Brand new Dell - already infected?

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I just purchased a new Dell Dimension 9100 (new line for Dell). I loaded
Mcafee VirusScan, Firewall and Privacy Service and then downloaded updates
for all of the preceeding Mcafee programs (there were many). I also
downloaded all
critical Windows Security downloads. Everything is working fine except when I
work with wordpad/notepad/word or other Microsoft programs. At random, when
I open these files, I recieve IE shutdown errors. I created a new wordpad and
notepad file, saved both and re-opened them: everything seemed fine. Then I
ran Windows Explorer and when I tried to open the wordpad file with explorer,
I received IE shutdown errors. The error report included:
C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\drwtsn32.exe.mdmp
C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\appcompat.txt. The HBT directory
is one that was created when I first turned on my Dell and went through the
initial installation wizard. The errors do not seem to take place along any
specific pattern which makes this wreak of malware. Any advice would be
greatly appreciated. I ran McAfee virusscan and no problems were found. I
also installed and ran Spybot S&D and Adaware, but no problems were found.
Any advice would be GREATLY APPRECIATED! Bryan
55 answers Last reply
More about brand dell infected
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    bryan wrote:
    > I just purchased a new Dell Dimension 9100 (new line for Dell). I loaded
    > Mcafee VirusScan, Firewall and Privacy Service and then downloaded updates
    > for all of the preceeding Mcafee programs (there were many). I also
    > downloaded all
    > critical Windows Security downloads. Everything is working fine except when I
    > work with wordpad/notepad/word or other Microsoft programs. At random, when
    > I open these files, I recieve IE shutdown errors. I created a new wordpad and
    > notepad file, saved both and re-opened them: everything seemed fine. Then I
    > ran Windows Explorer and when I tried to open the wordpad file with explorer,
    > I received IE shutdown errors. The error report included:
    > C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\drwtsn32.exe.mdmp
    > C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\appcompat.txt. The HBT directory
    > is one that was created when I first turned on my Dell and went through the
    > initial installation wizard. The errors do not seem to take place along any
    > specific pattern which makes this wreak of malware. Any advice would be
    > greatly appreciated. I ran McAfee virusscan and no problems were found. I
    > also installed and ran Spybot S&D and Adaware, but no problems were found.
    > Any advice would be GREATLY APPRECIATED! Bryan
    >
    For a brand new Dell you should be calling Dell Tech Support. You
    paid for their service in the price of the PC.
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Dell tech support does not want to help me despite my support agreement. They
    told me that this is a problem with Microsoft programs which is not covered
    (which I do not believe). In a prior call, they gave me bad information.
    Maybe I spoke to a new person, but for now I guess I will try the above
    suggestions. Bryan

    "Alan" wrote:

    > bryan wrote:
    > > I just purchased a new Dell Dimension 9100 (new line for Dell). I loaded
    > > Mcafee VirusScan, Firewall and Privacy Service and then downloaded updates
    > > for all of the preceeding Mcafee programs (there were many). I also
    > > downloaded all
    > > critical Windows Security downloads. Everything is working fine except when I
    > > work with wordpad/notepad/word or other Microsoft programs. At random, when
    > > I open these files, I recieve IE shutdown errors. I created a new wordpad and
    > > notepad file, saved both and re-opened them: everything seemed fine. Then I
    > > ran Windows Explorer and when I tried to open the wordpad file with explorer,
    > > I received IE shutdown errors. The error report included:
    > > C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\drwtsn32.exe.mdmp
    > > C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\appcompat.txt. The HBT directory
    > > is one that was created when I first turned on my Dell and went through the
    > > initial installation wizard. The errors do not seem to take place along any
    > > specific pattern which makes this wreak of malware. Any advice would be
    > > greatly appreciated. I ran McAfee virusscan and no problems were found. I
    > > also installed and ran Spybot S&D and Adaware, but no problems were found.
    > > Any advice would be GREATLY APPRECIATED! Bryan
    > >
    > For a brand new Dell you should be calling Dell Tech Support. You
    > paid for their service in the price of the PC.
    >
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I am not very technical and am not sure what these instructions mean. When I
    run the command it gives me the choices you state. Do I select Mcafee? Will
    this run a scan that is external to Mcafee? I'm confused.

    "bryan" wrote:

    > Dell tech support does not want to help me despite my support agreement. They
    > told me that this is a problem with Microsoft programs which is not covered
    > (which I do not believe). In a prior call, they gave me bad information.
    > Maybe I spoke to a new person, but for now I guess I will try the above
    > suggestions. Bryan
    >
    > "Alan" wrote:
    >
    > > bryan wrote:
    > > > I just purchased a new Dell Dimension 9100 (new line for Dell). I loaded
    > > > Mcafee VirusScan, Firewall and Privacy Service and then downloaded updates
    > > > for all of the preceeding Mcafee programs (there were many). I also
    > > > downloaded all
    > > > critical Windows Security downloads. Everything is working fine except when I
    > > > work with wordpad/notepad/word or other Microsoft programs. At random, when
    > > > I open these files, I recieve IE shutdown errors. I created a new wordpad and
    > > > notepad file, saved both and re-opened them: everything seemed fine. Then I
    > > > ran Windows Explorer and when I tried to open the wordpad file with explorer,
    > > > I received IE shutdown errors. The error report included:
    > > > C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\drwtsn32.exe.mdmp
    > > > C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\appcompat.txt. The HBT directory
    > > > is one that was created when I first turned on my Dell and went through the
    > > > initial installation wizard. The errors do not seem to take place along any
    > > > specific pattern which makes this wreak of malware. Any advice would be
    > > > greatly appreciated. I ran McAfee virusscan and no problems were found. I
    > > > also installed and ran Spybot S&D and Adaware, but no problems were found.
    > > > Any advice would be GREATLY APPRECIATED! Bryan
    > > >
    > > For a brand new Dell you should be calling Dell Tech Support. You
    > > paid for their service in the price of the PC.
    > >
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "bryan" <bryan@discussions.microsoft.com>

    | I just purchased a new Dell Dimension 9100 (new line for Dell). I loaded
    | Mcafee VirusScan, Firewall and Privacy Service and then downloaded updates
    | for all of the preceeding Mcafee programs (there were many). I also
    | downloaded all
    | critical Windows Security downloads. Everything is working fine except when I
    | work with wordpad/notepad/word or other Microsoft programs. At random, when
    | I open these files, I recieve IE shutdown errors. I created a new wordpad and
    | notepad file, saved both and re-opened them: everything seemed fine. Then I
    | ran Windows Explorer and when I tried to open the wordpad file with explorer,
    | I received IE shutdown errors. The error report included:
    | C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\drwtsn32.exe.mdmp
    | C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\appcompat.txt. The HBT directory
    | is one that was created when I first turned on my Dell and went through the
    | initial installation wizard. The errors do not seem to take place along any
    | specific pattern which makes this wreak of malware. Any advice would be
    | greatly appreciated. I ran McAfee virusscan and no problems were found. I
    | also installed and ran Spybot S&D and Adaware, but no problems were found.
    | Any advice would be GREATLY APPRECIATED! Bryan


    Download MULTI_AV.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
    http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
    (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
    simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
    remove
    viruses, Trojans and various other malware.

