DOA Presario

[PA20Pilot]

Hi,

My neighbor brought over her COMPAQ Presario V5000 laptop which should
be running XP home, but seems to be having a hard time coming to life.
She said she hasn't done anything recently which should have caused
misbehavior.

Attempting a boot, the BIOS message pops up mentioning F8 for boot
options and F10 for setup. The cooling fan hums to life for about five
seconds then shuts down with nothing else happening on screen. Trying F8
and other boot options same effect, nothing, just does nothing at all
except going black screen. Nothing by trying safe mode, last good, CMD
prompt etc.

Thinking the drive might be a problem I removed it and slaved it (via
USB) to my desktop and it fires up and plays fine with my system. I ran
my CA (Computer Associates) antivirus on it and found nothing, I then
ran MBAM and a couple of others with similar results, nothing unusual
except an instance of something named 1STBAR.CH located in the System
Volume Info folder. I don't really (guess) a software issue as it
doesn't load enough to accomplish mischief.

I've copied everything, 15 Gig or so, off the laptops drive to one of
mine so we have a copy of her personal holdings, but I'm not too sure
where to go from here. Her drive has a recovery partition PRESARIO_RP
intact, but I don't know what to do with it. I'm, again guessing, I need
to copy the hidden partition to a CD and attempt a boot using it. I
don't have a XP home CD, just a Pro, but wondered if perhaps there was
something like Recovery Console in the hidden partition that would
become available. Anyone know if there may also be a "repair
installation" option somewhere in the Compaq notion of fixing their
equipment?

Hopefully it wouldn't need a whole wipe/reinstall to original just to
fix a broken MBR or something?

As I mentioned, I don't know where to go from here, any help or
suggestions will be gratefully appreciated.

Thank you very much!


---==X={}=X==---

Jim Self

AVIATION ANIMATION, the internet's largest depository.
http://avanimation.avsupport.com

Your only internet source for spiral staircase plans.
http://jself.com/stair/Stair.htm

Experimental Aircraft Association #140897
EAA Technical Counselor #4562

 

[pjp]

Well seeing as it appears to be shutting itself off when booting my guess is
it's overheating. Vacuum out the air slots especially the one you say the
fan stops running in see if that helps is about all I can think of. If it
don't boot worrying about reinstall is premature.

 

[PA20Pilot]

pjp wrote: ....my guess is it's overheating......

Thanks, but I don't think there's anything that can cook up in five
seconds, and I've found a little more info about the state of things.

Entering BIOS setup I was able to run a self diagnostic hard drive test
which took 57 minutes and completed successfully without complaint.

I put a XP pro install disk in the CD player and tried a boot with it.
There were a few things loaded into memory, then it asked if I wanted to
repair an earlier XP install, I said yes. The next screen tells me it
can't find a hard drive.

So.....I've got a BIOS that sees the drive, and will even run a health
check on it, and an install CD which tells me there isn't a drive to
find. I've used an eraser on the hard drives contacts in an attempt to
clean them with no positive results.

Thanks again,

---==X={}=X==---

Jim Self

AVIATION ANIMATION, the internet's largest depository.
http://avanimation.avsupport.com

Your only internet source for spiral staircase plans.
http://jself.com/stair/Stair.htm

Experimental Aircraft Association #140897
EAA Technical Counselor #4562

 

[glee]

pjp wrote: ....my guess is it's overheating......

Thanks, but I don't think there's anything that can cook up in five
seconds, and I've found a little more info about the state of things.

Entering BIOS setup I was able to run a self diagnostic hard drive
test which took 57 minutes and completed successfully without
complaint.

I put a XP pro install disk in the CD player and tried a boot with it.
There were a few things loaded into memory, then it asked if I wanted
to repair an earlier XP install, I said yes. The next screen tells me
it can't find a hard drive.

So.....I've got a BIOS that sees the drive, and will even run a health
check on it, and an install CD which tells me there isn't a drive to
find. I've used an eraser on the hard drives contacts in an attempt to
clean them with no positive results.

Does it have a SATA hard drive? If so, XP Setup will not detect the
drive if it does not have compatible drivers. The V5000 series has a
lot of models, some had PATA drives while newer models in the series had
SATA drives.

