Re: SP2 makes XP-Home/SP1 CD - TROJAN

Answered inline. Please note that with the additional system information I
have found specific answers to problems you have mentioned in HP web FAQs
about your machine. I have listed those links in this email and suggest you
print those out and follow through them.

> ~ FreeSpirit ~ wrote:
>> Shenan Stanley wrote:

>> - You have an Windows XP Home system from HP that came with all of
>> the hardware you are trying to use with it - this would include any
>> cameras, etc. You have not purchased any third-party hardware at
>> this time and Windows XP Home Edition came with/installed on the
>> computer when you purchased it originally.
>
> Yes. The hardware was all here when we bought this PC - Correct. But
> please see above. Microsoft AntiSpyware (MSAS) found a TROJAN
> hiding on my PC and cannot remove it, nor can I. This TROJAN I
> believe is the problem!!!

I answered elsewhere in this thread with an application that you can trial
for 15 days (you might have to buy it to clean it - but it has outperformed
so many applications out there - it may well be worth the $20 for you.)
Counterspy.


>> - You have reinstalled from the manufacturers restoration CDs at
>> least 3 to 4 times now.
>
> HP did it once, we did it twice. The first time was because the HD
> was failing (they said). I'm starting to wonder of those other 2
> issues we had with WXP were also spyware/scumware related as well and
> nothing saw them. Adaware and Spybot do not see this Trojan, nor did
> Norton pick up on it.

Spyware/Adware/Malware are the most common maladies now. They are worse in
many ways than viruses/trojans/worms.


>> - You are having troubles downloading software/anything from the
>> Internet and your camera and scanner wizard at the very least on
>> this system. - You cannot (for monetary and/or distance reasons)
>> have anyone experienced with such things look at it (take it or have
>> them come out.)
>
> That would be the absolute last resort. The techs we have here in
> the boondocks are not the most knowledge and charge $75 to come out,
> and then$40 to $50 an hour thereafter with no guarantees. Been there
> - done that!

As I said - not an option.


>> - You cannot (for reason of system choice) integrate SP2 into your
>> installtion media - since you really do not have installation media,
>> but restoration CDs.
>
> Exactly. If we can't get this Trojan off this PC we're looking at
> many many hours of work reinstalling and tweaking everything back to
> the way I like it. I dread it!

Okay - yeah - reinstalling does suck - but if you treat it right - it can be
more like a new beginning/cleansing. It's not necessary often..


>> Now my questions:
>>
>> - When you first *restore* the system from the restoration CDs
>> provided by the manufacturer (before doing anything else) - do the
>> functions you are having trouble with WORK?
>
> Yes.

Okay - see, that points to you getting infected, you configuring/tweaking
the wrong thing, you installing something that your system did not agree
with, etc. When you first notice the symptoms, do you ever use System
Restore to go back a full week before you noticed the symptoms?


>> - Do you then continue to install things one at a time and see if
>> any of the functions cease to work at any given time?
>
> Not one at a time, usually 2 at a time. If all goes well, then
> another two... etc. The problems always started after all was well
> for weeks, sometimes months.

Again - pointing towards the user maintenance not being performed or
something being installed that is incompatable. A machine that is working
and can be restored to a working state byy a fresh install does not have a
hardware issue - but a software/user issue. =)


>> - Have you been making steady backups to CD or Floppy Diskettes or
>> something - of your valuable data/email/contacts?
>
> Yes! I've been doing that for years now. We GHOSTED the whole
> system with Norton Ghost last May. We were about to do it again. We
> never used Ghost before and are leery about trying it. As I said,
> techs here are expensive when you can find one, and their work isn't
> always good. Or we have to haul it out to CompUSA which is a long
> drive from here.

Wait a minute..
You are not telling me you have a ghost image of this machine in a fully
working state, are you?
If so, why have you not taken the plunge? Ghost it AS IS now - then use
ghost to restore that older image when it was all working.
BTW - you don't really want to ghost a machine AFTER finding a problem -
unless you also fixed it. So the only reason for ghosting it now would be
in case you lose some data and need to retrieve it from the image later.
(yes - you can retrieve data from a ghost image without applying the image.)


>> - Have you checked HP for any BIOS specific updates to your
>> computer? (I only mention this because there were some computers
>> out there that could not function properly without a BIOS flashing
>> when certain Service Packs/Patches were applied to them - and if I
>> remember correctly - HP as one of the manufacturers who has had this
>> problem several times in the past.)
>
> Yes, HP has a BIOS update/flash but that would be like having a
> first aid course and trying to do brain surgery for me.

Not really.. A BIOS flash is simple for something so potentially dangerous.
I will explain - but first - something I found on the HP site when I went
there looking up the model you gave later (Some of the things in the web
pages I list below are SPECIFIC to your machine type..):

Downloads Fail and Security Warnings Appear after Installing Service Pack 2
for Windows XP
http://h10025.www1.hp.com/ewfrf/wc/genericDocument?dlc=en&lc=en&product=326411&lang=en&cc=us&docname=c00219697
( Shorter Link: http://snipurl.com/h92b )

HP and Compaq Desktop PCs - Important Information for Upgrading to Microsoft
Windows XP Service Pack 2
http://h10025.www1.hp.com/ewfrf/wc/genericDocument?dlc=en&lc=en&product=326411&lang=en&cc=us&docname=c00218731
( Shorter Link: http://snipurl.com/h92d )

The point from the link above I like to point out to you:
"CAUTION: Upgrading to SP2 without updating your drivers can cause some
software to not work properly."

