID:1993, old post ID:17857
Honk if you love Jesus, text if you want to meet Him!