In
Evan Weiner said:
Win firewall is on all the time except for the brief off-on periods
when it happens by itself.
Sorry to be so wordy, but this may be the last I can try to assist you
becuase from what I've read in your post, you are dismally protected from
malware due to the way you use the computer and a lack of facilities to keep
Security levels in place. I'm pretty much convinced you are the victim of
malware (wish I was wrong, but don't think so) and even worse. Your being an
online gamer with the minimal protection you have in place almost guarantees
you are infected, possibly by multiple sources, whether your scanners are
finding them or not. I can even see the possibility now that the off/on of
the firewall could be a game controlling the firewall and exposing one or
several or all ports to the public. Who knows how many things are being
controlled by malware.
In the end I think, and seldom recommend this, that a full return to
factory-delivered setup is the only sure way to get things working again.
And since it's a media center machine, only recover it using the mfr's
instructions or you could lose the media center features.
OK, that said:
I'm going to have to vote for malware I'm afraid, with more confidence than
I had before now. It's too bad you didn't run the other spyware programs
suggested or at least additional ones because in the spyware world, no
single program catches everything; each have their otwn strengths in
discovering malware.
I can think of NO setting or legitimate way to cycle the XP firewall off/on
randomly as you describe. That fact that it does so leads me to believe you
are already infected with something and part of it is a downloader: It's
grabbed the firewall and is pulling in more pieces of most likely more
malware each time that "off" cycle occurs.
In the event it stops happening, do NOT feel comfortable! It might stop
simply because it has finished assembling whatever nefarious programs it
wants to assemble. Not to scare you, but my research yesterday indicated
that you -might- (not does) have some sort of infection that is about to
turn your machine into a zombie (
http://en.wikipedia.org/wiki/Zombie_computer ) . These days they assemble
viruses/trojans in small pieces to prevent users from noticing them so
easily. If/when your ISP should notice zombie activity on your account
(spamming usually, unbeknownst to you), your account will usually be just
closed until you clean up your machine and get rid of it. Or, you could
already be zombied and the short off periods are to collect further
instructions from whoever placed the malware there.
I'm guessing at your level of expertise, but I suspect it might be more
expedient and easier for you to do a backup of ALL your data and completely
rebuild your C boot drive. Now that I know it's a media center machine, be
CERTAIN to follow the machine recovery instructions provided by HP or you'll
lose the media center capabilities. It's not a must to have the media
center parts installed as everything media center can do can still be done
without it, but when you don't know how to do that, the media center you've
already learned can be pretty valuable.
Since the recovery is on a hidden partition, issue the command to initiate
that method of recovery. If it's on the hard drive there will be a key
sequence to make it start; CTRL-F12 or something like that; your computer
documentation will tell you.
No other firewalls. Considering another just to see what happens.
Perhaps after you've fixed things that would be a good idea but right now
you are probably already infected and a new firewall won't stop anything for
long and might add complexity to your current efforts. Save firewall
research for after you have this current issue worked out.
FYI, ZoneAlarm and Norton AV each say to uninstall the other in order to use
them so they aren't compatible. Others work well though. Some people get
them to live together, others do not.
HP support said SP3 will render my HP Pavillion/AMD unstable. Tried
installing SP3 before that & failed. Considering trying it again.
Go to the MS support web stie and get the instructions and preps and
requirements for installing SP3. Your computer IS covered in those
articles!!
I don't have the KB handy but Microsoft Support has instructions on how to
manage this, I'm pretty sure. It's in one of the prerequisites to
installing SP3 articles. My sister has the same machine you do and works
fine with SP3. But, she visited MS and used the instructions they provided.
That tech seems to be a bit behind the times.
There's always Restore or reformat. I'm gun-shy with the reformat
having done it with Win 98 on an older machine and seeing no
improvement.
Bad way to judge things. Fixing the keyboard won't fix a printer<g>. The
most certain way to be sure there are no viruses, trojans, worms, etc., and
no file corruption plus no missing files is to do a clean install of the
operating system. If nothing else it almost always results in a faster
machine and in this case I think it may be the only viable solution you have
available to you. It even prevents the situation where some tiny piece of
code sits somewhere that is able to rebuild the malware and have it show up
again days or weeks later.
If you discover malware after a clean install, then you can be sure that
it was you or some other user that brought it in. When you get the
opportunity, simply be sure to delete/recreate partitions. Most on-disk
restoration does that for you.