    C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    This will bring up the initial menu of choices and should be executed in Normal Mode. This
    way all the components can be downloaded from each AV vendor’s web site.
    The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

    You can choose to go to each menu item and just download the needed files or you can
    download the files and perform a scan in Normal Mode. Once you have downloaded the files
    needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    during boot] and re-run the menu again and choose which scanner you want to run in Safe
    Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

    When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    file.

    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to allow it to download the needed AV vendor related files.

    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "bryan" <bryan@discussions.microsoft.com>

    | I am not very technical and am not sure what these instructions mean. When I
    | run the command it gives me the choices you state. Do I select Mcafee? Will
    | this run a scan that is external to Mcafee? I'm confused.

    If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    vendor's web site and download the needed AV command line scanner and signature files. Upon
    the download completion and the file extraction (they are distributed in archive formats),
    it will ask if you wan to run a scan. If the answer is YES, it will then ask if you want to
    scan a particular location (such as F: or d:\program files ) either way it will scan either
    the selected location or all hard disks and clean the PC of infectors accordingly.

    Thye Multri AV Scanner front end utility will keep the three vendor's files up-to-date and
    and is an excellent "On Demand" anti virus scanner utility.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Dave,
    Thank you for your help. I ran the scan for Mcafee in normal mode and
    here are the results:

    Scanning C: []
    Scanning C:\*.*

    Summary report on C:\*.*
    File(s)
    Total files: ........... 137953
    Clean: ................. 137808
    Possibly Infected: ..... 0
    Cleaned: ............... 0
    Non-critical Error(s): 2
    Master Boot Record(s): ......... 1
    Possibly Infected: ..... 0
    Boot Sector(s): ................ 1
    Possibly Infected: ..... 0


    Time: 00:24.49

    I ran the c:\AV_CLS\startmenu.BAT and then answered Y to run the scan.
    Should I repeat the same steps in safe mode?

    "David H. Lipman" wrote:

    > From: "bryan" <bryan@discussions.microsoft.com>
    >
    > | I am not very technical and am not sure what these instructions mean. When I
    > | run the command it gives me the choices you state. Do I select Mcafee? Will
    > | this run a scan that is external to Mcafee? I'm confused.
    >
    > If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    > vendor's web site and download the needed AV command line scanner and signature files. Upon
    > the download completion and the file extraction (they are distributed in archive formats),
    > it will ask if you wan to run a scan. If the answer is YES, it will then ask if you want to
    > scan a particular location (such as F: or d:\program files ) either way it will scan either
    > the selected location or all hard disks and clean the PC of infectors accordingly.
    >
    > Thye Multri AV Scanner front end utility will keep the three vendor's files up-to-date and
    > and is an excellent "On Demand" anti virus scanner utility.
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
  7. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In article <FFB8E749-B11B-4C6D-9A43-F00BAF4D77BC@microsoft.com>,
    bryan@discussions.microsoft.com says...
    > Dell tech support does not want to help me despite my support agreement. They
    > told me that this is a problem with Microsoft programs which is not covered
    > (which I do not believe). In a prior call, they gave me bad information.
    > Maybe I spoke to a new person, but for now I guess I will try the above
    > suggestions. Bryan

    What type of internet connection do you have?

    If you have DSL or Cable, then get a NAT Router to connect between your
    ISP's router and your computer - this will let you reinstall Windows and
    everything else without being compromised in the process.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  8. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In article <#uCxcysoFHA.568@TK2MSFTNGP10.phx.gbl>,
    DLipman~nospam~@Verizon.Net says...
    > If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    > vendor's web site and download the needed AV command line scanner and signature files.

    NO IT WONT - Mcrappy requires you to register the product and agree to a
    control being installed before you can get automatic updates. I've seen
    more McCrappy protected machines infected due to their now doing
    automatic updates without registration.


    --

    spam999free@rrohio.com
    remove 999 in order to email me
  9. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I rebooted into safe mode and ran C:\AV_CLS\Startmenu.bat. The results were
    similar:

    Summary report on C:\*.*
    File(s)
    Total files: ........... 137950
    Clean: ................. 137823
    Possibly Infected: ..... 0
    Cleaned: ............... 0
    Non-critical Error(s): 2
    Master Boot Record(s): ......... 1
    Possibly Infected: ..... 0
    Boot Sector(s): ................ 1
    Possibly Infected: ..... 0

    What should I do next?

    "Leythos" wrote:

    > In article <#uCxcysoFHA.568@TK2MSFTNGP10.phx.gbl>,
    > DLipman~nospam~@Verizon.Net says...
    > > If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    > > vendor's web site and download the needed AV command line scanner and signature files.
    >
    > NO IT WONT - Mcrappy requires you to register the product and agree to a
    > control being installed before you can get automatic updates. I've seen
    > more McCrappy protected machines infected due to their now doing
    > automatic updates without registration.
    >
    >
    > --
    >
    > spam999free@rrohio.com
    > remove 999 in order to email me
    >
  10. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In article <9BF816F2-AF29-4E66-8874-5EC3A994D70D@microsoft.com>,
    bryan@discussions.microsoft.com says...
    > I ran the c:\AV_CLS\startmenu.BAT and then answered Y to run the scan.
    > Should I repeat the same steps in safe mode?

    Did you open McCrappy, and select Update? If you did, did you complete
    the registration in order to get the updates?

    If you didn't complete the on-line registration then you have little
    protection.

    And yes, it's always best to run AV scan's on suspected machines in Safe
    Mode.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  11. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "bryan" <bryan@discussions.microsoft.com>

    | Dave,
    | Thank you for your help. I ran the scan for Mcafee in normal mode and
    | here are the results:
    |
    | Scanning C: []
    | Scanning C:\*.*
    |
    | Summary report on C:\*.*
    | File(s)
    | Total files: ........... 137953
    | Clean: ................. 137808
    | Possibly Infected: ..... 0
    | Cleaned: ............... 0
    | Non-critical Error(s): 2
    | Master Boot Record(s): ......... 1
    | Possibly Infected: ..... 0
    | Boot Sector(s): ................ 1
    | Possibly Infected: ..... 0
    |
    | Time: 00:24.49
    |
    | I ran the c:\AV_CLS\startmenu.BAT and then answered Y to run the scan.
    | Should I repeat the same steps in safe mode?

