Thread: Computer Problems

  1. #1
    Registered User
    Join Date
    Mar 2004
    Posts
    3

    Computer Problems

    I am not computer savvy and would like some input on what may be my computer problem. The following events sometimes happen while I am on the internet:
    -CD-Rom drive opens
    -the computer just shuts off
    -mouse freezes
    -I get a lot of antispy pop up ads
    -when press Ctrl + Alt + Delete and end the task that is not
    responding, there is a clicking noise and I am unable to do anything with the computer except to restart manually.

    Also, while I am offline the following sometimes happens:
    -when attempting to print a document from a disk(A drive), the computer screen flashes and the mouse freezes; it does not print
    -save Microsoft Word documents on my disk and later can not print them because it has become a read only document. There are these squiggly lines followed by WP and some numbers that appear on my saved documents on the disk.
    -the desktop just disappeared.

    After having these problems for a while, I decided to install Norton System Works 2002 and scan weekly. It found a few Trojans and they were quarantined. It did not find any viruses. When I scan weekly Norton does not find any viruses or any more Trojans, but I'm still experiencing these problems. Any suggestions on what may be the problem? Thanks.

  2. #2
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    I'm guessing you're a MS-windows user, using internet explorer (exploder) for web browsing and outlook (lookout) as your email client.

    Are you up to date with all the patches from Microsoft?

    Right click on the IE icon and select the security tab. The little slider should be at high security for the internet zone.
    If your favourite (and trusted) website cannot now be visited, then make that site a trusted site.

    In Outlook, turn off any message preview and anything which handles attachments "automatically".

    If you're running XP, read the help pages on the internal firewall which MS provide, and enable it.

    Go here
    Another board I use suggests using the "HijackThis" tool.
    If you post the log which it produces here, perhaps some of the windows users (not me) will be able to advise you on what you find, though the tool itself knows about some of the rubbish which can infect your system.
    Ad-Aware is another one to try.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  3. #3
    Its not rocket science vasanth's Avatar
    Join Date
    Jan 2002
    Posts
    1,683
    well looks like the work of a trojan.. Though norton has removed most of them there is a chance some trojan is still there... Because you get so many small utilities to hijack PC's.. not all are recognised by Norton...

    I suggest you installa personal firewall like Zone Alarm which can be obtained for free... But a long term suggestion would be to do a clean install of the OS.. but the firewall should work if the problem is what i think it is..

  4. #4
    Much older and wiser Fountain's Avatar
    Join Date
    Dec 2001
    Location
    Engeeeerland
    Posts
    1,158
    Salem is right (as per usual), Vasanth is also right.

    If you have all the relevant discs etc, just wipe the lot.

    And its more fun!
    Such is life.

  5. #5
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    My favourite solution (a bit long winded, a bit expensive, and needing a bit of computer savvy) is as follows.
    But it does have some advantages as well.

    1. Buy another hard disk comparable to the one in your machine ($50 to $100). At a push, you could borrow one on an exchange basis.

    2. Remove the existing HD and place carefully to one side for the moment. Install the new HD in the machine.

    3. Reinstall the OS and your favourite trusted applications, along with a good virus checker, spyware checker, firewall and whatever else takes your fancy. Make sure everything is patched up to date.
    You now have a nice new install which behaves as it should.

    4. On the original HD you removed, locate the hardware link which determines whether the drive is "master" or "slave". Set it to "slave mode".
    Put the disk back in the machine, and attach it to the same cable going to the new HD.
    When you reboot your machine, C: will be your entire new disk, and D: will be your entire old disk.

    Since nothing runs off the D: by default, there is no possibility that anything lurking on D: will be loaded which may interfere with a virus scan, so you can scan it properly.
    You also have a perfect online backup of all your original work, so you can cherry-pick the files you really want to keep off D: and move them to C:
    When you're sure you've copied everything you want to keep, you have a free hard disk to do what you want with.

    You could leave it in your machine, reformat it to blow away every last trace of any remaining malware and use it as a hot backup of your C:

    You could take it out, and keep it for when you want to go through this process again.

    You could use it to experiment with say installing Linux on it, without the worry of trying resize partitions / dual boot with the windows OS
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  6. #6
    I made a program that does this before. It's called a backdoor. Don't worry, it's not mine; I don't know you enough to hate you enough to put it on your computer. In fact, I've only put it on one person's computer, and they are still oblivious

  7. #7
    ¡Amo fútbol!
    Join Date
    Dec 2001
    Posts
    2,138
    Originally posted by bludstayne
    I made a program that does this before. It's called a backdoor. Don't worry, it's not mine; I don't know you enough to hate you enough to put it on your computer. In fact, I've only put it on one person's computer, and they are still oblivious
    You, my friend, are an utter loser.

  8. #8
    Registered User
    Join Date
    Mar 2004
    Posts
    3
    Thanks to everyone who responded.

    Bludstayne, when I ran Norton on one of my computers it found eight backdoors and I quarantined them. How can I prevent
    this from happening again?

    Vasanth, I'm going to do a search for the free Zone Alarm personal firewall and install it. Hopefully after installing this, these computer problems would stop.

    Salem, I changed the slider to High security. In Outlook, how
    do I turn off message preview? Also, what is an XP? I would
    like to enable the internal firewall, but I do not know what is XP. I scanned using the Ad-Aware and quarantined everything it found. I also used "Hijackthis" and since I don't understand what the results mean, I'm posting it on this thread. Can someone please give me advise on what Hijackthis found? It is sought of long, but since I'm not very computer knowledgeable any help would be appreciated. Thanks again.

