Posts by DMR

You still have active remnants of the iSearch infection, which means that there's a good chance the infection will return in its full glory:

O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll

1. You probably will need to get into Safe Mode to effect the removal of the isrvs folder, and F8 is the key that gets you to the Safe Mode boot menu. The problem is that you have to hit F8 at just the right time; if you hit the key too late, the system won't catch it, and Windows will just continue to boot normally. You need to hit the F8 before the Winodws start-up screen/logo appears, so the best thing to do is to just start tapping F8 right after you turn the computer on. If you miss the timing, just reboot and try again.

2. Also, you may need to "unregister" the mfiltis.dll file before you're able to delete it. Do the following:

- Open an MS-DOS window, type the following command at the prompt, and then hit Enter:

regsvr32 /u C:\WINDOWS\isrvs\mfiltis.dll

- Close the DOS window once the command completes.

- Run HijackThis again and have it fix:

O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll

- Boot into Safe Mode and try to delete these folders entirely:

C:\WINDOWS\isrvs
C:\Program Files\CxtPls

- Empty your Recycle …

Those files are definitely components of malious infections, but it looks like they're only "leftovers" for the most part. If they were active, we'd see plenty of evidence of them in your HJT log.

1. Delete these files:

C:\WINDOWS\system32\drivers\etc\hosts.bho
C:\WINDOWS\system32\SHAgentNew.dll
C:\WINDOWS\inf\consorr.inf
C:\WINDOWS\inf\localNRD.inf

2. Delete these folders entirely:

C:\WINDOWS\ILookup
C:\Documents and Settings\Ana\Application Data\Business Logic

3. It's your decision to keep or uninstall the Ares program, but since filesharing is a great way to get yourself infected with malware, I'd suggest dumping it.

OMG - I LOVE him/her/it/whatever - perfect!!!

He's a freebie if you want him. Just right-click on him and choose "save image as.." But wait- there's more... :mrgreen:

(I'll try to have a look at your HJT log, but I'm not sure how much time I'll be online today...)

By the way:

"faulty RAM or mismatched RAM modules" ... I have no idea what these are or how to check them.

RAM means your computer's memory (RAM= Random Access Memory).

Memory comes on small separate cards (modules) that get plugged into sockets on your computer's motherboard (main circuit board). The memory chips on the cards can fail, and that will cause all sorts of Bad Things to happen. Over time, the modules can also physically work their way loose from their sockets, making for a bad electrical connection.

Additionally, there are different types of memory modules, and they're not all compatible with each other. This is what Catweazle was referring to in terms of "mismatched". If you haven't addded any memory to your computer since you bought it, a module mismatch won't be the problem.

All I can think of was when I updated my videocard driver which I think may be the problem.

Good call; STOP:0x8E errors can be caused by video-related issues.

You should try to "roll back" the driver to the previous version and see if that has any effect on the problem:

- Right-click on the My Computer icon on your desktop and choose "Properties" from the resulting popup menu.

- In the Properties window, click the Hardware tab and then click the "Device Manager" button.

- Click the "+" sign next to the "Display Adapters" entry in the hardware list to show your video card; write down the name of the card in case we need it later.

- Righ-click on card's name, choose Properties from the menu and then click the Driver tab.

- Click the "Roll back driver" button and follow the prompts from there.

WooHoo! :lol:

Didn't feel a thing

Yeah, well, hang in there- it takes a bit for the nausea to set in... [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/puke2.gif[/img] :mrgreen:

Seriously though, to answer your questions:

1. Ad Aware and SpywareGuard (and it's companion program SpywareBlaster) do thier job by different methods, but SpyBot actually is one of the programs that can add a list of known "nasties" to your hosts file, although it doesn't do it as part of its default installation. To have Spybot add its list of nasties to your hosts file, do the following:

- Open SpyBot and have it check for and install its most current updates.

- Under the Mode menu in SpyBot's main window, choose "Advanced Mode".