    No. You could run Sophos and Trend Micro as a verification. The idea of running in Safe
    Mode is if there is an infector found and it is easy to remove in Safe Mode. McAfee AV scan
    found no viruses or non-viral malware -- that's good !

    { BTW: 138,000 files in 25 mins. nice speed ;-) }

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  12. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    No. You could run Sophos and Trend Micro as a verification. The idea of
    running in Safe
    Mode is if there is an infector found and it is easy to remove in Safe Mode.
    McAfee AV scan
    found no viruses or non-viral malware -- that's good !

    ok David. I will try Sophos and Trend tonight, although I do not have Sophos
    or Trend on my pc. Only Mcafee VirusScan, Privacy and Firewall along with
    Spywareblaster for prevention.

    "David H. Lipman" wrote:

    > From: "bryan" <bryan@discussions.microsoft.com>
    >
    > | Dave,
    > | Thank you for your help. I ran the scan for Mcafee in normal mode and
    > | here are the results:
    > |
    > | Scanning C: []
    > | Scanning C:\*.*
    > |
    > | Summary report on C:\*.*
    > | File(s)
    > | Total files: ........... 137953
    > | Clean: ................. 137808
    > | Possibly Infected: ..... 0
    > | Cleaned: ............... 0
    > | Non-critical Error(s): 2
    > | Master Boot Record(s): ......... 1
    > | Possibly Infected: ..... 0
    > | Boot Sector(s): ................ 1
    > | Possibly Infected: ..... 0
    > |
    > | Time: 00:24.49
    > |
    > | I ran the c:\AV_CLS\startmenu.BAT and then answered Y to run the scan.
    > | Should I repeat the same steps in safe mode?
    >
    > No. You could run Sophos and Trend Micro as a verification. The idea of running in Safe
    > Mode is if there is an infector found and it is easy to remove in Safe Mode. McAfee AV scan
    > found no viruses or non-viral malware -- that's good !
    >
    > { BTW: 138,000 files in 25 mins. nice speed ;-) }
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
  13. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "Leythos" <void@nowhere.lan>

    | In article <#uCxcysoFHA.568@TK2MSFTNGP10.phx.gbl>,
    | DLipman~nospam~@Verizon.Net says...
    >> If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    >> vendor's web site and download the needed AV command line scanner and signature files.
    |
    | NO IT WONT - Mcrappy requires you to register the product and agree to a
    | control being installed before you can get automatic updates. I've seen
    | more McCrappy protected machines infected due to their now doing
    | automatic updates without registration.
    |
    | --
    |
    | spam999free@rrohio.com
    | remove 999 in order to email me

    Thaey are NOT MS updates. This is my own scripted front end to McAfee and Sophos' Command
    Line Scanners and Trend Micro's Sysclean utility. If you run the script it will provide a
    menu and if you choose a scanner module it will do as I indicated.

    Give it a shot Leythos !

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  14. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In article <DD90F48F-3F10-481D-8C8F-B96D3BC0A6DF@microsoft.com>,
    bryan@discussions.microsoft.com says...
    > I rebooted into safe mode and ran C:\AV_CLS\Startmenu.bat. The results were
    > similar:

    But you didn't say if you registered McAfee or not? If you don't
    register it, it won't have the updates to catch the latest bad things.


    >
    > Summary report on C:\*.*
    > File(s)
    > Total files: ........... 137950
    > Clean: ................. 137823
    > Possibly Infected: ..... 0
    > Cleaned: ............... 0
    > Non-critical Error(s): 2
    > Master Boot Record(s): ......... 1
    > Possibly Infected: ..... 0
    > Boot Sector(s): ................ 1
    > Possibly Infected: ..... 0
    >
    > What should I do next?
    >
    > "Leythos" wrote:
    >
    > > In article <#uCxcysoFHA.568@TK2MSFTNGP10.phx.gbl>,
    > > DLipman~nospam~@Verizon.Net says...
    > > > If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    > > > vendor's web site and download the needed AV command line scanner and signature files.
    > >
    > > NO IT WONT - Mcrappy requires you to register the product and agree to a
    > > control being installed before you can get automatic updates. I've seen
    > > more McCrappy protected machines infected due to their now doing
    > > automatic updates without registration.


    --

    spam999free@rrohio.com
    remove 999 in order to email me
  15. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    When I installed Mcafee, I registered the product and downloaded ALL updates.
    I am completely up-to-date with Mcafee. Sorry, I thought I had mentioned that
    in my original post. Thanks. Now what do I do? Dell says they won't help me
    unless I pay them $50 for special support (despite the fact that I have a
    support agreement). I should have some support calls free from Microsoft -
    right??? I think I'm starting to panic.

    "Leythos" wrote:

    > In article <DD90F48F-3F10-481D-8C8F-B96D3BC0A6DF@microsoft.com>,
    > bryan@discussions.microsoft.com says...
    > > I rebooted into safe mode and ran C:\AV_CLS\Startmenu.bat. The results were
    > > similar:
    >
    > But you didn't say if you registered McAfee or not? If you don't
    > register it, it won't have the updates to catch the latest bad things.
    >
    >
    >
    > >
    > > Summary report on C:\*.*
    > > File(s)
    > > Total files: ........... 137950
    > > Clean: ................. 137823
    > > Possibly Infected: ..... 0
    > > Cleaned: ............... 0
    > > Non-critical Error(s): 2
    > > Master Boot Record(s): ......... 1
    > > Possibly Infected: ..... 0
    > > Boot Sector(s): ................ 1
    > > Possibly Infected: ..... 0
    > >
    > > What should I do next?
    > >
    > > "Leythos" wrote:
    > >
    > > > In article <#uCxcysoFHA.568@TK2MSFTNGP10.phx.gbl>,
    > > > DLipman~nospam~@Verizon.Net says...
    > > > > If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    > > > > vendor's web site and download the needed AV command line scanner and signature files.
    > > >
    > > > NO IT WONT - Mcrappy requires you to register the product and agree to a
    > > > control being installed before you can get automatic updates. I've seen
    > > > more McCrappy protected machines infected due to their now doing
    > > > automatic updates without registration.
    >
    >
    > --
    >
    > spam999free@rrohio.com
    > remove 999 in order to email me
    >
  16. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "Leythos" <void@nowhere.lan>

    | In article <DD90F48F-3F10-481D-8C8F-B96D3BC0A6DF@microsoft.com>,
    | bryan@discussions.microsoft.com says...
    >> I rebooted into safe mode and ran C:\AV_CLS\Startmenu.bat. The results were
    >> similar:
    |
    | But you didn't say if you registered McAfee or not? If you don't
    | register it, it won't have the updates to catch the latest bad things.
    |

    NO Registration is needed !

