Re: SP2 makes XP-Home/SP1 CD - TROJAN


"Shenan Stanley" <newshelper@xxxxxxxxx> wrote in message news:uWDx8OsqFHA.3436@xxxxxxxxxxxxxxxxxxxxxxx
Answered inline. Please note that with the additional system information I have found specific answers to problems you have mentioned in HP web FAQs about your machine. I have listed those links in this email and suggest you print those out and follow through them.

## Yes, I saved this post to the desktop. Sunbelt-CounterSpy is running again after finding GuardianMonitorClassic. It did not see Trojan.Downloader.BHO.req at all.

I answered elsewhere in this thread with an application that you can trial for 15 days (you might have to buy it to clean it - but it has outperformed so many applications out there - it may well be worth the $20 for you.) Counterspy.

## We're willing to pay for anything that works and works well to remove or keep this crapware off of our PCs.

Exactly.  If we can't get this Trojan off this PC we're looking at
many many hours of work reinstalling and tweaking everything back to
the way I like it.  I dread it!

Okay - yeah - reinstalling does suck - but if you treat it right - it can be more like a new beginning/cleansing. It's not necessary often..

## I know. It would give me a chance to delete a bunch of old files etc. Kind of like cleaning out an overstuffed closet. I'm trying to think positive here..... ;-)

- When you first *restore* the system from the restoration CDs
provided by the manufacturer (before doing anything else) - do the
functions you are having trouble with WORK?

Yes.

Okay - see, that points to you getting infected, you configuring/tweaking the wrong thing, you installing something that your system did not agree with, etc. When you first notice the symptoms, do you ever use System Restore to go back a full week before you noticed the symptoms?

## Only once and it worked. After that it failed. I was told to not include D: in the restore points, checked it last week and it did work. But now my restore points only go back to then.

- Do you then continue to install things one at a time and see if
any of the functions cease to work at any given time?


Not one at a time, usually 2 at a time.  If all goes well, then
another two... etc.  The problems always started after all was well
for weeks, sometimes months.

Again - pointing towards the user maintenance not being performed or something being installed that is incompatable. A machine that is working and can be restored to a working state byy a fresh install does not have a hardware issue - but a software/user issue. =)

## I never thought these were hardware issues. I always suspected software problems. I didn't think of the malicious people out there writing bigger and better crapware. I ran Norton auto-daily and the other programs weekly, ran my scandisk, defragged.... I'd like to kill the *&^%$#@s who write this stuff. >:-( The thing was problems would crop up out of the blue! Not after a download or installation of new software. That rarely happened.

- Have you been making steady backups to CD or Floppy Diskettes or
something - of your valuable data/email/contacts?


Yes!  I've been doing that for years now.  We GHOSTED the whole
system with Norton Ghost last May.  We were about to do it again.  We
never used Ghost before and are leery about trying it.  As I said,
techs here are expensive when you can find one, and their work isn't
always good.  Or we have to haul it out to CompUSA which is a long
drive from here.

Wait a minute..
You are not telling me you have a ghost image of this machine in a fully working state, are you?

## Yes. We made it on May 2, and were about to do it again. It's all on 4 DVD-RWs.

If so, why have you not taken the plunge? Ghost it AS IS now - then use ghost to restore that older image when it was all working.
BTW - you don't really want to ghost a machine AFTER finding a problem - unless you also fixed it. 

## Exactly.  I sure wouldn't want to reinstall any of these problems.

So the only reason for ghosting it now would be
in case you lose some data and need to retrieve it from the image later. (yes - you can retrieve data from a ghost image without applying the image.)

## OK. That sounds like a good idea. But I'd be leery I'd retrieve data that's infected.... damn! >:-(

Yes, HP has a BIOS update/flash but that would be like having a
first aid course and trying to do brain surgery for me.

Not really.. A BIOS flash is simple for something so potentially dangerous. I will explain - but first - something I found on the HP site when I went there looking up the model you gave later (Some of the things in the web pages I list below are SPECIFIC to your machine type..): 

## I'm all EYES!

Downloads Fail and Security Warnings Appear after Installing Service Pack 2 for Windows XP
http://h10025.www1.hp.com/ewfrf/wc/genericDocument?dlc=en&lc=en&product=326411&lang=en&cc=us&docname=c00219697
( Shorter Link: http://snipurl.com/h92b )

## Holy Moley... I never saw these windows after installing SP2. This Trojan was probably already on my PC when I download SP2! Now I see why I had so much trouble downloading SP2 and then afterward. I just looked - Sunbelt CounterSpy found another 3 CRAPWARES. WhyYouSaveNow, 2020SearchBrowserPlugin and SpyAnytimePC Spy.
I'm in shock! This is incredible............ it's *crawling* with parasites.


