Brand new Dell - already infected?

Discussion in 'Windows XP Security' started by Guest, Aug 16, 2005.

  1. Guest

    Guest Guest

    I just purchased a new Dell Dimension 9100 (new line for Dell). I loaded
    Mcafee VirusScan, Firewall and Privacy Service and then downloaded updates
    for all of the preceeding Mcafee programs (there were many). I also
    downloaded all
    critical Windows Security downloads. Everything is working fine except when I
    work with wordpad/notepad/word or other Microsoft programs. At random, when
    I open these files, I recieve IE shutdown errors. I created a new wordpad and
    notepad file, saved both and re-opened them: everything seemed fine. Then I
    ran Windows Explorer and when I tried to open the wordpad file with explorer,
    I received IE shutdown errors. The error report included:
    C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\drwtsn32.exe.mdmp
    C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\appcompat.txt. The HBT directory
    is one that was created when I first turned on my Dell and went through the
    initial installation wizard. The errors do not seem to take place along any
    specific pattern which makes this wreak of malware. Any advice would be
    greatly appreciated. I ran McAfee virusscan and no problems were found. I
    also installed and ran Spybot S&D and Adaware, but no problems were found.
    Any advice would be GREATLY APPRECIATED! Bryan
     
    Guest, Aug 16, 2005
    #1
    1. Advertisements

  2. From: "bryan" <>

    | I just purchased a new Dell Dimension 9100 (new line for Dell). I loaded
    | Mcafee VirusScan, Firewall and Privacy Service and then downloaded updates
    | for all of the preceeding Mcafee programs (there were many). I also
    | downloaded all
    | critical Windows Security downloads. Everything is working fine except when I
    | work with wordpad/notepad/word or other Microsoft programs. At random, when
    | I open these files, I recieve IE shutdown errors. I created a new wordpad and
    | notepad file, saved both and re-opened them: everything seemed fine. Then I
    | ran Windows Explorer and when I tried to open the wordpad file with explorer,
    | I received IE shutdown errors. The error report included:
    | C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\drwtsn32.exe.mdmp
    | C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\appcompat.txt. The HBT directory
    | is one that was created when I first turned on my Dell and went through the
    | initial installation wizard. The errors do not seem to take place along any
    | specific pattern which makes this wreak of malware. Any advice would be
    | greatly appreciated. I ran McAfee virusscan and no problems were found. I
    | also installed and ran Spybot S&D and Adaware, but no problems were found.
    | Any advice would be GREATLY APPRECIATED! Bryan


    Download MULTI_AV.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
    http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
    (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
    simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
    remove
    viruses, Trojans and various other malware.

    C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    This will bring up the initial menu of choices and should be executed in Normal Mode. This
    way all the components can be downloaded from each AV vendor’s web site.
    The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

    You can choose to go to each menu item and just download the needed files or you can
    download the files and perform a scan in Normal Mode. Once you have downloaded the files
    needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    during boot] and re-run the menu again and choose which scanner you want to run in Safe
    Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

    When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    file.

    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to allow it to download the needed AV vendor related files.

    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Aug 16, 2005
    #2
    1. Advertisements

  3. Guest

    Alan Guest

    bryan wrote:
    > I just purchased a new Dell Dimension 9100 (new line for Dell). I loaded
    > Mcafee VirusScan, Firewall and Privacy Service and then downloaded updates
    > for all of the preceeding Mcafee programs (there were many). I also
    > downloaded all
    > critical Windows Security downloads. Everything is working fine except when I
    > work with wordpad/notepad/word or other Microsoft programs. At random, when
    > I open these files, I recieve IE shutdown errors. I created a new wordpad and
    > notepad file, saved both and re-opened them: everything seemed fine. Then I
    > ran Windows Explorer and when I tried to open the wordpad file with explorer,
    > I received IE shutdown errors. The error report included:
    > C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\drwtsn32.exe.mdmp
    > C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\appcompat.txt. The HBT directory
    > is one that was created when I first turned on my Dell and went through the
    > initial installation wizard. The errors do not seem to take place along any
    > specific pattern which makes this wreak of malware. Any advice would be
    > greatly appreciated. I ran McAfee virusscan and no problems were found. I
    > also installed and ran Spybot S&D and Adaware, but no problems were found.
    > Any advice would be GREATLY APPRECIATED! Bryan
    >

    For a brand new Dell you should be calling Dell Tech Support. You
    paid for their service in the price of the PC.
     
