New comp. Got infected before SP2 installed.

  • Thread starter Thread starter Marcus
  • Start date Start date
M

Marcus

Hi,

The technical support phone line closed a few hours ago
for the weekend and these newgroups have been unbelievably
helpful before :)

I just got a new computer with Windows XP. I also just got
broadband. I had waited to connect to the internet until
broadband arrived so Windows Update would work faster.
I connected to the internet. Everything running fine.

I have Norton on my computer, but every time i ever tried
to do the live update, it would say it couldnt connect.
www.systemac.com would not work on internet explorer

I run windows update.

A few critical updates. Im downloading and Send Receive
ratio is about 1:4 or so. At about 52% the windows update
seems to stall. And im fully uploading. 15 mins later. Ive
uploaded 40 megs to 17 meg download....

I load up taskmanager. I spot wuamgrd.exe, google it,
comes up as a probable virus. I end it, but windows update
doenst resume.

Shut down, restart.

This time i end the wuamgrd.exe before connecting to
internet. Run Update. Works. Still uploading though, but
it finishes. Restart.

End wuamgrd.exe, connect to internet. Im still uploading
at maximum... so i download Kerio's firewall. Install.

4 programs seem desperate to communicate with internet:
wuamgrd.exe
wmmon32.exe
SPOOLSVD32.exe
sysentry32.exe
(as far as i can remember)

Run Update again. Download and install SP2.

Restart.

I allowed Internet explorer to be an exception on the
Windows Firewall that got installed after SP2. And i
disabled the Kerio one.

My problems are these:
1) I cannot access ANYTHING online. Explorer seems to try
to access a whole host of similar urls (www.WHATEVER.net
www.WHATEVER.com.net etc) but nothing works. I am
accessing these newsgroups from another computer.

2)I cannot update the antivirus software so i cannot
detect what the viruses on my computer are.

3)I did all this from a new computer with a clean windows
XP. I just spent my entire day trying to get this computer
to work. Im frustrated that its not, and i cant
immediately see how to fix this. Technical support is
closed until Monday, but when i ran them up before
regarding update pausing, the guy didnt have a clue.

Thank you all for bothering to read all of this, and I
thank you all too if you can provide any help :)
 
"Marcus" <[email protected]> had
written
2)I cannot update the antivirus software so i cannot
detect what the viruses on my computer are.
Click to expand...

Just a thought but maybe try another Virus checker and see if that
helps. Down load a VC on your friends computer and burn it on a CD to
take to yours.
Also SP 2 will ask you if you want to monitor your VC instead because
MS is unaware if the one you have is updated. Switch that on in your
security panel to allow you to monitor it.
 
Marcus said:
Hi,

The technical support phone line closed a few hours ago
for the weekend and these newgroups have been unbelievably
helpful before :)

I just got a new computer with Windows XP. I also just got
broadband. I had waited to connect to the internet until
broadband arrived so Windows Update would work faster.
I connected to the internet. Everything running fine.

I have Norton on my computer, but every time i ever tried
to do the live update, it would say it couldnt connect.
www.systemac.com would not work on internet explorer

I run windows update.

A few critical updates. Im downloading and Send Receive
ratio is about 1:4 or so. At about 52% the windows update
seems to stall. And im fully uploading. 15 mins later. Ive
uploaded 40 megs to 17 meg download....

I load up taskmanager. I spot wuamgrd.exe, google it,
comes up as a probable virus. I end it, but windows update
doenst resume.

Shut down, restart.

This time i end the wuamgrd.exe before connecting to
internet. Run Update. Works. Still uploading though, but
it finishes. Restart.

End wuamgrd.exe, connect to internet. Im still uploading
at maximum... so i download Kerio's firewall. Install.

4 programs seem desperate to communicate with internet:
wuamgrd.exe
wmmon32.exe
SPOOLSVD32.exe
sysentry32.exe
(as far as i can remember)

Run Update again. Download and install SP2.

Restart.

I allowed Internet explorer to be an exception on the
Windows Firewall that got installed after SP2. And i
disabled the Kerio one.

My problems are these:
1) I cannot access ANYTHING online. Explorer seems to try
to access a whole host of similar urls (www.WHATEVER.net
www.WHATEVER.com.net etc) but nothing works. I am
accessing these newsgroups from another computer.

2)I cannot update the antivirus software so i cannot
detect what the viruses on my computer are.

3)I did all this from a new computer with a clean windows
XP. I just spent my entire day trying to get this computer
to work. Im frustrated that its not, and i cant
immediately see how to fix this. Technical support is
closed until Monday, but when i ran them up before
regarding update pausing, the guy didnt have a clue.

Thank you all for bothering to read all of this, and I
thank you all too if you can provide any help :)
Click to expand...

#1: Disconnect your computer from the Interent until you get this
thing resolved.
#2: Before connecting back to the Internet make certain that you have
a firewall installed and operational. Use the Windows XP built-in
firewall, at least temporarily. It will protect your computer from
incoming attacks, including Sasser and Blaster.
#3: On another computer download Stinger (free) from
http://vil.nai.com/vil/stinger and save it to a 3.5 inch diskette.
#4: Boot your new computer into Safe Mode. Insert the diskette with
Stinger on it, and run it( Start - Run - A:\STINGER.EXE). That will
detect and remove the most common of the current crop of viruses and
should allow you to do the rest of what you need.

