The Gateway I was working on on Monday is working fine. That poor machine was loaded with problems and after four or five hours of work it seems to be running fine. The hardest part was removing Zone Alarm from the system (which is not completely gone yet). I was in the registry deleting. I removed half a dozen files relating to Zone Alarm. I searched and searched some more and could not find anything else to delete. I decided to try installing Zone Alarm again - no - did not work - got the same error "Validation failed for C:\WINDOWS\SYSTEM\VSINIT.DLL". Since the machine was hooked up to my DSL connection -sitting there online waiting to get infected I found a way around the Zone Alarm issue (see -- Monday, December 19, 2005), I was able to install Outpost Personal Firewall. Sure, it's a trial version but it will keep the "bad guys" out for 30 days!! Beyond that, the machine is running smoothly! The client will be more than happy!
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
In regards to Windows 98 - CRX model. Last night I connected the machine to my phone line, booted and noticed Net Zero on the desktop. Guessing that this was the service the client was using to "try" to get online I ran the application. Once I got to the final screen and was about to attempt a login to the network - CRASH!!!! The machine reset itself!! I waited calmly. The monitor screen remained black, the only words on it told me that the monitor was working but to check the cable. I knew that the cable wasn't the issue! I tried rebooting - not a chance!!! The poor machine lie dead in my shop, the fans humming but not boot beeps, nor sound of the hard drive. I unplugged the machine and sat dowh to think.
Did the hard drive just die?? Should I try another monitor? Do I really have to remove hardware one piece at a time until I figure out what is causing this death?? If so, the first piece I will look at is the modem! It was clinking and clanking around in the tower. Maybe it's causing the system not to boot. That would be okay! I would simply replace the modem. But, if it is the hard drive or something else?? I don't think that this client wants to put much money into this old computer. At this point we are looking at about $100. You start adding hardware plus my time and soon you could buy a new computer!!
Hopefully I will pull the machine apart, take out the modem and the machine will boot! If not, it's time to call the client!
I'll try to keep you posted!
Tuesday, December 27, 2005
Friday, December 23, 2005
Thursday, December 22, 2005
The Subject: Windows 98, a machine that has passed through many hands. It’s a CRX brand computer; ancient, dusty and probably really messed up.
The Problem: As vague as, “I think that it can’t get on the Internet?” and “The mouse doesn’t work right.”
I looked down at the back of the machine to see what kind of network connection was there and I noticed something quite peculiar. There wasn’t a modem attached. Oh, there was a space where a modem once rested and functioned properly but apparently the modem got pushed inside the tower and slid around every time someone moved the case.
I sat the computer down in my shop. I moved the red toolbox a bit closer and began to look towards the gray beast of a machine for some sign of how to open it up. I saw a few screw-looking things in the back but noticed that they were not screws. They were more like rivets. In other words, they would not come out with a mere screwdriver.
I began to poke at the top of the case. I looked at the front. I closely examined the sides to try to get some clue as to how it opened. Finally, I pried the front plastic piece off and noticed six screws holding the sides of the tower on. I removed three; slid the metal cover off to see the poor modem lying there in the dust. I picked it up (the modem) and slid it back into place, grabbed a screw from the toolbox, secured it and reassemble the tower.
I booted the machine; it was quiet compared to the one I worked on yesterday. It loaded fine. First thing, ran msconfig. Nothing jumped out at me. I installed Spybot Search & Destroy, updated the definitions file and ran it.
The results are in: 42 problems found in 19:24 minutes – all removed.
Some of the problems found: Advertising.com, Alexa Related, Avenue A, Inc., Bfast, Bluemoutain, ClickAgents, Commission Junction, DoubleClick, Engage, Inc., Enliven, Excite, FastClick, Flycast, HitBox, HitsLink, MediaPlex, PornTracker, SexTracker, TargetNet, ValueClick, and WebTrendsLive.
I ran msconfig and removed some unnecessary startup items. Rebooted. Edited the startup menu - shows a significant decrease in startup time! I will run a defrag too. Just to speed things up. 1% Complete ………..3% Complete……………………..4% Complete……………………………………………………5% Complete……………oh, never mind. I could go on like that for quite a while.
