Grandpa's PC, Sasser, XP home, & Norton's GOBACK

P

Poppa

HI all...

Grandpa's PC was hit by the Sasser worm and i have been trying to get
rid of it for him and have a few questions...

1.) One of the first steps on the symantic site is to override the XP
shutdown facility. I can access the wizard, but when i change the
timeout value the OK button remains disabled. I verified that the
account we used has admin rights.
What else may be controlling access to this feature?

2.) One of the problems is he is sorely behind on his windows updates.
I ran the FXSasser utility and then attempted to run the XP auto
update feature. Because he's so far behind, his dialup keeps dying in
the middle of the process so he's got to download one at at time (THAT
should keep him off the streets for a while!! LIke 17 critical updates
behind! Plus!). The problem is, that when he reboots, norton
systemworks runs GOBACK which reloads the last version that contains
the worms and reinfects the PC. He's got to run the FxSasser utility
each time so he can connect to the net to do the next download. (yes,
he may be able to ignore some of the reboot requests, but not all) The
systemworks icon is X'd in the taskbar and will not come up when i
click on it. I can not disable GOBACK nor can i run the antivirus
software (including the virus definition updates). I suspect that
he's infected with other stuff as well. Could another virus be
hampering access to the antivirus software? ANy ideas which? If i
can prevent the GOBACK from running it will speed up his cure
considerably.

At this point, i may bring his PC home to utilize my BB connection but
there is some satisfaction in letting him walk through this procedure
50 times. He won't ask me how to fix his PC again! *Grin*

Thanks for any help!
Poppa
 
E

Eddie

Hi

Sounds like youre having fun there.

Normally to turn off Goback you would need to reboot the machine and then
press the space bar when the Go Back splash screen shows that "should" then
enable you to disable it.

From my limited knowledge it does potentially seem like you could have some
other viruses onboard try ctrl alt del and then have a look at the processes
tab if there are some of the .exe files showing that really make no sense
like letters and numbers that dont even look like abreviations of words
could be a clue.

You would probably be better off downloading the updates through your
broadband setup as otherwise your Grandpa will probably get kicked off his
dial up connection on average every hour and a half however sometimes in the
UK you can get all of the updates on a disc with one of the computer
magazines so that might be less effort and quicker for you.

And finally try to activate the Firewall by clicking Start - Connect To -
and then highlighting the connection used the right clicking then
properties then advanced and then enable the firewall.

No doubt some other readers of the newsgroup will be able to give you a more
indepth idea about the anti virus issues.

Good luck.

Eddie

And as for the rest of it you'll need some more help from the group
 
J

Jupiter Jones [MVP]

You need to disable Go-Back.
Until you do that, everything you do is a waste of time, possibly the
installed updates that you think are installed, are not actually
installed.
Contact the manufacturer for information on disabling.

Only then start loading updates.

First verify Sasser is gone by following this carefully:
http://www3.telus.net/dandemar/sasser.htm

MBSA can help you determine if an update is actually installed,
Windows Update may be giving bad information with the issues you have:
http://support.microsoft.com/default.aspx?scid=kb;en-us;320454

See #1 on this link for options for getting the updated another way:
http://www3.telus.net/dandemar/wufix.htm
 
N

NoNoBadDog!

To stop the shutdown go to RUN> shutdown -a.

Disable GoBack.

Enable Windows Firewall

Get all updates from Microsoft Update

do a complete virus scan

Re-enable GoBack

(Note; it is entirely possible that any files created with GoBack can
re-infect Grandpa's machine)

Bobby
 
L

Lester Stiefel

Hi

Sounds like youre having fun there.

Normally to turn off Goback you would need to reboot the machine and then
press the space bar when the Go Back splash screen shows that "should" then
enable you to disable it.

From my limited knowledge it does potentially seem like you could have some
other viruses onboard try ctrl alt del and then have a look at the processes
tab if there are some of the .exe files showing that really make no sense
like letters and numbers that dont even look like abreviations of words
could be a clue.

You would probably be better off downloading the updates through your
broadband setup as otherwise your Grandpa will probably get kicked off his
dial up connection on average every hour and a half however sometimes in the
UK you can get all of the updates on a disc with one of the computer
magazines so that might be less effort and quicker for you.

And finally try to activate the Firewall by clicking Start - Connect To -
and then highlighting the connection used the right clicking then
properties then advanced and then enable the firewall.

No doubt some other readers of the newsgroup will be able to give you a more
indepth idea about the anti virus issues.

Good luck.

Eddie

And as for the rest of it you'll need some more help from the group

With xpHome you can run the services.msc applet and disable
the items in the system restore and norton goback (roxio) by
opening up this value from the list and then selecting
disable from the dropdown list in the dialog - in tab 2 of
the dialog select disable under the service logon area.
Apply and ok to finish.

Restart the PC. The goback is now bypassed when the system
is started and Sysrestore is gone.
 
L

Lester Stiefel

To stop the shutdown go to RUN> shutdown -a.

Disable GoBack.

Enable Windows Firewall

Get all updates from Microsoft Update

do a complete virus scan

Re-enable GoBack

(Note; it is entirely possible that any files created with GoBack can
re-infect Grandpa's machine)

Bobby

Try removing the Norton/roxio goback. You can always
reinstall later (after the updates). Had a similar issue
with goback personal in 2002 pkg of sysworks. I had to
remove and clean up the trash, then disable system restore,
and restart. Ten and only then could I satifactorily remove
the gremlins. Then apply the updates from the site, while
system restore is defeated. The only one that requires
resore is MP9 and sp1a.
 
P

Poppa

Jupiter Jones said:
You need to disable Go-Back.
Until you do that, everything you do is a waste of time, possibly the
installed updates that you think are installed, are not actually
installed.
Contact the manufacturer for information on disabling.

Only then start loading updates.
DUH! Of COurse! Looks like Grandpa has done a lot of practicing the
past two days!! It's gonna be pitiful watching the old guy cry...
 
P

Poppa

Eddie said:
Hi

Sounds like youre having fun there.

Normally to turn off Goback you would need to reboot the machine and then
press the space bar when the Go Back splash screen shows that "should" then
enable you to disable it.

That did the trick! Thanks!

Unfortunately, i tried to use the online virus checker you poseted and
it aborted with a RPC error and locked the PC up. Had to power down
and it would not reboot. Got to the startup screen with the windows
logo but then it would go black and hand. Tried letting it revert to
a last working copy but that did not work either. DOA.
 
E

Eddie

Still sounds like you are having fun there.

You now have one of two options open to you.

You can try to repair the installation - hopefully you have a copy of the
XP disc and the serial number

Have a look at the following link as that should talk you through it.

http://www.webtree.ca/windowsxp/rep...s XP by Installing Over top of Existing Setup:

Or format the hard drive and do a nice clean install!

Or if it is a packaged PC - a Hewlett Packard or something with the restore
disks you could always try that route.

Failing that - hit it with a hammer!

I would dtry to do the repair installation if the situation presented itself
to me - it doesnt necessarily mean it is the correct one! one of the
Microsoft Certified people on the group might have other better qualified
ideas.

With the repair side you would still need to reinstall service pack one
along with all of the other updates and would no doubt still have all of the
nasties in place waiting for you.

I'm guessing that you arent in the UK otherwise if you were in the North
London area i'd try to have a look at it.

Good luck

Eddie
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top