Note 1:
To start Windows XP in Safe Mode turn on the computer and start
tapping the F8 key rapidly just as soon as the first information of
any kind shows on the screen. Keep tapping until the Windows XP
Startup Menu appears and choose Safe Mode from the menu.

Note 2:
To activate the built-in firewall in Windows XP open Control Panel -
Network Connections. Right-click on the icon for your internet
connection and select Properties. In the Properties window click on
the Advanced tab and then click on the checkbox for the firewall to
activate it. If you subsequently install a 3rd party software
firewall then you can turn off the Windows XP firewall as there is no
need for two of them.

Good luck


Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

"The reason computer chips are so small is computers don't eat much."
 
-----Original Message-----
"Marcus" <[email protected]> had
written


Just a thought but maybe try another Virus checker and see if that
helps. Down load a VC on your friends computer and burn it on a CD to
take to yours.
Also SP 2 will ask you if you want to monitor your VC instead because
MS is unaware if the one you have is updated. Switch that on in your
security panel to allow you to monitor it.
--
Click to expand...

It was Norton Antivirus that came with the computer. I saw
that VC monitor that came on after SP2 installed, and it
said that it probably needed updating :)

Thanks so much for you quick reply. Have a great day!
 
There are worms/viruses that edit the Windows XP Hosts file, adding entries that make it
impossible to connect to web sites for various antivirus program makers and antivirus
update sites, and various other web sites. Editing the Hosts file, to get rid of those
entries, so you can get to the Norton updates, might be the thing to do. If the above is
the problem, then after editing the Host file, reboot (with a firewall enabled) and you
should be able to update your Norton, then scan your drive for viruses after the update.

How to edit the Hosts file:

Windows XP
1.. Click Start, and then click Search.
2.. Click All files and folders.
3.. In the "All or part of the file name" box, type:

hosts


4.. Verify that "Look in" is set to "Local Hard Drives" or to (C:).
5.. Click "More advanced options."
6.. Check "Search system folders."
7.. Check "Search subfolders."
8.. Click Search.
9.. Click Find Now or Search Now.
10.. For each Hosts file that you find, right-click the file, and then click "Open
With."
11.. Deselect the "Always use this program to open this program" check box.
12.. Scroll through the list of programs and double-click Notepad.
13.. When the file opens, delete all the entries in the Hosts file except for the
following line:

127.0.0.1 localhost


14.. Close Notepad and save your changes when prompted.
T.C.
t__cruise@[NoSpam]hotmail.com
Remove [NoSpam] to reply
 
#1: Disconnect your computer from the Interent until you get this
thing resolved.
#2: Before connecting back to the Internet make certain that you have
a firewall installed and operational. Use the Windows XP built-in
firewall, at least temporarily. It will protect your computer from
incoming attacks, including Sasser and Blaster.
#3: On another computer download Stinger (free) from
http://vil.nai.com/vil/stinger and save it to a 3.5 inch diskette.
#4: Boot your new computer into Safe Mode. Insert the diskette with
Stinger on it, and run it( Start - Run - A:\STINGER.EXE). That will
detect and remove the most common of the current crop of viruses and
should allow you to do the rest of what you need.

Note 1:
To start Windows XP in Safe Mode turn on the computer and start
tapping the F8 key rapidly just as soon as the first information of
any kind shows on the screen. Keep tapping until the Windows XP
Startup Menu appears and choose Safe Mode from the menu.

Note 2:
To activate the built-in firewall in Windows XP open Control Panel -
Network Connections. Right-click on the icon for your internet
connection and select Properties. In the Properties window click on
the Advanced tab and then click on the checkbox for the firewall to
activate it. If you subsequently install a 3rd party software
firewall then you can turn off the Windows XP firewall as there is no
need for two of them.

Good luck
Click to expand...

Thanks for your quick reply! I realise that staying online
would simply be letting the worm(s) try to infect other
computers which is why i left it after i couldnt update my
norton antivirus (that came with the computer) even after
SP2 was installed :)

As soon as SP2 installed i switched to the Windows
Firewall and put it up.

Ill give everything you said a go tomorrow morning when im
calm :)

Thanks again for helping me with this problem. You
probably dont (or maybe you do) get little thanks for your
problem solving, but thanks. It really is appreciated!
Have a great day.
 