It’s 11:07 and defrag is at 10%
The Problem: As vague as, “I think that it can’t get on the Internet?” and “The mouse doesn’t work right.”
I looked down at the back of the machine to see what kind of network connection was there and I noticed something quite peculiar. There wasn’t a modem attached. Oh, there was a space where a modem once rested and functioned properly but apparently the modem got pushed inside the tower and slid around every time someone moved the case.
I sat the computer down in my shop. I moved the red toolbox a bit closer and began to look towards the gray beast of a machine for some sign of how to open it up. I saw a few screw-looking things in the back but noticed that they were not screws. They were more like rivets. In other words, they would not come out with a mere screwdriver.
I began to poke at the top of the case. I looked at the front. I closely examined the sides to try to get some clue as to how it opened. Finally, I pried the front plastic piece off and noticed six screws holding the sides of the tower on. I removed three; slid the metal cover off to see the poor modem lying there in the dust. I picked it up (the modem) and slid it back into place, grabbed a screw from the toolbox, secured it and reassemble the tower.
I booted the machine; it was quiet compared to the one I worked on yesterday. It loaded fine. First thing, ran msconfig. Nothing jumped out at me. I installed Spybot Search & Destroy, updated the definitions file and ran it.
The results are in: 42 problems found in 19:24 minutes – all removed.
Some of the problems found: Advertising.com, Alexa Related, Avenue A, Inc., Bfast, Bluemoutain, ClickAgents, Commission Junction, DoubleClick, Engage, Inc., Enliven, Excite, FastClick, Flycast, HitBox, HitsLink, MediaPlex, PornTracker, SexTracker, TargetNet, ValueClick, and WebTrendsLive.
I ran msconfig and removed some unnecessary startup items. Rebooted. Edited the startup menu - shows a significant decrease in startup time! I will run a defrag too. Just to speed things up. 1% Complete ………..3% Complete……………………..4% Complete……………………………………………………5% Complete……………oh, never mind. I could go on like that for quite a while.
It’s 11:07 and defrag is at 10%
Thursday, December 22, 2005
Monday, December 19, 2005
11:35 pm
I just finished with the Dell Laptop. Here is what I did to complete the job: Reinstalled OS and drivers. Installed AVG AntiVirus, Microsoft AntiSpy, Zone Alarm, SpyBot Search & Destroy, Updated Windows to SP2 and installed all other security patches and fixes. Turned on Windows Update. Installed Microsoft Office, QuickBooks (and imported the client’s data) and the Internet Connection software and all is well. It’s like a brand new computer just out of the box
Now I am in my basement in working on this old Gateway I picked up tonight. First impressions, what a piece of crap! I just booted, popped in a cd full of helpful goodies and attempted to run AdAware when suddenly that old familiar blue screen jolted me. InCd crashed! This is Windows 98, supect: loaded with spyware and/or adware.
I'm letting it run through a quick disk check after the abrupt shutdown. By the way, between the buzz of this laptop and the hum of the extra-large pc sitting on the table to my left sounds like an airplane heading straight for my head.
Windows is booting - "Validation failed for C:\WINDOWS\SYSTEM\VSINIT.DLL" - click ok to cancel. I'll try Ad-Aware again -found 4 New Critical objects. I noticed, running in the system tray was the icon for 180 Search Assistant.
Scan is complete 259 - could not remove 4 and guess who they belong
to, 180 Search Assistant. Ad-Aware reported that on reboot it would remove the 4 infected files. I am running SpyBot Search & Destroy right now. So far no problems reported. Spybot is checking against a list of 32,660 posible known threats. It's 11:51 pm
11:58 PM
SpyBot has hit the motherload. Here is what has been found:
Alexa Related, 180Solutions.SearchAssisant, CoolWWWSearch. WinPro.32, DyFuCA.Internet Optimizer, Huntbar, n-Case, WildTangent, RealDownloadExpress, NewDotNet, MyWay.MyWebSearch, ISearchTech.YSB, ISTech.PowerScan, GoldenPalace.Casino, GAIN.Gator, FunWeb Products, EffectiveBandToolbar and maybe a few that I missed to jot down - 69 problems reported.
