Sign in with
Sign up | Sign in
Your question

Virus, or something else?

Last response: in Windows XP
Share
February 19, 2005 4:27:56 PM

A friend of mine has a Windows XP Home system on an HP computer that is behaving strangely. I can't tell whether it's a bug or something else, but for one thing he can't shut his system down. I did a search around the web and found that sometimes new drivers could do this. He had installed a new printer, so we removed it and it's drivers from the chain. Nothing happend, however.

Thinking it may be a bug, I first went to see what Windows updates he has. Under add/remove software, I saw SP2 listed. However, I did a search for his firewall and could not find it. Also, he can't update his antivirus software (McAfee). It says his account has expired, although he is up to date with his account. I additionally tried to install Norton Utilities on his system and was told there was not enough drive space, althoguh he has about 40 gigs free. Some of his conditions looks like he could have MYDOOM, but I downloaded a standalone pregram from Symantec to check for this and it found no virus.

So Im at a loss. His system is running otherwise. He can get online (dialup), check his mail, or run whatever apps. I ran AdAware and Spybot, they found some things which I dumped, but it didn't help. If anyone has any clues as to what it may be, please let me know. Thanks

More about : virus

February 19, 2005 5:09:08 PM

When all else fails. Reformat and reinstall. Totally wipe that hardrive clean! :wink:

<P ID="edit"><FONT SIZE=-1><EM>Edited by bjpatrick on 02/19/05 02:10 PM.</EM></FONT></P>
February 19, 2005 7:58:30 PM

Yeah, unfortunately his HP came with XP preinstalled with no installation disks, so this isn't an option unless he goes out and buys another copy of XP. Pretty bogus, if you ask me, but that's where it's at.
Related resources
February 19, 2005 10:45:14 PM

Never heard of a computer not coming with the OS. It should have a the OS on the hard disk that you have to burn yourself.

<pre><font color=red>°¤o,¸¸¸,o¤°`°¤o \\// o¤°`°¤o,¸¸¸,o¤°
And the sign says "You got to have a membership card to get inside" Huh
So I got me a pen and paper And I made up my own little sign</pre><p></font color=red>
February 19, 2005 10:45:45 PM

You own a license for XP, even if they never gave you a CD.

I believe you can use his CD key to do a clean install of XP using a copy of someone else's XP CD. The CD key issued to his PC should be on a sticker.

It has to be the same version as the one his PC shipped with (no free upgrade from home to pro) and it probably has to be OEM rather than retail.

PS I would give a free virus scanner like Avast 4 Home a try, registration is free so you never have to pay $$$ to keep your protection going from year to year.

I switched from NAV 2004 to Avast in 2003 and never looked back.
February 20, 2005 12:16:04 AM

>>It should have a the OS on the hard disk that you have to burn yourself.<<

I never heard of that, and perhaps that is so with his HP, but assuming the hard drive IS infected with a virus (and that isn't certain at this time), isn't that a moot point?

>>I believe you can use his CD key to do a clean install of XP using a copy of someone else's XP CD...and it probably has to be OEM rather than retail.<<

Well, that's an interesting option, but typically systems today are packed with hard drive images on CDs that make it impossible to use with any other system (my Toshiba Sattelite 1135 laptop is an example, it contains Norton Ghost image files). Unfortunately he got no such disk with his system. I'll have to look around to see if I can find an XP Home installation disk

>>PS I would give a free virus scanner like Avast 4 Home a try...<<

Well, sure, but the cavalry came over the hill a bit too late for my friend's system, assuming a virus is the problem (and it certainly appears to be). How is he going to use the software on an already infected system?
February 20, 2005 1:02:11 AM

The o/s is in its own folder and is not built upon the o/s that is running, and is unlikely to be infected. But you should create your system disks immediately upon getting the system.

<pre><font color=red>°¤o,¸¸¸,o¤°`°¤o \\// o¤°`°¤o,¸¸¸,o¤°
And the sign says "You got to have a membership card to get inside" Huh
So I got me a pen and paper And I made up my own little sign</pre><p></font color=red>
February 20, 2005 2:25:03 AM

>>The o/s is in its own folder and is not built upon the o/s that is running, and is unlikely to be infected.<<

Wher does one find said folder?

