Posts by DMR

....we should all hold hands sing the pepsi song...

Yoiks!! Somebody is really showing their age here...

:mrgreen:

I'm having the same problem as jheft

Phas,

You need to post your question in it's own separate thread. When multiple people "piggyback" their questions on to a thread started by another member it quickly becomes difficult to follow the multiple troubleshoots.

Thanks for understanding :)

- Dave

Hi- Welcome to TechTalk! :)

1. Did the anti-spyware programs find/fix anything?

2. Have you tried to repair IE? Instructions on how to do so are here:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;194177

Hm, not sure about that one- I don't use AVG. :?:

OK. We'll be here.:)

There are still a couple of suspicious items in there. Did you run your AV and spyware utilities while booted into safe mode? If not, try that.

As I suggested, also contact your ISP.

... instead of avemspw.exe coming up in the HiJackThis scan, the file seemed to have renamed itself to aaamona.exe? Is that possible?

Yes, many of these wonderful little irritants can generate random filenames.

And can you please advise me on the Windows Media Player issue as well?

WMP has a lot of security holes and exploitable bugs. You should use Windows Update to download and install the most current fixes and patches from Microsft.

Is it just Netscape, or does this happen with Internet Explorer as well?
Does it seem to be only hotmail recipients?
Can you send mail to the recipients from another computer?

You might want to contact your ISP; it could be a problem with something "upstream".

OK- yeah, you've got quite a few nasties there.

In conjunction with Ad Aware, also run SpyBot (link to download is in my sig below); one of those programs will often catch somehting the other missed. Make sure you have the latest versions and the most current updates for these utilities; new updates can be published almost daily.

Do that and post a fresh log. I've got to log off for a bit, but I or another member will give you more direction shortly.

heh heh........ :)

Ta

Don't sweat it- I've been more than a bit scattered myself recently...

:)

Yeah, that would be the better way to go IMHO.

So it's going to be an ad hoc network, right? That is- no WAP, just the two machines directly connected via wifi with the XP box acting as your Internet gateway. If that's the case, you'll need to configure Internet Connection Sharing (ICS) on the XP box; many tutorials for doing so can be found online.

There's a lot of useful info concerning OS X -> Win XP networking/filesharing in some of the links returned by the following Google search:

http://www.google.com/search?hl=en&ie=UTF-8&q=%22file+sharing%22+Mac+%22windows+xp%22+%22os+x%22&btnG=Google+Search

[img]http://www.pumpkinridgecrafts.com/images/jam.jpg[/img] I seriously like jam

WTF??

The jams are revolting! ;)

also, another quick question, is hijacking illegal?

Currently no, at least not in the US.

However, there is legislation being developed at both state and federal levels which, if passed, would make some or all of the tactics used by spyware distributors illegal. Do a Google search on the following terms to find out more about what's going on and how you might be able to help:

spyware illegal

... I'll move it there...

Um... I think you forgot a small little something there Terri. :mrgreen:

(I moved it for you) :)

Marking this as solved for now (and hopefull forever).

:)

tetsuo,

You need to start your own thread for your question. When multiple people start posting questions in a thread started by someone else, it can quickly become difficult to keep track of which answers relate to which question. That is why we ask our members to adhere to our policy of "one member's question per thread".

Thanks for understanding :)

Tabascoman4 please do the following ,and after you do start you own thread...

Tabascoman4,

caperjack is right- you need to post your question in its own thread. Please read my comments (and crunchie's) earlier in this thread concerning our reason for requesting that members do so.

Thanks :)

To do Linux Properly (in my humble opinion)

/
swap
/usr
/home
/var
/temp
/internet

and I build them on 10 GB disks...

lol.
Christian- that's almost exactly how I prefer to do my builds. Using a multi-partition scheme definitely has it's benefits (but it isn't something I usually recommend to someone who's new to Linux and/or its filesystem structure).

:)

Yeah, 5G should do for any version of Linux if your just starting to experiment. Another option is to put another small, cheap drive in your system and install Linux on that. Linux isn't fussy about what drive, partition, or even kind of partition (Primary/Logical) it's installed on. As I said though, because Linux doesn't (reliably) support writing to NTFS-formatted partitions, you should create a small FAT32 partition where you can store data that you want to share between both operating systems; it does come in handy.

Also, unless you choose to do some custom partitioning when you install Linux, it will by default create two or three partitions:

A / (root) partition - equivalent to "C:\" in Windows. This will be your main (and largest) partition.

A Swap partition - equivalent to Windows' virtual memory swap file. This needent be larger than 2x your amount of physical RAM.

Possibly a /boot partition - this is where the kernel and some other critical startup files will live. If a separate /boot partition isn't created, /boot will be a subdirectory of /.