Installing Win updates on notification, usually same day. Ditto HP,
Java. Firefox 3.5.6 beta seems to update itself. HP updates
periodically.
FF BETA? Uninstall it for the rest of your troubleshooting efforts, and see
what happens. BETA software as you probably know can still be buggy and
make strange things happen! When you have a problem, never allow BETA
software to be installed; it may be running a lot of background tasks you're
not aware of!
Killing offf BETA ware should be the first thing one does when problems
arise. They're easy enough to reinstall later on and might be the root
cause of the problems. Get rid of it until this is fixed.
Semantec AV 10.1 in place with Auto-protect enabled.
I assume that's Norton 2010? I don't see it off hand on the products page.
Whenever you need to test anything with auto-protect disabled be
ABSOLUTELY CERTAIN you disconnect from the internet!! It only takes a split
second for a drive-by to discover the opened ports and to dive into your
innards; and bingo, you're infected. Never, ever allow a connection without
AV running; it's more important than firewall or even spyware detectors,
though not a lot of difference in importance.
Online games and unsafe surfing are another way to unintentionally
download malware.
http://www.claymania.com/safe-hex.html
If you're a GAMER, you are very poorly set up to protect yourself.
Infections and malware are simply a way of life for gamers who fiddle with
new games and try out different games online. Almost any online game you
run opens ports to the public, making all kinds of accesses into your
machine possible. I'm a little surprised your current MWB and AV didn't
find a few, at least, problems. Also be sure to do full, deep scans when
you run scanners.
The keyword there is online. Games that don't connect to the internet
aren't usually problems but that said I've never seen one that didn't report
home somehow even if just to supposedly record high scores. I have my modem
on a switch and always kill it whenever I'm playing games or the like. If
that stops the game from running, then it also stops the game from living on
my computer said:
No router or gateway. Have Verizon DSL.
So; you're directly connected to the phone lines? There is no box of any
kind between your machine and the phone line? It'll work, but I'm real
curious why you didn't use the Verizon-supplied gateway or router? Most of
them have NAT
http://www.farpost.com/glossary/nat.php , which provides an
additional layer of firewall protection. Not enough protection, but still a
lot.
Will try net disconnect, firewall off, restart, firewall on, restart
after current wait/test.
SAV, Defender, Malwarebyte all up-to-date. Full scans periodically
after firewall off-on behavior started.
Try some additional spyware detectors as I mentioned before and see if they
find anything. If you're not sure of the reputation of a scanner, just ask
here. There are a LOT of junk and malware ones out there.
It's entirely possible that, even if these scanners do find something
now, however, that they will not completely clean the machine. A lot of
times a machine may appear to have been cleaned, but there will still be
something stashed away somewhere that allows the malware to rebuild and
reinstall itself. But then again, maybe not too.
Sfwr: Office 2003 (getting updates), Mathcad, emptemp2, FS9, Acronis
bkup, Skype, Firefox 3.5.6 (beta), IE7
ACRONIS!! Good! Copy your most recent image to DVDs so no matter what you
can always get back to this current point, even though it has a problem.
Then start working your way backwards re-imaging the drive with older and
older images (assuming you have them) until the problem disappears! Then go
ONE MORE image back to the preceding day, and if that's still clean you
MIGHT have a point, though out of date, that you can manually rebuild and
get back a working machine.
You might not have enough images, depending, to get back far enough in
time; it seems like somewhere you said this was a long-suffering problem?
IMO it's worth taking a look at though if you have the old data available.
I create DVDs of my Ghost images every seconc month just for this kind of
use. It's a pain to do but it paid off for me once, making it all
worthwhile.
Current testing is disabling startup stuff: DISC processes associated
with XP Win Media Center game tryouts (DISCover, DiscUpdateMgr,
MyFTP), jqs (Java Quick Start), Win Defender scheduled & real-time
scans. All proved negative except Defender which hasn't been tested
long enough (at least 1 hr).
Not sure I understand all that, but now it's known to be a media center
machine. ONLY REINSTALL per the instructions provided for your machine or
you'll lose the media center capabilities. This is a case where, much as I
hate them, the on-disk hidden recovery partition is an advantage! Assuming
it hasn't been damaged, which would be pretty unlikely.
See Security Flaws at:
http://en.wikipedia.org/wiki/Skype_security
http://share.skype.com/sites/security/2009/09/a_little_bit_about_trojanpesky.html
Twayne