12:03 am - 12:08: 69 problems removed.
Installing AVG AntiVirus....Rebooting...No Viruses found during AVG's boot scan.
AdAware is checking the system right now. I don't think that AdAware will find much. Spybot just cleaned it out.
If I could install Microsoft AntiSpy (doesn't run on Win98) I could seal the deal. Actually, HiJackThis followed by a clean bill of health by AVG. Okay, nothing found by AdAware - E Trust EZ Firewall error - OK to cancel.
1 Virus spotted - 12:22 AM - Trojan horse Downloader.Generic.ML location -- C:\NULL (file name NULL)
This computer is so loud!! 2nd virus found - Trojan horse Dropper.Exebind.W C:\Windows\System\in10bfs.dll - it's 12:27 AM I'm beginning to fall asleep. 2 more viruses found these two are stored in C:\Windows\TEMP folder. There are two versions of Downoloader.Istbar - Downoloader.Istbar.CE and Downoloader.Istbar.AF
12:38 - another found: another Downloader.Istbar.9D, this one is sitting right there in My Documents.
We are up to a total of 5 viruses and I am going to bed....12:50 AM
Woke in the morning to find the computer stalled. AVG reports that the viruses had been removed. I rebooted and attempted to install Zone Alarm - error appears - "cannot validate C:\WINDOWS\SYSTEM\VSINIT.DLL" - an online search tells me that Zone Alarm needs to be uninstalled completely before it can be reinstalled.
Okay after much research I figured out what part of and possibly the entire problem might be. It appears that eTrust EZ Firewall might have link here been distributed Zone Alarm as part of it's software package. I found this article on how to uninstall Zone Alarm.
It seems like that is what needs to be done. Since I know that the client did not backup the files I will call her and tell her that I need to edit the regristry and there is always a chance that something undesirable could happen. I always think of a computer being somewhat delicate after being "beat up" in the process of extracting lots of files that don't want to go away. Either way, I will end up backing up the data but I really wish that people would at the very least know the how and why of backing up data. It only takes one data loss for a person to "learn the lesson".
I just finished with the Dell Laptop. Here is what I did to complete the job: Reinstalled OS and drivers. Installed AVG AntiVirus, Microsoft AntiSpy, Zone Alarm, SpyBot Search & Destroy, Updated Windows to SP2 and installed all other security patches and fixes. Turned on Windows Update. Installed Microsoft Office, QuickBooks (and imported the client’s data) and the Internet Connection software and all is well. It’s like a brand new computer just out of the box
Now I am in my basement in working on this old Gateway I picked up tonight. First impressions, what a piece of crap! I just booted, popped in a cd full of helpful goodies and attempted to run AdAware when suddenly that old familiar blue screen jolted me. InCd crashed! This is Windows 98, supect: loaded with spyware and/or adware.
I'm letting it run through a quick disk check after the abrupt shutdown. By the way, between the buzz of this laptop and the hum of the extra-large pc sitting on the table to my left sounds like an airplane heading straight for my head.
Windows is booting - "Validation failed for C:\WINDOWS\SYSTEM\VSINIT.DLL" - click ok to cancel. I'll try Ad-Aware again -found 4 New Critical objects. I noticed, running in the system tray was the icon for 180 Search Assistant.
Scan is complete 259 - could not remove 4 and guess who they belong
to, 180 Search Assistant. Ad-Aware reported that on reboot it would remove the 4 infected files. I am running SpyBot Search & Destroy right now. So far no problems reported. Spybot is checking against a list of 32,660 posible known threats. It's 11:51 pm
11:58 PM
SpyBot has hit the motherload. Here is what has been found:
Alexa Related, 180Solutions.SearchAssisant, CoolWWWSearch. WinPro.32, DyFuCA.Internet Optimizer, Huntbar, n-Case, WildTangent, RealDownloadExpress, NewDotNet, MyWay.MyWebSearch, ISearchTech.YSB, ISTech.PowerScan, GoldenPalace.Casino, GAIN.Gator, FunWeb Products, EffectiveBandToolbar and maybe a few that I missed to jot down - 69 problems reported.
