I cant believe there is no way around it. I did a restore. I still cannot get rid of some of the HELP_RESTORE_FILES.txt laying around. I dont have the permissions. jimfive
Hmm, you have a point, but honestly, I would hope that updates would not have caused the problem. I had to have done something stupid. I noticed all of the .ecc files were created on the same date, 4/17, 9:37a. That was Friday, a full week after the updates were installed.
It seems that i have this virus, but only seems to have affected my desktop. I am not sure how I picked it up. I did download a bunch of Windows Updates, and rebooted my machine on Friday (4/10), and left for the weekend. I know during the weekend there were some networking guys here, but I do not think any of that has to do with any of my problems. I did notice that after the reboot, I kept getting a popup saying you have new files to copy to your DVD or something like that. HELP_RESTORE_FILES.txt was it. I did a search on it, and It showed up like a couple thousand times, or something like that. So I deleted them all. I still got infected though. I ran ESET and it cleared out something. I think its gone, but not positive. Also, I would like to convert all the .ecc files back to what they should be. If anyone could help me out with this I would appreciate it. I do backups weekly, but if I do not have to do that, I would appreciate it, just because this is my work computer, and I would not want to lose data (I guess I could up load those files somewhere, do a restore, and bring back the files. I did turn off my backups since, and have not done it. I noticed this happened around Wed of last week, maybe later, and did …
Hmm, you have a point, there could be some scramble in there. I have a note in my filesthat says, -=-=To avoid a conflict with your Internet Service Provider, your router's IP address has been updated to 10.0.0.1. You must now update the IP addresses in your router's configuration settings for each relevant service, such as port forwarding and IP address reservation.=-=-=, but now that I am thinking about it, when i do an ipconfig, i think it says my laptop's IP is 10.0.0.1. I will have to check that out.
Downloaded the free version, will check it out this weekend. I have a modem from Optimum from there it goes to my network upstairs and network downstairs. THe downstairs network, goes to the laptop, and to the XBox360 and XBoxOne. I wonder if they are competingwith the laptop and that is the problem. THe laptop is using RJ45, not on wireless. It is DHCP.
I did netsh and rebooted. Still the same problem. I pinged my IP, i pinged my gate, all good. I did an nslookup google.com and that worked. Actually it worked, timed out, and worked again (3 times in a row). So, gerbil mentioned using: sfc /scannow It sounds like I can do that from a command prompt. Do I need to do it from a boot disk, in which case, I put the disc in, boot up, and then get a command prompt, use: sfc /scannow /offbootdir=f:\ /offwindir=c:\windows where the CD/DVD drive is f:\?
Sumbitch, the notworking is just that. Very interesting. I did a DNSflush it seemed to work, but within a minute it was down again, I thought for sure something evil was redirecting. I will play with netsh, compute some stuff, and see what happens.
Argh, this has not been solved. It happens all the time, and flushing DNS is not doing it. I did notice that I cannot open .jpg files, but I can open .gifs. Isn't IE the primary way to view a .jpg? Could it be IE that is the problem? I will try again with Firefox, but now I think about it, I couldnt get Firefox to go, becuase it wants to download new versions (I don't use it), and it can't because it cannot connect to the internet. AVG wants to download the latest version to check for viruses, etc. and I cannot do that, because I cannot connect to the internet. Annoying. Anyone have any clues? Thanks, Jim
K, I looked, DNS was set to automagic detect, I put in 8.8.8.8 and 8.8.4.4. Plus I did a ipconfig/flushdns. It was not working cause of the proper level admin, so I opened the window as Admin., ran the command, and I was able to get to Google, etc. So, thanks to all for the help. THe next morning I checked it, and it was spinning again (not connecting to Google), so I did another flushdns, that seemed to do it. Gerbil, you are right something must be causing something. I will take your advice and run with it. Now I can reach the webpage, I reference your info, and see if I can find the cause. Thanks.
Thanks for getting back to me, rch1231 and rubberman. Quickly, I am running IE, and I tried Firefox with no avail. SO, I can prob rule out an IE prob. I didn't thinkabout DNS. I am at work right now, the laptop is at home. I will check out the info above when I get back. Oh, I guess I could bring the laptop to work to see if I have the same problem. That would prove a home network prob vs. a laptop prob.
I cannot tell you when this started, as I do not use this machine too often, it is my laptop at home, and it is not used by anyone but me. I am thinking it is a viru/spyware or similar, but I am not sure about that either. Once or twice I think I got on the machine, found out it was not getting to a webpage and walked away, because I was looking for info, and not able to sit down and figure it out. I did have to download updates as well. Which it did, but it took a long time, I thought that was what was slowing it down/not keeping it from getting to a website. Anyway, I have Google set as my homepage, so when I open a new page, it just spins, no Google, never gets to any other states than that. It just spins like its trying but gets nowhere. I pulled up a command prompt, and was able to ping www.google.com without loss. I ran AVG, and it didn't find any viruses. I also checked to make sure the AVG filtering webpages wasn't causing the trouble. I think I did that right
So, any help would be helpful. Again, I really cannot go out and download software to aid me, cause I cannot connect. I did copy the IP address of Google into the browser to see if that worked. It didn't.
Not sure what to tell you Jim, perhaps another will have a fix for you. By the way, you asked about automatic updates with MBA-M, auto updates is only available with the PAID version, not with the Free version.
