OT: Computer Troubles

Seth · December 14, 2003, 7:37pm

If anyone can help me with me computer I would be much obliged.

Here’s the deal, something got onto my computer, I run Windows XP. When I startup, at least one program that I didn’t put on the computer myself starts up. One of them is actually a spyware program, but I’m afraid to use it since I don’t know where it came from. There were some unidentified programs I found running in my task-manager which I stopped (I’m regularly in there and am certain I did not delete anything I wasn’t supposed to), and a few programs I found in the “Add/Remove” programs list in the control pannel which I also removed. Neither of these fixed the problem.

I no longer use IE because everytime I start it up now the homepage has been changed and porn fills the favorites list. I delete the favorites and reset the web settings, but alas, they’re changed back every time I rerun it. I regularly run Ad-Aware, a spyware finder/killer program. Ad-Aware can’t find anything malicious. My computer now processes at a molasses rate, yet my task manager says my CPU usage is only at 4%. The nail in the coffin is that I cannot run my search feature to try and find these programs manually.

I have run through the scope of my computer knowledge. Can anyone offer me some suggestions? I’m open to just backing up some key docs and programs and completely reformatting, but I’d like to try a less extreme method first.

Seth

Tony · December 14, 2003, 8:03pm

A while back, I let someone use my computer who accidentally accepted something from a pop-up window giving permission to install a spyware program to my system. Every time I logged on to the internet it would add more programs to my system. At random times windows would pop-up with invitations, chat windows and software installations. Like you, I was plagued with these files.
I tried several spyware removal programs without complete success (including Adaware which in itself is spyware) and nothing was able to cure the problem. From the group, SpySweeper was the best. Instead, I’ve installed a firewall program from Ontrack System Suite that blocks those offending programs/files. It’s not perfect as my machine hesitates when it’s blocking offending websites from entering, but it works.

Look for links or files from these offenders:
zestyfind.com
look2me.com
sa.windows.com
adsincontext.com

===========

Here’s a link to find out more from a major offender Betterinternet:
http://www.dslreports.com/forum/remark,8078303~root=security,1~mode=flat

Tony · December 14, 2003, 8:38pm

I’ll add… since it’s NOT a virus, virus sniffing software doesn’t work.

If you’re OK going into your registry you’ll have better luck as Adaware found the code but couldn’t remove it from my machine.

StewySmoot · December 14, 2003, 9:01pm

What you describe sounds familiar to Ncase. I had one of my users with the exact symptoms you describe. The start command is in the registry, etc…

Instructions for removing most spyware apps can be found at
http://www.pchell.com/support/spyware.shtml

PM me if you have specific questions…

AngeloMeola · December 14, 2003, 9:05pm

Give spybot search and destroy a try. You can get it from Cnet and it is free. Also install a host file. This lists offending url’s and redirects your browser to look for them on your own computer. All you get is a page cannot be found message. Since you cannot connect to the site, nothing can be downloaded.

elendil · December 14, 2003, 9:15pm

Here’s the deal, something got onto my computer, I run Windows XP.

I feel for ya, but it does remind me of the old gag: The box said “Requires Win95 or better”–So I Installed Linux! I run SUSE (used to be SuSE), usually with Firebird as my browser. The install allows you to partition your HD, setup is getting really easy. It comes with a ton of security software, a firewall that works, etc.

Seth · December 14, 2003, 9:24pm

I was actually getting ready to reformat my computer as a dual boot XP/Linux. Now I have to deal with this first.

Seth

fancypiper · December 14, 2003, 10:12pm

I hope you have luck re-installing XP as I have never had a stable install of any flavors of Windows.

Make sure you have FixBlast.exe and WindowsXP-KB823980-x86-ENU.exe handy after re-install and run those before connecting to the internet. It is vulnerable to the worm when it first connects to the internet.

For those interested in using Linux, here are some links.