HP and Compaq Desktop PCs - Important Information for Upgrading to Microsoft Windows XP Service Pack 2
http://h10025.www1.hp.com/ewfrf/wc/genericDocument?dlc=en&lc=en&product=326411&lang=en&cc=us&docname=c00218731
( Shorter Link: http://snipurl.com/h92d )

## I never saw any Backweb updates from HP. I had to go to the website and look for them.

The point from the link above I like to point out to you:
"CAUTION: Upgrading to SP2 without updating your drivers can cause some software to not work properly."
There are 12 listed updates before you were to ever install SP2 onto that HP machine.. That's unbelievable. I really dislike HP. heh

## How would anyone know who owns a HP? I have enough trouble finding updates there. I didn't see these pages about SP2 the last time I updated anything from HP. I do recall installing some updates from the site, but not exactly what they were.

All the driver updates for your system can be found here:
Software & Driver downloads - HP Pavilion a250n Desktop PC
http://h10025.www1.hp.com/ewfrf/wc/softwareList?dlc=en&lc=en&product=326411&lang=en&cc=us&os=228
( Shorter Link: http://snipurl.com/h92g )


## I remember this page.  :-)  I already got most of these a few weeks ago.

HP and Compaq PCs - Resolving Microsoft Windows XP Installer Errors
http://h10025.www1.hp.com/ewfrf/wc/document?product=326411&cc=us&lc=en&dlc=en&lang=en&docname=c00435642
( Shorter link: http://snipurl.com/h92f )

## I'll check the rest of these out tomorrow morning.... sleep,.. I need sleep..........

Print the three information pages above.. Go through all of the steps for the symptoms you are seeing. Then go through the Software and Driver updates page and download and install all the latest drivers.


Now - as for the BIOS flashing... It may not be necessary after looking through the pages above, but if it is - do not be nervous. As long as the power stays on, the update should be painless.

Go here:
BIOS update for P4SD-LA Motherboard - HP Pavilion a250n Desktop PC
http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?dlc=en&lc=en&os=228&product=326411&lang=en&cc=us&softwareitem=pv-22928-2
( Shorter Link: http://snipurl.com/h92h )

Print the page and download the update to your desktop. Follow the instructions. Yours is one of those great updates now that can be done without making floppy diskettes and the likes.


- Can you (even if you have done so in the past) post the Model of
your computer here (along with general specs like memory, hard drive
size, CPU speed and any external devices you have connected to it at
any time.)?


Yes and I'm going to post the HiJackThis log here as well.  Maybe
someone will see something I don't.

This PC was bought in Aug 2003 with WXP-Home/SP1.  It's the a250n
with a 2.60 Intel Pentium 4 processor, 512 MB of RAM & a 120 GB Western
Digital HD. It has 2 burners and a floppy drive.  We replaced the
original CD-ROM with a better Sony.  It also has read drives for
flashcards, smart-media, an mmc drive and MSMS pro drive (I don't
know what they are).  It has an old HP printer that we update the
drivers for and an old Epson Scanner.  The HP camera has a flash card
that goes into the flashcard reader on the front of the PC.  The
monitor is a ViewSonic about 6 months old.

Thanks - I used this information above! Check out the section right before this one.


- Are you prepared and willing to restore your system to its
purchased state again - so it can be configured correctly from the
beginning and get only the software you need to maintain, protect
and use it properly/the way you desire installed?

GOOD GRIEF YES!!!! :-))) 

Good to know - we may be able to avoid it.


(You are likely going to need to do this, but you should
also know all the steps to go through in order to get it completely
updated and stay fully functional afterwards - which we will be more
able to provide if you answer all the other questions I have
completely.)


I understand.  Would you recommend that rather then try and get
this Trojan off my PC?

No - clean up the trojan first - along with the steps I gave earlier in this post - direct from the HP web pages. It is entirely possible that you won't have to redo your system.

Having said that - if you do - I will help with that as much as I can if it comes to it. If you have seen my list of things to protect your machine before - find that and print it as well.. You should definitely begin using the spyware immunization tools more!

--
Shenan Stanley
    MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html


.

Relevant Pages

  • Re: Formating Windows XP
    ... Go to a computer supply store and buy a kit that cleans CDs and drives. ... > updates sorted before i go on the net looking for other AV programs right? ... >> Enable the firewall on your dial-up connection before connecting. ... >>>> Install Windows ...
    (microsoft.public.windowsxp.general)
  • Re: SP2 makes XP-Home/SP1 CD - TROJAN
    ... and can be restored to a working state byy a fresh install does not have a ... > never used Ghost before and are leery about trying it. ... There are 12 listed updates before you were to ever install SP2 onto that HP ... It also has read drives for ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Windows .Net Updates and SPs
    ... you'd unplug all USB keys (USB HDDs; Flash drives) before ... updating via AU or WU as the install process will seek and use the HDD ... usinbg an addon removable USB HDD, and after installing thgese updates, ...
    (microsoft.public.windowsxp.general)
  • Re: Glad to be back
    ... And of course these days DVD-R drives are commonplate, ... Solution was simple - Copy of Norton Ghost, ... Start with a clean install, just windows at first ...
    (uk.rec.models.rail)
  • Re: CD/RW & DVD Drives not responding
    ... Windows updates copy of XP). ... After discovering that the drives didn't work, ... So you did a clean install of XP to a different partition. ...
    (microsoft.public.windowsxp.hardware)