He's on dialup, and surfing is torture
*******
I'd say he is infected now.
Not the prefetch thing, which we can discuss another time.
http://en.wikipedia.org/wiki/Prefetcher
Time for an offline scan of all computers, looking
for the thing that's adding autoruns and infectors
to USB flash drives. A good time for that Kaspersky CD.
Maybe a trip to the public library, with a blank CD-R,
you can make one of these.
http://support.kaspersky.com/8092
"The ISO image of Kaspersky Rescue Disk 10 (~375 MB)"
The Kaspersky disc cannot pick up definitions over dialup.
It has no PPP in Gentoo added for that. Instead, a dialup
user downloads a fresh CD, and then the definitions will
be at most about a week out of date or so.
You can edit the autorun.inf with notepad, and see
what executable the USB key was trying to use. Malware
can always delete the infector after the job is done.
And add it back at any time in the future. They could
easily have removed all evidence, so you couldn't
figure it out. At least you got a nice "hint"
you're in trouble. Examine the autorun.inf to
see whether it was this YTITG. When a random
string like that doesn't show up in Google,
that's another hint of trouble. Random executables
are typically malware.
For online tools, there are MBAM and MBAR.
The MBAM download is a one-shot scanner to be
used while Windows is running.
http://en.wikipedia.org/wiki/Malwarebytes
MBAR on the other hand, specializes in rootkits.
The missing drive problem could related to some
changes made to atapi.sys. A related tool is
Kaspersky TDSSKiller (which presumably is intended
for TDSS and not for any conceivable rootkit).
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit
If a suspicious exe can be located, it can be
uploaded to virustotal.com for scanning.
And all activities are going to be a PITA to do
with only dialup for networking. Like when MBAM
needs definitions.
Paul
Thanks Paul,
This is more than a simple infection. My whole system is totally f**ked
up. I've worked on this all night, and I'm about ready to just format
the hard drive and say the hell with it. I used to enjoy computers
until I started using XP. It seems that all I do now is fight with
them. If it's not trying to remove one of the millions of annoyances in
XP, it's trying to remove all the junk it deposits on my drive, or
fighting with modems that wont work. And now this mess, which should
not have occurred at all, since I dotn even connect to the internet with
this computer.
I may try a few more things on here, but it's pissing me off so much
that a format seems inevitable, and will remove my physical headache as
well as the computer headache. A guy on one of the Linux newsgroups
said that Windows itself IS a virus. At the time I thought he was
exaggerating, but now I think he might be right.
I got my trustworthy Win98 computer, and aside from fighting with
browsers, it works well, and I enjoy using it. If XP is this
complicated, unreliable, and so easy to infect, I hate to think what the
newer windows are like. I guess before I spend any more significant
amount of time on XP, which is obsolete anyhow, I'd rather direct my
efforts into learning Linux. There are several distros that are
supposed to work and look very much like Windows. I'd already be trying
them, but I spent several hours downloading large ISO files, spent $8 on
some blank CDs, and not one of the CD's worked. I know you said to burn
a CD, and that wont happen. The next time I even think about buying
another boxx of blank CDs, I'd flush the money down the toilet first.
At least that way I'll throw away the money without the added
frustration. I'll just buy some of those CDs from distro watch for
about $5 each (with S+h) and be done with it.
I guess I just dont care anymore. I've spent months setting up XP so it
worked without all the annoyances, and i'm not getting any use out of it
anyhow since I cant connect ot the internet. So, I'd be better off
using that computer to try linux distros and install that ReactOs, which
seems to work, but running the demo under windows is terribly slow.
Anyhow, just to say what happened, not that it matters much, but I
copied a bunch of MP4 videos and some programs made for XP from my
laptop, and put them on a USB flash drv. I put the drive on the XP
desktop, and unloaded the programs to the temp folder, and then placed
tht same USB drv into my Win98/Win2K computer. I was booted to @K at
the time because this flash drive wont work on 98. That's when weird
things started to happen. In Win2K, I kept getting drive errors
relatred to that usb drv. However, W2K seems to work ok still.
Apparently this did not effect 2K. In fact I had to use 2K to finally
format the flash drv, because XP would not let me use Format.
Since then, moving the flash drives around between computers, I found
that it only gets these files from the XP desktop. Fortunately the XP
laptop does not appear infected. Probably because I recall disabling
autorun.inf files awhile ago. But every time I moved the flash drive,
there was a autorun.inf and another file, which changed the name each
time. Besides the one I said, there has been BENZO.PIF,
*something*.exe, CCC.exe, and more.....
I looked at some of those autorun.inf files and tried to save one by
renaming it to autorun.txt. But they just disappered after a short
time. Yet, the reason I could not format that flash drive was because
the files were still there, but hidden. I was able to view and delete
them on Win2K, but not on XP. (which tells me they did not load on 2K).
Since then, I installed Spybot2, scanned the whole computer, nothing
serious was shown. I ran the ROOTKIT scanner in spybot, and it did find
something which shows a zero entry in the registry in something like
"locat settings/microsoft/software/environment". But the delete
function in spybot would not delete it. I opened Regedit, went to that
place, and can not delete it from there either.
Then I tried to boot to Safe Mode, hoping I could delete it that way.
The computer will NOT boot into safe mode. It just keeps goingf back
"select how you want to boot" over and over.
I also can not load any programs that access the system, not even
CPU-ID, Process Hacker, Process Viewer and so on. Hijack This does
load, but acts goofy, and wont let me remove some stuff.
Yet, I can load programs like Firefox, Winzip, Foxit reader, etc...
I used Erunt, and restored the registry from 2 days ago (I just
installed that program 2 days ago). It looked like this fixed it at
first, but then I started to get taht "No Disk.... exception processing
message..... error, and then all those runtime errors started to
reappear when I load Process Hacker, CPU-ID, and so on.
I ran Spybot a second time after restoring the registry and rebooting,
but nothing changed. If I knew how to edit the registey from a linux
boot, I would try that, but I dont. At this point, I dont much care
what I do or how harsh I am on the registry or files. I keep all my
important and saved Data on the Win98 computer. I have a backup of
Win2000, and my laptop. Unfortunately I did not backup this XP desktop,
although I have the HDD that I cloned it from, but that was never
activated, so it wont run anymore.
I am downloading MALWAREBYTES anti-root kit right now. That's small
enough to do on dialup. But then I'll have to infect one of my falsh
drives to put it on that computer. But I'll just keep formatting them
each time.....
If Malwarebytes dont fix it, I give up.
Then it's format time.
I still dont understand how this got on that computer. I can only guess
it's some program file I downloaded, which is strictly a XP program, so
I did not run it on the Win98 machine. This seems too severe to just be
the ressult of doing that one name change of the Card Reader to CD drive
letter. But then again, it seems thateverything in XP is major
problem. I know this is an XP newsgroup, but I dont have much of
anything good to say about XP right now. I've had some pretty screwed
up things happen to Win98 over the years, and I always fixed them.
That's why I'm still running the same install of Win98 from 1998. I've
only had this install of XP for 6 to 10 weeks, and it's already trash,
and I hardly even used it.
I'll have to give a little praise to Win2000 too. It's still working
well, after taking the brunt of this mess.....
What more can I say.....
BTW: I see that prefetch files are just more rubbish. I deleted all of
them.......