- Click on the "Tools" option that appears in left-hand side bar, and then click on "Hosts file". This will display the contents of your current hosts file in the lower right-hand pane, and will also display a button labelled "Add SpyBot-S&D Hosts File" at the top of that pane.

- Click on that button, and SpyBot will add its entries to your hosts file; the addtitions that it makes will appear in the lower right-hand pane after that. If you look through those additions, you'll see that SpyBot has added around one thousand "blocked" sites to your hosts file; all mapped to the 127.0.0.1 localhost IP address.

2. Do I use those sorts of additions in the hosts files on my …

By the way- this is a security-related issue, so I'm moving it to our Viruses, Spyware, and other Nasties forum now. That's a more appropriate location for your question, and you'll get more input from our other security experts there.

Buckle up, we're going for a ride... :)

An even deeper discussion/explanation of the function of the 127.0.0.1/localhost/loopback address (and the hosts file as a whole) would only make your head implode even faster, so I'll skip the painful details :mrgreen:

To answer your question, though:

I wouldn't say that the hosts file in an "important" part of network security as a whole, but it does have its uses in that regard for just the reasons given in Gorilla's article.

On a very basic level, you can think of associating ("mapping", to be more specific) a "bad" website's URL to the 127.0.0.1 address via the hosts file as a way of sending all traffic to/from that site into a "black hole". The details of how that works are unimportant from a user's perspective; all you really need to understand is that a malicious site that gets mapped to the localhost IP address can scream at you all it wants, but your computer just isn't going to listen to it.

Also: you don't even need to learn how to implement this feature of the hosts file yourself. There are free "anti-spyware" programs which will do this for you automatically, and there are many freely downloadable hosts files which already have entries for known malicious sites/domains enterd into them; you just replace your existing hosts file with one of those.

Links to more information on those programs and "spyware-protected" hosts files can be found here:

http://www.google.com/search?hl=en&lr=&q=adware+block+%22hosts+file%22&btnG=Search

when i try to eject the CD via pushing the button on the side of the drive...the Drive just wont open

now i know this has to be a software issue coz when i do the manually process of opening the drive it opens

Those two statements contradict each other- pushing the button on the drive is a maual process.

More specific information on your problem would help:

- What exact version of Windows? Give us the hardware specs of computer as well; as the others have said, STOP errors are often hardware-related in some way.

- Is what you posted the full contents of the BSOD message? If the error mentions a file, tell us that file's name.

- When did the crashing start to occur? Had you made any hardware or software changes at about that time (think carefully...)?

Versions of that puppy have been around for a couple of years now; if you install the most current updates for your anti-virus program, that should be able to clean it. If not, you can also try these free online anti-virus/anti=spyware scans:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.bitdefender.com/scan/licence.php
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.ravantivirus.com/scan/

If the a-v programs can't clean the infection for some reason, give us more details (the names of infected files, the names of the folders they live in, etc.).

Hi maggiebr,

First of all- welcome to TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

In the future, please start your own thread and post your question there. When you do, try to give us as much specific info as possible regarding the problems you're having (exact error messages, system specs, etc.).
I've split your post into its own separate thread, which you can find here:

http://www.daniweb.com/techtalkforums/thread23999.html

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

Hi Stuart86uk, welcome to the site :)

To keep confusion to a minimum, we have a "one member's question per thread" policy in our forums. If you need help in the future, you should start your own thread and ask your question(s) there.

I'll answer the questions you've already asked here, though:

1. The 32-bit version of Mandrake should run just fine on a 64-bit platform. It obviously won't be able to take full advantage of the 64-bit architecture, but even so, some users have reported that their 32-bit Linux installs have run slightly faster on 64-bit machines.

