Internet & e-mail both very poorly. Any ideas?

J

john

I am not terribly computer-literate, so please bear with me!

A few days ago something started to go pear-shaped with my computer
(NEC, running Windows XP). I was getting all kinds of annoying pop-ups
and messages (like about a dozen a minute!), some for casinos and the
like, but most of them telling me my computer was infected with
viruses and trying to direct me to various sites to solve the problem.
My browser (IE7) was also being hijacked.

I already have McAfee, and I ran it and removed the infected files it
identified (including Trojan). The annoying pop-ups continued to
appear and my browser was still hijacked. I removed IE7 from my
system, which cut down on the number of pop-ups, and did a bit of
searching for help using Firefox. I found some useful advice, which
mainly involved downloading and running the following:

HijackThis
AVG Anti-Spyware
SmitfraudFix

After that, the pop-ups stopped and my system ran normally for a
couple of days.

Now, though, I'm finding that Firefox will not give me access to a lot
of Internet pages , including my webmail programme, and Thunderbird is
similarly out of action. I get "connection timed out" messages most of
the time; just occasionally I'm lucky and manage to make a connection.
Switching to Outlook Express and Netscape Navigator doesn't help.
Other programmes (Microsoft Word, etc.) seem to be running normally,
but anything connected with e-mail or the Internet seems to be on the
blink.

It's in the nature of the problem that I may not always be able to
read or reply to postings, but any help or advice would be much
appreciated.

Thanks,

John
 
B

Bart Bailey

In Message-ID:<[email protected]>
posted on 9 Mar 2007 09:50:16 -0800, (e-mail address removed) wrote:
Begin
It's in the nature of the problem that I may not always be able to
read or reply to postings, but any help or advice would be much
appreciated.

Save as much of your data as you can, photos, documents, etc. to a
separate location and reinstall XP. Only this time try to use as little
of Internet Explorer as possible to get a better browser an mail/news
reader. I'm also running XP but have emasculated the MSIE capabilities
and thus its sundry vulnerabilities.
I never get popups unless I select for them, nor does my browser take me
to nor deny me from any sites contrary to my wishes.
Once you have gotten your alternative browser installed and configured
you might want to remove any instances of dlls starting with the letters
"mshtml" which will sort of bullet proof your system against MSIE
exploits.
As with any major OS alterations I suggest ghosting its partition first.
 
D

David H. Lipman

From: <[email protected]>

| I am not terribly computer-literate, so please bear with me!
|
| A few days ago something started to go pear-shaped with my computer
| (NEC, running Windows XP). I was getting all kinds of annoying pop-ups
| and messages (like about a dozen a minute!), some for casinos and the
| like, but most of them telling me my computer was infected with
| viruses and trying to direct me to various sites to solve the problem.
| My browser (IE7) was also being hijacked.
|
| I already have McAfee, and I ran it and removed the infected files it
| identified (including Trojan). The annoying pop-ups continued to
| appear and my browser was still hijacked. I removed IE7 from my
| system, which cut down on the number of pop-ups, and did a bit of
| searching for help using Firefox. I found some useful advice, which
| mainly involved downloading and running the following:
|
| HijackThis
| AVG Anti-Spyware
| SmitfraudFix
|
| After that, the pop-ups stopped and my system ran normally for a
| couple of days.
|
| Now, though, I'm finding that Firefox will not give me access to a lot
| of Internet pages , including my webmail programme, and Thunderbird is
| similarly out of action. I get "connection timed out" messages most of
| the time; just occasionally I'm lucky and manage to make a connection.
| Switching to Outlook Express and Netscape Navigator doesn't help.
| Other programmes (Microsoft Word, etc.) seem to be running normally,
| but anything connected with e-mail or the Internet seems to be on the
| blink.
|
| It's in the nature of the problem that I may not always be able to
| read or reply to postings, but any help or advice would be much
| appreciated.
|
| Thanks,
|
| John



If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1



For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
 
J

john

David said:
If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0

http://java.sun.com/javase/downloads/index.jsphttp://www.java.com/en/download/manual.jsp

OK. The Java versions are all older (jre1.5.0_01, jre1.5.0_06 and
jre1.5.0_011), so that's my first step. Will report back when
finished.

