Posts by DMR

I've moved this to our Security forum, as that's where we concentrate on "spyware" problems.

At the very least, you've obviously been infected with the MySearch malware; some specific info on that can be found here:
http://www.mac-net.com/445088.page

Download and run the (free) spyware detection and removal programs listed in my sig below; they should clear out most of the crap in your system. After you've used the utilities, repost if you're still having problems.

Sorry, I just had to point that out- part of the job and all that.

Unfortunately, there's no simple way to bypass login passwords in XP or Win 2K; that's one of their security features. However, there are password recovery methods/programs available ; a search at www.google.com for the keywords "windows XP" "password" "recover" will turn them up.

Here's one with a few suggestions:
http://www.petri.co.il/forgot_administrator_password.htm

Hi Hyatt76- welcome to TechTalk :)

First of all, you need to start your own thread for your question. For one thing, your question will not get lost at the end of an old, long thread such as this one. The other reason is that threads quickly become difficult to follow when members other than the original poster start asking questions; it becomes confusing to discern whose answers relate to whose questions.

Thanks for understanding.

Have you forgotten the Administrator's password as well?

This is kind of a sketchy question to post here, because we don't allow discussion of hacking/cracking, and bypassing login passwords could certainly fall into that category. In other words- no offense, but we don't really know that it's your system that you're trying to get into.

The MD5sums check is pretty straight ahead- your download site should have the MD5sums checksum numbers available for each of the particular isos you got. You then run the MD5sums program on each of the isos and compare the resulting checksum numbers against the ones you got from the site; if they don't match, that means the download got corrupted. More info on the procedure, including links to the MD5sums program download, can be found here:
http://www.linuxiso.org/viewdoc.php/verifyiso.html

You want to do a DAO burn, and I personally tend to go kind of conservative on the burn speed when burning things like system disks. It's also a good idea to have your burning software do a media verification on the CDs.

OK- you've definitely got problems, but it's 12PM in my end of the world and I need to log off. Hang in there though- one of our other members (who live in a different time zone hopefully) should come around and help you out soon.

:)

and thank you but no thanks, i dont smoke :P. :)

Hey K_P, just a Fig Newton of speech. :mrgreen:

More on the rest tomorrow; I need to finish browsing the forums to do my mod duties for the night and then log off.

i supplied it with an internet connection, but it wont go to any web pages. do you think that could be related to not knowing the onboard nic card that i am using? what can i do to resolve this issue.

As to that: Here- smoke one of mine: :)

http://www.stevewolfonline.com/Downloads/DMR/Doc/Linux/Network/NICConfig.txt

Let us know the specifics of what you get you get from those steps and we'll take it from there.

<edit>
Sorry- I forgot to mention that your DNS nameserver IPs need to be entered in your /etc/resolv.conf file. If that file has no entries for the server IPs, you can edit the file to add them (it's a plain-text file as are most Linux config files). The format of the file is as follows:

search <your ISP's domain name>
nameserver <IP of your Primary DNS server>
nameserver <IP of your Secondary DNS server>

Hi lokoluis15, Welcome to TechTalk!

You need to post your question in it's own separate thread. When multiple people "piggyback" their questions on to a thread started by another member it quickly becomes difficult to follow the multiple troubleshoots.

Thanks for understanding :)

- Dave

I'm having the same problem as jheft

Phas,

You need to post your question in it's own separate thread. When multiple people "piggyback" their questions on to a thread started by another member it quickly becomes difficult to follow the multiple troubleshoots.

Thanks for understanding :)

- Dave

Hi- Welcome to TechTalk! :)

1. Did the anti-spyware programs find/fix anything?

2. Have you tried to repair IE? Instructions on how to do so are here:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;194177

Hi Whyzkid99,

First of all, you need to start your own thread for your question, and you need to post it in our Security forum- that's where we concentrate on HJT log analysis and general malware-related issues.

We ask that, for reasons of clarity, members abide by our "one member's question per post" rule and also post in the forum most suited for their particular problem.

Thanks for understanding :)

True, and the scans will probably run faster than they do under the Windows GUI. :mrgreen:

- You can safely have Ad Aware and SpyBot fix what they find; they're pretty spot-on.