2. Your stranger in the lab coat was referring to the fact that Mandy has traditionally been the most Windows-like distro in terms of "look and feel", making it a good introductory distro for users coming from the Windows world. That isn't as much the case any more though, as many other distros now use GUI environments that are very "point-n-click", and include setup "wizards" and other such windows-ish "ease of use" features. SuSE and Fedora definitely fall into this category.

Many hard-core Linux users will tell you that those are "toy" distros, because they do most of the work for you, but IMNSHO that is a Good Thing for Linux newcomers. The point that those poeple often forget though, is the fact you don't have to use the graphical goodies to accomplish tasks; if you want to get your hands dirty by hand-hacking your …

... I guess that means I'll probably get to try this little trick again in the near future. .

Update:
Yes- twice since then; the fix worked for both...

but the second one had an error message when i tried to delete(folder name also LEGACY_MSLLR

The MSLLR service no longer shows up in your HJT log, which is good.

What exact error did you get when tried to delete the LEGACY_MSLLR entry?

In addition to what DMR has suggested, try to delete hzdll.dll and hoo.dll (you may need to boot into Safe Mode)

Oops- I forgot that part...

If you can't delete the ddls even in safe mode, try unregistering them before attempting deletion:

Open a DOS window, type the following two commands at the prompt, hitting enter after each:

regsvr32 /u C:\WINDOWS\SYSTEM\hzdll.dll
regsvr32 /u C:\WINDOWS\SYSTEM\hoo.dll

...you should fight your way through the problems of running multiple instances of NAT and DHCP along with static routing.

A good idea, but it could get ugly. :mrgreen:

ketuketeh,

w1r3sp33d has pretty much outlined your basic problem: because you have two routers, you are going to have issues concerning multiple routes and gateways. Configuring a network topology like that can certainly be done, but it definitely over-complicates things for a small home network.

If you want to stick with the Linksys router (as opposed to buying a simple switch), and your version of BEFW11S4 has an "uplink" port, see the instructions in the links below. The configuration they describe basically bypasses the router's WAN/gateway side and uses only its LAN switch side.

http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=358&p_created=1084209764&p_sid=FJfGf8Dh&p_lva=&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9MjM1JnBfcHJvZHM9MSwwJnBfY2F0cz0mcF9wdj0xLjE7Mi51MCZwX2N2PSZwX3NlYXJjaF90eXBlPWFuc3dlcnMuc2VhcmNoX25sJnBfc2NmX2xhbmc9MSZwX3BhZ2U9MSZwX3NlYXJjaF90ZXh0PXdpcmVsZXNzIHRvIHdpcmVk&p_li=&p_topview=1
http://www.dslreports.com/faq/3603

Another method would be to connect the Prolink and Linksys as you've already done (prolink switch port-->LinksysWAN port, but also:

- Go into the Dynamic Routing tab of the BEFW11S4's setup utility and change the router mode from "Geateway" to "Router".

- Turn off DHCP on the Linksys.

- Configure the Linksys with static IP info corresponding to the Prolink's 10. network. To avoid addressing conflicts, you will need to make sure that the Linksys' IP is outside of the range (scope) of DHCP addresses handed out by the Prolink. That is, if the Prolink's DHCP function is configured to assign addresses between 10.0.0.1 and

Hi foxkueh,

- Your log looks clean, except perhaps for this entry:

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

WinPcap is a network packet-capturing tool. It can be used for legit network analysis and troubleshooting, but it can also be used for Bad Things. Did you knowingly install WinPcap and/or any networking utilities such as Ethereal?

- What rvince said about tracking cookies is often true, but you should never assume that any entries reported by SpyBot, Ad Aware, and other anti-spyware programs are harmless.

All of the anti-spyware utilities that I know of give you some way to see more detailed information on the objects they find (double-clicking on an object, right-clicking on it, viewing a log file, etc.), and you should do that if you're unsure of what something is/does.

- A lot of these nasties hook into your system through Active X controls. You can close up some of the "loopholes" in ActiveX by installing SpywareBlaster. For real-time monitoring and notification of attempted ActiveX downloads, browser hijacks, etc., use SpywareBlaster's companion program SpwareGuard.