Cheap CDs

AlmostFreeLinux
Discount Linux CDs
Linux Central
Cheapbytes
TuxCDs
ComputerHelperGuy
CheapISO
Os Heaven

Pre-installation guides

GNU/Linux pre-installation checklist
The Pre-Installation Help File

Linux filesystem structure

Directory Navigation Help File
Filesystems, Directories, and Devices Help File
Advanced filesystem implementor’s guide (requires registration)

Partitioning

Linux Partition HOWTO
Rute - Partitions, File Systems, Formatting, Mounting
Proper Filesystem Layout

FJohnSharp · December 14, 2003, 10:13pm

I use SpyBot and AdAware. They are both free. You can Google AdAware to get the url.

OutOfBreath · December 14, 2003, 10:35pm

Have you downloaded the latest reference file for Ad-Aware? It did a good job of cleaning a very nasty bit of spyware from my W2000 machine at work. That bit of junk acted very similar to what you’re describing except that instead of porn every browser request got redirected to www.searchlist.net or something like that.

Actually, Ad-Aware wasn’t completely successful. The installer for that software is still lurking in the startup configuration because every time I boot the machine I have to re-run adaware to delete the “clientman” files that are causing the redirection.

Somebody ought to hunt these (&(^ down and kill them.

RonKiley · December 14, 2003, 11:15pm

I found that Spybot catches spy ware that AdAware misses. I also just picked up a free virus program Avast!. It works real well. It picked up several viruses that Norton missed. I had a problem a while back that required reformatting and re-install of XP. I use a firewall, spybot, and anti-virus. I am on a comcast high speed connection and I have found XP to be very stable.

Ron

Seth · December 15, 2003, 12:06am

Thanks for all of your suggestions.

Update: Well, I have been running Ad-Aware, Spybot, and X-Cleaner. All of which found spyware and deleted it. Most programs now run fine, but there is still something definately wrong.

Opening up My Docs, My Computer, Controll Pannel, and my Network Places is still horribly slow and takes more then five minutes to open after I double click. I have still not been able to get the search function to run at all.

I followed SteweySmoot’s instructions and did find some references to NCase in my registry, which I deleted. There is now only one program that opens itself on startup called Power Scan 1.0 It calls itself a spyware/porn finding program that will clean out my computer, but I never downloaded it and don’t dare use it.

After a reboot, X-Cleaner finds this dll file C:\WINDOWS\DNSErr.dll it gives a recommendation that I further remove this program in the Add/Remove section. But the only program I find there anymore that I don’t recognize is “Java Web Start” last used more then a year ago, so I don’t think this is the problem.

I may have to go to a professional soon here. I’m just lucky that my finals were last week, and not this week.

Seth

BillChin · December 15, 2003, 2:36am

I had similar problems. It took me many hours of trying things to straighten out my machine. I had to download several security patches from the Microsoft site as well as clean up the Windows registry using a special utility called HiJackThis. Some site had put in a special Java interpreter or something that made typing very slow on all websites as well as some other symptoms such as an inability to use Hotmail. Reintalling Windows did not help, until I got the patches and edited the Registry using the utility. An especially nasty infection installed a line in the Registry to run RegEdit to change my registry everytime Windows came up.

On one of the PC troubleshooting Usenet Groups I found this post and following these steps eventually got my machine running okay:

Unless you’ve used HijackThis and posted the files to SpywareInfo forum for expert analysis, you haven’t ruled out hijackware/spyware IMHO. NB: New URL for HijackThis is
http://www.merijn.org/files/hijackthis.zip.

Some other users of New Hotmail, using both desktops and laptops, IE and OE, have been having these problems since the new format was introduced on 01 Dec-03. Some users are seeing Hotmail messages arrive with blank message bodies. Hotmail is a secure site, requiring that your computer be able to negotiate SSL protocols when logging in, so any of these third-party applications may be interfering (as well as hijackware): anti-virus, firewall, anti-spam tools, “system” tools (NSW, NIS, anything by McAfee). The best approach would be to disable all of them and, assuming Hotmail then works properly, re-enable each application in turn, by itself with no others running, to see which one or which combination is causing the problem. If the machines are on a network, that’s another area to consider when troubleshooting. Some resources:

Troubleshooting Secure Sites

http://www.mvps.org/inetexplorer/answers2.htm#secure_sites

Page cannot be displayed errors http://www.mvps.org/inetexplorer/answers.htm#dns

Make absolutely certain each machine is fully up-to-date at Windows Update (and with virus definitions) and that the 5.6 Scripting Engine has been reinstalled:

http://msdn.microsoft.com/library/default.asp?url=/downloads/list/webdev.asp.

