Chuck,
The saga continues...
After I manually cleaned up the winsock registry keys, restarted the
box and reinstalled TCP/IP on my network card, everything seems to work
fine again... (well almost, but I'll get to that in a second). My
internet connection is blazingly fast
. Interestingly,
after I reinstalled TCP/IP I see only two entries in the protocols
section under MsInfo32, ie. these are the only entries in the registry.
There is one for TCP/IP and one for UDP/IP. What's funny is that the
other 10 that Microsoft says are standard for a healthy LSP are gone
. Apparently you don't need them so much ;-).
So once I did that I was able to install a trial version of Norton
AntiVirus 2005, which was then able to update its virus definitions
over the internet. I started a full systems scan. I watched it for a
while and noticed it did detect a few infected files. I left it
running for the night. Unfortunately, when I came back I saw my system
restarted again - still no clue why this happens, but at least it's
much less fequent now. Quick glance at system logs revealed one entry
indicating an error on my second hard drive. I also took a look at the
Norton log and found a whole shmorgasboard (how do you spell that
anyway?) of viruses. I guess I was a little ;-) naive trusting my
AntiVirus 2003 with a year old virus definition to protect my system.
Obviously, stinger does not find all there is to find, either.
I wish the antivirus software would create a log of the scan progress.
What I could see was just a list of quarantined files, but I have no
clue how far the scan got. I know it didn't complete, cause Norton
reports that in the console. If I had a log I could perhaps pinpoint
the problem better...
Well, at least I have a good cause of the system's instability. Now I
just need to find a reliable way of getting rid of it. I rebooted the
box in safe mode and ran AntiVirus again. It informed me its
functionality is limited in this mode, and I guess it must be, because
it appeared to freeze on me
. It seemed stuck on one particular
file - some mp3 for way too long for my taste. I had to close it.
I thought maybe it's a good idea to run some chkdsk to make sure I
don't have any serious issues there as well. So I scheduled a chkdsk
on restart and rebooted the box. Here I made a mistake of choosing
safe mode again, which starts up Windows with textual interface during
bootup process. What I didn't know is that chkdsk in this case will
not show anything on the screen whatsoever, which I find quite stupid.
I let it run for some 45 minutes, but got impatient not knowing if
indeed it's doing something or is just stuck in some endless loop, and
restarted the box this time in normal mode. This time aftter a long
delay while booting the box, chcdsk finally came up with its GUI and is
scanning... and scanning... and scanning. Oh well, I had to go work.
We'll see what I see when I get back. This scan was on the system
drive. Now I still need to run another one on the second drive,
especially that this is the one reporting some error in the system log.
When all this is done I hope to be able to re-run the full virus scan.
Perhaps I'll need to take my network card out again to ensure the box
is stable enough... When I finally kick all these infections goodbye,
I'll definitely post my findings online, and get the files examined
thoroughly. I think, though, that the msnmsg.exe is gone permanently -
removed by stinger.
Good luck to me
Andrew