    Alan, Aug 17, 2005
    #3
  4. Guest

    Guest Guest

    Dell tech support does not want to help me despite my support agreement. They
    told me that this is a problem with Microsoft programs which is not covered
    (which I do not believe). In a prior call, they gave me bad information.
    Maybe I spoke to a new person, but for now I guess I will try the above
    suggestions. Bryan

    "Alan" wrote:

    > bryan wrote:
    > > I just purchased a new Dell Dimension 9100 (new line for Dell). I loaded
    > > Mcafee VirusScan, Firewall and Privacy Service and then downloaded updates
    > > for all of the preceeding Mcafee programs (there were many). I also
    > > downloaded all
    > > critical Windows Security downloads. Everything is working fine except when I
    > > work with wordpad/notepad/word or other Microsoft programs. At random, when
    > > I open these files, I recieve IE shutdown errors. I created a new wordpad and
    > > notepad file, saved both and re-opened them: everything seemed fine. Then I
    > > ran Windows Explorer and when I tried to open the wordpad file with explorer,
    > > I received IE shutdown errors. The error report included:
    > > C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\drwtsn32.exe.mdmp
    > > C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\appcompat.txt. The HBT directory
    > > is one that was created when I first turned on my Dell and went through the
    > > initial installation wizard. The errors do not seem to take place along any
    > > specific pattern which makes this wreak of malware. Any advice would be
    > > greatly appreciated. I ran McAfee virusscan and no problems were found. I
    > > also installed and ran Spybot S&D and Adaware, but no problems were found.
    > > Any advice would be GREATLY APPRECIATED! Bryan
    > >

    > For a brand new Dell you should be calling Dell Tech Support. You
    > paid for their service in the price of the PC.
    >
     
    Guest, Aug 17, 2005
    #4
  5. Guest

    Leythos Guest

    In article <>,
    says...
    > Dell tech support does not want to help me despite my support agreement. They
    > told me that this is a problem with Microsoft programs which is not covered
    > (which I do not believe). In a prior call, they gave me bad information.
    > Maybe I spoke to a new person, but for now I guess I will try the above
    > suggestions. Bryan


    What type of internet connection do you have?

    If you have DSL or Cable, then get a NAT Router to connect between your
    ISP's router and your computer - this will let you reinstall Windows and
    everything else without being compromised in the process.

    --


    remove 999 in order to email me
     
    Leythos, Aug 17, 2005
    #5
  6. Guest

    Guest Guest

    I am not very technical and am not sure what these instructions mean. When I
    run the command it gives me the choices you state. Do I select Mcafee? Will
    this run a scan that is external to Mcafee? I'm confused.

    "bryan" wrote:

    > Dell tech support does not want to help me despite my support agreement. They
    > told me that this is a problem with Microsoft programs which is not covered
    > (which I do not believe). In a prior call, they gave me bad information.
    > Maybe I spoke to a new person, but for now I guess I will try the above
    > suggestions. Bryan
    >
    > "Alan" wrote:
    >
    > > bryan wrote:
    > > > I just purchased a new Dell Dimension 9100 (new line for Dell). I loaded
    > > > Mcafee VirusScan, Firewall and Privacy Service and then downloaded updates
    > > > for all of the preceeding Mcafee programs (there were many). I also
    > > > downloaded all
    > > > critical Windows Security downloads. Everything is working fine except when I
    > > > work with wordpad/notepad/word or other Microsoft programs. At random, when
    > > > I open these files, I recieve IE shutdown errors. I created a new wordpad and
    > > > notepad file, saved both and re-opened them: everything seemed fine. Then I
    > > > ran Windows Explorer and when I tried to open the wordpad file with explorer,
    > > > I received IE shutdown errors. The error report included:
    > > > C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\drwtsn32.exe.mdmp
    > > > C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\appcompat.txt. The HBT directory
    > > > is one that was created when I first turned on my Dell and went through the
    > > > initial installation wizard. The errors do not seem to take place along any
    > > > specific pattern which makes this wreak of malware. Any advice would be
    > > > greatly appreciated. I ran McAfee virusscan and no problems were found. I
    > > > also installed and ran Spybot S&D and Adaware, but no problems were found.
    > > > Any advice would be GREATLY APPRECIATED! Bryan
    > > >

    > > For a brand new Dell you should be calling Dell Tech Support. You
    > > paid for their service in the price of the PC.
    > >
     
    Guest, Aug 17, 2005
    #6
  7. From: "bryan" <>

    | I am not very technical and am not sure what these instructions mean. When I
    | run the command it gives me the choices you state. Do I select Mcafee? Will
    | this run a scan that is external to Mcafee? I'm confused.

