id event 4226 / computer crashes/ missing network places

[Guest]

my computer has been randomly crashing (just shutsdown, no screen freezing
etc) i,ve recently inserted a new nvidia 6200 which seems to be okay. I,ve
recently downloaded limewire (p2p) and since then the computer just dies
without warning . it restarts okay and i,ve check events manager and seen the
event id 4226 popping up .having trawled through the various threads i found
one with the link
http://blog.davidkaspar.com/archives/2005/04/windows-xp-sp2-and-event-id-4226.php
which recommends a download patch--
http://lvllord.de/?lang=en&url=downloads. which address this problem. its
install okay and i used the 50 connections (the default setting). 15 minutes
later the computer crashed . upon start up this time it informed me that some
files for my anti virus (blueyonders pc guard) were corrupt and would require
reinnstalling from a backup , which was fine except that this was stored on
my network ( a buffalo linkstation ) listed as a seperate network drive- Z
drive .Although the drive is still showing in my computer under network
drives ,when i try to access it i get a message saying the path ha snot been
found and the connection not restored.when i look in my network places its
empty,when i click view my workgroup computers it tell me ms home is not
accessible etc. I,ve tried system restore to no avail . i have also only 4
days ago totally wipe clean out the computer and reinstalled the factory
settings and reinstalled all of my programs (including limewire).
WHAT HAVE I DONE AND CAN ANYONE PLEASE HELP AS I<M SPENDING LOTS OF HOURS
AND GETTING NOWHERE FAST WITH MORE PROBLEMS GENERATED THEN SOLVED>

MAny Thanks
Del

 

[Brian A.]

my computer has been randomly crashing (just shutsdown, no screen freezing
etc) i,ve recently inserted a new nvidia 6200 which seems to be okay. I,ve
recently downloaded limewire (p2p) and since then the computer just dies
without warning . it restarts okay and i,ve check events manager and seen the
event id 4226 popping up .having trawled through the various threads i found
one with the link
http://blog.davidkaspar.com/archives/2005/04/windows-xp-sp2-and-event-id-4226.php
which recommends a download patch--
http://lvllord.de/?lang=en&url=downloads. which address this problem. its
install okay and i used the 50 connections (the default setting). 15 minutes
later the computer crashed . upon start up this time it informed me that some
files for my anti virus (blueyonders pc guard) were corrupt and would require
reinnstalling from a backup , which was fine except that this was stored on
my network ( a buffalo linkstation ) listed as a seperate network drive- Z
drive .Although the drive is still showing in my computer under network
drives ,when i try to access it i get a message saying the path ha snot been
found and the connection not restored.when i look in my network places its
empty,when i click view my workgroup computers it tell me ms home is not
accessible etc. I,ve tried system restore to no avail . i have also only 4
days ago totally wipe clean out the computer and reinstalled the factory
settings and reinstalled all of my programs (including limewire).
WHAT HAVE I DONE AND CAN ANYONE PLEASE HELP AS I<M SPENDING LOTS OF HOURS
AND GETTING NOWHERE FAST WITH MORE PROBLEMS GENERATED THEN SOLVED>

What you have done is installed Limewire and opened up your machine to any virus
transported via P2P file sharing.
As for the Z drive, have you tried mapping to it?

MAny Thanks
Del

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375

 

[Guest]

hi i,ve tried to map the drive but there is no shared network for me to use
(used to be ms home) are these p2p so dangerous?

 

[Brian A.]

hi i,ve tried to map the drive but there is no shared network for me to use

Is this PC not on any network anymore or has it simply been removed from a present
one?

(used to be ms home) are these p2p so dangerous?

What it does is allow anyone access to your machine that is within that sharing
network. Any open ports not necessary for the proper functionality of the web and/or
a secure network are hacker magnets. Any one file you download/access/execute has
the potential of having a virus contained within it which can/will propogate via
others that download via the P2P community. It's your call and if you happen to get
bit, remember it was your decision to continue P2P sharing.

On another note your ISP may take notice of the amount of traffic used on your
account, and if they deem it to be illegal they may/will send a cease and desist
warning. If the warning is ignored you will no longer have an ISP. Again it's your
call.


--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375

 

[Guest]

Thanks for the info , i,ll drop the p2p like a hot cake , i had no idea of
if potential to damage. i,ve scanned my hard drives and found and deleted 2
viruses in temporary internet files ,its not possible to scan the z drive as
i have no access,


my main p.c is only linked to my laptop and the external buffalo drive (Z)
but i cant get it to show in my workgroup, this only occured after
downloading the 4226 fixit patch.
will it help if i uninstall this , how do i uninstall this (its not showing
in the remove program list).