Whichever way you go, install Windows first; Linux should detect the Win partition during its installation process and in most cases will automatically configure its bootloader (Grub or Lilo) to give you a choice of which OS you want to load when you boot your system.

After finishing the scan I was told that I am in medium risk of getting Worm Netsky.y. Can I get some feedback from you about this?

More information on the virus can be here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.y@mm.html

Pay attention to the "best practices" recommendation in the above link; those are general guidelines which, if followed, will minimize the likelyhood of getting infected. Using Windows' and and your anti-virus software's auto update functions to make sure that you have the latest bug fixes, security patches, and virus definitions is key here.

From the horse's mouth

"A personal desktop installation, including a graphical desktop environment, requires at least 1.7GB of free space. Choosing both the GNOME and KDE desktop environments requires at least 1.8GB of free disk space.

A workstation installation, including a graphical desktop environment and software development tools, requires at least 2.1GB of free space. Choosing both the GNOME and KDE desktop environments requires at least 2.2GB of free disk space.

A server installation requires 850MB for a minimal installation without X (the graphical environment), at least 1.5GB of free space if all package groups other than X are installed, and at least 5.0GB to install all packages including the GNOME and KDE desktop environments.

A Custom installation requires 475MB for a minimal installation and at least 5.0GB of free space if every package is selected."

Of course, I think a full installation includes something like 4 Web Browsers, 2 or 3 office/productivity suites, 6 GUI options, 2 Web server apps, 6 text editors, an entire suite of scienticfic tools, an entire suite of programming tools, etc., etc., so you won't really need that much space for a typical install. Do make sure to leave enough breathing room to store your data and programs added post-install though, of course.

By the way- RH 9 is the last "free" version of the official "Red hat Linux"; that line has been spun off into the Fedora Project.

Currently RH 7.3, RH 9.0, and Mandy 8.0.

(But who knows- that could change tomorrow... :mrgreen: )

BTW: If you install Linux on a system which already runs some version of Windows, it's a good idea to make a separate FAT32-formatted partition for data storage. Since both Linux and Windows can read and write to FAT32, you'll have full access to the data stored on that partition from both OSes. :)

One of my clients' drives recently went south in that sort of way. No Windows-based solutions would let me access the drive in any way, even in two of my Windows machines.

The only way I was able to salvage her data and save the drive was by putting it one of my Linux boxen. From there I was finally able to mount the partition and copy her data to one of my drives. I also had to use Linux's version of fdisk to write a new, blank DOS partition table to the drive before Windows would let me reinstall.

One wrinkle after that was that because the drive was formatted as NTFS I could not simply copy her data from my Linux drive back to her drive due to Linux's lack of full write support for NTFS. The solution was simple though; I just put the drive back in her machine, slapped the machine on my network, and mounted her drive as an smb mount on my Linux box. Voila-instant network file copy!

The actulice pop-up is a bit tricky. The beastie responsible for it seems to come in a few different flavors, with different users reporting different filenames for the culprit and, correspondingly, different fixes.

Have a close read through thread I've linked to below; the different solutions posted there seem to have worked for many people:

http://www.computing.net/security/wwwboard/forum/11720.html

leinad_1414,

We ask that members not tag their question onto an existing thread, but start one of their own instead.

Threads get very cluttered when multiple posters are asking and answering different questions within the same thread.

Unfortunately, this thread is a pretty good example of that. :(

" R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 207.165.195.2:8000"

What the heck is that still doing there? Did it come back, or did HJT not fix it?

@DMR: No.. that is really weird, I'm at UC Davis, using UCD T-1 connecting at the dorms.

Davis, eh? I'm down in San Rafael- drop in for a beer some time... :)

Have HJT fix that entry then- it can't be right.
<update>
I just called the computer person at that school and they said they're having blacklisting issues with that address- hmm... wonder why?
</update>

@caperjack: Would it be bad if I leave them unfixed? Are they doing something to my computer if I leave them be? Cause I'm afraid of messing things up again if I remove them, thanks!

If that URL doesn't look familiar to your, it shouldn't be there- fix them.

Thinking about getting a Mac instead!!

Bah! - just install Linux on your PC. :mrgreen:

Actually, just switching to a browser other than IE will protect you from a lot of this stuff if you need to stick with Windows.

This:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 207.165.195.2:8000

Would indicate that you're using one of the United Community School District's proxy servers in Boone, Iowa. Is that the case?

The short answer is:

- Have HJT fix this entry:
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

- Reboot

- Delete the bridge.dll file if it does exist on your system.

The longer answer is this:

- Your log shows that you were running HJT from the desktop, and that IE was still open. You should run HJT from its own folder, not from a temp folder or the desktop. That will allow HJT to create backups in case you need them. You should also close all applications, including IE.