Many thanks!

John
 
J

john

I said:
OK. The Java versions are all older (jre1.5.0_01, jre1.5.0_06 and
jre1.5.0_011), so that's my first step. Will report back when
finished.

Sigh! My browser won't give me access to any of the Java 6 download
sites, or to most of the spyware and other troubleshooting sites
(Spybot was an exception; at least I got to the site and started
downloading, but it's been stuck in the middle of downloading for
about half an hour now).

I'm currently backing up all my data to an IO-Data external disk drive
as well as to a second local disk drive (D drive), in preparation for
acting on David Lipman's recommendation (reinstalling Windows).

Are there any particular "do"s or "don't"s before I reinstall?

Oh, yes. David says something about "ghosting" a "partition". I only
have a hazy idea about what a partition is (and have never created
one) and no idea at all about what ghosting is. I'm trying to Google
up some explanations, but limitations on gaining access to sites is
holding me back (I'm lucky I can still access this newsgroup; my
regular newsgroup server is on the blink!). Any explanation would be
helpful.

Thanks again,

John
 
P

pcbutts1

Use Spyerase version 10, it's fast and free. It now has over 1700 signatures
to remove All variants of Virusburst, Spy Dawn, Spy sheriff and
Antivermins. New Feature, Spyerase will now update your hosts file. This
tool is designed to Specifically remove all variants. Scan time is about 2
minutes. Designed for Windows 2000/XP only. Password is still required.
First read this page http://www.pcbutts1.com/downloads then download
Spyerase from here http://www.pcbutts1.com/downloads/spyerasesetup.zip



Check my feedback and see what others have said about it
http://pcbutts1-therealtruth.blogspot.com/


Feedback is very important to the development of Spyerase.
Let me know how it works. Send feedback here
http://pcbutts1-therealtruth.blogspot.com/


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell
 
J

john

Bart said:
Save as much of your data as you can, photos, documents, etc. to a
separate location and reinstall XP.

I did this. In the end I didn't really have much choice, since I
couldn't gain access to the sites to download the anti-spy/virus
software people were recommending.

BUT, as soon as I tried to open a web browser the old problems
immediately came back.

Did I mention my wife turned on her computer while I was having
problems with mine and the virus immediately spread to her system? I'm
typing this on my daughter's computer, as it is the only remaining
uninfected computer in the house!

God only knows what the next step is. Why do these things always
happen when you're up to your ears with things that needed doing
yesterday?

Aaagghrrr!

John
 
J

john

I said:
I'm currently backing up all my data to an IO-Data external disk drive
as well as to a second local disk drive (D drive), in preparation for
acting on David Lipman's recommendation (reinstalling Windows).

Sorry, that would be Bart Bailey's recommendation. Anyway, I did as he
said, but the trouble persists.

I'm using a refreshed NEC computer. Windows XP is pre-installed on the
hard drive, and the product recovery disks seem to be based on Windows
98 in some way. I don't know if that's relevant...

John
 
B

Bart Bailey

In Message-ID:<[email protected]>
posted on 9 Mar 2007 17:53:59 -0800, (e-mail address removed) wrote:
Begin
Oh, yes. David says something about "ghosting" a "partition". I only
have a hazy idea about what a partition is (and have never created
one) and no idea at all about what ghosting is. I'm trying to Google
up some explanations, but limitations on gaining access to sites is
holding me back (I'm lucky I can still access this newsgroup; my
regular newsgroup server is on the blink!). Any explanation would be
helpful.

Go ahead and give Dave the credit, but send me the money <g>
In any case here's the Norton Ghost site; http://tinyurl.com/l8nnn
Because Norton is a product of Symantec, some malware will block their
site so you might have to enlist a friend with an un-afflicted machine.
Be aware that when you ghost a partition (dump an image of it), and
later decide to recover it, you will have all the problems as before,
but at least have another chance at repair it in case your initial
efforts totally mungfark your system.
Once all is fixed and running smoothly, you should ghost your system
regularly, especially after any software changes, meantime save dynamic
data daily or more often. I usually do a daily image dump and then save
the data files for my email and news clients before every shutdown, plus
I keep the *BOOTSave and *CMOSSave files on a couple Boot2DOS floppies
along with the Ghost executable.
That's something else you'll need to make, a boot to DOS floppy with the
Ghost executable on it so you can reload a saved image.