Should i just reset the computer again back to factory settings (major task)
and if i do would or can any viruses survive this process.

 

[Brian A.]

Thanks for the info , i,ll drop the p2p like a hot cake , i had no idea of
if potential to damage. i,ve scanned my hard drives and found and deleted 2
viruses in temporary internet files ,its not possible to scan the z drive as
i have no access,

See bottom of this response.

my main p.c is only linked to my laptop and the external buffalo drive (Z)

Ok, it appears you have a LAN (Local Area Network) set up and it appears you may
have to reconfigure it.
Is the external (Z) drive inaccessible by both the PC and Laptop?
Are you using a software firewall other than the (pos) XP firewall?
Have you reset the Workgroup name to mshome on the machine you ran the HP Repair CD
on?

but i cant get it to show in my workgroup, this only occured after
downloading the 4226 fixit patch.
will it help if i uninstall this , how do i uninstall this (its not showing
in the remove program list).

If you mean the EventID 4226 Patch and you used it to increase the half-open TCP
connections, then run it again and reset the value to 10. Reboot when done.
I don't believe the EventID 4226 Patch would have anything to do with the external
(Z) drive being inaccessible, yet stranger things have happened. I lean more towards
the viruses having a hand in it and/or the HP Repair you did.

Should i just reset the computer again back to factory settings (major task)

Not yet.

and if i do would or can any viruses survive this process.

Not if the drive is formatted, if it isn't then there is the very likely potential
that they are in a restore point which when used will also restore the virus(es).

As for the viruses found, you need to do a thorough check and make sure the machine
is clean:

Run a full system virus scan with fully up-to-date definitions.

**It is very important to run the update for each program before running the app/s
to be sure you have the latest definitions.**
Run the programs in Safe Mode after assuring you have shut down all running tasks
except explorer or systray and all apps are fully up to date.
Remove your Temp Internet files: Right click IE. Under the General tab click Delete
Files, put a check in Delete all Offline..., click OK and close when finished.
Delete all files in c:\windows\temp.

Download/run Cool Web Shredder from:
http://www.intermute.com/products/cwshredder.html

For Info on Cool Web Search variants:
http://www.richardthelionhearted.com/~merijn/cwschronicles.html

Download/install/run Ad-Aware SE to detect/rid of any other parasites/spyware that
may be installed. It can be obtained free from:
http://www.lavasoftusa.com/
After installing Ad-Aware, open it and click on the ref update to get the latest
up-to-date ref file, then run Ad-Aware and delete everything it finds.

Download/install/run Spybot - Search & Destroy:
http://security.kolla.de/index.php?lang=en&page=download
Run it at it's default settings until you learn an know more about it. Spybot S&D
is more of an advanced users tool and changing from the default settings can be
dangerous to the novice user. Items found in the default settings that are RED can
usually be safely removed. If you are unsure of a found item, do not remove it and
ask for help.

If you still have problems, download/run HijackThis from:
http://www.richardthelionhearted.com/~merijn/downloads.html
http://majorgeeks.com/downloads31.html

Copy HJT to it's own folder, this is where the log files will be saved. Run HJT in
Normal Mode.
Do not remove anything with it until you get advice on what to remove, HJThis will
list many apps that are needed along with the bad ones. Removing items listed
hap-hazardly without knowing what they are can/will create a royal mess. Read the
quick start here on how to create a log file that can be copied/pasted into a forum
that can provide assistance on removal of unwanted pests.
http://mjc1.com/mirror/hjt/#quick

Then post the logs to an appropriate forum where they specialize in
spyware/hijacker removal. Please read any sticky notes for proper posting which are
most commonly posted first at the top in each specific forum. Read any information
under each forum category name for information on what that particular one is used
for, look for the proper one that you post logs to.
http://forums.spywareinfo.com/
http://aumha.net/
http://forum.aumha.org/

After running the above and assuring you have a clean machine:
It’s also a good idea to have a HOSTS file to block bad sites, scroll to HOSTS File
Manager here:
http://www.mvps.org/PracticallyNerded/Software.htm

Download/install/run SpywareBlaster which stops the badboys before they even get a
chance to install:
http://www.javacoolsoftware.com/spywareblaster.html



--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375

 

[Guest]

Thanks brian ,
here are some more answers for your questions and some more questions
gegenerated by your answers,see below

i will now install and run the programs you suggested in your reply,
Thanks once again .
Cheers
Del

See bottom of this response.