12:03 am - 12:08: 69 problems removed.
Installing AVG AntiVirus....Rebooting...No Viruses found during AVG's boot scan.
AdAware is checking the system right now. I don't think that AdAware will find much. Spybot just cleaned it out.
If I could install Microsoft AntiSpy (doesn't run on Win98) I could seal the deal. Actually, HiJackThis followed by a clean bill of health by AVG. Okay, nothing found by AdAware - E Trust EZ Firewall error - OK to cancel.
1 Virus spotted - 12:22 AM - Trojan horse Downloader.Generic.ML location -- C:\NULL (file name NULL)
This computer is so loud!! 2nd virus found - Trojan horse Dropper.Exebind.W C:\Windows\System\in10bfs.dll - it's 12:27 AM I'm beginning to fall asleep. 2 more viruses found these two are stored in C:\Windows\TEMP folder. There are two versions of Downoloader.Istbar - Downoloader.Istbar.CE and Downoloader.Istbar.AF
12:38 - another found: another Downloader.Istbar.9D, this one is sitting right there in My Documents.
We are up to a total of 5 viruses and I am going to bed....12:50 AM
Woke in the morning to find the computer stalled. AVG reports that the viruses had been removed. I rebooted and attempted to install Zone Alarm - error appears - "cannot validate C:\WINDOWS\SYSTEM\VSINIT.DLL" - an online search tells me that Zone Alarm needs to be uninstalled completely before it can be reinstalled.
Okay after much research I figured out what part of and possibly the entire problem might be. It appears that eTrust EZ Firewall might have link here been distributed Zone Alarm as part of it's software package. I found this article on how to uninstall Zone Alarm.
It seems like that is what needs to be done. Since I know that the client did not backup the files I will call her and tell her that I need to edit the regristry and there is always a chance that something undesirable could happen. I always think of a computer being somewhat delicate after being "beat up" in the process of extracting lots of files that don't want to go away. Either way, I will end up backing up the data but I really wish that people would at the very least know the how and why of backing up data. It only takes one data loss for a person to "learn the lesson".
Sunday, December 18, 2005
Saturday, December 17th, 2005
Yesterday I got a call. The problem: client could not open QuickBooks nor print from any application. The computer: Dell Inspiron 5100 - laptop, dialup connnection. No firewall running, AVG AntiVirus not updated, Windows running SP1 only!!!
I logged on under the default user - no password protection. After Windows came up I began to see SpyBot Search & Destroy warnings popping up stating that uwtrevuxuunh.exe was trying to add itself to the startup menu. A quick Google Search resulted in no information for that particular file. As I denied the action another would popup, each time changing locations as well as file name. The CRASH!!! - Memory Dump error – blue screen!!
I booted to safe mode using F8. I was able to log in under the admin account.
Started Microsoft AntiSpy – found 148 registry keys infected, 43 files and 19 different viruses, adware and spyware running. A few of the culprits were:
- Rbot
- Delfin.Media
- Adware.PEDev
- SdBot.tsecure worm
- 180Solutions Search Assistant
- Media Motor
- Ist.SideFind
- WebHancer
- Shop At Home
- Trojan.Startup.NameShifter.BT
Removed all of them.
Rebooted, same SpyBot warnings. Ran AVG AntiVirus – blue screen error - CRASH again!!! IRQL_NOT_LESS_OR_EQUAL was the specific error.