Did the user make any changes in the BIOS Setup (F10)? Look there and
see if there's a SATA setting, and what it is set to. On a Phoenix
Award BIOS it may be under Integrated Peripherals > SATA Devices
Configuration > SATA Mode. It may have been reset to RAID or AHCI, but
XP setup may only see the drive if it's set to IDE. It would be helpful
to know what it was set to at the factory when delivered to the user.

 

[Dominique]

PA20Pilot <[email protected]> écrivait @speranza.aioe.org:

I've copied everything, 15 Gig or so, off the laptops drive to one of
mine so we have a copy of her personal holdings, but I'm not too sure
where to go from here. Her drive has a recovery partition PRESARIO_RP
intact, but I don't know what to do with it. I'm, again guessing, I need
to copy the hidden partition to a CD and attempt a boot using it. I
don't have a XP home CD, just a Pro, but wondered if perhaps there was
something like Recovery Console in the hidden partition that would
become available. Anyone know if there may also be a "repair
installation" option somewhere in the Compaq notion of fixing their
equipment?

Hopefully it wouldn't need a whole wipe/reinstall to original just to
fix a broken MBR or something?

As I mentioned, I don't know where to go from here, any help or
suggestions will be gratefully appreciated.

Thank you very much!


---==X={}=X==---

Jim Self

A recovery partition brings back the computer to the same state it was
when it was brand new. You don't simply copy that to a CD and boot from
it, usually you press a key while or just after turning on the computer
and after a few prompts, it restores the computer to it's original state.
Normally, it's a destructive process; but since you say you backed up the
HD, it's not that bad.

Which key to press or how to proceed should but indicated in the user
manual that came with the laptop or could be found on the Compaq WEB
site.

When you buy a new computer with Windows preinstalled, if you don't have
recovery CDs or DVDs with it, there is a way to create them and sometimes
you are prompted to do so the first time you boot the new PC. But since
many people don't read the manual or don't understand what this is, they
bypass that process. So, if you manage to restart that computer, I would
strongly suggest to create those disks.

HTH

 

[PA20Pilot]

glee wrote:
......Does it have a SATA hard drive?

Yes, it has a SATA drive.

......If so, XP Setup will not detect the drive if it does not have
compatible drivers.

Very interesting, and would explain the some see it and some don't
program responses I'm getting. Partition Magic boots the laptop as far
as using Partition Magic goes and it's able to check the drive for
problems, it says everything is fine.

.......Did the user make any changes in the BIOS Setup (F10)?

For sure not intentionally, and it's not like she'd play with what she
doesn't understand and end up screwing with it.

......Look there and see if there's a SATA setting, and what it is set to.

The only mention I see in its Phoenix F.15 BIOS about is "SATA native
support (enabled)".

......It may have been reset to RAID or AHCI,

I can't find mention of either of these anywhere in the BIOS screens.

......but XP setup may only see the drive if it's set to IDE.

I'll take another look, but I don't recall anywhere being able to switch
from SATA to anything else.

......It would be helpful to know what it was set to at the factory when
delivered to the user.

True enough, but after fooling around in there more than a few times,
I've probably lost that info. I do know that setting it to default
settings didn't fix the problem, then there isn't rreally a lot in there
to fool around with anyway.

As long as I was writing things down, I noted the following too;

Presario V5000 CEZ427UA#ABA

SATA Model HTS541080G95A00 JUNE 06
TRAVELSTAR http://www.hitachigst.com

Thanks Glee for spending your time this way.


---==X={}=X==---

Jim Self

AVIATION ANIMATION, the internet's largest depository.
http://avanimation.avsupport.com

Your only internet source for spiral staircase plans.
http://jself.com/stair/Stair.htm

Experimental Aircraft Association #140897
EAA Technical Counselor #4562

 

[PA20Pilot]

Dominique wrote:

......A recovery partition brings back the computer to the same state it
was when it was brand new.
You don't simply copy that to a CD and boot from it,

I was hoping booting with a copy of something from that hidden partition
would get the process started at least.

......usually you press a key while or just after turning on the computer
and after a few prompts, it restores the computer to it's original state.

As near ass I can tell, it's the F11 key to hit during boot to bring up
the options you're mentioning, but I get nothing from the key stroking.