    If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    vendor's web site and download the needed AV command line scanner and signature files. Upon
    the download completion and the file extraction (they are distributed in archive formats),
    it will ask if you wan to run a scan. If the answer is YES, it will then ask if you want to
    scan a particular location (such as F: or d:\program files ) either way it will scan either
    the selected location or all hard disks and clean the PC of infectors accordingly.

    Thye Multri AV Scanner front end utility will keep the three vendor's files up-to-date and
    and is an excellent "On Demand" anti virus scanner utility.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Aug 17, 2005
    #7
  8. Guest

    Guest Guest

    Dave,
    Thank you for your help. I ran the scan for Mcafee in normal mode and
    here are the results:

    Scanning C: []
    Scanning C:\*.*

    Summary report on C:\*.*
    File(s)
    Total files: ........... 137953
    Clean: ................. 137808
    Possibly Infected: ..... 0
    Cleaned: ............... 0
    Non-critical Error(s): 2
    Master Boot Record(s): ......... 1
    Possibly Infected: ..... 0
    Boot Sector(s): ................ 1
    Possibly Infected: ..... 0


    Time: 00:24.49

    I ran the c:\AV_CLS\startmenu.BAT and then answered Y to run the scan.
    Should I repeat the same steps in safe mode?

    "David H. Lipman" wrote:

    > From: "bryan" <>
    >
    > | I am not very technical and am not sure what these instructions mean. When I
    > | run the command it gives me the choices you state. Do I select Mcafee? Will
    > | this run a scan that is external to Mcafee? I'm confused.
    >
    > If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    > vendor's web site and download the needed AV command line scanner and signature files. Upon
    > the download completion and the file extraction (they are distributed in archive formats),
    > it will ask if you wan to run a scan. If the answer is YES, it will then ask if you want to
    > scan a particular location (such as F: or d:\program files ) either way it will scan either
    > the selected location or all hard disks and clean the PC of infectors accordingly.
    >
    > Thye Multri AV Scanner front end utility will keep the three vendor's files up-to-date and
    > and is an excellent "On Demand" anti virus scanner utility.
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
     
    Guest, Aug 17, 2005
    #8
  9. Guest

    Leythos Guest

    In article <#>,
    DLipman~nospam~@Verizon.Net says...
    > If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    > vendor's web site and download the needed AV command line scanner and signature files.


    NO IT WONT - Mcrappy requires you to register the product and agree to a
    control being installed before you can get automatic updates. I've seen
    more McCrappy protected machines infected due to their now doing
    automatic updates without registration.


    --


    remove 999 in order to email me
     
    Leythos, Aug 17, 2005
    #9
  10. Guest

    Leythos Guest

    In article <>,
    says...
    > I ran the c:\AV_CLS\startmenu.BAT and then answered Y to run the scan.
    > Should I repeat the same steps in safe mode?


    Did you open McCrappy, and select Update? If you did, did you complete
    the registration in order to get the updates?

    If you didn't complete the on-line registration then you have little
    protection.

    And yes, it's always best to run AV scan's on suspected machines in Safe
    Mode.

    --


    remove 999 in order to email me
     
    Leythos, Aug 17, 2005
    #10
  11. Guest

    Guest Guest

    I rebooted into safe mode and ran C:\AV_CLS\Startmenu.bat. The results were
    similar:

    Summary report on C:\*.*
    File(s)
    Total files: ........... 137950
    Clean: ................. 137823
    Possibly Infected: ..... 0
    Cleaned: ............... 0
    Non-critical Error(s): 2
    Master Boot Record(s): ......... 1
    Possibly Infected: ..... 0
    Boot Sector(s): ................ 1
    Possibly Infected: ..... 0

    What should I do next?

    "Leythos" wrote:

    > In article <#>,
    > DLipman~nospam~@Verizon.Net says...
    > > If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    > > vendor's web site and download the needed AV command line scanner and signature files.