- Another helpful pevention tool is IESpyad.

- Enable Windows' "Automatic Update" feature to mae sure your system stays current with the latest security patches and bug fixes from Microsoft.

That sounds like a smitfraud symptom.
There are a couple of variants of that infection, and it also tends to bring a few "friends" along with it, so the first thing we should do is get a HijackThis log from you.

You probably know the drill already, but:

Download the (free) HijackThis utility from here.

Once downloaded, follow these instructions to install and run the program:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here.

Good work- there's no sign of Aurora/Nail in your latest log. :)

However, there are still a couple of leftovers that need to be cleaned up.

1. Have HijackThis fix the following two entries, but leave HiajckThis open after the fixes complete:

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O23 - Service: NS (MSLLR) - Unknown owner - C:\WINDOWS\System32\ns.exe" -service (file missing)

2. Click on the "Config" button in the lower right corner of the main HJT window. In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK:

MSLLR

3. Close HJT, reboot, run HJT again, and post one (hopefully) last log for us.

Yikes! :eek::eek:

That's an extremely heavy infestation; We'll need much more than HijackThis to fix things.

1. Download the following three utilities and run them consecutively:

CWShredder
about:Buster
HSRemove

CWShredder and about:Buster have an online update function; use that before having them scan and fix. For CWShredder, click the "Fix" button, not the "Scan" button. about:Buster and HSRemove are pretty self-explanatory; just follow their prompts.

2. Download, install, and run:

ewido Security Suite (free trial version)
Microsoft AntiSpyware beta

Again- check for updates first, and then have each program scan your system and fix what it finds.

3. Go to the following sites and run their free online virus/spyware scans. Let them clean what they find:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

4. Reboot your computer, run HiajckThis again, and post a new log.

1. Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

Now look for a folder named C:\Program Files\Internet Optimizer. Does that folder exist on your computer?

2. For the "mscorre" error, see if this helps:

http://consumer.installshield.com/kb.asp?id=Q108178

Try repairing windows from the windows cd...

Yes, that would be the next step before reformatting. Even if you go that route, you should still back up your data first.

If reformatting isn't a big deal though, you might just want to do that; the Windows "repair" process is far from perfect.

OK- good luck with that.

Sorry I couldn't be of more help with the built-in wireless, but it's kind of difficult to troubleshoot that kind of problem without being able to actually look at the computer...

1. C:\Windows\rundll32.exe and C:\Windows\System\Internat.exe are real Windows files. The virus may have overwritten or altered them, which means that you may have to install fresh copies of the originals to replace the infected versions of the files. We should determine that before going any further.

Please do the following:

- Open Windows Explorer and locate rundll32.exe.
- Right click on the file and click Properties.
- In the Properties window, note the file's exact size, its version, and its creation date. Post that information here.

On my Win98 (SE) machine I show the following information for the "real" rundll32.exe:

size: 24,576 Bytes
version: 4.10.0.1998
created: Fri. 4/23/99 10.22.PM

- Repeat for Internat.exe. This is the info I have for that file:

size: 28,672 Bytes
version: 4.10.0.2222
created: no date listed

Thanks..tried that but they still keep reappearing. Any other suggestions?

That could be the work of a malicious infection. What are the exact addresses/URLS?

H rvince,

Just a polite suggestion:

For clarity, please use full english sentences when posting advice in the forums.

Being an international support site, many of our members have a hard enough time with the english language to begin with. Posting your advice in "Instant Messenger" english only makes it that much harder for people to discern what you are trying tell them.

Thanks.