......Normally, it's a destructive process; but since you say you backed
up the
HD, it's not that bad.

We can put things back where they came from as soon as the computer is
willing to play nice with us.

......Which key to press or how to proceed should but indicated in the user
manual that came with the laptop or could be found on the Compaq WEB
site.

I don't know if she bought this thing new or not, but there are no
papers anywhere she knows about. The COMPAQ name is now hosted through
HP, so there's a tad bit of effort finding things around there now, but
that is where I found the F11 info.

......When you buy a new computer with Windows preinstalled, if you don't
have
recovery CDs or DVDs with it, there is a way to create them and sometimes
you are prompted to do so the first time you boot the new PC. But since
many people don't read the manual or don't understand what this is, they
bypass that process. So, if you manage to restart that computer, I would
strongly suggest to create those disks.

I bought a HP set for the reasons you mention above when another friend
toasted his HP without ever making a recovery set. On the laptops drive
I can see all the files on the hidden recovery partition for doing the
reinstall, but I haven't yet found how to get it to do anything, like
either building me a recovery set of disks, or actually doing the work
it'self. I was hoping it was as simple as the copy to the CD I tried,
but, well you know.....

Thanks Dominique! All these suggestions keep the brain on track.


---==X={}=X==---

Jim Self

AVIATION ANIMATION, the internet's largest depository.
http://avanimation.avsupport.com

Your only internet source for spiral staircase plans.
http://jself.com/stair/Stair.htm

Experimental Aircraft Association #140897
EAA Technical Counselor #4562

 

[PA20Pilot]

Hi again,

The mention about SATA not being seen by a XP install disk got me trying
to look for a slipstreamable driver for a rescue attempt. While looking
around I found a page, might have been Internet page #13,845,284,947,
where the person mentioned disabling SATA native support so the install
CD would see the drive. When I did that the CD let me get to where the
repair could have taken place if I'd known her password, but I was able
to get to a real sort of DOS prompt.

I crossed my fingers and ran FIXBOOT, FIXMBR, and CHKDSK which says it
fixed a problem and moved on. When I rebooted this time Windoze actually
started and got to where she'd usually enter her password, but I don't
know it, and her phone has been busy for hours. I'd slap in the password
wiper CD and move through here but being this close to good things I'll
just be patient until I get her password.

I want to thank those of you that put your time in here to help us that
need a little every now and then.

With much appreciation, thank you all!


---==X={}=X==---

Jim Self

AVIATION ANIMATION, the internet's largest depository.
http://avanimation.avsupport.com

Your only internet source for spiral staircase plans.
http://jself.com/stair/Stair.htm

Experimental Aircraft Association #140897
EAA Technical Counselor #4562

 

[glee]

Hi again,

The mention about SATA not being seen by a XP install disk got me
trying to look for a slipstreamable driver for a rescue attempt. While
looking around I found a page, might have been Internet page
#13,845,284,947, where the person mentioned disabling SATA native
support so the install CD would see the drive. When I did that the CD
let me get to where the repair could have taken place if I'd known her
password, but I was able to get to a real sort of DOS prompt.

I crossed my fingers and ran FIXBOOT, FIXMBR, and CHKDSK which says it
fixed a problem and moved on. When I rebooted this time Windoze
actually started and got to where she'd usually enter her password,
but I don't know it, and her phone has been busy for hours. I'd slap
in the password wiper CD and move through here but being this close to
good things I'll just be patient until I get her password.

I want to thank those of you that put your time in here to help us
that need a little every now and then.

With much appreciation, thank you all!

Yes, I didn't get back to this group quick enough to respond to your
last reply to me. Hopefully you will regain access with no further
problems. Be aware that you may not be able to start Windows if you
switch the BIOS setting back again to Native SATA support. If that is
the case, you will still be able to run Windows with it off, using what
is in effect IDE mode.
Let us know how it works out.

 

[PA20Pilot]

Hi again,

glee wrote:

......you may not be able to start Windows if you switch the BIOS setting
back again to Native SATA support.

Once Windoze started I didn't fool around with the BIOS again.

......Let us know how it works out.

