Go Back   Team-BHP > Around the Corner > Shifting gears > Gadgets, Computers & Software


Reply
 
Thread Tools Search this Thread
Old 24th November 2009, 15:12   #1
Senior - BHPian
 
Gordon's Avatar
 
Join Date: Feb 2004
Location: Mumbai
Posts: 2,420
Thanked: 159 Times
Default PC Problems

Got two unrelated problems. PC is running on Windows XP.

FIRST PROBLEM
My PC is sending out more packets and it isn't recieving anything. The internet connection is completely jammed. When I run MalwareBytes it finds four errors. These four errors are repetitive and usually when they are fixed and the PC is restarted the problem is temporarily solved.

Quote:
Registry Keys Infected:
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\synsend (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
Files Infected:
  • C:\WINDOWS\system32\Drivers\str.sys (Rootkit.Agent) -> Delete on reboot.
SECOND PROBLEM
I deleted all 'Search Assistant' occurences in the Registry. Now I realize that its the Search of Windows Explorer. So basically there is no 'search' in my Windows now.
Gordon is offline   Reply With Quote
Old 24th November 2009, 15:31   #2
Senior - BHPian
 
wildon's Avatar
 
Join Date: Jul 2007
Location: Bangalore
Posts: 2,412
Thanked: 1,033 Times
Default

either you update/repair the windows os using online/cd or just use the restore feature if enabled.

Start> All Programs> Accessories> System Tools > System Restore then select a back date and restore.
wildon is offline   Reply With Quote
Old 24th November 2009, 15:36   #3
Senior - BHPian
 
Gordon's Avatar
 
Join Date: Feb 2004
Location: Mumbai
Posts: 2,420
Thanked: 159 Times
Default

Quote:
Start> All Programs> Accessories> System Tools > System Restore then select a back date and restore.
Oh thats the THIRD PROBLEM
My System Restore is blocked. Gives an error: "System Restore is not able to protect your computer. Please restart your computer, and then run System Restore again."

Restart does not help. I've tried numerous other ways to get it working all to no avail.
Gordon is offline   Reply With Quote
Old 24th November 2009, 15:41   #4
BHPian
 
hemanthisgreat's Avatar
 
Join Date: Jul 2007
Location: Bangalore
Posts: 587
Thanked: 8 Times
Default

Quote:
Originally Posted by Gordon View Post
Oh thats the THIRD PROBLEM
My System Restore is blocked. Gives an error: "System Restore is not able to protect your computer. Please restart your computer, and then run System Restore again."

Restart does not help. I've tried numerous other ways to get it working all to no avail.

Run system restore in safe mode (press f5 when starting the pc), it will work.
hemanthisgreat is offline   Reply With Quote
Old 24th November 2009, 15:51   #5
Senior - BHPian
 
NetfreakBombay's Avatar
 
Join Date: Jan 2008
Location: Bombay
Posts: 1,375
Thanked: 315 Times
Default

Easiest way is to format+reinstall. Since it is very difficult to know which areas (boot/registry) have been affected.
NetfreakBombay is offline   Reply With Quote
Old 24th November 2009, 16:56   #6
Senior - BHPian
 
Join Date: Dec 2007
Location: Dubai
Posts: 3,854
Thanked: 123 Times
Default

Rootkit is it; I would go with what NetFreakBombay says.

It is more than just about the affected areas, but more on what has been done so far.

Rootkits have a nasty way of stealing your information. Not to scare you, but I would strongly recommend that you change the password of your online transaction portals from another clean machine.

Do not do a system restore, since I am certain that even that might be infected. But then, you are not able to restore, which is good.
HappyWheels is offline   Reply With Quote
Old 24th November 2009, 17:15   #7
BHPian
 
Join Date: Jan 2009
Location: Bangalore
Posts: 67
Thanked: 2 Times
Default

Quote:
Originally Posted by NetfreakBombay View Post
Easiest way is to format+reinstall. Since it is very difficult to know which areas (boot/registry) have been affected.
+1
This is the best way to get a clean install of Windows XP.
coolfyre is offline   Reply With Quote
Old 24th November 2009, 17:16   #8
BHPian
 
ksethuram's Avatar
 
Join Date: Feb 2006
Location: Chennai , London (now)
Posts: 233
Thanked: Once
Default

This looks like a serious attack of malware/ trojans. Do not do any online transactions through this PC.

If you have any data to be recovered, try copying them to a USB drive and then do a clean format and re-installation. Once you have re-installed, install a good virus scanner suite and then scan the USB for virus, clean it and then copy back all your stuffs.

Please do not use any non original operating system discs which says they are OEM and they do not want any activation (i have come across a few) as they come with malwares put in already. Not all hackers do things for free.

