>>PC is Extremely Buggy, I Think<<

  • Thread starter Thread starter Wayne B.
  • Start date Start date
W

Wayne B.

I'm dealing with a machine that has DSL. SBC Yahoo is
the ISP. I'm not able to run msconfig to check the
startup programs (but I can run cmd and also mmc) and I
can't install winpatrol, I click it and just gives me the
hour glass next to the pointer for a split second and
that's it. There are a lot of sites that I can't get the
SBC Yahoo browser to bring up, but, IE will. There are
also, sites that IE can not bring up, such as Microsoft
Newsgroups. I had to install Opera browser off of my cd
to get around the internet with no restrictions.

I believe that there's some type of malware and/or virus
that's on this thing. The owner of the pc has Norton
installed but it isn't updated and it is not possible to
open Norton. I click on it from the start menu as well as
shortcuts and all it does is show the hour glass next to
the pointer like before.

I was able to run Adaware with no problem and it found
nothing major. I tried to run Spybot and all I got was
the hourglass again.

There are 6 svchost.exe running in Task Manager and one
of them is running 104 threads. IS THAT NORMAL???
If nothing else, if you're able, PLEASE answer that
question!

IE pops up out of nowhere about every 5 minutes and
comes up with this site as the home page.....

http://www.casinopalazzo.com/index.php?sourceid=100336

and sometimes it's accompanied by an Xrated web page.

I just ran HijackThis and got a ton of things that it has
found. I'm about to go thru them now to see what can be
deleted. If someone out there has an idea of what might
be going on with it and/or has any advice for me to
troubleshoot this machine any further, please send me a
post.

THANX N ADVANCE. The Rookie/Wayne B.
 
Yes, this machine is infested with spyware/malware/trojans.
Start with the HijackThis that you already have and let it
do its thing.

The first thing to do is to disconnect this machine from
the net. As long as it is connected the spyware/malware
will continue to try and load itself on the machine.

Next you will need to go into Add/Remove Programs and see
what unwanted programs have been installed. Write down
each one and then Remove them using the Windows
uninstaller. At this point uninstall Norton as well since
it isn't updated unless the person plans on updating in the
near future.

Next, open the registry from the Run command. Type in
regedit and hit the Enter key. When the registry opens
type Ctrl-F. A Find box will come up. In the box type in
just a portion of the name of one of the spyware apps you
are looking for. For example, if one of the items listed
in the Add/Remove Programs area was Webshots put in
Webshots. Click Find Next and it will try to find the
first instance of Webshots. When/if it does find what you
are looking for delete that registry key. MAKE ABSOLUTELY
SURE what you are deleting is what you want to remove. If
there is a doubt, let it in. Hit the F3 key to move to the
next instance of whatever it is you are searching for.
When it reaches the end of the registry you will get a
message saying so.

In your case make sure you do a search for 'casino' (no
quotes).

Repeat this above procedure for each piece of spyware you
are looking for. When done, close the registry.

Next, go through the persons machine and look for folders
for these same pieces of spyware. Delete them entirely.

Reboot the machine, still leaving it disconnected from the
net. Open IE and see what happens. Does a new toolbar
launch? What web site does it try to get to? Do you get
any other messages which aren't normal ones? Go into Tools
| Internet Options and on the General tab see what website
is the default site. If it is not what the person wants,
change it. Close IE.

At this point reconnect to the net and launch IE. Does it
go the web site you specified or does it still try to go to
the casino one? If it does not go to the site you
specified there is still a registry item which is taking
control. Disconnect from the net, launch regedit again
and do more searching. Reboot the machine.

Once you are done with this make sure to go to Microsofts
site and update the machine with the Critical Updates as
well as other updates.

I'm sure there are others on here who will say that what I
have just described is not necessary but I work in a large
agency and have had to do the above steps to various users
machines and no spyware/malware has ever been able to stay
hidden from me.

One other thing you might want to consider is if this
person is on a highspeed connection get a firewall and lock
down all but the necessary ports. Also, in the Services
area turn off Messenger Service and Server service. Make
sure they are not set to automatically start when the
machine is rebooted by right-clicking on the service and
choose Properties. In the Startup Type dropdown box choose
Disabled. Click Ok to save the settings.

This should get you started.
 
Damn good advice KAS. I'll go thru it and see what
happens. Thanks, appreciate it a lot. Wayne B.
 
Wayne, ever looked further in this issue:
dd.

zaterdag 22 mei 2004 1:33



There are still unanswered replies to yours.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

>>XP is Extremely Buggy,... I Think<< 1
>> XP Home is Buggy, I Think<< 5
Microsoft disables 'buggy' Intel patch 0
OT sorry need to resolve an IP issue I think 4
Buggy IE behavior 2
SBC Yahoo Blocking IE 3
File Download - Security Warning 5
I think I found the culprit 10

Back
Top