Well.... I haven't heard back from her to get a password so I used a
program to erase hers then got into things easily enough. Come to find
out she'd got herself into XP Antivirus 2008 and it's really screwing
with me. Slaving her drive from my box isn't able to blow away the
problems, and the more I fool around with her stuff the more 2008 is
telling me programs are infected and disallowing me access. Even the
simple stuff, like Task manager is "infected". I don't know of a program
that'll run from my Win 2000 box and actually clean her drive while slaved.

Attempting to manually delete the offending files using regedt32 and
lists from various sources, there's not one file that's using any of the
names/reg entries to look for. Next I'm trying to find a cleaner program
that'll run from a CD as the 2008 crap has me locked out somehow so I
can't get into safe mode and also have administrator rights to install
programs. I'm real curious how it's locked my policies on her machine so
I can't function well even in safe mode.

I was able to find where to make the "back to factory" restore disks
early on, but 2008 has since latched onto those programs and tells me
they're infected and won't let me run them again. If I can get a set of
disks made the options will quickly drop to one, make the thing as it
was when she got it, and place all her pictures etc. in an easy to find
place for her. It's amazing how many crap softwares she and her teen age
son have loaded since I last played with it a year or so ago. I'm just
guessing, but I'd bet one of them purposely installed 2008 as a
"Security Tool". Those 2008 folks should be strung up by their balls and
left to dry.

I'm thinking I'll put the hard drive back to how it was when she first
brought it here, boot it since the MBR "should be" fixed now, and run
the make restore disk set before poking around and making things worse.

You wouldn't happen to know of a program that'll run from a CD that's
made in a different machine that'll scan from her player and kill off
2008 would you?

Thanks again!

---==X={}=X==---

Jim Self

AVIATION ANIMATION, the internet's largest depository.
http://avanimation.avsupport.com

Your only internet source for spiral staircase plans.
http://jself.com/stair/Stair.htm

Experimental Aircraft Association #140897
EAA Technical Counselor #4562

 

[glee]

snip
Well.... I haven't heard back from her to get a password so I used a
program to erase hers then got into things easily enough. Come to find
out she'd got herself into XP Antivirus 2008 and it's really screwing
with me. Slaving her drive from my box isn't able to blow away the
problems, and the more I fool around with her stuff the more 2008 is
telling me programs are infected and disallowing me access. Even the
simple stuff, like Task manager is "infected". I don't know of a
program that'll run from my Win 2000 box and actually clean her drive
while slaved.

Attempting to manually delete the offending files using regedt32 and
lists from various sources, there's not one file that's using any of
the names/reg entries to look for. Next I'm trying to find a cleaner
program that'll run from a CD as the 2008 crap has me locked out
somehow so I can't get into safe mode and also have administrator
rights to install programs. I'm real curious how it's locked my
policies on her machine so I can't function well even in safe mode.

I was able to find where to make the "back to factory" restore disks
early on, but 2008 has since latched onto those programs and tells me
they're infected and won't let me run them again. If I can get a set
of disks made the options will quickly drop to one, make the thing as
it was when she got it, and place all her pictures etc. in an easy to
find place for her. It's amazing how many crap softwares she and her
teen age son have loaded since I last played with it a year or so ago.
I'm just guessing, but I'd bet one of them purposely installed 2008 as
a "Security Tool". Those 2008 folks should be strung up by their balls
and left to dry.

I'm thinking I'll put the hard drive back to how it was when she first
brought it here, boot it since the MBR "should be" fixed now, and run
the make restore disk set before poking around and making things
worse.

You wouldn't happen to know of a program that'll run from a CD that's
made in a different machine that'll scan from her player and kill off
2008 would you?

Go here on YOUR computer:
http://www.bleepingcomputer.com/forums/topic308364.html
Download RKILL from one of the links part-way down the page. Do NOT
click the ad links near the top of the page! Save RKILL to disk and
copy it to a USB flash drive. If you don't have one, copy it and the
other tool I will describe below (MBAM) to a CD.

Read the ENTIRE page to learn how to use RKILL....it explains about the
screens you will see, about leaving messages from the malware AV on the
screen and re-running RKILL sometimes multiple times to get the malware
processes stopped. If it can stop the malware's processes and pop-ups,
do NOT restart till you have followed the rest of my directions.