Hi southerngirl18, welcome to Daniweb :)

1. What exact type of connection do you have (dial-up, cable, DSL)?

2. If it's cable or DSL, do you connect directly to the modem, or do you go through a router or switch first?

3. If you're running any firewall software, disable it completely.

4. Some tests:

1. Open your Internet Options control panel, click on the Connections tab, and then on the "LAN Settings" button. In the LAN settings window, make sure none of the proxy-related boxes are checked, and also try toggling the status of the "automatically detect settings" box.

2. Open Internet Explorer and see if you can reach Google and/or Yahoo by their IP addresses as opposed to their URL. In IE's address/location bar, type in the following locations one at a time and tell us what happens:

http://66.102.7.147
http://66.94.230.37

3. Click on the "Run..." option in your Start menu. In the "Open:" box of the resulting window, type "cmd" (omit the quotes) and hit Enter. This will bring up a DOS window

- At the DOS prompt, type the following commands, hit Enter after each, and tell us the exact results:

ping 127.0.0.1
ping 66.102.7.147
ping www.google.com

- Again at the DOS prompt, type the following command, hit Enter, and post the information returned by the command:

Hi Maqrux, welcome to the site :)

A couple of things to start with:

1. Post the full and exact contents of the Azureus/MaxConnections error please.

2. Open the Event Viewer utility in your Administrative Tools folder and have a look through your System and Application log files. If you see any errors or warnings in the logs, double-click on them to see their details. If any of the messages seem like they might be related to your problem, post the details here.

If you plan to share files then you need a partition type which your Windows version can access. That's either FAT32, or for recent and reputable Linux distros NTFS.

A good point.

You'll find that being able to share files between Windows and Linux is a pretty handy thing on a dual-boot machine, and since Windows doesn't recognize Linux-formatted partitions, you should make a FAT32 "shared" partition of adequate size on the D drive, and leave the rest of the space blank/unallocated for the Linux install.

I suggest the FAT32 format because Linux can work with the FAT32 format just as well as it works with its own formats (ext3, ext2, reiserfs, etc.). Full support for NTFS, on the other hand, is fairly new. Linux can reliably read from NTFS partitions, but the ability to write to NTFS is not officially stable yet.

No Safe Mode, eh? Not good.

Can you go back to "Last known good configuration"?

Hi DBK, welcome to the site :)

We definitely appreciate your, um, eagerness to help, but please: check the posting dates in the threads before responding to them. ;)

(Hint: this thread has been dead for over 1 1/2 years.) :mrgreen:

OK- now that we're in the right forum, let's dig in.

You will need to either print out any directions we give you from now or save them into a Notepad file, because you will need to be disconnected from the Internet for much of the cleaning process. If you have a cable or DSL connection, you should physically disconnect the network cable from your computer.

There are two things you need to take care of before we do any work with HijackThis:

1. C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

The log entry above indicates that you had at least 2 instances of Internet Explorer running when you ran HijackThis.
Before actually fixing problems with HijackThis, you must make sure to close/quit ALL instances of your web browsers. HijackThis cannot fully perform its fixes while browsers are running. You should also close Windows Explorer and all other non-essential programs (AIM, iTunes, Yahoo Messenger, etc.)

2. C:\DOCUME~1\ALLISO~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

The log entry above indicates that you are running HJT from within a Temp/Temporary folder. Please do the following:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in …

Hi AlliAnne629, welcome to the site :)

As a new member I'm sure you were unaware of this, but one of our forum guidelines is that HijackThis logs only be posted in our Viruses, Spyware, and other Nasties forum. I'll move this thread to that forum for you now.

A couple things to keep in mind regarding "Temp housecleaning":

1. There's a difference between the Temp and Temporary Internet Files folders, so you should be specific when referring to either. When you delete via Internet Options, you are deleting the contents of your Temporary Internet Files folder, but not your Temp folder.

2. Depending on your version of Windows, you may have multiple Temp and Temporary Internet Files folders. For example, in addition to the C:\Temp and/or C:\%WINDIR%\Temp folder, Win 2K and XP also have separate Temp and Temporary Internet Files (and Cookies) folder for every account on the system, including "non-user" accounts like Default User, NetworkService, and LocalService. Unwanted cruft (including virus/spyware components) can build up in all of those locations.

