Re: Clarifying questions!
- From: nass <nass@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 13 Jan 2007 12:34:00 -0800
"Junior Junk" wrote:
"Gerry Cornell" wrote:
JJ
It is appreciated that you have a Sony Cybershot Digital Camera. I
imagine your digital camera came with a CD. The software, when
installed on your computer, enables you to download photographs from
the camera to the computer and to view. This is the software we are
referring to. It is named as Sony Cybershot in the Error Reports.
Uninstalling Sony Cybershot, as you now have done, should stop the
error. It is not to be confused with the suggestion in the Error
Report regarding deleting as this advice was specific to the running
of the application ( server) Sony Cybershot. This may need to be
followed up later, if the Error reappears when you reinstall Sony
Cybershot. The priority is to stop the multitude of errors. It is not
practical to resolve minor glitches in the way an application is
working against a background of so many errors.
I don't believe I downloaded any software to use my camera. I have been
using a third party photo album application (Photoshop Pro Photo Album). I
could not find how Sony Cybershot on the list of applications to uninstall.
I did enter the run cmd: net share Sony Cybershot /delete
The screen appeared to have a window flash up and close instantly.
Otherwise, no visible change.
So, please give me guidance on next steps for the step 3. (Sony Cybershot)
Was there a reason for the Microsoft Fax Service being installed? Did
you intend at some point intend to use it?
I do not intend to use it. I suspect it came installed on my computer.
Though, it is possible that I installed it in the past and do not recall
doing so. I certainly have no need of it at this time.
You have Norton Internet Security installed? What version? Has the
subscription expired?
At this point, I have run the Norton Removal tool. I have not reinstalled
Norton Internet Security.
How much RAM memory does your computer have? Right click on the My
Computer icon on your Desktop to get this information.
Dell Dimension XPS
Pentium 4 Processor 550 (3.4GHz)
2GB DDR2 SDRAM at 553MHz
System properties simply says 2.00 GB of RAM
Microsoft Windows XP (SP2)
At installation it was SP1a, therefore, this is what my XP CD has.
I downloaded SP2 online.
After attempting to complete step 3, I moved on to step 5. (Step 4 does not
require any action from me.)
Step 5 directed me a link where I downloaded and ran the Windows Live
OneCare Tool. (It would not open in Firefox and luckily I thought of trying
to access it via IE, which worked.)
It found 1 medium risk that Windows Live OneCare was unable to clean.
http://safety.live.com/site/en-US/virusenc/VirusEncInfo.htm?virusname=PowerRegScheduler
This was located in-
c:\recycler\s-1-5-21-15916 83429-1095659703-1588970106-1006\dc233.exe
It found 1 low risk Windows Live OneCare was unable to clean.
http://safety.live.com/site/en-US/virusenc/VirusEncInfo.htm?virusname=Exploit%3aJS%2fIframeBOShell
This was located in-
c:\documents and settings\all users\application data\symantec\norton
antivirus\quarantine\09 Ia4f5f (cryptff)\(utf-161e)\(scri pt0000)
I allowed Windows Live OneCare to defragment the harddrive. (This is
ongoing.)
Hi JJ,
1 = First try to delete all Temporary Files from your browser as indicated
by Gerry, delete any folders under this path;
C:\Documents and Settings\JuniorJunk\User data =
C:\Windows\Temp\Temporary Internet Files =
[&] GFHHHTT
[&] XVNKLOp
[&] YTRSM~ something like this will be, that was an example for the Temp
folders delete them by SHIFT+DELETE to pass the Recycle Bin, then download
this tool and pin point these entries for the DC233.exe or dll also for the
CLSID {CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0} this a bad malware trying to
install itself at startup evry time you start your computer and check the
boxes in front of it and click delete.
http://www.purgeie.com/delinv/index.htm
Also download the HijackThis from the links below and run it, then remove
any bad entries
will be found by this file.
Be careful with what you delete if you are n't sure let us know and we will
tell if it is right to delete,
it can be cumbersome if you delete something belonging to the system!.
Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
You can also send the report to one of the above forums for analysis.
Then run a scan by the adaware and spybot to be sure all clean.
For step 3 and 4 The discussion was abut the malware/virus you have and how
to remove them and the running processor on your computer by the way while we
at it try to disable this Process DC233.exe and any suspicious process
running to not hinder the scan when you try.
Also open the Run Command and type in:
regedit.exe click [OK] and locate this keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run =
Look for the running processor in the Right Pane/Window remove the
suspicious ones from starting.
also on this Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run=
The same as above remove any bad running process for these Viruses.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0
= what there?.
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ what there runing?.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services
HKEY_LOCAL_MACHINE\System\ControlSet\Services = What running there?.
HKEY_USERS\ S-1-5-21-2482556158-367380603-2490717038-1009\software\ what
software is there?.
After knowing what there and deleting the well known to you and post what
you are not sure about? in your next post.
Also double click or open the Windows Explorer and locate these paths:
C:\Windows = what you can see if there is a bad entry to to delete it.
C:\Windows\System32\DC233.exe or something with funny name post it back
here or you can search the net for it on MSN.
C:\Program Files\Secure32.html or similar entries see what there?.
C:\Windows\Web = what there.
C:\Documents and Settings\JuniorJunk\ApplicationData what there?.
Then try to disable the add-ons which created by these viruses even better
if you removed them by doing the following:
Click Start >> Double click Control Pane >> Double Click Network and
Internet Connections >> Double click Internet Options.
On the IE Properties and click on Advanced Tab and scroll down under this
option the uncheck it:
[&] Browsing
[ ] Enable third-party browser extensions (requ res) uncheck this
Click on Programs Tab then Manage Add-Ons and see what there, disable Non
Verified ones click [OK] to close the IE properties then Reboot your machine.
Here the link again if you want to compare the entries to know where is the
virus hidding, don't forget the Virus/malware can take any name to hide from
the Anti-virus detection.
7= MsiInstaller then Paint shop with the clsid=
{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t72247.html
Now when I said installing the PaintShop I meant after the system got stable
and there are no more Error messages, but did you uninstalled it and other
corrupted applications.
Disable any shares you have on your computer and delete the Cybershot folder
created for your camera but be sure there aren't any data, photo you want to
keep, then scan them when you put them back in the future!.
About the Tea Timer mode you be represented with it on the installation of
Spybot so don't select it is a pain and can hinder scanning and registry
editing so don't run the spybot in tea timer mode please.
Try to download the Stinger from mcafee and run it, you can download it on a
floppy or cd from here:
http://vil.nai.com/vil/stinger/
or avast scanner from here:
http://www.avast.com
If all gone okay try to install the NIS and get the update and run a scan.
Then look in the event viewer for any error messages and see what is causing
it and post it here but no a lengthy one just samples ;-).
HTH.
Please let us know your progress.
Good luck.
Regards,
nass
.
- References:
- Re: bad_pool_header Blue Screen Upon Start Up
- From: Gerry Cornell
- Re: bad_pool_header Blue Screen Upon Start Up
- From: nass
- Re: bad_pool_header Blue Screen Upon Start Up
- From: Gerry Cornell
- Re: bad_pool_header Blue Screen Upon Start Up
- From: nass
- Re: bad_pool_header Blue Screen Upon Start Up
- From: Gerry Cornell
- Re: bad_pool_header Blue Screen Upon Start Up
- From: nass
- Re: bad_pool_header Blue Screen Upon Start Up
- From: Gerry Cornell
- System Log, January 9
- From: Junior Junk
- RE: System Log, January 9
- From: nass
- Clarifying questions!
- From: Junior Junk
- RE: Clarifying questions!
- From: nass
- Re: Clarifying questions!
- From: Gerry Cornell
- Re: Clarifying questions!
- From: Junior Junk
- Re: bad_pool_header Blue Screen Upon Start Up
- Prev by Date: Re: XP pro - fails to open systemproperties
- Next by Date: Re: Start menu MFU list
- Previous by thread: Re: Clarifying questions!
- Next by thread: Re: System Log, January 9
- Index(es):
Relevant Pages
|