Also download the free version of Malwarebytes AntiMalware (MBAM) from
here and save it to disk, then copy it to the USB stick or CD as I
mentioned above:
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Bring the USB stick (or CD if you used that) to the infected computer,
run RKILL as explained till the malware processes and pop-ups stop, then
install MBAM on the infected computer, leaving ALL installation options
at the default, so it will update and start when done. Your infected
computer needs to be connected to the Internet connection (cable, DSL)
in order to update when setup completes.

Follow the instructions here to run MBAM, and remove everything it
finds:
How to use Malwarebytes' Anti-Malware to scan and remove malware from
your computer
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial

Be sure you run the FULL Scan.
After removing the malware, MBAM will tell you to restart. After the
restart, I usually run a Full Scan again to see if everything is really
gone.

Depending on how long that malware was on the system, it may have other
malware also. The longer it is infected, the more likely a root kit has
been installed as well, which can't always be removed from Windows. So,
after the MBAM cleanings (or if they did not work), you should scan the
system from outside Windows using an anti-virus boot CD.

I've been using BitDefender Rescue CD lately.

You can download the BitDefender Rescue CD ISO image to YOUR computer,
here:
http://download.bitdefender.com/rescue_cd/

Use a utility that can burn an .iso file to make a bootable CD, then
boot the infected computer with the CD. EITHER download and install the
correct version of ISO Recorder for your OS, on your computer, OR
download BurnCDCC, and use it to create a CD from the ISO you
downloaded:

ISO Recorder
http://isorecorder.alexfeinman.com/isorecorder.htm

BurnCDCC
http://www.terabyteunlimited.com/downloads-free-software.htm


Here are instructions for using the BitDefender Rescue CD in the
infected computer:
http://kb.bitdefender.com/KB417-en--Using-the-BitDefender-Rescue-CD.html

The scan will tell you what it has found, and give you options for
action.

 

[glee]

Download this Avira Antivir Rescue System program which will burn a CD
image to a blank CD. It's updated a few times per day. Insert the CD
into the damaged machine and let it do a scan of your system. Before
starting the scan, select "Configuration" and set to repair or rename
the infected files. Sometimes your machine won't restart after such a
repair process, so you might want to save needed files to another
system
before using this. If you can't, then you can move the hard drive to
another machine to copy needed files. You can do that before, or after
this scan.

http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html

Then run these:

Malwarebytes© Corporation
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SuperAntispyware
http://www.superantispyware.com/superantispywarefreevspro.html

AVG now has a Rescue CD that's free. They also have a free USB
download
that should work on newer systems that can boot from a USB device. Get
them here:

http://www.avg.com/us-en/avg-rescue-cd

You can try some of the CD's mentioned at the following site.
BitDefender was my favorite, but if the infected machine can't connect
to the internet to get updates, Avira comes with current virus
definitions. Also, some of these just won't run on some systems,
perhaps because there's no drivers available for some system devices,
motherboard, graphics card, etc. So try a few of these till you find
one that works:

Burn BitDefender, or another program listed at the link below, to a CD
(using a working machine) and test the infected machine with it.
BitDefender also has a Rootkit checker on the Linux Desktop; run it if
you think that's the problem:

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Download the executable rather than the .iso image, if one is
available,
(though no .exe is available for BitDefender).

After the scan is run, if you elect to quarantine files, they're
quarantined to RAM and lost after you reboot. You'll need to copy any
quarantined files to the hard drive, a thumb drive or elsewhere before
exiting.

Good reply, Joe, but your Avira rescue CD link is no longer active.
Here's where the Avira Rescue CD download is now:
http://www.avira.com/en/support-download-avira-antivir-rescue-system

I stopped using the Avira disc on most systems because it has so much
trouble with drivers, particularly on laptops, and will freeze. Also,
you have to select the options for what action to take with infected
files BEFORE starting the scan. The default is to repair, or remove if
unrepairable. If it's a system file that's infected and deleted,
Windows will no longer start. So, it should be configured to just check
but not fix anything, so the user can see in its report what files are
infected, in case they need to arrange to replace the file. Then
*another* scan must be run with the default settings to actually remove
the file, unless you do the default the first time and take your
chances, since it is automatic from that point.