- Make sure you have the latest updates/definitions (not just the latest versions) of Ad Aware and SpyBot Search & Destroy. Run both of those programs consecutively, rebooting after each. Let them fix everything they find and then run HJT again and post the fresh log. For Ad Aware, you should set some custom scanning options; a short tutorial on that is here:
http://www.bleepingcomputer.com/forums/index.php?showtutorial=48

cavoiles,

First of all- Welcome to TechTalk!

This being your first post I'm sure that you aren't aware of our posting guidelines, but we do ask that members not tag their questions on to a thread previously started by another member. Answering multiple members' problems in a single thread can quickly get quite confusing.

Please post this question in its own thread, and have a read through the "Forum rules when posting" announcement at the top of each forum's main page for more info on our general guidelines for using this forum.

Thanks,

-DMR

I am having a similar problem.

Um, rustanger-

Could you please tell me what part of my post (directly above yours) you did not understand?:

"The problem posted by the originator of this thread has been solved, so this thread is essentially closed; any new questions by other members, however related they might seem to issues in this thread, should be placed in their own thread."

Please help us keep things manageable by posting your question in its own separate thread.

How weird and obscure; good find. :)

PS I did not want to post this in the other thread in fear of confusing the situation since it is still not resolved.

Thank you for that courtney- much appreciated. :)

I'm moving this to our Security forum so that some of our more "malware-savy" members can have a look at your HJT log.

Does this happen with other media players?

Have you gotten the latest WMP updates/patches? WMP has more than a few security holes which the patches address. In other words, you might have been infected by a virus or some other malicious program which is causing the abnormal behaviour.

Moved to the Security forum...

:)

spike,

Please have a read through the previous posts in this forum for info concerning the dreaded "bridge.dll" problem; the solution(s) to that and other common "spyware" problems have been posted here many times before.

Please start your own thread in the security forums as it is unfair to the original poster to hijack his thread & makes it too confusing to diagnose two different logs in the same thread.
Thank you for understanding.
:D

Done; thread split.

Thanks again Chris. :)

Andrew21,

I've split your previous posts (and any responses to your posts) into their own separate thread. The thread is located here:

http://www.daniweb.com/techtalkforums/thread6013.html

Please read the Private Message I sent you concerning my reason for doing so, and please follow up on your troubleshoot in the thread I gave above as opposed to continuing to post in this thread. The problem posted by the originator of this thread has been solved, so this thread is essentially closed; any new questions by other members, however related they might seem to issues in this thread, should be placed in their own thread.

Thanks,

DMR

Good Find! :)

Yes, many (especially older) cable/DSL modems are only 10Base-T (10Mbps) devices.

It's a common side-effect of spyware.

I'm moving this to the Security forum, as that's where we deal with spyware/hijackware/etc. problems. Read through many of the previous "BRIDGE.DLL" threads in Security to find out how to solve the problem.

:)

Just noticed the smilie in the other post. It wasn't by design. I should have disabled smilies B4 I posted that one. lol.

Got it for 'ya. :)

What can you tell me about this one:DeeEnEs.exe ? It's strange to see it running from the unzipped folder.

DeeEnEs= DNS
It's a client program used with dynamic DNS services such as dyndns.org.

You've at the very least been hijacked, so I've moved this to the Security forum.

Download the latest version of HijackThis, run a scan, and post the log it generates here. That will give us a better clue as to what's still infecting your system.

For future reference though, please start your own thread to reduce confusion.

proettger,

Please follow the advice crunchie gave above. It becomes very difficult to efficiently solve members' problems when questions are being asked by mutiple members in a single thread. This is especially true of threads that contain many long and complex HijackThis logs. If you need to pursue your problem further, start a new thread in this forum.

Thanks for understanding. :)

How do you add the links to web sites and call them "here?"

To save yourself some typing (and avoid possible typos), there's easier way to create links when composing a post, assuming you're using the Standard or Enhanced editor options:

- Highlight the word or words that you want to appear as the underlined title of the link (the word "here", in your example).

- Click on the icon in the toolbar above the reply text box which looks like a globe with a chain link at the bottom of it.

- A dialog box will pop up in which you can type or cut-n-paste the actual URL of the link.

- Click OK, and you're done.

:)

I would uninstall IE and install Netscape :) just kidding.

Why say that you're kidding?

Most of the spyware/hijack/etc. programs exploit vulnerabilities that exist in IE; using another browser is actually a very good way to protect yourself from the stuff.

civic,

Please follow up with this in your original post. In order to keep things from getting confused, we ask that members not post duplicate threads dealing with the same question or problem.

Thanks. :)