Ok, it appears you have a LAN (Local Area Network) set up and it appears you may
have to reconfigure it.
Is the external (Z) drive inaccessible by both the PC and Laptop?
Are you using a software firewall other than the (pos) XP firewall?
Have you reset the Workgroup name to mshome on the machine you ran the HP Repair CD
on?

the z drive is accessible by the laptop.

there is a firewall running with my blueyonder pc guard (include with there
anti virus package)as well as the xp firewall,#

i didnt run the hp repair disc , i restarted the computer using its own
integral recovery program from the hardisc.
i had been able to access and use the Z drive prior to installing the event
4226 id patch, but not since rebooting it after the installation

now when i click on my work groups it say the path is inaccessible.

 

[Brian A.]

Thanks brian ,
here are some more answers for your questions and some more questions
gegenerated by your answers,see below

i will now install and run the programs you suggested in your reply,
Thanks once again .
Cheers
Del



the z drive is accessible by the laptop.

Can the PC access the laptop? If yes, why not pull/copy the AV setup file(s) over
to the laptop where the PC can then get the file(s).

there is a firewall running with my blueyonder pc guard (include with there
anti virus package)as well as the xp firewall,#

I see that's only for Premium customers who purchase the 4Mb -10Mb packages. The
standard customers that purchase the 2Mb package only get the firewall and popup
blocker to keep using. The anti-virus, anti-spyware, parental control and identity
theft protection are only offered for a one month trial, after that the standard user
has to pay to continue using them.

i didnt run the hp repair disc , i restarted the computer using its own
integral recovery program from the hardisc.

Which is on a hidden/seperate partition and could either be used to recover
files/apps or restore the OS to the factory install, something I don't know since you
couldn't say.

i had been able to access and use the Z drive prior to installing the event
4226 id patch, but not since rebooting it after the installation

now when i click on my work groups it say the path is inaccessible.

Something we'll look into after we know your PCs clean and healthy.


--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375


<snipped for bandwith purposes>

 

[Guest]

Hi Brian,
i have now downloaded installed updated and run all of your recommended
programs on my c & d drives ,but not on the z drive (still no access,)
they didn,t seem to bad , not many bad items.

iv,e run and created and posted the log for the hijacker to one of the
forums ,no reply as yet.

i had already installed the av (anti virus?) program from blueyonder on the
internet so don,t need (or know how) to access or install it from my
laptop(i,ve always used the z drive as a go between for the pc and laptop).
the anti virus has been updated and run a few times but again not on z drive .
I hasten to add that z drive is were i have been storing the bulk of
downloads from limewire, mainly music , ipod movies,and a few programs .i
had scanned probably 80%+ of its contents a few days ago and i am currently
scanning it from the laptop.

i had already purchased the premium package from pcguard.

i have also run one of the online antivirus checks recommend on the spyware
forum to run before posting there and it was clear.

i have also uninstalled limewire and hopefully all of its components.

whats the next step?

cheers
Del

 

[Brian A.]

Hi Brian,
i have now downloaded installed updated and run all of your recommended
programs on my c & d drives ,but not on the z drive (still no access,)
they didn,t seem to bad , not many bad items.

iv,e run and created and posted the log for the hijacker to one of the
forums ,no reply as yet.

i had already installed the av (anti virus?) program from blueyonder on the
internet so don,t need (or know how) to access or install it from my
laptop(i,ve always used the z drive as a go between for the pc and laptop).
the anti virus has been updated and run a few times but again not on z drive .
I hasten to add that z drive is were i have been storing the bulk of
downloads from limewire, mainly music , ipod movies,and a few programs .i
had scanned probably 80%+ of its contents a few days ago and i am currently
scanning it from the laptop.

Since it's an external storage device you really don't need it installed on it, it
is however very imperative that it is installed on the machine it is connected to.
BlueYonder allows PCguard to be installed on up to 3 machines and you can get the
download and all the info to install/use/updating/etc here:
http://www.blueyonder.co.uk/blueyonder/getContent.jspx?page=help_securitypcguard

i had already purchased the premium package from pcguard.

You mean PCguard was purchased from BlueYonder/Telewest before they were your
provider, or are you just getting the names mixed?

i have also run one of the online antivirus checks recommend on the spyware
forum to run before posting there and it was clear.

i have also uninstalled limewire and hopefully all of its components.

whats the next step?

Wait until they say your clean, advise you on how to stay clean and say your good
to go. Once they have you cleaned up your issue may be resolved and if it is post
back to let us know how it all worked out. If your clean and still have an issue
we'll take it from there.


--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375