Additionally, Avira Rescue does not have a file browser, so you have to
boot with a different program or CD to replace a file if needed.

BitDefender does have a file browser, so it is my preferred rescue CD ,
as long as it recognizes the network adapter to update itself. So far I
have only had one computer that wouldn't update. It also has an
Explorer-type file browser.

I've used Kaspersky's rescue CD also, with good luck, but tend not to
recommend it for average users. I've not tried AVG's offering yet
simply because I don't care for AVG's detection rate and have had good
luck with the other tools. YMMV.

 

[PA20Pilot]

Hi again Elmo and Glee,

I think I'm going to make the CD set for returning the laptop to as
purchased condition, I'll pick up some blank ones (14) tomorrow. I took
a running look at the downloads you've suggested and actually even
started on one of them before I noticed the sizes, WOW. I'm on dialup as
I'm out in the sticks, and the laptop only makes high speed connections
when it's taken into one of the hotspots in town. Dialup life is hell at
49.2 Kbps.

I ran MBAM when I had her drive slaved into my machine but it didn't
find much, I wasn't expecting a lot from it as a slaved job though. If I
get her things back in order she'll be happy enough. She mentioned that
her sons girl friend installed the XP Antivirus 2008 for her as she
didn't seem to have one installed. I'd actually set her up with
Kaspersky a year or so back, but it may have konked out for some reason
or other since then.

If I send her on her way with something easy, like Windows Defender,
should I feel guilty? I'm not thinking she'll keep current with whatever
I install.

Thanks again!

---==X={}=X==---

Jim Self

AVIATION ANIMATION, the internet's largest depository.
http://avanimation.avsupport.com

Your only internet source for spiral staircase plans.
http://jself.com/stair/Stair.htm

Experimental Aircraft Association #140897
EAA Technical Counselor #4562

 

[glee]

replies inline...

Hi again Elmo and Glee,

I think I'm going to make the CD set for returning the laptop to as
purchased condition, I'll pick up some blank ones (14) tomorrow. I
took a running look at the downloads you've suggested and actually
even started on one of them before I noticed the sizes, WOW. I'm on
dialup as I'm out in the sticks, and the laptop only makes high speed
connections when it's taken into one of the hotspots in town. Dialup
life is hell at 49.2 Kbps.

In that case, I don't think any of the AV Rescue discs that update
themselves will work with dial-up....I have never tried. Avira is
already updated when you download it, but it has the most issues with
driver compatibility.

I ran MBAM when I had her drive slaved into my machine but it didn't
find much, I wasn't expecting a lot from it as a slaved job though. If
I get her things back in order she'll be happy enough. She mentioned
that her sons girl friend installed the XP Antivirus 2008 for her as
she didn't seem to have one installed. I'd actually set her up with
Kaspersky a year or so back, but it may have konked out for some
reason or other since then.

She INSTALLED XP Antivirus 2008?! It is NOT an anti-virus, it's a
virus...or more closely it's a rogueAV Trojan horse. Do you know how
long ago she "installed" it? If it has been on the system more than a
few days and connecting online, I would bet it has already installed a
root kit, and your best bet is to wipe and reinstall fresh as you are
planning. Also, if online banking or shopping was done while it was
infected, the owner will need to change all passwords on all web sites
to counter possible identity theft.

If I send her on her way with something easy, like Windows Defender,
should I feel guilty? I'm not thinking she'll keep current with
whatever I install.

Windows Defender is not an anti-virus and is not enough protection. If
you want an AV that will keep itself updated and current on her rebuilt
system, install Microsoft Security Essentials (MSE), and set Windows
Update Automatic Updates to automatically install updates. MSE is
updated and upgraded through Windows Update and will do so without user
interaction as long as Automatic Updates are set to the "Automatic"
setting.

 

[PA20Pilot]

Hi again Glen,

......She INSTALLED XP Antivirus 2008?!

Yep, that's the facts as I was told. A friend of mine also got tangled
up with that a year or so ago and had a hell of a time before ho got
over it. I don't recall what all he did to dump it, but it took days.
Fixing hers is looking Bleeker at each new discovery.