>>But you should create your system disks immediately upon getting the system.<<

A bit late for that... :-)
February 21, 2005 8:08:54 PM

With HPs, there is a hidden partition on the drive that contains your OS image (sometimes the partition isn't hidden... depends on the model). I'm assuming since you can't see the (D:)  HP RECOVERY in My Computer, that it must be one with a hidden partition.

The restore process is started by pressing F11 if I rememeber correctly. This boots to the hidden partition and run the system restore software.

<font color=red> If you design software that is fool-proof, only a fool will want to use it. </font color=red>
February 21, 2005 10:35:25 PM

Thanks for the info on the HP, I'll check it out. It's not my system, but when I checked it out I don't remember seeing a D: drive, but I'll check it out.
February 21, 2005 11:05:34 PM

Quote:
The restore process is started by pressing F11 if I rememeber correctly. This boots to the hidden partition and run the system restore software.

That just sucks man! They cannot even send you a stinkin cd with the 1000+ dollar computer that you bought from them.
February 22, 2005 8:35:03 AM

FIRST OFF any Retail computer comes with CD's including the operating system for re-installation. They are referred to as Operating System recovery installation CD's. No computer shop will do a clean&wipe on your computer unless you have the recovery cd's that is why Gateway and IBM and all the rest including of course HP provide them with every new computer sold. If he does not have these CD's he stole the P.C!! Pre-configured!! In any case he has a valid CD-KEY in the registry he can use to install XP with.....BUT.. I must warn you if his P.C is a HP that uses pre-configured recovery CD's from the factory the CD-Key present in the registry will not work on just any copy of Windows XP home it will only work on a HP version of XP home. Obviously the CD-KEY was sold to HP from Microsoft for use on their custom HP recovery CD's.

A system that is acting strange is a direct indication that you do in fact have a problem.

The number one suspect is a Key_Logger program. An indication of a keylogger program present in the system is folders that appear that he did not create or shortcuts that go nowhere or are not ones he made.

Go to McAfee and download a program they have called STINGER and run it. If any keylogger or virus/worm is present that came through his email STINGER will find and kill it. However damage to existing files might have already been done that Stinger cannot fix after it removes the problem.

A direct indication that you have some sort of Virus activity is apparent as you say Norton system works will not install. When Norton fails to install into a virus infected computer it many times claims there is not enough disk space. You know that is not true and so do I as you told me. I also know why you are getting that message. Mydoom Lovelace and a few other viruses including Klez and some keyloggers take away Administrator rights from the computer owner. You might not at first notice this as programs already installed seem to work normally but what the hacker using the keylogger has done is take away your administrator rights so you cannot install any further anti virus or firewall programs. This is also evident by the fact that the current anti virus software is disabled even if it looks like it is present and accounted for.

My suggestion is to wipe the hard drive and reinstall the operating system because at this point there is so much file corruption you will continue to chase cascading system problems until you turn blue in the face.

Some times you need to cut your losses and reformat. I don't as I know how these things effect a system and I can debug them but it takes a considerable amount of hours to do it even if you know exactly how to clean an operating system's registry and system32 files.

In any event if you got a problem STINGER will identify it for you. If Stinger wont run then you really know the operating system does not belong to you anymore and it is owned by the hacker or virus that is resident in the P.C now.

<font color=red>GOD</font color=red> <font color=orange>LOVES</font color=orange> <font color=red>CANADA</font color=red><P ID="edit"><FONT SIZE=-1><EM>Edited by SoDNighthawk on 02/22/05 05:42 AM.</EM></FONT></P>
February 22, 2005 11:12:11 AM

>>If he does not have these CD's he stole the P.C!<<

Knowing this person, I don't think that's the case. I imagine either he doesn't realize he has this disk because he may have misplaced it and thinks he doesn't have it, or he bought the unit at a shop with fly-by-night practices.

