Re: How to reinstall ...
- From: Speedy <Speedy@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 5 Apr 2005 23:55:02 -0700
Dear Chuck, thanks for your most comprehensive answer. I appologise for an
error in my original post, it is SVCHOST, not SVHOST.
Having said that, I had to use winsockxpfix once to restore my internet
connection most probalby after malware removal. I have Adaware, Spybot, MS
antispy and Spysweeper on top of Norton antivirus.
I will run through your list of things to check things again fully. I
appreciate the order of these tools is important.
Just a question, to ensure one has a clean version of SVCHOST and related
network stuff (I believe there are a number of DLL's) how would one do that?
Best regards,
Speedy
"Chuck" wrote:
> On Mon, 4 Apr 2005 23:37:01 -0700, Speedy <Speedy@xxxxxxxxxxxxxxxxxxxxxxxxx>
> wrote:
>
> >I would like to know how to re install the networking key components on an
> >Windows XP Home system. I am experiencing "funnies" with svhost and the
> >related DLL in that when I shutdown I get an error message cannot write to
> >memory location ... Program SVHOST.
> >
> >Other funny I appear to send data out but none is coming back in. I have
> >Zone Alarm Pro and this has been set up no to filter the trusted zone at the
> >moment.
> >
> >I have run the Windows repair routine but this ssems to create more
> >confusion than remedy anything.
> >
> >Which are the critical networking files, programs etc. ?
> >
> >Thanks for your assistnace.
> >
> >Speedy
>
> Speedy,
>
> Is the name of the problem program "SVHOST"? Do a Google or Yahoo search on
> that exact name.
>
> How current is your virus protection? Try one or more of these free online
> virus scans, which should complement your current protection:
> <http://www.bitdefender.com/scan/license.php>
> <http://www.pandasoftware.com/activescan>
> <http://www.ravantivirus.com/scan/>
> <http://security.symantec.com/ssc/home.asp>
> <http://housecall.trendmicro.com/housecall/start_corp.asp>
>
> Now check for, and learn to defend against, non-viral malware.
>
> Start by downloading each of the following additional free tools - and download
> each individual product from each link as listed:
> AdAware <http://www.lavasoftusa.com/>
> CWShredder <http://www.intermute.com/spysubtract/cwshredder_download.html>
> HijackThis <http://www.tomcoyote.com/hjt/>
> LSP-Fix <http://www.cexx.org/lspfix.htm>
> WinsockXPFix <http://www.spychecker.com/program/winsockxpfix.html>
> Spybot S&D <http://www.safer-networking.org/index.php?page=download>
> Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>
> TrendMicro Sysclean <http://www.ik-cs.com/got-a-virus.htm>
>
> Create a separate folder for HijackThis, such as C:\HijackThis - copy the
> downloaded file there. Create a separate folder for the TrendMicro files, such
> as C:\TrendMicro - copy the downloaded files there (unzipped if necessary).
> AdAware, CWShredder, and Spybot S&D have install routines - run them. The other
> downloaded programs can be copied into, and run from, any convenient folder.
>
> First, close all Internet Explorer and Outlook windows.
>
> Run Stinger. Have it remove all problems found.
>
> Run CWShredder. Have it fix all problems found.
>
> Empty your temporary files folders:
> - "C:\WINDOWS\Temp"
> - "C:\Documents and Settings\(Username)\Local Settings\Temporary Internet
> Files".
>
> Next, disable System Restore.
> <http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm>
> Boot your computer into Safe Mode.
> http://support.microsoft.com/?id=315222
> Run SysClean per instructions. Delete any infections found. Reboot your
> computer, and re enable System Restore.
>
> Next, run AdAware. First update it, configure for full scan
> (<http://forums.spywareinfo.com/index.php?showtopic=11150>), then scan. When
> scanning finishes, remove all Critical Objects found.
>
> Next, run Spybot S&D. First update it, then run a scan. Trust Spybot, and
> delete everything ("Fix Problems") that is displayed in Red.
>
> Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
> HJT Log.
> <http://forums.spywareinfo.com/index.php?showtopic=227>
>
> Finally, have your HJT log interpreted by experts at one or more of the
> following security forums (and please post a link to your forum posts, here):
> Aumha: <http://forum.aumha.org/index.php>
> Net-Integration: <http://forums.net-integration.net/>
> Spyware Info: <http://forums.spywareinfo.com/>
> Spyware Warrior: <http://spywarewarrior.com/index.php>
> Tom Coyote: <http://forums.tomcoyote.org/>
>
> If removal of any spyware affects your ability to access the internet (some
> spyware builds itself into the network software, and its removal may damage your
> network), run LSP-Fix and / or WinsockXPFIx.
>
> Finally, improve your chances for the future.
>
> Harden your browser. There are various websites which will check for
> vulnerabilities, here are three which I use.
> http://www.jasons-toolbox.com/BrowserSecurity/
> http://bcheck.scanit.be/bcheck/
> https://testzone.secunia.com/browser_checker/
>
> Consider using an alternative browser, like Firefox, for the majority of your
> browsing activities.
> <http://www.spreadfirefox.com/?q=affiliates&id=4507&t=61>
>
> Block Internet Explorer ActiveX scripting from dangerous websites (Restricted
> Zone).
> <https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)
>
> Block known dangerous scripts from running.
> <http://www.javacoolsoftware.com/spywareblaster.html>
>
> Block known spyware from installing.
> <http://www.javacoolsoftware.com/spywareguard.html>
>
> Make sure that the spyware detection / protection products that you use are
> reliable:
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> Harden your operating system. Check at least monthly for security updates.
> http://windowsupdate.microsoft.com/
>
> Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
> use:
> http://www.accs-net.com/hosts/get_hosts.html
> http://www.mvps.org/winhelp2002/hosts.htm
> (The third is included, and updated, with Spybot (see above)).
>
> Maintain your Hosts file (merge / eliminate duplicate entries) with:
> eDexter <http://www.accs-net.com/hosts/get_hosts.html>
> Hostess <http://accs-net.com/hostess/>
>
> Secure your operating system, and applications. Don't use, or leave activated,
> any accounts with names or passwords with trivial (guessable) values. Don't use
> an account with administrative authority, except when you're intentionally doing
> administrative tasks.
>
> Use common sense. Yours. Don't install software based upon advice from unknown
> sources. Don't install free software, without researching it carefully. Don't
> open email unless you know who it's from, and how and why it was sent.
>
> Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
> various web pages that discuss security problems. Check the logs from the
> security products that you use regularly, look for things that don't belong, and
> take action when necessary.
>
> How did I get infected in the first place?
> http://forums.net-integration.net/index.php?showtopic=3051
> Essential tips for infection prevention
> http://forums.spywareinfo.com/index.php?showtopic=24339
> http://www1.spywareinfo.com/articles/hijacked/prevent.php
>
> --
> Cheers,
> Chuck
> Paranoia comes from experience - and is not necessarily a bad thing.
> My email is AT DOT
> actual address pchuck sonic net.
>
.
- Follow-Ups:
- Re: How to reinstall ...
- From: Chuck
- Re: How to reinstall ...
- References:
- How to reinstall ...
- From: Speedy
- Re: How to reinstall ...
- From: Chuck
- How to reinstall ...
- Prev by Date: Re: ?? MAC ADDRESS SPOOFING ???
- Next by Date: Internet Connection
- Previous by thread: Re: How to reinstall ...
- Next by thread: Re: How to reinstall ...
- Index(es):
Relevant Pages
|