Since I saved all her stuff first thing, a rebuild shouldn't be too hard
on her. She called again tonight and I mentioned to her that she should
research what she's contemplating installing, do a Google at least, and
see what she's getting into before doing it. I'll see what she thinks
about limiting her kids permissions to install programs without checking
with mommy first.

I have my fingers crossed that I can extract the setup CDs from her
machine without interruption. Failing that I'll get her to order a set
from someplace or other.

Your suggestion about using Microsoft Security Essentials (MDSE), is
that in addition to Win Defender, or instead of?

.......MSE is updated and upgraded through Windows Update and will do so
without user interaction as long as Automatic Updates are set to the
"Automatic" setting.

That sounds just about perfect. I think she kept the Windows updates
automatic because her drive is full of the uninstall info folders.

This is probably my last renewal of Computer Associates protection as
they jump the price every year and $70 bucks or so is worth saving,
especially with suitable alternatives.

Thanks again! Don't neglect the rest of those that are hanging by the
thread you're dangling.

---==X={}=X==---

Jim Self

AVIATION ANIMATION, the internet's largest depository.
http://avanimation.avsupport.com

Your only internet source for spiral staircase plans.
http://jself.com/stair/Stair.htm

Experimental Aircraft Association #140897
EAA Technical Counselor #4562

 

[glee]

inline.....

snip
I'll see what she thinks about limiting her kids permissions to
install programs without checking with mommy first.

She can try making her kids' profiles Limited User accounts instead of
Administrator. There are advantages and disadvantages....some older
programs won't run right in a Limited account.

Microsoft Windows XP - Types of user accounts
http://www.microsoft.com/resources/...oddocs/en-us/ua_c_account_types.mspx?mfr=true

Limited User Accounts
http://www.pcmag.com/article2/0,2817,1683498,00.asp

Certain Programs Do Not Work Correctly If You Log On Using a Limited
User Account
http://support.microsoft.com/default.aspx?scid=kb;en-us;307091

XP Pro will let you make an account that is somewhere between Admin and
Limited, called Power User, but it must be set up manually and is NOT
available on XP Home.

snip
Your suggestion about using Microsoft Security Essentials (MDSE), is
that in addition to Win Defender, or instead of?

When MSE is installed it disables Defender, because MSE includes the
Defender module itself.

 

[PA20Pilot]

Hi again,

Boy, you're a wealth of useful info.

I started her laptop and had MS Security Essentials and MBAM on a CD
ready to install in safe nade. MSE balked at the idea of installing
while in safe made, MBAM is going OK running a scan right now, and it's
found 126 "infections" so far. I hope it's not just counting cookies and
really finding nothing. I also ran rkill.com first thing after boot and
it shut off two processes right off the bat. At least it didn't, or
hasn't so far, told me I don't have permission to install things.

......When MSE is installed it disables Defender, because MSE includes
the Defender module itself.

Thanks. That'll be the first thing I do if I can get it booted in normal
mode, well maybe I'll run rkill.com first again and maybe not stumble
through all those damn popups.

It's looking like she also has the fake Security Essentials windows
popping all the time. If I can get the menus back for making the CD set
that'll be pretty early on in the learning curve I'm going through.

.....Limited User Accounts

We're using the home version so there's going to be the limitation you
mentioned, something else I wasn't aware of. I like learning about this
stuff. With your help there's a lot less error in the trial and error
methods I usually proceed with.

With Christmas just around the corner, I hope you buy yourself something
nice.

---==X={}=X==---

Jim Self

AVIATION ANIMATION, the internet's largest depository.
http://avanimation.avsupport.com

Your only internet source for spiral staircase plans.
http://jself.com/stair/Stair.htm

Experimental Aircraft Association #140897
EAA Technical Counselor #4562

 

[glee]

inline....

Hi again,

Boy, you're a wealth of useful info.

I started her laptop and had MS Security Essentials and MBAM on a CD
ready to install in safe nade. MSE balked at the idea of installing
while in safe made,

MSE won't install in Safe Mode, because it is an MSI installer (.msi
file extension). MSI does not have support in Safe Mode.

MBAM is going OK running a scan right now, and it's found 126
"infections" so far. I hope it's not just counting cookies and really
finding nothing. I also ran rkill.com first thing after boot and it
shut off two processes right off the bat. At least it didn't, or
hasn't so far, told me I don't have permission to install things.