    >
    > NO IT WONT - Mcrappy requires you to register the product and agree to a
    > control being installed before you can get automatic updates. I've seen
    > more McCrappy protected machines infected due to their now doing
    > automatic updates without registration.
    >
    >
    > --
    >
    >
    > remove 999 in order to email me
    >
     
    Guest, Aug 17, 2005
    #11
  12. Guest

    Leythos Guest

    In article <>,
    says...
    > I rebooted into safe mode and ran C:\AV_CLS\Startmenu.bat. The results were
    > similar:


    But you didn't say if you registered McAfee or not? If you don't
    register it, it won't have the updates to catch the latest bad things.



    >
    > Summary report on C:\*.*
    > File(s)
    > Total files: ........... 137950
    > Clean: ................. 137823
    > Possibly Infected: ..... 0
    > Cleaned: ............... 0
    > Non-critical Error(s): 2
    > Master Boot Record(s): ......... 1
    > Possibly Infected: ..... 0
    > Boot Sector(s): ................ 1
    > Possibly Infected: ..... 0
    >
    > What should I do next?
    >
    > "Leythos" wrote:
    >
    > > In article <#>,
    > > DLipman~nospam~@Verizon.Net says...
    > > > If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    > > > vendor's web site and download the needed AV command line scanner and signature files.

    > >
    > > NO IT WONT - Mcrappy requires you to register the product and agree to a
    > > control being installed before you can get automatic updates. I've seen
    > > more McCrappy protected machines infected due to their now doing
    > > automatic updates without registration.



    --


    remove 999 in order to email me
     
    Leythos, Aug 17, 2005
    #12
  13. Guest

    Guest Guest

    When I installed Mcafee, I registered the product and downloaded ALL updates.
    I am completely up-to-date with Mcafee. Sorry, I thought I had mentioned that
    in my original post. Thanks. Now what do I do? Dell says they won't help me
    unless I pay them $50 for special support (despite the fact that I have a
    support agreement). I should have some support calls free from Microsoft -
    right??? I think I'm starting to panic.

    "Leythos" wrote:

    > In article <>,
    > says...
    > > I rebooted into safe mode and ran C:\AV_CLS\Startmenu.bat. The results were
    > > similar:

    >
    > But you didn't say if you registered McAfee or not? If you don't
    > register it, it won't have the updates to catch the latest bad things.
    >
    >
    >
    > >
    > > Summary report on C:\*.*
    > > File(s)
    > > Total files: ........... 137950
    > > Clean: ................. 137823
    > > Possibly Infected: ..... 0
    > > Cleaned: ............... 0
    > > Non-critical Error(s): 2
    > > Master Boot Record(s): ......... 1
    > > Possibly Infected: ..... 0
    > > Boot Sector(s): ................ 1
    > > Possibly Infected: ..... 0
    > >
    > > What should I do next?
    > >
    > > "Leythos" wrote:
    > >
    > > > In article <#>,
    > > > DLipman~nospam~@Verizon.Net says...
    > > > > If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    > > > > vendor's web site and download the needed AV command line scanner and signature files.
    > > >
    > > > NO IT WONT - Mcrappy requires you to register the product and agree to a
    > > > control being installed before you can get automatic updates. I've seen
    > > > more McCrappy protected machines infected due to their now doing
    > > > automatic updates without registration.

    >
    >
    > --
    >
    >
    > remove 999 in order to email me
    >
     
    Guest, Aug 17, 2005
    #13
  14. Guest

    Leythos Guest

    In article <>,
    says...
    > When I installed Mcafee, I registered the product and downloaded ALL updates.
    > I am completely up-to-date with Mcafee. Sorry, I thought I had mentioned that
    > in my original post. Thanks. Now what do I do? Dell says they won't help me
    > unless I pay them $50 for special support (despite the fact that I have a
    > support agreement). I should have some support calls free from Microsoft -
    > right??? I think I'm starting to panic.


    If your machine is compromised there is only one way to ensure it's
    clean - load the system restore CD's and wipe everything. When we have
    to certify that a machine is clean, we wipe the drive and reinstall from
    scratch, that's the only way to be sure. No matter how many AV scan's
    you run, no matter how many spyware tools you use, they are all
    "reactionary", meaning they don't always have a cure until it's already
    been in the wild and exposed.

    Since Dell doesn't have an obligation to support software you've
    installed, and since you admitted to them that you messed it up, don't
    feel bad about Dell wanting money to help you fix a software issue that
    you created.