- The different procedures are due to th efact that there are so many malicious programs out there (with the number growing daily) that there's no single "catch-all" utility to remove all of them. Also, some of the nasties are very difficult to weed out of your system, hence the occasional need to even whip out the tweezers and do some manual surgery.

Hm, not sure about that one- I don't use AVG. :?:

Yes... and?? :mrgreen:

Have you run any of the spyware removal utilities such as those in my sig file below? If not, do so and then post a fresh log

OK. We'll be here.:)

There are still a couple of suspicious items in there. Did you run your AV and spyware utilities while booted into safe mode? If not, try that.

If you open the chassis and poke around a bit you should be able to isolate the source. If it's the power supply or hard drive it should be pretty easy to determine which is the culprit. "Switching" power supplies can make clicking noises when they start to die, but then again, so can hard drives...

Yes, definitely make sure the master/slave jumpers on the drive are set correctly for the drive's location on the new computer's IDE chain.

If the jumpers are set correctly, open a DOS box and see what the "fdisk" has to report about the drive.

A conversion kit of that sort would allow you to install your desktop/tower computer in a standard 19" equipment rack. They usually come in one of two flavors: a kit which either has sliding rails or a shelf unit which allows you to mount the entire computer (chassis and all) in a rack, or a kit with a custom rack-mountable chassis into which you install your motherboard and system components.

Links in the following Google search provide examples:
http://www.google.com/search?q=computer+%22rack-mount%22+%22conversion+kit%22&hl=en&lr=&ie=UTF-8&start=10&sa=N

If you burned the disks yourself, did you verify the integrity (MD5sums) of the downloaded iso images? Did you verify the media?

Have you used the disks to (successfully) install on any other machines?

Absolutely- malicious programs called "adware", "spyware", and "hijackware".

You can get infested with these nasties simply by visiting certain web sites; you don't even have to download anyhting (knowingly, anyway).

I'm moving this thread to our Security forum, which is where we focus on these issues. Have a read through the other threads there to find out just how prevalent these problems are, and how to protect yourself from them. A good, short synopsis of the whole mess can be found here:

http://www.computercops.biz/postt7736.html

Marking as solved.... :)

Processes in this sense could be described as "system level" applications I guess- programs that are running in the background performing certain tasks, but not necessarily programs that a user has explicitly started or is interacting with. For example, your anti-virus software's real-time protection/system monitoring component, print spooling software, or power management software would all qualify as processes. Many processes are started automatically when Windows starts, and if they make changes to your disk/directory structure while you are running certain utilities (disk scanning or defragmenting utilities especially), they can cause those utilities to either hang completely or simply restart whatever function they were performing from the beginning.

Unfortunately, Windows 95/98's Task Manager doesn't list or allow you to manipulate your running processes if I recall correctly; it only lists open applications. If a backgroung process really is the culprit here, you'll need to find a third-party Task Manager replacement which gives you finer control than Windows' stock manager. (Win 2000/XP's Task Manager does list process information).

Thanks,
I have spoken with my ISP and they have confirmed that this is a problem related to them which they are currently working on a fix for. Thanks alot for the pointer.

You're welcome.
I hope they get it sorted out for you soon. :)

As I suggested, also contact your ISP.

OK- sorry I forgot to give you this info before, but look through the linuxiso.org link I posted earlier for information on how to verify your iso downloads with the MD5sums program. You also want to use whatever "verify media" option your burrning software has just to make sure that you don't have a batch of duff CD blanks.

OK- unfortunately I have to log off now. Hopefully another one of our members will pick up on this for you in the mean time.

Exactly how you burn the isos depends on your burning software, but the general answer is this: you need to burn them to disk as images, not as just a straight file/data copy to CD. The isos are a compressed form of the full data structure (image) of the CDs, and when you chose whatever "burn as image" option your particular burning program uses, the image file will be properly extracted/uncompressed into the full file hierarchy that you would expect to see on a data CD. The issue of being bootable is taken care of as part of the process; when properly burned, the iso of the first install CD will make that disk bootable. When you are ready to install, insert the first disk into your CD drive, boot from it, and the install will proceed from there.