There are 12 listed updates before you were to ever install SP2 onto that HP
machine.. That's unbelievable. I really dislike HP. heh

All the driver updates for your system can be found here:
Software & Driver downloads - HP Pavilion a250n Desktop PC
http://h10025.www1.hp.com/ewfrf/wc/softwareList?dlc=en&lc=en&product=326411&lang=en&cc=us&os=228
( Shorter Link: http://snipurl.com/h92g )

HP and Compaq PCs - Resolving Microsoft Windows XP Installer Errors
http://h10025.www1.hp.com/ewfrf/wc/document?product=326411&cc=us&lc=en&dlc=en&lang=en&docname=c00435642
( Shorter link: http://snipurl.com/h92f )

Print the three information pages above.. Go through all of the steps for
the symptoms you are seeing. Then go through the Software and Driver
updates page and download and install all the latest drivers.


Now - as for the BIOS flashing... It may not be necessary after looking
through the pages above, but if it is - do not be nervous. As long as the
power stays on, the update should be painless.

Go here:
BIOS update for P4SD-LA Motherboard - HP Pavilion a250n Desktop PC
http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?dlc=en&lc=en&os=228&product=326411&lang=en&cc=us&softwareitem=pv-22928-2
( Shorter Link: http://snipurl.com/h92h )

Print the page and download the update to your desktop. Follow the
instructions. Yours is one of those great updates now that can be done
without making floppy diskettes and the likes.


>> - Can you (even if you have done so in the past) post the Model of
>> your computer here (along with general specs like memory, hard drive
>> size, CPU speed and any external devices you have connected to it at
>> any time.)?
>
> Yes and I'm going to post the HiJackThis log here as well. Maybe
> someone will see something I don't.
>
> This PC was bought in Aug 2003 with WXP-Home/SP1. It's the a250n
> with a 2.60 Intel Pentium 4 processor, 512 MB of RAM & a 120 GB Western
> Digital HD. It has 2 burners and a floppy drive. We replaced the
> original CD-ROM with a better Sony. It also has read drives for
> flashcards, smart-media, an mmc drive and MSMS pro drive (I don't
> know what they are). It has an old HP printer that we update the
> drivers for and an old Epson Scanner. The HP camera has a flash card
> that goes into the flashcard reader on the front of the PC. The
> monitor is a ViewSonic about 6 months old.

Thanks - I used this information above! Check out the section right before
this one.


>> - Are you prepared and willing to restore your system to its
>> purchased state again - so it can be configured correctly from the
>> beginning and get only the software you need to maintain, protect
>> and use it properly/the way you desire installed?
>
> GOOD GRIEF YES!!!! :-)))

Good to know - we may be able to avoid it.


>> (You are likely going to need to do this, but you should
>> also know all the steps to go through in order to get it completely
>> updated and stay fully functional afterwards - which we will be more
>> able to provide if you answer all the other questions I have
>> completely.)

> I understand. Would you recommend that rather then try and get
> this Trojan off my PC?

No - clean up the trojan first - along with the steps I gave earlier in this
post - direct from the HP web pages. It is entirely possible that you won't
have to redo your system.

Having said that - if you do - I will help with that as much as I can if it
comes to it. If you have seen my list of things to protect your machine
before - find that and print it as well.. You should definitely begin using
the spyware immunization tools more!

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html


.

Relevant Pages

  • Re: Formating Windows XP
    ... Go to a computer supply store and buy a kit that cleans CDs and drives. ... > updates sorted before i go on the net looking for other AV programs right? ... >> Enable the firewall on your dial-up connection before connecting. ... >>>> Install Windows ...
    (microsoft.public.windowsxp.general)
  • Re: SP2 makes XP-Home/SP1 CD - TROJAN
    ... A machine that is working and can be restored to a working state byy a fresh install does not have a hardware issue - but a software/user issue. ... We never used Ghost before and are leery about trying it. ... There are 12 listed updates before you were to ever install SP2 onto that HP machine.. ... It also has read drives for flashcards, smart-media, an mmc drive and MSMS pro drive. ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Windows .Net Updates and SPs
    ... you'd unplug all USB keys (USB HDDs; Flash drives) before ... updating via AU or WU as the install process will seek and use the HDD ... usinbg an addon removable USB HDD, and after installing thgese updates, ...
    (microsoft.public.windowsxp.general)
  • Re: Glad to be back
    ... And of course these days DVD-R drives are commonplate, ... Solution was simple - Copy of Norton Ghost, ... Start with a clean install, just windows at first ...
    (uk.rec.models.rail)
  • Re: CD/RW & DVD Drives not responding
    ... Windows updates copy of XP). ... After discovering that the drives didn't work, ... So you did a clean install of XP to a different partition. ...
    (microsoft.public.windowsxp.hardware)