    If you want it clean, wipe it and start over - this time get a NAT
    device connected before you start, and don't surf anywhere until you get
    all of the Windows Updates and your AV software installed - and Use
    FireFox as a browser from now on.



    >
    > "Leythos" wrote:
    >
    > > In article <>,
    > > says...
    > > > I rebooted into safe mode and ran C:\AV_CLS\Startmenu.bat. The results were
    > > > similar:

    > >
    > > But you didn't say if you registered McAfee or not? If you don't
    > > register it, it won't have the updates to catch the latest bad things.
    > >
    > >
    > >
    > > >
    > > > Summary report on C:\*.*
    > > > File(s)
    > > > Total files: ........... 137950
    > > > Clean: ................. 137823
    > > > Possibly Infected: ..... 0
    > > > Cleaned: ............... 0
    > > > Non-critical Error(s): 2
    > > > Master Boot Record(s): ......... 1
    > > > Possibly Infected: ..... 0
    > > > Boot Sector(s): ................ 1
    > > > Possibly Infected: ..... 0
    > > >
    > > > What should I do next?
    > > >
    > > > "Leythos" wrote:
    > > >
    > > > > In article <#>,
    > > > > DLipman~nospam~@Verizon.Net says...
    > > > > > If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    > > > > > vendor's web site and download the needed AV command line scanner and signature files.
    > > > >
    > > > > NO IT WONT - Mcrappy requires you to register the product and agree to a
    > > > > control being installed before you can get automatic updates. I've seen
    > > > > more McCrappy protected machines infected due to their now doing
    > > > > automatic updates without registration.

    > >
    > >
    > > --
    > >
    > >
    > > remove 999 in order to email me
    > >

    >


    --


    remove 999 in order to email me
     
    Leythos, Aug 17, 2005
    #14
  15. Guest

    Guest Guest

    WAIT! I did NOT install any of the ms applications. My Dell came
    pre-installed with xp sp2 and Microsoft Office. I did not mess ANYTHING up.
    It came this way! Why do you say that I admitted to messing up?

    "Leythos" wrote:

    > In article <>,
    > says...
    > > When I installed Mcafee, I registered the product and downloaded ALL updates.
    > > I am completely up-to-date with Mcafee. Sorry, I thought I had mentioned that
    > > in my original post. Thanks. Now what do I do? Dell says they won't help me
    > > unless I pay them $50 for special support (despite the fact that I have a
    > > support agreement). I should have some support calls free from Microsoft -
    > > right??? I think I'm starting to panic.

    >
    > If your machine is compromised there is only one way to ensure it's
    > clean - load the system restore CD's and wipe everything. When we have
    > to certify that a machine is clean, we wipe the drive and reinstall from
    > scratch, that's the only way to be sure. No matter how many AV scan's
    > you run, no matter how many spyware tools you use, they are all
    > "reactionary", meaning they don't always have a cure until it's already
    > been in the wild and exposed.
    >
    > Since Dell doesn't have an obligation to support software you've
    > installed, and since you admitted to them that you messed it up, don't
    > feel bad about Dell wanting money to help you fix a software issue that
    > you created.
    >
    > If you want it clean, wipe it and start over - this time get a NAT
    > device connected before you start, and don't surf anywhere until you get
    > all of the Windows Updates and your AV software installed - and Use
    > FireFox as a browser from now on.
    >
    >
    >
    > >
    > > "Leythos" wrote:
    > >
    > > > In article <>,
    > > > says...
    > > > > I rebooted into safe mode and ran C:\AV_CLS\Startmenu.bat. The results were
    > > > > similar:
    > > >
    > > > But you didn't say if you registered McAfee or not? If you don't
    > > > register it, it won't have the updates to catch the latest bad things.
    > > >
    > > >
    > > >
    > > > >
    > > > > Summary report on C:\*.*
    > > > > File(s)
    > > > > Total files: ........... 137950
    > > > > Clean: ................. 137823
    > > > > Possibly Infected: ..... 0
    > > > > Cleaned: ............... 0
    > > > > Non-critical Error(s): 2
    > > > > Master Boot Record(s): ......... 1
    > > > > Possibly Infected: ..... 0
    > > > > Boot Sector(s): ................ 1
    > > > > Possibly Infected: ..... 0
    > > > >
    > > > > What should I do next?
    > > > >
    > > > > "Leythos" wrote:
    > > > >
    > > > > > In article <#>,
    > > > > > DLipman~nospam~@Verizon.Net says...
    > > > > > > If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    > > > > > > vendor's web site and download the needed AV command line scanner and signature files.
    > > > > >
    > > > > > NO IT WONT - Mcrappy requires you to register the product and agree to a
    > > > > > control being installed before you can get automatic updates. I've seen
    > > > > > more McCrappy protected machines infected due to their now doing
    > > > > > automatic updates without registration.
    > > >
    > > >
    > > > --
    > > >
    > > >
    > > > remove 999 in order to email me
    > > >