MBAM doesn't look at cookies.
If RKILL found malware processes running in Safe Mode, that Windows
installation is beyond help and MUST be wiped out. What processes did
it shut down?

.....When MSE is installed it disables Defender, because MSE includes
the Defender module itself.

Thanks. That'll be the first thing I do if I can get it booted in
normal mode, well maybe I'll run rkill.com first again and maybe not
stumble through all those damn popups.

Running MBAM in Safe Mode does not find everything.....it must be run
again, a Full Scan, in normal mode. Problem is, if the system has the
multiple infections and root kit it appears to have, it will still be
infected even after all that.....and installing MSE ior any anti-virus
on an already-infected system will not help.

Save the MBAM log after the Safe Mode run and again after the normal
mode run (it's a text file that will appear on-screen when the run
completes), to the desktop. You can use File> Save As, and save a copy
to the desktop while it's open in Notepad...otherwise you can open MBAM
after the scans are done, click the Logs tab and open the logs, then
save them on the desktop from Notepad.

Email to me the two MBAM logs (Full Scan from both Normal and Safe
Modes) so I can see what it found. You can put them in a .zip file if
you want, and attach them to the email, and send it to glen.vee at gmail
dot com

 

[PA20Pilot]

Hi again Glen,

.......If RKILL found malware processes running in Safe Mode, that
Windows installation is beyond help and MUST be wiped out. What
processes did it shut down?

I wish I would have written them down, but sorry, I didn't. MBAM in safe
mode found 226 items. I did recall the mention of three instances of
actual virus though, one of which was Vundo. I wasn't thinking saving
the logs off disk until it was too late, I doubt even Notepad would have
opened by then though.

.......Email to me the two MBAM logs

Another screwup on my part. I saved the results to her desktop before
rebooting to non safe mode and finding things had really gotten worse
than the last look around. The damn thing was telling me every file I
was trying to open from the CD player had an infection of some sort or
other and wouldn't open. Same with everything else too, just telling me
it was infected.

There was no way in hell of making a CD set either attempting a F11 at
boot, or using the normal restore route with the COMPAQ built in
programs. In frustration I looked around and found a HP/COMPAQ restore
CD from a couple of years ago and said I didn't have anything to lose,
so I booted off it. Come to find it started a clean install and after 5
hours or so had rebuilt her drive to COMPAQ factory new, except this
time she had XP pro instead of home edition.

Before doing all this though, I copied the copy of her original hard
drive to a second drive so I had two copies of everything of hers just
in case. I wasn't able to actually clone her drive as it was NTFS and I
run FAT32 and it said there were several files that couldn't be done,
something about a second data stream on some files was a sticking point.

Everything is now newly installed but it needs to go to a location where
there's a fast wireless hotspot so XP and MS Security Essentials can get
up to date. I'm real reluctant to turn her loose with it until seeing
MSE actually running.

When I'm done with this thing and she brings me a watermelon, or some
tamales as appreciation, I'd be happy to send you a copy of her old
installation it you think it might be of interest. You can be trusted,
right?

---==X={}=X==---

Jim Self

AVIATION ANIMATION, the internet's largest depository.
http://avanimation.avsupport.com

Your only internet source for spiral staircase plans.
http://jself.com/stair/Stair.htm

Experimental Aircraft Association #140897
EAA Technical Counselor #4562

 

[glee]

snip

Everything is now newly installed but it needs to go to a location
where there's a fast wireless hotspot so XP and MS Security Essentials
can get up to date. I'm real reluctant to turn her loose with it until
seeing MSE actually running.

When I'm done with this thing and she brings me a watermelon, or some
tamales as appreciation, I'd be happy to send you a copy of her old
installation it you think it might be of interest. You can be trusted,
right?

Heck, no, I don't need to see a copy of her old installation! I've seen
more infected systems than I care to! Ha-ha. I was just trying to help
you by seeing what infection was causing the trouble...it's moot now
that you have done a fresh install. I'm guessing it had multiple
infections and a root kit, so I would be wary of even trying to save
data from the old drive. Good luck, congrats on getting it reinstalled,
and let us know how it turns out!