-----Original Message-----
There are worms/viruses that edit the Windows XP Hosts
Click to expand...
file, adding entries that make it
impossible to connect to web sites for various antivirus program makers and antivirus
update sites, and various other web sites. Editing the
Click to expand...
Hosts file, to get rid of those
entries, so you can get to the Norton updates, might be
Click to expand...
the thing to do. If the above is
the problem, then after editing the Host file, reboot
Click to expand...
(with a firewall enabled) and you
should be able to update your Norton, then scan your
Click to expand...
drive for viruses after the update.
How to edit the Hosts file:

Windows XP
1.. Click Start, and then click Search.
2.. Click All files and folders.
3.. In the "All or part of the file name" box, type:

hosts


4.. Verify that "Look in" is set to "Local Hard Drives" or to (C:).
5.. Click "More advanced options."
6.. Check "Search system folders."
7.. Check "Search subfolders."
8.. Click Search.
9.. Click Find Now or Search Now.
10.. For each Hosts file that you find, right-click the file, and then click "Open
With."
11.. Deselect the "Always use this program to open this program" check box.
12.. Scroll through the list of programs and double- click Notepad.
13.. When the file opens, delete all the entries in the Hosts file except for the
following line:

127.0.0.1 localhost


14.. Close Notepad and save your changes when prompted.
T.C.
t__cruise@[NoSpam]hotmail.com
Remove [NoSpam] to reply
Click to expand...

Hi,

Thanks for your quick response! I asked a few of my
friends about the web browser not working properly, and
one of them suggested HOSTS as having redirects in it. Ill
check that tomorrow :)

Many thanks again for your suggestion and help!
 
3)I did all this from a new computer with a clean windows
XP. I just spent my entire day trying to get this computer
to work. Im frustrated that its not, and i cant
immediately see how to fix this. Technical support is
closed until Monday, but when i ran them up before
regarding update pausing, the guy didnt have a clue.

Thank you all for bothering to read all of this, and I
thank you all too if you can provide any help :)
Click to expand...

Only a suggestion for the future, and to anyone else who gets a
brand new computer with Windows XP. Don't even THINK about
connecting to the Internet unless you have a firewall and
antivirus running fulltime first.
 
Marcus said:
Hi,

The technical support phone line closed a few hours ago
for the weekend and these newgroups have been unbelievably
helpful before :)

I just got a new computer with Windows XP. I also just got
broadband. I had waited to connect to the internet until
broadband arrived so Windows Update would work faster.
I connected to the internet. Everything running fine.

I have Norton on my computer, but every time i ever tried
to do the live update, it would say it couldnt connect.
www.systemac.com would not work on internet explorer

I run windows update.

A few critical updates. Im downloading and Send Receive
ratio is about 1:4 or so. At about 52% the windows update
seems to stall. And im fully uploading. 15 mins later. Ive
uploaded 40 megs to 17 meg download....

I load up taskmanager. I spot wuamgrd.exe, google it,
comes up as a probable virus. I end it, but windows update
doenst resume.

Shut down, restart.

This time i end the wuamgrd.exe before connecting to
internet. Run Update. Works. Still uploading though, but
it finishes. Restart.

End wuamgrd.exe, connect to internet. Im still uploading
at maximum... so i download Kerio's firewall. Install.

4 programs seem desperate to communicate with internet:
wuamgrd.exe
wmmon32.exe
SPOOLSVD32.exe
sysentry32.exe
(as far as i can remember)

Run Update again. Download and install SP2.

Restart.

I allowed Internet explorer to be an exception on the
Windows Firewall that got installed after SP2. And i
disabled the Kerio one.

My problems are these:
1) I cannot access ANYTHING online. Explorer seems to try
to access a whole host of similar urls (www.WHATEVER.net
www.WHATEVER.com.net etc) but nothing works. I am
accessing these newsgroups from another computer.

2)I cannot update the antivirus software so i cannot
detect what the viruses on my computer are.

3)I did all this from a new computer with a clean windows
XP. I just spent my entire day trying to get this computer
to work. Im frustrated that its not, and i cant
immediately see how to fix this. Technical support is
closed until Monday, but when i ran them up before
regarding update pausing, the guy didnt have a clue.

Thank you all for bothering to read all of this, and I
thank you all too if you can provide any help :)
Click to expand...

Since it is new, why not restore back to the original shipped state. Then
apply the updates before connecting to the internet.
Click on the link below, or copy and paste the link into the address box
if using the web based newsgroup.
Restore XP
http://michaelstevenstech.com/restore.htm
--
Michael Stevens MS-MVP XP
(e-mail address removed)
http://michaelstevenstech.com
For a better newsgroup experience. Setup a newsreader.
http://michaelstevenstech.com/outlookexpressnewreader.htm
 
I went through that nausea recently - I got the Sasser virus before the MS
fixes has a chance to download and install!.

I reformatted the disk, did another clean install of XP - and this time
enabled the firewall before attempting to connect to the Internet to
download the MS big fixes and Norton AV definition updates. Worked that
time.

PS - I strongly recommend that you use Drive Image, Norton Ghost or
whatever - makes it much easier to start again if you back up a copy of the
C drive before trying to use the internet. I learnt my lesson and did it the
second time, but the firewall was good enough so I didn't need to use the
backed up copy.
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Zero Upload Speed 6
Error Installing "ADAPTEC EZCD 4.04" 1
File Download - Security Warning 5
Conduit got me, indirectly! 29
.NET Framework update issue 55
Update SP1 before installing SP2? 25
Installed SP3, now getting "Generic Host Process for Win32 Services has encountered a problem" messa 2
Upload problems with Windows XP SP2 4

Back
Top