To stay away from virus i suggest moving away from Windows and using ubuntu which is open source. I personally use Ubuntu for banking transactions and photo editing eventhough i have Windows 7 in the other partition.
ksethuram is offline   Reply With Quote
Old 24th November 2009, 17:25   #9
Senior - BHPian
 
wildon's Avatar
 
Join Date: Jul 2007
Location: Bangalore
Posts: 2,412
Thanked: 1,033 Times
Default

Another Solution is Log in as Administrator and delete the current user name/profile.
Just give a try. Just make sure that important files are kept in other drives .

Last edited by wildon : 24th November 2009 at 17:27.
wildon is offline   Reply With Quote
Old 24th November 2009, 20:18   #10
Senior - BHPian
 
Join Date: Sep 2006
Location: zxc
Posts: 3,392
Thanked: 654 Times
Default

Do! one thing. Download Hijackthis and post the log! will advice the best possible solutions.

ALso if its not solved please download Teamviewer and tell me when is that you are online. will solve it from my office. Mostly weekdays after 3.30 pm.

This offer stand for all team bhpians.


Thanks

kenden
SirAlec is offline   Reply With Quote
Old 24th November 2009, 20:22   #11
Senior - BHPian
 
wildon's Avatar
 
Join Date: Jul 2007
Location: Bangalore
Posts: 2,412
Thanked: 1,033 Times
Default

Also
http://go.trendmicro.com/housecall7/...llLauncher.exe
Its a online free service from Trendmicro and will removes if any virus left.
wildon is offline   Reply With Quote
Old 24th November 2009, 20:39   #12
Senior - BHPian
 
Join Date: Dec 2007
Location: Dubai
Posts: 3,854
Thanked: 123 Times
Default

@SirAlec,

I would have suggested the same and gone with this route, but with a rootkit, best not to take chances.

Would be good to do this only if the computer is a no-way-i-am-formatting category.

And yes, TeamViewer, free for personal use, is a wonderful tool.

@Wildon,

Deleting the user profile is of no use. The rootkit is not stationed there. And yes, TM's house call is good, but not a one-stop-shop. Heck, none of the anti-virus are a one-stop-shop, for that matter.
HappyWheels is offline   Reply With Quote
Old 24th November 2009, 22:04   #13
Senior - BHPian
 
Gordon's Avatar
 
Join Date: Feb 2004
Location: Mumbai
Posts: 2,420
Thanked: 159 Times
Default

Wow. Thanks a lot guys for the help. Seems my only option is format and reinstall. The PC was first attacked by the 'Full House Driver' virus. It blocked task manager, captured internet explorer homepage, wallpaper. I suspect this virus to be the root cause of all problems.

I've used the following already:
  • Free AVG
  • Lavasoft Ad-Aware SE
  • MalwareBytes AntiMalware - only after using this one did the Full House Drive virus became soft. Whateverr was blocked opened up, but the drive is still on the desktop.
  • CCleaner
  • Microsoft Antispyware
  • HiJackThis
  • Registry Winner - evaluation, so the cleaning option wasn't available.

Any recommendations on a simple free easy-to-update anti-virus and anti-malware software for the new XP to be installed? CCleaner is good and I will install that.
Gordon is offline   Reply With Quote
Old 24th November 2009, 22:11   #14
Senior - BHPian
 
wildon's Avatar
 
Join Date: Jul 2007
Location: Bangalore
Posts: 2,412
Thanked: 1,033 Times
Default

Quote:
Originally Posted by Gordon View Post
Any recommendations on a simple free easy-to-update anti-virus and anti-malware software for the new XP to be installed?
Try this Avira AntiVir Personal - FREE Antivirus

Its known to be good and comes with every Toshiba Laptops.

also have a look here to find more freewares
MajorGeeks.com - Download Freeware and Shareware Computer Utilities.

Last edited by wildon : 24th November 2009 at 22:23.
wildon is offline   Reply With Quote
Old 24th November 2009, 22:40   #15
Senior - BHPian
 
aaggoswami's Avatar
 
Join Date: May 2007
Location: Vadodara
Posts: 4,628
Thanked: 1,318 Times
Default

1) Reinstall OS. They way you have described the problem, its not worth to try new tricks.

2) Buy Kespersky as its relatively cheaper to buy and is not very heavy on resources. The free versions will not have all the features that we usually get in paid version.

3) Avoid any bank transaction during this period. This is quite risky.
aaggoswami is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
Virus problems/spyware problems! post here! SirAlec Gadgets, Computers & Software 10 16th July 2014 00:05
Mahindra Scorpio CRDE 2007 - Problems 'n' Problems chandrda Technical Stuff 3 13th November 2009 09:59
Kimi Faces problems again! S350L-E240 Int'l Motorsport 6 11th May 2004 01:31
Mighty Honda has Quality problems too! amit The International Automotive Scene 7 20th April 2004 11:11


All times are GMT +5.5. The time now is 14:35.

Copyright 2000 - 2017, Team-BHP.com
Proudly powered by E2E Networks