Hmm... I don't know what to suggest about that. I'd expect that you would at least see something regarding the wireless adapter in Device Manager, and you do seem to have the right drivers... :?:

You said the warranty has already expired- how old is the computer, and did the wireless ever work on it?

If there really is some serious problem with the built-in wireless, you can certainly try an external wireless card; your computer does have a PCMCIA slot for one. Any model of card that is compatible with your version of Windows should work, but there are some things to think about in that regard:

1. Technically, wireless standards are just that- standard, so devices made by one company should be able to communicate perfectly well with other brands of wireless devices, but in the real world that isn't always true. If you already have a wireless router or access point installed on the network where you plan to use the laptop the most, I'd highly suggest buying a wireless card made by the same company that made the router/AP.

2. Even if all of your wireless devices are from the same manufacturer, you can still experience problems if you mix 802.11b and 802.11g devices. As with mixing different brands, you should be able to use a Wireless G device in a Wireless B environment, because Wireless G is supposed to backward compatible with the older/slower Wireless B standard. Again though, this isn't …

... and web pages produced by Excel.

*cough* *choke* *shiver* Bad web designer, bad!

one thing i know is that i would of been better to wipe my pc with madboot and just reload my system that would fix my problems.

These problems, yes. Unfortunately though, unless you immediately put protective measures in place on that freshly-reloaded installation, you can become reinfected in less than 30 minutes of web surfing. Trust me, I've seen it happen first-hand.

Preventative measures you should take:

1. Enable Windows Automatic Update function to keep your system as up-to-date as possible with the most current Microsoft security and bug fixes.

2. Stop using Internet Explorer as your web browser. Because IE is so closely tied into the Windows operating system itself and contains so many security flaws, switching to another browser such as Netscape, Firefox, or Opera will greatly reduce the avenues through which spyware/adware/hijackers/etc. can infect your computer.

3. Install preventative utilities such as SpywareBlaster and SpywareGuard (links are in my sig below), especially if you absolutely have to continue using Internet Exploder. These utilities protect areas of your system known to be vulnerable to malicious attacks.

4. Tighten up some of Internet Explorer's existing, default settings to make it more secure. Some info on that can be found here: http://tomcoyote.org/ieoe.php

5. Obviously-install a good anti-virus program and enable its "auto-protect" and email-scanning features.

6. Install a stand-alone firewall program such as Zone Alarm or Kerio Personal Firewall, or purchase the "Internet Security" packages offered by Symantec …

crunchie is saying that you are running HiajckThis from within an incorrect/unsafe folder.
Please excuse the "canned answer", but here's the full explanation:

C:\DOCUME~1\SLY\LOCALS~1\TEMP\HIJACKTHIS.EXE

The log entry above indicates that you are running HJT from within a Temp/Temporary folder. Please do the following:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else. Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.

Good Penguin, Good Penguin! Treat yourself to a nice yummy fish.

:mrgreen:

In the days before Firefox was actually Firefox (Phoenix/Firebird) and ready for Prime Time, I used Netscape primarily, and sometimes Opera. But I too found that, as newer versions were released, Netscape was becoming too to "Boggy and Cloggy".

I still use Netscape on my Linux boxen sometimes (it doesn't seem to suffer from the problems that the Win versions do), but Firefox has been my main browser on both platforms for some time now.

hahahaha

Yeah, I know. Dont' ask- it just sort of popped in to my head... too much coffee this morning. [img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/smileyFrazzled.gif[/img]

Anyway...

If you want the 64-bit version, d/l the FC3-x86_64-disc1 - FC3-x86_64-disc4 .iso files; d/l FC3-i386-disc1.iso - FC3-i386-disc4.iso for 32-bit platforms.
Regardless of which you d/l. also grab the associated MD5SUM file; you'll need it to check the integrity of the downloaded isos before you burn them.
Info on error-checking your d/ls with the MD5SUMS program can be found here.

