Re: Service pack 2 killed my laptop

From: PA Bear (PABear_at_mvps.org)
Date: 09/27/04 

Date: Mon, 27 Sep 2004 16:17:39 -0400

My previous reply to this thread notwithstanding, in all likelihood the
install of SP2 has revealed 'malware' which remained hidden and buried in
SP1, Sam.

Dealing with Trojans & Hijackware

A. Trojans

1. Check in at Windows Update and install all critical updates & reboot.

2. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...

3. Update your virus definitions, enable Show Hidden Files
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV maker's
online support pages (e.g.,
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)
and follow *all* Removal steps, including editing the Registry if directed.

WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then:

    Disk Cleanup > More options > Delete all but the most recent Restore
Point.

B. Hijackware

Help with Hijackware (MS MVP sites all)
http://aumha.org/a/parasite.htm
   http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm

CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html

Run these tools in the following order with nothing else running in
background:

1. CWShredder v1.59.1 (no updates available currently; fix all found)

2. Ad-Aware SE (reconfigure per Post #2 in
http://aumha.org/forum/viewtopic.php?t=5877; fix all found)

3. Spybot (RTFM but generally fix everything in red)

Important: You must seek updates for Ad-Aware, Spybot, etc., before each and
every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(http://forum.aumha.org/downloads/hijackthis.zip) is the preferred tool to
use. It will help you to both identify and remove any hijackware/spyware.
**Post your files to http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**

[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]

So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957 

-- 
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP
WinXP SP2: What's New for Internet Explorer and Outlook Express
http://www.microsoft.com/windowsxp/sp2/ieoeoverview.mspx
What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx
AumHa Forums
http://forum.aumha.org
Sam Stein wrote:
> I too have an HP laptop (pavilion zt1000) with XP home edition which has
> been given me real problems since installing SP2.  I have generally had 
> more
> errors in the past few days since installation and two bigger problems 
> also
> immediately come to mind:
>
> - my IE browser now often locks up (?seemingly for Java-related reasons?)
>
> - if I put my laptop into "hibernate," I get errors when I try to start it
> up again and end up being forced to entirely restart the thing
>
> - I've also had more errors elsewhere which I cannot remember now
>
> From my end, it seems like something is not right with SP2 and I'm hoping
> for some sort of follow up.  Like SP2a or something.
>
> "Henry Timm" wrote:
>
>> Hi,
>> Since I can't seem to email microsoft my problem (love
>> how their network for email is always down), i'll try
>> posting my letter to them on this newsgroup... it is as
>> follows...
>>
>> Hello,
>>      I am writing about my laptop which is a HP Pavilion
>> ze5300.  After Service pack 2 was installed, i went
>> through and restarted the computer.  On reboot, the
>> computer has a limited time before it locks up.  During
>> the system check process, it says that the mouse driver
>> has an error... Further details i've been able to get is
>> that the touch pad for the laptop is causing a fatal
>> error and the computer appears to be locking itself down
>> because of the error or for protection.  I tried using a
>> window's installation disk to reformat the computer in
>> hopes of wiping the computer clean and having a clean
>> slate to load things back from.  This proved to be a
>> mistake as the laptop locked up during the
>> reinstallation.  So now i have a laptop that when powers
>> on, either locks up imediately before anything is even
>> displayed or it allows me some time to look at things
>> before it locks.  I've discovered that if i let the
>> laptop sit for an hour or so before turning it on that it
>> gives me limited time before it freezes.  I've already
>> tried booting from the cd, running recovery, booting over
>> a network i have set up in my home, and i've disconnected
>> any and all extra peripherials to the laptop in hopes of
>> isolating the problem.   Please help.  I assume i've
>> already lost or will loose all the data on the computer
>> as of right now regretably (school and buisness work and
>> music of around 60 giga bytes), but i just want the thing
>> to at least work and give me a basis to start loading
>> things back on.  I have quite a distaste after this
>> incident, when I followed every step that microsoft had
>> instructed me to do.  The laptop recieved the service
>> pack 2 from the auto update and i had checked to make
>> sure i had all the updates needed before that and i
>> regularly scan my computer for viruses and spyware as
>> well as use ad-aware se.  I am essentially without a
>> laptop now that had lots of information on it very very
>> valuable to me.   I am now with a thin box with buttons
>> and has flashing lights for all the time and effort i've
>> put forth into it because of the download of this service
>> pack.  Please tell me there is hope and that there is
>> something that can be done to fix this problem and at
>> least return my laptop to operational status again.  I do
>> know my way around computers fairly well but the solution
>> for this escapes me.  Please Help.  Thank you.
>>
>> Henry L. Timm
>> Email: h1timmboy@aol.com
>>
>>
>> HP Pavilion ze5300 (cto?)
>> 80 GB Hard Drive
>> 512 DDR Ram
>> Dvd - CD re writable drive
>> windows home edition