>>A system that is acting strange is a direct indication that you do in fact have a problem.<<

I suspect this as well. However, I downloaded a scanner programover at the AVAST site, and it didn't find any virus, worms, or trojans, which struck me as rather odd. I'll get this stinger scanner for them and put it on a CD, as I'm sure their system will not be able toeven goto the McAffe site.
February 22, 2005 3:47:30 PM

Stinger is only around 960KB

<font color=red>GOD</font color=red> <font color=orange>LOVES</font color=orange> <font color=red>CANADA</font color=red>
February 22, 2005 7:31:35 PM

Quote:
FIRST OFF any Retail computer comes with CD's including the operating system for re-installation. They are referred to as Operating System recovery installation CD's. No computer shop will do a clean&wipe on your computer unless you have the recovery cd's that is why Gateway and IBM and all the rest including of course HP provide them with every new computer sold.


HP does not... repeat DOES NOT provide you with any restore CDs out of the box. You must rely on the image on the hard drive to perform a system restore should you ever need to do so. You have the option of ordering CDs (and obviously if anything happens to your hard drive you'll have to) and paying for them.

Yes, this sucks... I completely agree. Every newer HP system I've worked on is like this. They'll provide you with CDs if you need them... but not for free.

<font color=red> If you design software that is fool-proof, only a fool will want to use it. </font color=red>
February 22, 2005 7:39:44 PM

And just in case you didn't believe me:

<A HREF="http://h10025.www1.hp.com/ewfrf/wc/genericDocument?dlc=...〈=en&cc=us&docname=bph07143" target="_new">Order recovery CDs/DVDs here</A>

Apparently they now offer the option of creating the discs yourself... which is a huge step forward... but they still don't provide you with the discs out of the box. Not all models will have this option either... fugging HP.

<font color=red> If you design software that is fool-proof, only a fool will want to use it. </font color=red>
February 22, 2005 11:51:25 PM

Don't ever call Sod down on something, he get's very angry at that....
Besides, he knew this even before HP started doing this...

<pre><font color=red>°¤o,¸¸¸,o¤°`°¤o \\// o¤°`°¤o,¸¸¸,o¤°
And the sign says "You got to have a membership card to get inside" Huh
So I got me a pen and paper And I made up my own little sign</pre><p></font color=red>
February 23, 2005 4:25:47 AM

Well times have changed then and I did not know this before I posted a reply.

My old IBM Aptiva came retail with its CD's and my son now uses that box but I installed XP on it 2 years ago.

None of my friends purchase retail computers so they don't have this CD ownership problem and well over a year ago when I was working directly as a computer tech the business I worked for would not wipe and reload anyone's retail computer unless they supplied their recovery CD's of witch they of course had.

I never knew to this date in time that retailers of brand name computers are now selling them out of the box without the recovery CD's. Hey I am only human and the idea of selling a computer to someone without the CD's is so preposterous it never even crossed my mind.

How in hell would you purchase a car and obtain ownership yet they don't give you the keys ? This sounds very unfair to the people that purchase their new computers not to have the full install of the OS available.
Most home users would not even know how to install from a drive image let alone the CD's yet they can't even correctly learn to try if the providers of such computers don't even bother to supply the keys to the damn box.

This control over software rights has gone totally to the dogs. Any self respecting computer novice can crack a copy of XP and install it or any other OS. All this software regulation apparently in place by the brand name makers only hurts the computer illiterate that do not know how to fend for themselves. I suppose in the last few years of computer technology every kid born after 1980 will not have a problem with computers they were born into the technology age.

A boycott of any manufacturer should be started on the internet someplace to inform users to not purchase hardware from any P.C manufacturer that practises selling computers without the complete operating system.

I have to say it what a load of horse [-peep-]!!

<font color=red>GOD</font color=red> <font color=orange>LOVES</font color=orange> <font color=red>CANADA</font color=red>
February 23, 2005 1:27:15 PM

It's all Dells' fault...

<font color=red> If you design software that is fool-proof, only a fool will want to use it. </font color=red>
!