*Credit and Thanks to Roedy Green
http://mindprod.com/products1.html#BOOTSV
http://mindprod.com/products1.html#CMOSSV
 
B

Bart Bailey

In Message-ID:<[email protected]>
posted on 9 Mar 2007 21:32:55 -0800, (e-mail address removed) wrote:
Begin
Did I mention my wife turned on her computer while I was having
problems with mine and the virus immediately spread to her system? I'm
typing this on my daughter's computer, as it is the only remaining
uninfected computer in the house!

If her machine is on a LAN with the others,
by all means don't connect it to them!
Unplug the CAT5 if you have to and run her's directly to the net to get
the stuff you need, not through the afflicted hub.
God only knows what the next step is. Why do these things always
happen when you're up to your ears with things that needed doing
yesterday?

Some guy named Murphy?
 
J

john

Bart said:
here's the Norton Ghost site;http://tinyurl.com/l8nnn

OK. I'll check it out.
Because Norton is a product of Symantec, some malware will block their
site so you might have to enlist a friend with an un-afflicted machine.

My daughter's computer is unaffected as yet. As long as I don't turn
it on while either of the other computers are hooked up to the LAN I
guess I'll be OK.
Be aware that when you ghost a partition (dump an image of it), and
later decide to recover it, you will have all the problems as before,
but at least have another chance at repair it in case your initial
efforts totally mungfark your system.

So far, what I've got is my computer with Windows XP newly-installed
on it, and running fine as long as I don't switch on my IO-Data drive,
which has all my old documents, photographs, e-mail programmes,
Internet browser, etc, etc, on it.

It's progress of a kind, I suppose, but how the heck do I get the IO-
Data files back onto my computer without reinfecting it?

I guess if I download all the anti-spyware stuff David recommended
I'll have a fighting chance.

Is there anything else I should do?
Once all is fixed and running smoothly, you should ghost your system
regularly, especially after any software changes, meantime save dynamic
data daily or more often.

OK. I will, I promise - if I ever get out of these woods!
That's something else you'll need to make, a boot to DOS floppy with the
Ghost executable on it so you can reload a saved image.

But (like most computers these days, I think) I don't have a floppy
disk drive...

Thanks for all the help!

John
 
J

john

I ran Adware and Super Anti-Soy and things seem to be slowly getting
back to normal (fingers crossed!). I think I messed up my e-mail,
though; I thought all the e-mails would be saved to the IO-Data disk,
but I can't seem to find them. If anyone can tell me where to look,
that'd be helpful. Perhaps I've just lost them, though. (Not a big
disaster, as most of them are still on the webmail server.)

I also wonder what the point is in having a second hard disk drive
(drive D on my computer) if that also automatically gets wiped clean
when Windows is reinstalled?

Otherwise, from now on it's just a hassly job of reloading software
and finding and inputting passwords and usernames for all the bits and
bobs I've been using for the last few years.

Thanks for all the help!

John
 
O

Offbreed

I also wonder what the point is in having a second hard disk drive
(drive D on my computer) if that also automatically gets wiped clean
when Windows is reinstalled?

Install to single drive, shut down machine, add second drive, turn on
computer.
 
O

Offbreed

But (like most computers these days, I think) I don't have a floppy
disk drive...

Unless you are really cutting edge and got a fully changed board, floppy
drives are just not installed instead of impossible.

Restart and go into bios to see if there is a "boot to floppy" option.
Shut down, pop the cover and take a look for a floppy connector. If both
true, then get a floppy drive and connect up. Restart the computer with
"boot to floppy" selected in bios.

While poking around in bios, see if there is a "boot to USB" option, and
report back. One of the others can put together further suggestions as
I'm out of my depth with that.

Do you know what board you have?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top