The SRPMS isos contain the source code for Fedora and the software packages distributed with it. You don't need those; they're for Uber-Geek programmer types. :mrgreen:

Hi tonyb130, welcome to Daniweb :)

deonnanicole is right; our Posting Rules prohibit the posting of questions in another member's thread, for exactly the reasons she explained.

Given that, I've split your question into its own separate thread, which you can find here:

http://www.daniweb.com/techtalkforums/showthread.php?t=23799

Glad we could help you get it sorted :)

I haven't used any of the 64-bit packages yet, but over the years I've used different versions of Red Hat/Fedora, SuSE, and Mandrake/Mandriva. I quite happy with SuSE and RH/Fedora, but for some reason Mandrake has always, for lack of a better description, just felt like a big soggy pancake that someone dropped on the ground.

The latest full-release versions of SuSE, Fedora, Mandriva (formerly Mandrake), and Gentoo are all available for the AMD's 64-bit platform as far as I know.

Your system is infected- netsync.exe is a component of a spyware program.

Please do the following so that we can see if you have signs of any other malicious infections:

Download the (free) HijackThis utility:

http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe

Once downloaded, follow these instructions to install and run the program:

Create a folder outside of any Temp/Temporary folders for HJT and move it there now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here.

The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

Oh, well. sometimes that's the fastest way to clean things up if you're really heavilly infested.

However, unless you take some preventative steps immediately after reinstalling Windows, you can become reinfected again in less than 20 minutes of being connected to the Net (no.. I'm not kidding). :(

Once you've gotten the base reinstall of Windows up and running, here are some measures you take before doing anything else:

1. Use Windows Automatic Update function to get your system as up-to-date as possible with the most current Microsoft security and bug fixes.

2. Stop using Internet Explorer as your web browser. Because IE is so closely tied into the Windows operating system itself and contains so many security flaws, switching to another browser such as Netscape, Firefox, or Opera will greatly reduce the avenues through which spyware/adware/hijackers/etc. can infect your computer.

3. Install preventative utilities such as SpywareBlaster and SpywareGuard (links are in my sig below), especially if you absolutely have to continue using Internet Exploder. These utilities protect areas of your system known to be vulnerable to malicious attacks.

4. Tighten up some of Internet Explorer's existing, default settings to make it more secure. Some info on that can be found here: http://tomcoyote.org/ieoe.php

5. Obviously-install a good anti-virus program and enable its "auto-protect" and email-scanning features.

6. Install a stand-alone firewall program such as Zone Alarm or Kerio Personal Firewall, or purchase the "Internet Security" packages offered by Symantec …

Very cool; glad we could help! :)

Just to add to what the others have said:

...but my browser said that it needed to connect via dialup in order to work.

That's usually due to a conflict/misconfiguration in the network connection settings of Windows itself and/or your ISP's connection software. If you have access to a broadband Internet connection (regardless if it's wired or wireless) and want your computer to use that instead of your dial-up modem, you need to go to the Connections tab of your Internet Options control panel and set your Dial-up connection to "Never dial a connection". If your ISP has provided you with their own connection configuration utility, you will need to make similar adjustments to the settings there (the exact settings will depend on the specific conneciton utility). Obviously, for everything to work properly, you'll also need to have your LAN/wireless connection configured correctly as well.

The salesman at the store said I need DSL or cable in order to use my wireless at home...can I get a wireless router that works with dialup?

The salesman was wrong; there actually are a few wireless solutions for dial-up. Apple's Airport Extreme Base Station is probably the best bet (yes, it works with Windows computers too).

Do I have to buy two since I drive back and forth from my moms to my dads...

No, but you'd have to lug the Airport along with you.

but then do I need a router to use my wireless out there.

If they do …