    > >

    >
    > --
    >
    >
    > remove 999 in order to email me
    >
     
    Guest, Aug 17, 2005
    #15
  16. In news:,
    bryan <> typed:
    > WAIT! I did NOT install any of the ms applications. My Dell came
    > pre-installed with xp sp2 and Microsoft Office. I did not mess
    > ANYTHING up. It came this way! Why do you say that I admitted to
    > messing up?


    I don't think you need to take affront here....what I understood Leythos to
    mean is that the machine didn't ship to you with a virus on it. That
    happened after you started using it.

    The issue seems to be that you connected to the Internet without a firewall
    enabled. Is that the case? It takes only nanoseconds for you to get hit by
    something - and this is true on dialup, as well.

    Given that you haven't used the computer much, it may indeed be faster to
    reload everything from the recovery CDs.

    Also - if you haven't paid for McAfee, you may want to look into another
    antivirus program - McAfee isn't a favorite of many of us. I personally like
    Trend's PC-Cillin for standalone workstations, but there are as many
    opinions on this topic as there are <insert analogy here>.

    >
    > "Leythos" wrote:
    >
    >> In article <>,
    >> says...
    >>> When I installed Mcafee, I registered the product and downloaded
    >>> ALL updates. I am completely up-to-date with Mcafee. Sorry, I
    >>> thought I had mentioned that in my original post. Thanks. Now what
    >>> do I do? Dell says they won't help me unless I pay them $50 for
    >>> special support (despite the fact that I have a support agreement).
    >>> I should have some support calls free from Microsoft - right??? I
    >>> think I'm starting to panic.

    >>
    >> If your machine is compromised there is only one way to ensure it's
    >> clean - load the system restore CD's and wipe everything. When we
    >> have to certify that a machine is clean, we wipe the drive and
    >> reinstall from scratch, that's the only way to be sure. No matter
    >> how many AV scan's you run, no matter how many spyware tools you
    >> use, they are all "reactionary", meaning they don't always have a
    >> cure until it's already been in the wild and exposed.
    >>
    >> Since Dell doesn't have an obligation to support software you've
    >> installed, and since you admitted to them that you messed it up,
    >> don't feel bad about Dell wanting money to help you fix a software
    >> issue that you created.
    >>
    >> If you want it clean, wipe it and start over - this time get a NAT
    >> device connected before you start, and don't surf anywhere until you
    >> get all of the Windows Updates and your AV software installed - and
    >> Use FireFox as a browser from now on.
    >>
    >>
    >>
    >>>
    >>> "Leythos" wrote:
    >>>
    >>>> In article <>,
    >>>> says...
    >>>>> I rebooted into safe mode and ran C:\AV_CLS\Startmenu.bat. The
    >>>>> results were similar:
    >>>>
    >>>> But you didn't say if you registered McAfee or not? If you don't
    >>>> register it, it won't have the updates to catch the latest bad
    >>>> things.
    >>>>
    >>>>
    >>>>
    >>>>>
    >>>>> Summary report on C:\*.*
    >>>>> File(s)
    >>>>> Total files: ........... 137950
    >>>>> Clean: ................. 137823
    >>>>> Possibly Infected: ..... 0
    >>>>> Cleaned: ............... 0
    >>>>> Non-critical Error(s): 2
    >>>>> Master Boot Record(s): ......... 1
    >>>>> Possibly Infected: ..... 0
    >>>>> Boot Sector(s): ................ 1
    >>>>> Possibly Infected: ..... 0
    >>>>>
    >>>>> What should I do next?
    >>>>>
    >>>>> "Leythos" wrote:
    >>>>>
    >>>>>> In article <#>,
    >>>>>> DLipman~nospam~@Verizon.Net says...
    >>>>>>> If you choose; McAfee, Trend or Sophos it will automatically
    >>>>>>> go to the respective AV vendor's web site and download the
    >>>>>>> needed AV command line scanner and signature files.
    >>>>>>
    >>>>>> NO IT WONT - Mcrappy requires you to register the product and
    >>>>>> agree to a control being installed before you can get automatic
    >>>>>> updates. I've seen more McCrappy protected machines infected due
    >>>>>> to their now doing automatic updates without registration.
    >>>>
    >>>>
    >>>> --
    >>>>
    >>>>
    >>>> remove 999 in order to email me
    >>>>
    >>>