If WinXP, look into the Java vs. Java VM situation (“Breaking up is so very hard to do.”): http://www.mvps.org/inetexplorer/answers_9.htm –

HTH…Please post back to this thread ~Robear Dyer (aka PA Bear) MS MVP-Windows (IE/OE), AH-VSOP

Cai · December 17, 2003, 8:00pm

If you don’t already do it regularly, you may want to try defragmenting your hard drive. Having a bunch of applications installed and then deleting them could definitely cause your drive to get fragmented, and this can make accessing files slow. Windows comes with a tool to do this… should be under Accessories/System Tools on your start menu.

– Cai

Seth · December 18, 2003, 1:37am

Thanks for the advice, but yes I do defrag my computer regularly. My next step is to back everything up to cd and reinstall my OS. I think I have chased the problem to Explorer, so I’ll give that a try. if this doesn’t work I’m going to have to give the Geek Squad a call.

Seth

BillChin · December 18, 2003, 6:45am

In my case, reinstalling Windows did not help, though I did not do the drastic step of reformatting the drive. I thought perhaps the trouble was specific to the browser, so I downloaded Netscape, and that did not help either

Again, my troubles seemed mostly due to hacks into the Windows Registry and the security holes that allowed that to happen. The HiJackThis utility analyzes and fixes the Registry (while making backups and allowing you to go back). You can take things out line-by-line or in batches to see if anything helps. I also needed to download the security patches from Microsoft so the problems would not come back. I can not say for sure that you are having a problem with the Registry, but there is a good chance.

Bill

Seth · December 18, 2003, 7:21am

Thanks for the advice,

I have been using HiJackThis, but slowly, since messing with the registry is always a risky endevor. But, at your advice I went back into it. Lo and behold! The sneeky program that I couldn’t find has been vanquished. Now my only problem is the delayed opening of My Docs and etc. and the fact that my Search function doesn’t work.

I am currently looking online for a search program that I can use on my computer as a replacement, and I think I will cut my losses with the delayed action on documents. It’s only a three or four minute delay now, and once My Docs is open, accessing files inside of it is as fast as ever.

Thanks Everyone for your help,
Seth

cyberspiff · December 18, 2003, 11:40am

I recall reading at one time about how Windows keeps files that actually point to other files on your disk. When these “index” files get whacked it can take minutes to open directories, but once the data is cached access is fast.

You might want to check the Microsoft or other Windows technical web site to see how to defrag the index files. I can recall having to do this a few years ago and it solved the initial slow access problems I had at the time.

Tony · December 18, 2003, 12:02pm

Products like ONTRACK’s System Suite has a registry Cleaner. It can remove the broken links or unnecessary entries that are slowing your computer.

Seth · December 18, 2003, 4:47pm

Done!

After using four spyware finder programs in conjunction, an internet tutorial, messing with things I really shouldn’t have, searching my computer through a network, holy water, and advice from you guys. Everything is back to normal.

The only casualty is that I removed my computer’s Java capabilities getting rid of one of the nastier bits. But a few downloads later and I’m back to where I started.

Thanks,
Seth

Topic		Replies	Views
OT-- speeding up Windows XP? Whistle	23	4415	December 7, 2004
Another question, geek oracle. STILL workin' on it ... Poststructural Pub	43	9717	January 1, 2005
Computer Problems Poststructural Pub	22	6123	August 25, 2004
OT: Geriatric Computer Whistle	20	2301	January 1, 2003
need Geek advice Poststructural Pub	18	1218	April 5, 2007
Speeding up the old desktop XP computer...help Poststructural Pub	20	2449	January 20, 2009
Spyware: is your computer acting sluggish? Whistle	14	3588	December 26, 2003
I need some computer help.......please Poststructural Pub	17	1530	November 6, 2005