You can find instructions and information about the whole issue of burning iso images at www.linuxiso.org.

Have fun!

... instead of avemspw.exe coming up in the HiJackThis scan, the file seemed to have renamed itself to aaamona.exe? Is that possible?

Yes, many of these wonderful little irritants can generate random filenames.

And can you please advise me on the Windows Media Player issue as well?

WMP has a lot of security holes and exploitable bugs. You should use Windows Update to download and install the most current fixes and patches from Microsft.

OK. Looks like we were posting at the same time.

Which version of Windows are you using?

Um, I just did... :mrgreen:

Seriously though- what I meant was open Windows Explorer, go to the "Tools" option on the top menu bar, choose "Folder Options..", and then click on the "View" tab. If you scroll down towards the bottom of the selectable items in the "advanced" area, you'll find the option I mentioned. If the box next to it is checked, uncheck it.

You might have other "unwanted guests" in your system, but the immediate answer to your question is to have HJT fix the following entry:

" O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load"

By the way: Welcome to TechTalk! :)

In Explorer's Tools->Folder Options->View preferences, do you have the "Restore previous folder windows at logon" option enabled? If so, uncheck it.

You've still got a bunch of unwanted guets in there. Have you run Ad Aware, SPyBot, and CWShredder (with the absolutley most current versions and updates) yet? If not, do so and post a fresh log.

" O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\SDKQH32.DLL,Install"

That looks questionable. Locate that file, right-click on it, and look through its properties- any identifying info there?

Yeah, if you're going to be sharing files and doing messaging over the Net, you'll unfortunately have to open up some ports that are considered security risks.
As for file sharing, obviously you'll need sharing enabled in order for others to see/use your shared folders. I haven't been able to find the connection (or if there really is one) between MSN Messenger and file/print sharing, but I'll research it further and repost if I find any info.

"owner documents"? Could you clarify that please?

If downloading is a pain, you might want to order CDs from www.cheapbytes.com. They've got quite a variety of distros available, and as their name says- the prices are cheap.

One important thing: make absolutely sure that your hardware is compatible with whatever distro (and specifically, version of the distro) you decide to go with. Most distros have a Hardware Compatibility List (HCL) on their support site; check that out before purchasing/installing.

It's also a very good idea to have the detailed specifications for your video card, monitor, network card, etc. If your distro doesn't auto-detect a certain piece of hardware you may have to configure it manually, in which case you'll need that info to get things working.

...got a problem with my comp, running on ME.

Yup, that's your problem all right. :mrgreen:

Seriously though- can you get the system to boot properly in safe mode? To do so, when the computer boots, hit the F8 key just as Windows starts up (right after the BIOS messages end).

Sounds like you've still got something running which is accessing the disk during the time of your scans. When you say there's nothing obvious running in the background, does that include not only programs but processes as well?

Sounds like caperjack has it- That's exatcly what you would experience with a "closed" (aka "finalized") disk. Check your program's preference settings.

You've got "spyware" in your system. The bridge.dll error is (unfortunately) quite well known.

I'm moving this thread to our Security forum. Read through some of previous bridge.dll-related threads in that forum for the solution to that particular problem, and then read the info in the following link to find out how to get and use the recommended (and free) detection and removal tools:

http://www.daniweb.com/techtalkforums/thread5690.html

Is it just Netscape, or does this happen with Internet Explorer as well?
Does it seem to be only hotmail recipients?
Can you send mail to the recipients from another computer?

You might want to contact your ISP; it could be a problem with something "upstream".

It definitely sounds like the symptoms of virus/malware infection. Read through the info in the link that Catweazle posted and try the detection/removal programs mentioned there.

If you find something that you can't remove or simply have questions about the removal procedures, start a new thread in our Security forum and we'll take it from there.

Great!

Marking as solved...

True about the 802.11b vs 802.11g issue; the 802.11b performance should be fine for normal home usage.

Yeah, speed kills man. Remember- friends don't let friends speed and post.

:mrgreen: