Re: Since January 18th, no high-priority updates...

Dear Bear

I'm so happy right now that I felt like answering to your posts (didn't know
about
the last one).
Actually my automatic updates are downloading the new Microsoft patches
release.
Before this I tried my Microsoft update and it also downloads them, so I
cancelled it and let the automatic updates to do the job.
After all, you were right when you said the next release of Microsoft
patches were ment to be on February 14th.
I had seen yesterday this post of Mike's in castlecops, but something inside
me was insisting to wait until February 14th to see if my Windows Update was
out of order or not.
Also, same inside voice insists that nothing happens with my hard drive.
I have lived a long time with hackers attacking my previous p/c and all the
symptoms I describe here happenned there too and were due to trojans.
I was erasing for instance klej (? do not remeber the exact name and cannot
access my previous hard drive) and next day something else was intruding.
I visited several antispyware pages now, and even Netscape's new antispyware
scan made me think that I suffered first all trojans' tortures until software
companies to discover them and include their definitions to their protection.
Any way, I was somehow encouraged when I found this Trojandownloader. It's
always better to see your ennemy than to suspect his existence.

Thanks

"PA Bear" wrote:

The crap NIS 2006 left behind /is/ the problem. Doesn't matter if you don't
want to install it again.

After running SymNRT and SymCLN:

1. Reinstall 5.6 Scripting Engine
http://msdn.microsoft.com/library/default.asp?url=/downloads/list/webdev.asp

2. See
http://castlecops.com/t106642-How_To_Fix_Windows_Update_BITS_Newly_Edited.html

What do you mean about the warranty?

Just what I said after that: You may in fact have a lemon on your hands (a
faulty hard-drive), given all of your symptoms.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org

E. T. wrote:
Since I do not intend to install NIS 2006 again, I thought it does not
matter if I will not run SymNRT, but I may as well do it now.
I checked about what you say (time of the Automatic Updates) and changed
it into a time that I arranged my p/c was open and I was following if any
updates would arrive. Nothing happenned.
After the antivirus scans I did as above, I installed, updated and ran
cwshredder and found nothing.
Installed, updated and ran Ad-aware free version and found 13 tracking
cookies and a Microgaming problem in the registry (dialer?). I had
Ad-aware disinfect them all.
I installed, updated and ran Spybot Search and destroy and found 23
cookies which it fixed.
After all that, I ran my newly obtained Netscape 8 full antispywear scan
and found one Trojan Downloader.Java.Ope which it erased.
I'll do and all the rest I have of instructions about spyware.
What do you mean about the warranty?

"PA Bear" wrote:
In the first 10 days I had NIS 2006 of the new p/c stopping ALL
programs of it from functionning through successive security alerts.
I uninstalled NIS 2006...

There's more to do to get rid of everything NIS 2006-related than just
uninstalling it. At the very least, I would run SymNRT
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039)
and SymCLN
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039).

Symantec NAV, NIS, NSW Removal
http://basconotw.mvps.org/SymRem.htm

Thursday, 2 February 2006 Windows Update Agent Unable to Connect:
Windows is unable to connect to the automatic updates service and
therefore cannot download and install updates according to the set
schedule.

At what time do you have Automatic Updates scheduled to check for
updates, ET? Is the machine running and connected to the internet at
this time?

How to configure and use Automatic Updates in Windows XP:
http://support.microsoft.com/?kbid=306525

How to schedule automatic updates in WinXP, Win2K and Win2K03
http://support.microsoft.com/?kbid=327838

Given your other symptoms, I'd most definitely run a thorough check for
hijackware. See my previous reply.

Oh, and keep your warranty handy. You just might have a lemon on your
hands.
--
E. T. wrote:
I found this extract in my p/c's error log:

Thursday, 2 February 2006 Windows Update Agent Unable to Connect:
Windows is unable to connect to the automatic updates service and
therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Friday, 10 February 2006 Windows Update Agent Unable to Connect:
Windows is unable to connect to the automatic updates service and
therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

As per the yellow instructions:
I achieved to finish Panda scan with IE, it found just 45 cookies
(spywear) which I erased manually, scanned again and was found clean.
When I tried to do Kapersky scan my Windows denied access to their
active x control, cause they were "unknown" to them. Did not insist.
I tried Symantec's scan but could only finish security check (I
downloaded Netscape 8 for this) and was found safe.
With IE it's impossible to achieve any Symantec's scan, it downloads
for ever the program and viruses definitions, or starts scanning and
stops for ever somewhere in the beginning of it.
This was routine with my previous p/c also.
Symantec does not support virus check with Firefox (which is a bit
safer browser than IE), and Netscape is compatible only with their
security scan. I tried a million times to scan with Trend Micro,
through IE and Firefox, I had this error log:

Sunday, 12 February 2006 Applicatio n Error Faulting application
firefox.exe, version 1.8.20060.11112, faulting module firefox.exe,
version
1.8.20060.11112, fault address 0x002af689.
Sunday, 12 February 2006 Applicatio n Error Faulting application
getmac.exe, version 0.0.0.0, faulting module getmac.exe, version
0.0.0.0, fault address 0x00001aad.
Sunday, 12 February 2006 DrWatson The application, C:\Documents and
Settings\expert\.housecall\get Mac.exe, generated an application
error The error occurred on 02/12/2006 @ 10:06:59.765 The exception
generated was c0000005 at address 00401AAD (getMac)
Sunday, 12 February 2006 Applicatio n Error Faulting application
getmac.exe, version 0.0.0.0, faulting module getmac.exe, version
0.0.0.0, fault address 0x00001aad.
Sunday, 12 February 2006 Applicatio n Error Fault bucket 266101529.
Sunday, 12 February 2006 DrWatson The application, C:\Documents and
Settings\expert\.housecall\get Mac.exe, generated an application
error The error occurred on 02/12/2006 @ 10:11:49.421 The exception
generated was c0000005 at address 00401AAD (getMac)
Sunday, 12 February 2006 Applicatio n Error Faulting application
getmac.exe, version 0.0.0.0, faulting module getmac.exe, version
0.0.0.0, fault address 0x00001aad.
Sunday, 12 February 2006 Applicatio n Error Fault bucket 266101529.
Sunday, 12 February 2006 DrWatson The application, C:\Documents and
Settings\expert\.housecall\get Mac.exe, generated an application
error The error occurred on 02/12/2006 @ 10:24:15.281 The exception
generated was c0000005 at address 00401AAD (getMac)
Sunday, 12 February 2006 Applicatio n Error Faulting application
getmac.exe, version 0.0.0.0, faulting module getmac.exe, version
0.0.0.0, fault address 0x00001aad.
Sunday, 12 February 2006 Applicatio n Error Fault bucket 266101529.
Sunday, 12 February 2006 DrWatson The application, C:\Documents and
Settings\expert\.housecall\get Mac.exe, generated an application
error The error occurred on 02/12/2006 @ 10:38:43.953 The exception
generated was c0000005 at address 00401AAD (getMac)
Sunday, 12 February 2006 Applicatio n Error Faulting application
getmac.exe, version 0.0.0.0, faulting module getmac.exe, version
0.0.0.0, fault address 0x00001aad.
Sunday, 12 February 2006 DrWatson The application, C:\Documents and
Settings\expert\.housecall\get Mac.exe, generated an application
error The error occurred on 02/12/2006 @ 20:23:45.140 The exception
generated was c0000005 at address 00401AAD (getMac)

...and a serious error report of Windows:

Sunday, 12 February 2006 System Error Error code 100000d1, parameter1
00000018, parameter2 00000002, parameter3 00000000, parameter4
f7d08393.

A short blackout and the announcement "Windows just recovered from a
serious system error..., please inform Microsoft about this..."
which I did and saw a screen saying "unfortunately we do not know
the reason of this problem, we investigate..., please contact your
p/c's vendor etc... etc."
A similar event happenned when I had the NIS 2006 successive security
alerts problem (EACH AND EVERY program of my system was stopped by
them, dial-up, IE, LiveUpdate, NIS full scan, could not do anything
practically than restore, was happy to discover at least this as
didn't know it existed). Now my p/c works again as if anything
happenned.
The situation that led to my previous p/c's crash and is continuing
with the new one is: someone puts trojans in my system and then
doesn't let me to scan for to detect or remove them, prevents me
from doing anything useful (to work for money, to visit places that I
could inform about it or find solutions), corrupts my system's parts
as cd-rom driver, printer and fdd (the ones of previous system were
totally out of order a year before the crash), so that I could not
install any security systems from a cd-rom, or save logs for to send
them somewhere from
outside, etc etc.
If I try to scan or erase their trojans as on January with the first
event, or now, they show up their strength with a temporarily black
out, so that I'll be afraid they'll ruin the new p/c too if I try to
erase their malicious programs.
I'm not rich, the second p/c I owe it and will take a couple of years
for to pay it off.
Now I managed to finish Trend Micro scan with Netscape, All time step
3 (listing and removing...) was accomplishing, my p/c was passing
monentarily to dos mode (black screen and a white cursor top left) and
when it finished my connection was dropped and I reconnected. I was
found clean but, under those circumstances no scan is trustworthy, I
believe.
I forgot to say I have no access to my safe mode through pressing F8
when I start or restart (for to scan and correct anything possible
from there). My p/c enters automatically to Windows no matter if I
try 1000000 times to access safe mode.
Is there any way to access safe mode from dos?
And a way to enter dos?

"E. T." wrote:
I had my previous p/c crashed because of hacking (7 years of BIG
problems) and I bought a new one a month ago.
In the first 10 days I had NIS 2006 of the new p/c stopping ALL
programs of it from functionning through successive security alerts.
I uninstalled NIS 2006, restored Windows to their activation date,
installed NOD32 and updated it
fully.
Though now it seems averything functions alright (for instance,
malicious softwear removal tool of Windows finds nothing suspicious
in my system),
the Windows clock changes very often (every one or two days) it
shows either one or seven hours earlier or later than the actual
time. Or half an hour, it is never the same.
Today I tried to download a 30 days trial translation-memory program
that made VERY much time to complete and then when I tried to ask
for a validation code from the company, I saw a mail delivery
failure in my inbox, proving that I sent
to their server a mail to an uhknown receiver that failed to be
delivered.
I did not send anything, of course.
I will visit the page you say, but this is a war I've fought for too
long and I'm not very optimistic about the end.

"Jupiter Jones [MVP]" wrote:
Your clock changing is often the result of a low BIOS battery.
It is usually a CR2032, relatively easy and quick to replace on
desktop computers.
Exactly what happens with the clock?

Follow the yellow section on this page to help be sure there are
no viruses, spyware or other malware involved:
http://www3.telus.net/dandemar/slowcom.htm
--
"E. T." <ET@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:52FE93B0-1EAA-476B-A86D-FF14F858E994@xxxxxxxxxxxxxxxx
Yes, I have 905915.
But since Microsoft says to visit at least once a week its
update page and because I have other problems in my p/c (my
clock changes very often and I must correct it, for instance
and I'm afraid about some trojan, also), I worried about this,
too.

Thank you


.