    Logfile of HijackThis v1.97.5
    Scan saved at 5:44:29 PM, on 3/16/2004
    Platform: Windows ME Win9x 4.90.3000
    MSIE: Internet Explorer v5.50 5.50.4134.0100

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
    C:\Program Files\Norton SystemWorks\Norton CleanSweep\Monwow.exe
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\SHELLMON.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\O199FBLM\HIJACKTHIS[1]\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://out.true-counter.com/b/?840828 obfuscated
    R1 - HKCU\Software\Microsoft\Internet Explorer,Default_Search_URL = http://0-OL1OIZ-XOLXII1-OXLI10OZL1L1.../ogsearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://out.true-counter.com/c/?840828 obfuscated
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://out.true-counter.com/b/?840828 obfuscated
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.syspage.com/ads/homepagesai.php?id=start6
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?840828 obfuscated
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?840828 obfuscated
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://out.true-counter.com/c/?840828 obfuscated
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?840828 obfuscated
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://out.true-counter.com/a/?840828 about:blank obfuscated
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://out.true-counter.com/b/?840828 obfuscated
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com/start.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?840828 obfuscated
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?840828 obfuscated
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://out.true-counter.com/c/?840828 obfuscated
    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?840828 obfuscated
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?840828 obfuscated
    O1 - Hosts: 645238813 auto.search.msn.com
    O2 - BHO: no name - 06849E9F-C8D7-4D59-B87D-784B7D6BE0B3 - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: NAV Helper - BDF3E430-B101-42AD-A544-FADC6B084872 - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - 8E718888-423F-11D2-876E-00A0C9082467 - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - 42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6- C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: ScanRegistry C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: SystemTray SysTray.Exe
    O4 - HKLM\..\Run: MSConfigReminder C:\WINDOWS\SYSTEM\MSCONFIG.exe /reminder
    O4 - HKLM\..\Run: NAV Agent C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: NPROTECT C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: SpyHunter C:\PROGRAM FILES\SPYHUNTER\SPYHUNTER.exe
    O4 - HKLM\..\RunServices: SchedulingAgent mstask.exe
    O4 - HKLM\..\RunServices: ScriptBlocking "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: CSINJECT.EXE C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
    O4 - HKLM\..\RunServices: NPROTECT C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: SymTray - Norton SystemWorks C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
    O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
    O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
    O9 - Extra button: Messenger HKLM
    O9 - Extra 'Tools' menuitem: MSN Messenger Service HKLM
    O9 - Extra button: Real.com HKLM
    O9 - Extra button: AIM HKLM
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
    O15 - Trusted Zone: *.msn.com
    O16 - DPF: D27CDB6E-AE6D-11CF-96B8-444553540000 Shockwave Flash Object - http://download.macromedia.com/pub/s...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
    O19 - User stylesheet: C:\WINDOWS\Web\oslogo.bmp file missing
    O19 - User stylesheet: C:\WINDOWS\default.css file missing HKLM

  9. #9
    ¡Amo fútbol!
    Join Date
    Dec 2001
    Posts
    2,138
    All of the R0's and R1's are definately bad.

  10. #10
    Rabite SirCrono6's Avatar
    Join Date
    Nov 2003
    Location
    California, US
    Posts
    269
    From C to shining C++!

    Great graphics, sounds, algorithms, AI, pathfinding, visual effects, cutscenes, etc., etc. do NOT make a good game.
    - Bubba

    IDE and Compiler - Code::Blocks with MinGW
    Operating System - Windows XP Professional x64 Edition

  11. #11
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    > Also, what is an XP?
    Microsoft's latest (and best so far, but still not that secure) operating system for the masses
    You for example have a rather old ME

    > All of the R0's and R1's are definately bad.
    I'd agree with that!

    > O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
    This probably puts the whole mess back again

    > O19 - User stylesheet: C:\WINDOWS\default.css file missing
    Looks like something deleted this so it could use its own css
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  12. #12
    Bludstayne, when I ran Norton on one of my computers it found eight backdoors and I quarantined them. How can I prevent
    this from happening again?
    Two choices:
    1. Be careful on the net
    2. Don't use the net

  13. #13
    Registered User
    Join Date
    Mar 2004
    Posts
    3
    Okay Golfinguy4 and Salem, what are R0's and R1's? Why is it bad and how do I fix it?

    Vasanth and SirCrono6, I installed ZoneAlarm, but since then the computer continues to just shut down when I'm online. What could be causing this?

    Salem, please explain your last statments in layman terms. I do not understand.

    Thanks.

  14. #14
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    You don't need the R0 and R1 to tell you they're bad, just look at the information.
    a) have you ever heard of those websites before?
    b) why would they need to be obfuscated (hidden) if they were legitimate?

    Read the help which comes with HiJackThis.

    It has backup features (to undo what it does)
    It has clean features to suggest things which need to be removed, and the ability to remove them.

    I suggest you try those things to see what it suggests should be removed.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. No clue how to make a code to solve problems!
    By ctnzn in forum C Programming
    Replies: 8
    Last Post: 10-16-2008, 02:59 AM
  2. Browser Problems with new computer
    By Rune Hunter in forum Tech Board
    Replies: 11
    Last Post: 12-06-2004, 12:30 AM
  3. Computer Quotes
    By JaWiB in forum A Brief History of Cprogramming.com
    Replies: 19
    Last Post: 04-01-2003, 08:31 AM
  4. Computer Problems..... I NEED HELP!
    By bobthemighty in forum Tech Board
    Replies: 5
    Last Post: 09-07-2002, 10:24 AM
  5. computer sex
    By Unregistered in forum A Brief History of Cprogramming.com
    Replies: 5
    Last Post: 09-17-2001, 07:09 PM