    >>
    >> --
    >>
    >>
    >> remove 999 in order to email me
     
    Lanwench [MVP - Exchange], Aug 17, 2005
    #16
  17. From: "bryan" <>

    | Dave,
    | Thank you for your help. I ran the scan for Mcafee in normal mode and
    | here are the results:
    |
    | Scanning C: []
    | Scanning C:\*.*
    |
    | Summary report on C:\*.*
    | File(s)
    | Total files: ........... 137953
    | Clean: ................. 137808
    | Possibly Infected: ..... 0
    | Cleaned: ............... 0
    | Non-critical Error(s): 2
    | Master Boot Record(s): ......... 1
    | Possibly Infected: ..... 0
    | Boot Sector(s): ................ 1
    | Possibly Infected: ..... 0
    |
    | Time: 00:24.49
    |
    | I ran the c:\AV_CLS\startmenu.BAT and then answered Y to run the scan.
    | Should I repeat the same steps in safe mode?

    No. You could run Sophos and Trend Micro as a verification. The idea of running in Safe
    Mode is if there is an infector found and it is easy to remove in Safe Mode. McAfee AV scan
    found no viruses or non-viral malware -- that's good !

    { BTW: 138,000 files in 25 mins. nice speed ;-) }

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Aug 17, 2005
    #17
  18. From: "Leythos" <>

    | In article <#>,
    | DLipman~nospam~@Verizon.Net says...
    >> If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    >> vendor's web site and download the needed AV command line scanner and signature files.

    |
    | NO IT WONT - Mcrappy requires you to register the product and agree to a
    | control being installed before you can get automatic updates. I've seen
    | more McCrappy protected machines infected due to their now doing
    | automatic updates without registration.
    |
    | --
    |
    |
    | remove 999 in order to email me

    Thaey are NOT MS updates. This is my own scripted front end to McAfee and Sophos' Command
    Line Scanners and Trend Micro's Sysclean utility. If you run the script it will provide a
    menu and if you choose a scanner module it will do as I indicated.

    Give it a shot Leythos !

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Aug 17, 2005
    #18
  19. David H. Lipman, Aug 17, 2005
    #19
  20. From: "bryan" <>

    | WAIT! I did NOT install any of the ms applications. My Dell came
    | pre-installed with xp sp2 and Microsoft Office. I did not mess ANYTHING up.
    | It came this way! Why do you say that I admitted to messing up?


    There is confusion in this thread...

    Your system is clean, and doubtfully compramised.

    Run the Sophos and Trend Micro modules in the Multi AV Scanner utility for verification.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Aug 17, 2005
    #20
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Marie

    'still infected'

    Marie, Aug 10, 2003, in forum: Windows XP Security
    Replies:
    1
    Views:
    186
    S.Heenan
    Aug 10, 2003
  2. Jerry

    Infected by blaster worm

    Jerry, Aug 12, 2003, in forum: Windows XP Security
    Replies:
    0
    Views:
    218
    Jerry
    Aug 12, 2003
  3. Cari \(MS-MVP\)

    Re: Infected

    Cari \(MS-MVP\), Aug 12, 2003, in forum: Windows XP Security
    Replies:
    0
    Views:
    220
    Cari \(MS-MVP\)
    Aug 12, 2003
  4. Papercut

    Infected

    Papercut, Aug 12, 2003, in forum: Windows XP Security
    Replies:
    0
    Views:
    220
    Papercut
    Aug 12, 2003
  5. Larry Samuels MS-MVP XP \(Shell/User\)

    Re: virus on brand new computer

    Larry Samuels MS-MVP XP \(Shell/User\), Aug 17, 2003, in forum: Windows XP Security
    Replies:
    0
    Views:
    214
    Larry Samuels MS-MVP XP \(Shell/User\)
    Aug 17, 2003
Loading...

Share This Page