Rebooted to safe mode
Ran msconfig edited the startup menu - removed 3 entries
Ran AdAware found – 40 items
Ran SpyBot Search & Destroy - found 42 problems including registry settings to disable AntiVirus, Firewall, SP2, etc…rebooted
Ran in safe mode – removed Temp Internet Files, cookies and history
Ran AVG AntiVirus – no infections found
Turned on Automatic updates
Ran SpyBot again – found 10, removed 5, needed to reboot to remove others
Rebooted – SpyBot ran found 16 problems – removed 10
Rebooted – still getting errors
Rebooted – msconfig – removed 1 entry
Rebooted – blue screen
Last Known Good Config – rebooted – errors
Booted to safe mode installed updates for Ad-Aware and SpyBot
Ran AdAware – found 87 problems removed
Ran SpyBot – found 20 – removed 16 – 4 resident in memory must reboot
Rebooted – SpyBot ran found 6 problems removed 2 could not remove 4
Rebooted – Safe Mode – stalled
Rebooted – Safe Mode – tried to backup Quickbooks to ThumbDrive – failed
Rebooted to blue screen
Ran chkdsk /f – in safe mode found error rebooting to fix
Rebooted tried to run QuickBooks in safe mode – got blue screen
Rebooted – safe mode – ran QuickBooks – blue screen
Might have been able to backup QuickBooks to Thumb? but no way to verify data....
Rebooted several times more – blue screen
Booted to safe mode -
Ran QuickBooks - created a backup - was able to save to the Desktop and then drag the file to the thumbdrive!!!
Client is going to neighbor's house to install QuickBooks on their computer, then she will try to restore QuickBooks using the thumbdrive backup file. If this works and all data is current I will pickup the laptop and reinstall the OS. Four hours spent on this one so far. I will wait until tomorrow for the call. I hope the data is verified as the most current!!
I logged on under the default user - no password protection. After Windows came up I began to see SpyBot Search & Destroy warnings popping up stating that uwtrevuxuunh.exe was trying to add itself to the startup menu. A quick Google Search resulted in no information for that particular file. As I denied the action another would popup, each time changing locations as well as file name. The CRASH!!! - Memory Dump error – blue screen!!
I booted to safe mode using F8. I was able to log in under the admin account.
Started Microsoft AntiSpy – found 148 registry keys infected, 43 files and 19 different viruses, adware and spyware running. A few of the culprits were:
- Rbot
- Delfin.Media
- Adware.PEDev
- SdBot.tsecure worm
- 180Solutions Search Assistant
- Media Motor
- Ist.SideFind
- WebHancer
- Shop At Home
- Trojan.Startup.NameShifter.BT
Removed all of them.
Rebooted, same SpyBot warnings. Ran AVG AntiVirus – blue screen error - CRASH again!!! IRQL_NOT_LESS_OR_EQUAL was the specific error.
Rebooted to safe mode
Ran msconfig edited the startup menu - removed 3 entries
Ran AdAware found – 40 items
Ran SpyBot Search & Destroy - found 42 problems including registry settings to disable AntiVirus, Firewall, SP2, etc…rebooted
Ran in safe mode – removed Temp Internet Files, cookies and history
Ran AVG AntiVirus – no infections found
Turned on Automatic updates
Ran SpyBot again – found 10, removed 5, needed to reboot to remove others
Rebooted – SpyBot ran found 16 problems – removed 10
Rebooted – still getting errors
Rebooted – msconfig – removed 1 entry
Rebooted – blue screen
Last Known Good Config – rebooted – errors
Booted to safe mode installed updates for Ad-Aware and SpyBot
Ran AdAware – found 87 problems removed
Ran SpyBot – found 20 – removed 16 – 4 resident in memory must reboot
Rebooted – SpyBot ran found 6 problems removed 2 could not remove 4
Rebooted – Safe Mode – stalled
Rebooted – Safe Mode – tried to backup Quickbooks to ThumbDrive – failed
Rebooted to blue screen
Ran chkdsk /f – in safe mode found error rebooting to fix
Rebooted tried to run QuickBooks in safe mode – got blue screen
Rebooted – safe mode – ran QuickBooks – blue screen
Might have been able to backup QuickBooks to Thumb? but no way to verify data....
Rebooted several times more – blue screen
Booted to safe mode -
Ran QuickBooks - created a backup - was able to save to the Desktop and then drag the file to the thumbdrive!!!
Client is going to neighbor's house to install QuickBooks on their computer, then she will try to restore QuickBooks using the thumbdrive backup file. If this works and all data is current I will pickup the laptop and reinstall the OS. Four hours spent on this one so far. I will wait until tomorrow for the call. I hope the data is verified as the most current!!
Subscribe to:
Posts (Atom)