So, I went back to www.dougknox.com, under WinXP Fixes, and tried a few things. I downloaded: EXE File Association Fix Folder Association Fix LNK (Shortcut) File Association Fix Internet Explorer Desktop Icon Fix
-reboot-
so far it seems success! As soon as the machine came up, eSET started running, and I had automatically loading standard stuff in the tray. All exe files seem to work now. Unfortunately, I do not know if one or multiple things I downloaded did the trick, but I am up and running, and most important, able to run AutoCAD and Alibre, so I am able to do my job. Could I hold off a day, make sure all is good, and then close this thread? In the meantime, THANKS SO MUCH for all the help!
Not sure what to tell you Jim, perhaps another will have a fix for you. By the way, you asked about automatic updates with MBA-M, auto updates is only available with the PAID version, not with the Free version.
K, good to know. I will have to remember to go out there and do that.
Thanks, but it did not help. I am actually working on regular mode, but here are the problems: .exe files are not working, I get the "what do you want to use to open this file..." Word and Excel (also from the System Tray) say: Application not Found The only thing running next to the clock is Volume & Safely Remove Hardware, etc. and my StartUp Folder is empty. I can get to the internet by clicking on a link shortcut on my desktop, I can open Excel by opening a specific file on my desktop. I am not sure what to try next. Did my StartUp folder get saved as a diff name on my machine somewhere, or was it completely wiped out?
Please download TDSKiller.zip archive and extract it into a folder on the infected (or possibly infected) computer with an archiver (WinZip, for example);
Run the TDSSKiller.exe file;
Wait until the scanning and disinfection completes. A reboot might require after the disinfection has been completed. Post back with the log.
Hey, thanks for getting back so soon, here is the log of TDSSKiller:
Ok, I booted up in normal mode, and all my .exe files are disassociated. I again looked at the /command folder in the registry, and it looks normal. I am not sure how to fix this part. I think all the viruses are gone though. Thanks for noticing how out of date my MBAM was, I really need to make sure that is self updating. Please let me know how to proceed.
Ok, wowsers, I thought I was getting constant updates from MBAM, can you point out where that is done, so I can set it up? The new software found 6 more issues. I will paste the MBAM info here, and then the attach.txt file after it. Thanks for the help. I will check to see if I am running in normal mode. I figured I might as well send this info out first. Sorry about the attachment, not really thinking about that when I posted.
in "HKEY_CLASSES_ROOT\exefile\shell\open\command" my default says: "%1" %* and not "%1" "* like you wrote. Maybe that is your problem? I am running XP sp3.
Sorry, mistype, that is also what I had, thanks anyway.
I had a virus, one of the ones that pops up and says, viruses detected, click on this to start running the anti-virus software. I CTRL-Alt_Del out of that, and then it usually tells me, jga.exe (or something similar) not responsive. I search on that, its always in the PreFetch and ...\Application Data. Deleting that gets rid of it, but the .exe files atop working. I then go into Safe Mode, and run regedit, and go into HKEY_CLASSES_ROOT\exefile\shell\open\command, and change the top setting, which references the evil executable, and make it match the bottom ( "%1" "* ), and that does the trick. It didn't, so I haven't been able to fix the .exe file thing. Here is teh info I am supposed to post:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:26:41 PM, on 23-Jun-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal
Ok. Things are definitely looking better. I haven't seen Symantic popups saying it blocked a Trojan Horse. Here is the hijackthis.log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:56:43 AM, on 18-Jun-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal
it hangs on c:\windows\inf\inetres.adm I can end the process, but it takes a while to actually stop. I scanned the file itself with both Norton and Anti-Malware and it came up clean both times. Just before I leave I will run the Anti-Malware again, and let it go overnite, I am pretty sure nothing will run over not on Wednesday.
The Anti-Malware keeps hanging, it looks like it found two things but I don't know what they are. The file hasn't been written yet. I will turn off the screensaver, reboot, and try again.
howdy, got a nasty virus, searching on it led me to this forum. It looks very efficient, succinct, and useful. Hopefully I can give out info as well, but first just need to fix my problem.
One other thing (well, I am sure there will be more), I have a Western Digital "My Book" attached, F:\, and when I noticed this problem. I disconnected it. Do I have to worry about it. It is for backup stoage type stuff, and I do not run anything from it. I am hoping its not a concern, because the virus(es) are mainl concerned with c:\. I did not run any backup batch files, just disconnected it during reboot.
ugh, just looking at this I have so much crap on my machine its disgusting. Looking at that antivirussys2009... that's related to the Antivirus System Pro that was popping up, but I was able to remove from StartUp. Plus all that clock crap, I thought I removed that all using Add/Remove from the Control Panel. Is it safe to say that anything with associated with a clock that I know I am not running on my machine, like Banshee, I can click to remove? Also, what are the steps necessary to make sure it doesn't come back to haunt me. Just an added, Windows Defender did see the Trojan, and "removed" it, but on boot up, it came right back on full force.
I definitely have the crap listed in the title. This is a work machine. Tried running Norton, it said I some cookies, and got rid of them. My Symantec pops up frequently scanning an outbound email, it looks like, even though I am not sending them, and there are no emails in my Sent folder (running Outlook Express). Every once in a while Symantec says it prevented a Trojan from running. Looking at Windows Task Manager I saw Freddy46.exe running. Searching it turned up no results. Looking some more, I see msnonfig.exe and svnhost.exe (for each of those files, the n has an tilde above it). So something is amiss. Seaching on svnhost, I came across this website, and the post: http://www.daniweb.com/forums/thread8202.html So I have some stuff that is different, and before I start deleting, which I really want to do, I wanted to run it past the higher powers that be. I downloaded HiJackThis (as suggested in the other thread), and came up with the following:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:51:04 PM, on 16-Jun-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal