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  17. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "bryan" <bryan@discussions.microsoft.com>

    | No. You could run Sophos and Trend Micro as a verification. The idea of
    | running in Safe
    | Mode is if there is an infector found and it is easy to remove in Safe Mode.
    | McAfee AV scan
    | found no viruses or non-viral malware -- that's good !
    |
    | ok David. I will try Sophos and Trend tonight, although I do not have Sophos
    | or Trend on my pc. Only Mcafee VirusScan, Privacy and Firewall along with
    | Spywareblaster for prevention.


    Both the Trend Micro Sysclean and the Sophos command line scanner ar in the Multi AV scanner
    utility I posted.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  18. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "bryan" <bryan@discussions.microsoft.com>

    REPOST:


    Download MULTI_AV.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
    http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
    (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
    simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
    remove
    viruses, Trojans and various other malware.

    C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    This will bring up the initial menu of choices and should be executed in Normal Mode. This
    way all the components can be downloaded from each AV vendor’s web site.
    The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

    You can choose to go to each menu item and just download the needed files or you can
    download the files and perform a scan in Normal Mode. Once you have downloaded the files
    needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    during boot] and re-run the menu again and choose which scanner you want to run in Safe
    Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

    When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    file.

    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to allow it to download the needed AV vendor related files.

    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  19. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In article <4F70499B-62C3-43F4-8CDB-C830AB8F5BB8@microsoft.com>,
    bryan@discussions.microsoft.com says...
    > When I installed Mcafee, I registered the product and downloaded ALL updates.
    > I am completely up-to-date with Mcafee. Sorry, I thought I had mentioned that
    > in my original post. Thanks. Now what do I do? Dell says they won't help me
    > unless I pay them $50 for special support (despite the fact that I have a
    > support agreement). I should have some support calls free from Microsoft -
    > right??? I think I'm starting to panic.

    If your machine is compromised there is only one way to ensure it's
    clean - load the system restore CD's and wipe everything. When we have
    to certify that a machine is clean, we wipe the drive and reinstall from
    scratch, that's the only way to be sure. No matter how many AV scan's
    you run, no matter how many spyware tools you use, they are all
    "reactionary", meaning they don't always have a cure until it's already
    been in the wild and exposed.

    Since Dell doesn't have an obligation to support software you've
    installed, and since you admitted to them that you messed it up, don't
    feel bad about Dell wanting money to help you fix a software issue that
    you created.

    If you want it clean, wipe it and start over - this time get a NAT
    device connected before you start, and don't surf anywhere until you get
    all of the Windows Updates and your AV software installed - and Use
    FireFox as a browser from now on.


    >
    > "Leythos" wrote:
    >
    > > In article <DD90F48F-3F10-481D-8C8F-B96D3BC0A6DF@microsoft.com>,
    > > bryan@discussions.microsoft.com says...
    > > > I rebooted into safe mode and ran C:\AV_CLS\Startmenu.bat. The results were
    > > > similar:
    > >
    > > But you didn't say if you registered McAfee or not? If you don't
    > > register it, it won't have the updates to catch the latest bad things.
    > >
    > >
    > >
    > > >
    > > > Summary report on C:\*.*
    > > > File(s)
    > > > Total files: ........... 137950
    > > > Clean: ................. 137823
    > > > Possibly Infected: ..... 0
    > > > Cleaned: ............... 0
    > > > Non-critical Error(s): 2
    > > > Master Boot Record(s): ......... 1
    > > > Possibly Infected: ..... 0
    > > > Boot Sector(s): ................ 1
    > > > Possibly Infected: ..... 0
    > > >
    > > > What should I do next?
    > > >
    > > > "Leythos" wrote:
    > > >
    > > > > In article <#uCxcysoFHA.568@TK2MSFTNGP10.phx.gbl>,
    > > > > DLipman~nospam~@Verizon.Net says...
    > > > > > If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    > > > > > vendor's web site and download the needed AV command line scanner and signature files.
    > > > >
    > > > > NO IT WONT - Mcrappy requires you to register the product and agree to a
    > > > > control being installed before you can get automatic updates. I've seen
    > > > > more McCrappy protected machines infected due to their now doing
    > > > > automatic updates without registration.
    > >
    > >
    > > --
    > >
    > > spam999free@rrohio.com
    > > remove 999 in order to email me
    > >
    >

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  20. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    WAIT! I did NOT install any of the ms applications. My Dell came
    pre-installed with xp sp2 and Microsoft Office. I did not mess ANYTHING up.
    It came this way! Why do you say that I admitted to messing up?

    "Leythos" wrote:

    > In article <4F70499B-62C3-43F4-8CDB-C830AB8F5BB8@microsoft.com>,
    > bryan@discussions.microsoft.com says...
    > > When I installed Mcafee, I registered the product and downloaded ALL updates.
    > > I am completely up-to-date with Mcafee. Sorry, I thought I had mentioned that
    > > in my original post. Thanks. Now what do I do? Dell says they won't help me
    > > unless I pay them $50 for special support (despite the fact that I have a
    > > support agreement). I should have some support calls free from Microsoft -
    > > right??? I think I'm starting to panic.
    >
    > If your machine is compromised there is only one way to ensure it's
    > clean - load the system restore CD's and wipe everything. When we have
    > to certify that a machine is clean, we wipe the drive and reinstall from
    > scratch, that's the only way to be sure. No matter how many AV scan's
    > you run, no matter how many spyware tools you use, they are all
    > "reactionary", meaning they don't always have a cure until it's already
    > been in the wild and exposed.
    >
    > Since Dell doesn't have an obligation to support software you've
    > installed, and since you admitted to them that you messed it up, don't
    > feel bad about Dell wanting money to help you fix a software issue that
    > you created.
    >
    > If you want it clean, wipe it and start over - this time get a NAT
    > device connected before you start, and don't surf anywhere until you get
    > all of the Windows Updates and your AV software installed - and Use
    > FireFox as a browser from now on.
    >
    >
    >
    > >
    > > "Leythos" wrote:
    > >
    > > > In article <DD90F48F-3F10-481D-8C8F-B96D3BC0A6DF@microsoft.com>,
    > > > bryan@discussions.microsoft.com says...
    > > > > I rebooted into safe mode and ran C:\AV_CLS\Startmenu.bat. The results were
    > > > > similar:
    > > >
    > > > But you didn't say if you registered McAfee or not? If you don't
    > > > register it, it won't have the updates to catch the latest bad things.
    > > >
    > > >
    > > >
    > > > >
    > > > > Summary report on C:\*.*
    > > > > File(s)
    > > > > Total files: ........... 137950
    > > > > Clean: ................. 137823
    > > > > Possibly Infected: ..... 0
    > > > > Cleaned: ............... 0
    > > > > Non-critical Error(s): 2
    > > > > Master Boot Record(s): ......... 1
    > > > > Possibly Infected: ..... 0
    > > > > Boot Sector(s): ................ 1
    > > > > Possibly Infected: ..... 0
    > > > >
    > > > > What should I do next?
    > > > >
    > > > > "Leythos" wrote:
    > > > >
    > > > > > In article <#uCxcysoFHA.568@TK2MSFTNGP10.phx.gbl>,
    > > > > > DLipman~nospam~@Verizon.Net says...
    > > > > > > If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    > > > > > > vendor's web site and download the needed AV command line scanner and signature files.
    > > > > >
    > > > > > NO IT WONT - Mcrappy requires you to register the product and agree to a
    > > > > > control being installed before you can get automatic updates. I've seen
    > > > > > more McCrappy protected machines infected due to their now doing
    > > > > > automatic updates without registration.
    > > >
    > > >
    > > > --
    > > >
    > > > spam999free@rrohio.com
    > > > remove 999 in order to email me
    > > >
    > >
    >
    > --
    >
    > spam999free@rrohio.com
    > remove 999 in order to email me
    >
  21. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "bryan" <bryan@discussions.microsoft.com>

    | WAIT! I did NOT install any of the ms applications. My Dell came
    | pre-installed with xp sp2 and Microsoft Office. I did not mess ANYTHING up.
    | It came this way! Why do you say that I admitted to messing up?


    There is confusion in this thread...

    Your system is clean, and doubtfully compramised.

    Run the Sophos and Trend Micro modules in the Multi AV Scanner utility for verification.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  22. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In news:77230557-C1BB-44A5-BA74-929C181621D4@microsoft.com,
    bryan <bryan@discussions.microsoft.com> typed:
    > WAIT! I did NOT install any of the ms applications. My Dell came
    > pre-installed with xp sp2 and Microsoft Office. I did not mess
    > ANYTHING up. It came this way! Why do you say that I admitted to
    > messing up?

    I don't think you need to take affront here....what I understood Leythos to
    mean is that the machine didn't ship to you with a virus on it. That
    happened after you started using it.

    The issue seems to be that you connected to the Internet without a firewall
    enabled. Is that the case? It takes only nanoseconds for you to get hit by
    something - and this is true on dialup, as well.

    Given that you haven't used the computer much, it may indeed be faster to
    reload everything from the recovery CDs.

    Also - if you haven't paid for McAfee, you may want to look into another
    antivirus program - McAfee isn't a favorite of many of us. I personally like
    Trend's PC-Cillin for standalone workstations, but there are as many
    opinions on this topic as there are <insert analogy here>.

    >
    > "Leythos" wrote:
    >
    >> In article <4F70499B-62C3-43F4-8CDB-C830AB8F5BB8@microsoft.com>,
    >> bryan@discussions.microsoft.com says...
    >>> When I installed Mcafee, I registered the product and downloaded
    >>> ALL updates. I am completely up-to-date with Mcafee. Sorry, I
    >>> thought I had mentioned that in my original post. Thanks. Now what
    >>> do I do? Dell says they won't help me unless I pay them $50 for
    >>> special support (despite the fact that I have a support agreement).
    >>> I should have some support calls free from Microsoft - right??? I
    >>> think I'm starting to panic.
    >>
    >> If your machine is compromised there is only one way to ensure it's
    >> clean - load the system restore CD's and wipe everything. When we
    >> have to certify that a machine is clean, we wipe the drive and
    >> reinstall from scratch, that's the only way to be sure. No matter
    >> how many AV scan's you run, no matter how many spyware tools you
    >> use, they are all "reactionary", meaning they don't always have a
    >> cure until it's already been in the wild and exposed.
    >>
    >> Since Dell doesn't have an obligation to support software you've
    >> installed, and since you admitted to them that you messed it up,
    >> don't feel bad about Dell wanting money to help you fix a software
    >> issue that you created.
    >>
    >> If you want it clean, wipe it and start over - this time get a NAT
    >> device connected before you start, and don't surf anywhere until you
    >> get all of the Windows Updates and your AV software installed - and
    >> Use FireFox as a browser from now on.
    >>
    >>
    >>
    >>>
    >>> "Leythos" wrote:
    >>>
    >>>> In article <DD90F48F-3F10-481D-8C8F-B96D3BC0A6DF@microsoft.com>,
    >>>> bryan@discussions.microsoft.com says...
    >>>>> I rebooted into safe mode and ran C:\AV_CLS\Startmenu.bat. The
    >>>>> results were similar:
    >>>>
    >>>> But you didn't say if you registered McAfee or not? If you don't
    >>>> register it, it won't have the updates to catch the latest bad
    >>>> things.
    >>>>
    >>>>
    >>>>
    >>>>>
    >>>>> Summary report on C:\*.*
    >>>>> File(s)
    >>>>> Total files: ........... 137950
    >>>>> Clean: ................. 137823
    >>>>> Possibly Infected: ..... 0
    >>>>> Cleaned: ............... 0
    >>>>> Non-critical Error(s): 2
    >>>>> Master Boot Record(s): ......... 1
    >>>>> Possibly Infected: ..... 0
    >>>>> Boot Sector(s): ................ 1
    >>>>> Possibly Infected: ..... 0
    >>>>>
    >>>>> What should I do next?
    >>>>>
    >>>>> "Leythos" wrote:
    >>>>>
    >>>>>> In article <#uCxcysoFHA.568@TK2MSFTNGP10.phx.gbl>,
    >>>>>> DLipman~nospam~@Verizon.Net says...
    >>>>>>> If you choose; McAfee, Trend or Sophos it will automatically
    >>>>>>> go to the respective AV vendor's web site and download the
    >>>>>>> needed AV command line scanner and signature files.
    >>>>>>
    >>>>>> NO IT WONT - Mcrappy requires you to register the product and
    >>>>>> agree to a control being installed before you can get automatic
    >>>>>> updates. I've seen more McCrappy protected machines infected due
    >>>>>> to their now doing automatic updates without registration.
    >>>>
    >>>>
    >>>> --
    >>>>
    >>>> spam999free@rrohio.com
    >>>> remove 999 in order to email me
    >>>>
    >>>
    >>
    >> --
    >>
    >> spam999free@rrohio.com
    >> remove 999 in order to email me
  23. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    David,
    I ran Sophos. Here are my results:

    1 master boot record swept
    47819 files swept
    133 errors encountered
    no viruses detected
    112 encrypted files not checked.

    I will run the last one (Trend) later tonight and post back). What do you
    think of the results of Sophos? Thank you VERY VERY much for your help.
    Bryan

    "David H. Lipman" wrote:

    > From: "Leythos" <void@nowhere.lan>
    >
    > | In article <#uCxcysoFHA.568@TK2MSFTNGP10.phx.gbl>,
    > | DLipman~nospam~@Verizon.Net says...
    > >> If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    > >> vendor's web site and download the needed AV command line scanner and signature files.
    > |
    > | NO IT WONT - Mcrappy requires you to register the product and agree to a
    > | control being installed before you can get automatic updates. I've seen
    > | more McCrappy protected machines infected due to their now doing
    > | automatic updates without registration.
    > |
    > | --
    > |
    > | spam999free@rrohio.com
    > | remove 999 in order to email me
    >
    > Thaey are NOT MS updates. This is my own scripted front end to McAfee and Sophos' Command
    > Line Scanners and Trend Micro's Sysclean utility. If you run the script it will provide a
    > menu and if you choose a scanner module it will do as I indicated.
    >
    > Give it a shot Leythos !
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
  24. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In article <77230557-C1BB-44A5-BA74-929C181621D4@microsoft.com>,
    bryan@discussions.microsoft.com says...
    > WAIT! I did NOT install any of the ms applications. My Dell came
    > pre-installed with xp sp2 and Microsoft Office. I did not mess ANYTHING up.
    > It came this way! Why do you say that I admitted to messing up?

    I was reading what was posted and it seemed to me that you were trying
    to get support for software that was not shipped as installed. In the
    case of MS Office, as an OEM installation, Dell must provide support,
    that's how the OEM agreement works. Microsoft does not provide support
    for ANY OEM software installations - unless you want to pay for it.

    In case you missed it - you said "When I installed Mcafee" so I assumed
    (incorrectly) you had installed it and not just done the update.


    --

    spam999free@rrohio.com
    remove 999 in order to email me
  25. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In article <ONrWCYzoFHA.2580@TK2MSFTNGP09.phx.gbl>,
    DLipman~nospam~@Verizon.Net says...
    > From: "Leythos" <void@nowhere.lan>
    >
    > | In article <#uCxcysoFHA.568@TK2MSFTNGP10.phx.gbl>,
    > | DLipman~nospam~@Verizon.Net says...
    > >> If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV
    > >> vendor's web site and download the needed AV command line scanner and signature files.
    > |
    > | NO IT WONT - Mcrappy requires you to register the product and agree to a
    > | control being installed before you can get automatic updates. I've seen
    > | more McCrappy protected machines infected due to their now doing
    > | automatic updates without registration.
    > |
    >
    > Thaey are NOT MS updates. This is my own scripted front end to McAfee and Sophos' Command
    > Line Scanners and Trend Micro's Sysclean utility. If you run the script it will provide a
    > menu and if you choose a scanner module it will do as I indicated.
    >
    > Give it a shot Leythos !

    Sorry, I misunderstood - I thought you were talking about the products.
    As a IT company/owner I can not push scripts that are published on the
    net until I have the source code and time to test them. As it stands,
    installing McCrappy does not also update the virus definitions and leave
    owners/users greatly unprotected without any real notice that they are
    unprotected ( at least none that makes it obvious to the masses of non-
    technical users ).

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  26. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In article <Ox3gVYzoFHA.1148@TK2MSFTNGP12.phx.gbl>,
    DLipman~nospam~@Verizon.Net says...
    > From: "Leythos" <void@nowhere.lan>
    >
    > | In article <DD90F48F-3F10-481D-8C8F-B96D3BC0A6DF@microsoft.com>,
    > | bryan@discussions.microsoft.com says...
    > >> I rebooted into safe mode and ran C:\AV_CLS\Startmenu.bat. The results were
    > >> similar:
    > |
    > | But you didn't say if you registered McAfee or not? If you don't
    > | register it, it won't have the updates to catch the latest bad things.
    > |
    >
    > NO Registration is needed !

    The registration is needed if you want the product to AutoUpdate itself
    - the last install we saw was as I said.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  27. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "bryan" <bryan@discussions.microsoft.com>

    | David,
    | I ran Sophos. Here are my results:
    |
    | 1 master boot record swept
    | 47819 files swept
    | 133 errors encountered
    | no viruses detected
    | 112 encrypted files not checked.
    |
    | I will run the last one (Trend) later tonight and post back). What do you
    | think of the results of Sophos? Thank you VERY VERY much for your help.
    | Bryan


    Bryan:

    With a McAfee and Sophos scan with nothing found, I think that says much.

    The 133 errors are files that can't be opened for read such as password proteced files and
    files that have their respective File Handles held open. It's 'Normal' operation.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  28. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi David,
    Finished the 3rd scan (Trend) with good results again:
    virus count: 0
    virus clean count: 0
    clean fail count: 0
    As with Sophos, many files were 'denied access'. I did some homwork and
    found something in the Microsoft KB which says that problems which sound
    similar to mine occur due to monitor driver failure/incompatibility;

    http://support.microsoft.com/default.aspx/kb/q218609/

    Any ideas on how I should proceed? I would call Dell regarding the KB
    article, but two calls to Dell Tech support yielded poor information. Looking
    forward to your reply. It's 1:35am EDT (yawn). ONCE AGAIN, THANK YOU VERY
    MUCH FOR YOUR EXPERTISE. Bryan

    "David H. Lipman" wrote:

    > From: "bryan" <bryan@discussions.microsoft.com>
    >
    > | David,
    > | I ran Sophos. Here are my results:
    > |
    > | 1 master boot record swept
    > | 47819 files swept
    > | 133 errors encountered
    > | no viruses detected
    > | 112 encrypted files not checked.
    > |
    > | I will run the last one (Trend) later tonight and post back). What do you
    > | think of the results of Sophos? Thank you VERY VERY much for your help.
    > | Bryan
    >
    >
    > Bryan:
    >
    > With a McAfee and Sophos scan with nothing found, I think that says much.
    >
    > The 133 errors are files that can't be opened for read such as password proteced files and
    > files that have their respective File Handles held open. It's 'Normal' operation.
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
  29. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Do you realize that for all of the time you've spend, that you could
    backup the files you created on your own and have restored the entire
    computer in a known good state by wiping it and reinstalling everything.


    In article <308FF50D-81AA-4325-AFD4-E7E8F912FBDA@microsoft.com>,
    bryan@discussions.microsoft.com says...
    > Hi David,
    > Finished the 3rd scan (Trend) with good results again:
    > virus count: 0
    > virus clean count: 0
    > clean fail count: 0
    > As with Sophos, many files were 'denied access'. I did some homwork and
    > found something in the Microsoft KB which says that problems which sound
    > similar to mine occur due to monitor driver failure/incompatibility;
    >
    > http://support.microsoft.com/default.aspx/kb/q218609/
    >
    > Any ideas on how I should proceed? I would call Dell regarding the KB
    > article, but two calls to Dell Tech support yielded poor information. Looking
    > forward to your reply. It's 1:35am EDT (yawn). ONCE AGAIN, THANK YOU VERY
    > MUCH FOR YOUR EXPERTISE. Bryan
    >
    > "David H. Lipman" wrote:
    >
    > > From: "bryan" <bryan@discussions.microsoft.com>
    > >
    > > | David,
    > > | I ran Sophos. Here are my results:
    > > |
    > > | 1 master boot record swept
    > > | 47819 files swept
    > > | 133 errors encountered
    > > | no viruses detected
    > > | 112 encrypted files not checked.
    > > |
    > > | I will run the last one (Trend) later tonight and post back). What do you
    > > | think of the results of Sophos? Thank you VERY VERY much for your help.
    > > | Bryan
    > >
    > >
    > > Bryan:
    > >
    > > With a McAfee and Sophos scan with nothing found, I think that says much.
    > >
    > > The 133 errors are files that can't be opened for read such as password proteced files and
    > > files that have their respective File Handles held open. It's 'Normal' operation.
    > >
    > > --
    > > Dave
    > > http://www.claymania.com/removal-trojan-adware.html
    > > http://www.ik-cs.com/got-a-virus.htm
    > >
    > >
    > >
    >

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  30. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Leythos,
    When Dell put this pc together, they gave me a version of XP sp2 with NO
    security updates . I spent the entire evening loading 23 updates (Dell told
    me to do them 1 at a time but could not explain to me why they did this).

    "Leythos" wrote:

    > Do you realize that for all of the time you've spend, that you could
    > backup the files you created on your own and have restored the entire
    > computer in a known good state by wiping it and reinstalling everything.
    >
    >
    >
    > In article <308FF50D-81AA-4325-AFD4-E7E8F912FBDA@microsoft.com>,
    > bryan@discussions.microsoft.com says...
    > > Hi David,
    > > Finished the 3rd scan (Trend) with good results again:
    > > virus count: 0
    > > virus clean count: 0
    > > clean fail count: 0
    > > As with Sophos, many files were 'denied access'. I did some homwork and
    > > found something in the Microsoft KB which says that problems which sound
    > > similar to mine occur due to monitor driver failure/incompatibility;
    > >
    > > http://support.microsoft.com/default.aspx/kb/q218609/
    > >
    > > Any ideas on how I should proceed? I would call Dell regarding the KB
    > > article, but two calls to Dell Tech support yielded poor information. Looking
    > > forward to your reply. It's 1:35am EDT (yawn). ONCE AGAIN, THANK YOU VERY
    > > MUCH FOR YOUR EXPERTISE. Bryan
    > >
    > > "David H. Lipman" wrote:
    > >
    > > > From: "bryan" <bryan@discussions.microsoft.com>
    > > >
    > > > | David,
    > > > | I ran Sophos. Here are my results:
    > > > |
    > > > | 1 master boot record swept
    > > > | 47819 files swept
    > > > | 133 errors encountered
    > > > | no viruses detected
    > > > | 112 encrypted files not checked.
    > > > |
    > > > | I will run the last one (Trend) later tonight and post back). What do you
    > > > | think of the results of Sophos? Thank you VERY VERY much for your help.
    > > > | Bryan
    > > >
    > > >
    > > > Bryan:
    > > >
    > > > With a McAfee and Sophos scan with nothing found, I think that says much.
    > > >
    > > > The 133 errors are files that can't be opened for read such as password proteced files and
    > > > files that have their respective File Handles held open. It's 'Normal' operation.
    > > >
    > > > --
    > > > Dave
    > > > http://www.claymania.com/removal-trojan-adware.html
    > > > http://www.ik-cs.com/got-a-virus.htm
    > > >
    > > >
    > > >
    > >
    >
    > --
    >
    > spam999free@rrohio.com
    > remove 999 in order to email me
    >
  31. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In article <D7B24C35-FD65-4517-B632-CF159C2F5395@microsoft.com>,
    bryan@discussions.microsoft.com says...
    > Leythos,
    > When Dell put this pc together, they gave me a version of XP sp2 with NO
    > security updates . I spent the entire evening loading 23 updates (Dell told
    > me to do them 1 at a time but could not explain to me why they did this).

    If you had XP + SP2, and you have a NAT router to act as a barrier for
    your Internet connection (assuming you don't use Dial-Up), then opening
    IE, selecting Tools, Windows Update, and letting it install all the
    updates as it wants (meaning as many as it wants each time) is the
    proper way to do it.

    So, now that you've scanned your system with multiple AV tools, in safe
    mode and not in safe mode, and they all show your machine as clean. What
    problem remains with your system?

    If it's still compromised, or you still have application that don't work
    properly, or you really feel the OS is screwed up, then you would be
    better off just wiping it and reinstalling everything.

    If you were to install Windows XP + SP2 without doing it as an image
    restore, meaning you are restoring it as though you bought XP from
    BestBuy, it will take about 1 hour to install, then, you have to use the
    Dell Drivers CD to install the drivers - about 30 minutes, then you have
    to do the Windows Update process - about 30 minutes, then you can load
    all your applications. Here's the kicker, if you are not on a protected
    network (behind a NAT based system) and you've not secured the system
    before you connect to the internet, you will be compromised all over
    again.


    --

    spam999free@rrohio.com
    remove 999 in order to email me
  32. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Although I am palanning to eventually move up to high-speed, I am still using
    dial up. I would like to look at the information in the Microsoft KB article
    which I alluded to in a previous post (although I would like to wait for
    David's reply first). The article cites video card/driver incompatibility and
    the symptoms sound somewhat similar to what I am experiencing.

    http://support.microsoft.com/default.aspx/kb/q218609/

    Thank you for your suggestions.

    "Leythos" wrote:

    > In article <D7B24C35-FD65-4517-B632-CF159C2F5395@microsoft.com>,
    > bryan@discussions.microsoft.com says...
    > > Leythos,
    > > When Dell put this pc together, they gave me a version of XP sp2 with NO
    > > security updates . I spent the entire evening loading 23 updates (Dell told
    > > me to do them 1 at a time but could not explain to me why they did this).
    >
    > If you had XP + SP2, and you have a NAT router to act as a barrier for
    > your Internet connection (assuming you don't use Dial-Up), then opening
    > IE, selecting Tools, Windows Update, and letting it install all the
    > updates as it wants (meaning as many as it wants each time) is the
    > proper way to do it.
    >
    > So, now that you've scanned your system with multiple AV tools, in safe
    > mode and not in safe mode, and they all show your machine as clean. What
    > problem remains with your system?
    >
    > If it's still compromised, or you still have application that don't work
    > properly, or you really feel the OS is screwed up, then you would be
    > better off just wiping it and reinstalling everything.
    >
    > If you were to install Windows XP + SP2 without doing it as an image
    > restore, meaning you are restoring it as though you bought XP from
    > BestBuy, it will take about 1 hour to install, then, you have to use the
    > Dell Drivers CD to install the drivers - about 30 minutes, then you have
    > to do the Windows Update process - about 30 minutes, then you can load
    > all your applications. Here's the kicker, if you are not on a protected
    > network (behind a NAT based system) and you've not secured the system
    > before you connect to the internet, you will be compromised all over
    > again.
    >
    >
    >
    > --
    >
    > spam999free@rrohio.com
    > remove 999 in order to email me
    >
  33. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In article <5BC0C3C4-DCED-4EB8-A38C-DB4571519185@microsoft.com>,
    bryan@discussions.microsoft.com says...
    > Although I am palanning to eventually move up to high-speed, I am still using
    > dial up. I would like to look at the information in the Microsoft KB article
    > which I alluded to in a previous post (although I would like to wait for
    > David's reply first). The article cites video card/driver incompatibility and
    > the symptoms sound somewhat similar to what I am experiencing.
    >
    > http://support.microsoft.com/default.aspx/kb/q218609/
    >
    > Thank you for your suggestions.

    So, download the new/updated video driver from the video car vendors
    site and install it in safe mode - or just uninstall the current driver
    in safe mode and then it will ask you for the new driver when you reboot
    in normal mode.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  34. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Leythos,
    I am even LESS technical when it comes to this type of thing. I hope the
    vendor's site is in the owners manual. Or how do I uninstall the current
    driver? And when it asks me for the new driver what do I do? THe CD says
    documentation so I assume that there are no drivers on the CD? Also, two
    types of monitor connectors came with the Dell - a blue and a white. Dell
    told me that one is for the older data type (which I am not using). Should I
    try to switch lines?


    "Leythos" wrote:

    > In article <5BC0C3C4-DCED-4EB8-A38C-DB4571519185@microsoft.com>,
    > bryan@discussions.microsoft.com says...
    > > Although I am palanning to eventually move up to high-speed, I am still using
    > > dial up. I would like to look at the information in the Microsoft KB article
    > > which I alluded to in a previous post (although I would like to wait for
    > > David's reply first). The article cites video card/driver incompatibility and
    > > the symptoms sound somewhat similar to what I am experiencing.
    > >
    > > http://support.microsoft.com/default.aspx/kb/q218609/
    > >
    > > Thank you for your suggestions.
    >
    > So, download the new/updated video driver from the video car vendors
    > site and install it in safe mode - or just uninstall the current driver
    > in safe mode and then it will ask you for the new driver when you reboot
    > in normal mode.
    >
    > --
    >
    > spam999free@rrohio.com
    > remove 999 in order to email me
    >
  35. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In article <81C00143-167B-4982-9F6C-F8F8593C84AD@microsoft.com>,
    bryan@discussions.microsoft.com says...
    > Leythos,
    > I am even LESS technical when it comes to this type of thing. I hope the
    > vendor's site is in the owners manual. Or how do I uninstall the current
    > driver? And when it asks me for the new driver what do I do? THe CD says
    > documentation so I assume that there are no drivers on the CD? Also, two
    > types of monitor connectors came with the Dell - a blue and a white. Dell
    > told me that one is for the older data type (which I am not using). Should I
    > try to switch lines?

    If you have to ask these questions and don't have a way to determine the
    answer in a format that you can use - take the computer to a computer
    shop and have them fix it - you will save time and get it back working.

    I still don't know what your problem is and have not found far enough
    back to see what you said it was:

    What specifically is your EXACT problem?


    --

    spam999free@rrohio.com
    remove 999 in order to email me
  36. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I MAY HAVE FOUND THE PROBLEM. There is a program called Data Execution
    Prevention (DEP). As stated (about 200 posts ago), my microsoft programs were
    causing shutdown errors. Before I get the familiar 'Program has encountered a
    problem and must close', I get a pop-up menu about DEP. Since I scanned with
    about 6 different programs, I feel that my pc is clean, so I disabled DEP for
    IE. And now everything works. My only question now is whether I can keep DEP
    disabled for IE? Any ideas? Thanks

    "Leythos" wrote:

    > In article <81C00143-167B-4982-9F6C-F8F8593C84AD@microsoft.com>,
    > bryan@discussions.microsoft.com says...
    > > Leythos,
    > > I am even LESS technical when it comes to this type of thing. I hope the
    > > vendor's site is in the owners manual. Or how do I uninstall the current
    > > driver? And when it asks me for the new driver what do I do? THe CD says
    > > documentation so I assume that there are no drivers on the CD? Also, two
    > > types of monitor connectors came with the Dell - a blue and a white. Dell
    > > told me that one is for the older data type (which I am not using). Should I
    > > try to switch lines?
    >
    > If you have to ask these questions and don't have a way to determine the
    > answer in a format that you can use - take the computer to a computer
    > shop and have them fix it - you will save time and get it back working.
    >
    > I still don't know what your problem is and have not found far enough
    > back to see what you said it was:
    >
    > What specifically is your EXACT problem?
    >
    >
    > --
    >
    > spam999free@rrohio.com
    > remove 999 in order to email me
    >
  37. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    On Wed, 17 Aug 2005 12:16:17 GMT, Leythos <void@nowhere.lan> wrote:
    >bryan@discussions.microsoft.com says...

    >> When I installed Mcafee, I registered the product and downloaded ALL updates.
    >> I am completely up-to-date with Mcafee. Sorry, I thought I had mentioned that
    >> in my original post. Thanks. Now what do I do?

    >If your machine is compromised there is only one way to ensure it's
    >clean - load the system restore CD's and wipe everything. When we have
    >to certify that a machine is clean, we wipe the drive and reinstall from
    >scratch, that's the only way to be sure. No matter how many AV scan's
    >you run, no matter how many spyware tools you use, they are all
    >"reactionary", meaning they don't always have a cure until it's already
    >been in the wild and exposed.

    Ah, a favorite myth, this.

    Not that you know a PC is clean because you scanned it; sure, there's
    always some doubt there. The myth is that you can take a PC that has
    FAILED to defend itself, wipe and rebuild it to the same level of
    exploitability (or considerably more so, thanks to lost patches and
    duhfault settings), and assume that won't get infected the same way.

    If you never bothered to detect the malware, and thus haven't a clue
    how it got in, then what are you doing differently with the rebuild
    that's going to make any difference?

    >If you want it clean, wipe it and start over - this time get a NAT
    >device connected before you start, and don't surf anywhere until you get
    >all of the Windows Updates and your AV software installed - and Use
    >FireFox as a browser from now on.

    Those steps will help, but it's still worth finding out what it is
    that you are dealing with, before you wipe away the information that
    could have provided that information.

    If you're up against a human adversary, then they gain the upper hand;
    when your PC vanishes and comes back clean, they know you found out
    there was a problem, and they'll be stealthier next time. Whereas
    you've learned nothing, and made it impossible to learn anything,
    about what your assailant was up to.

    Also - that "data" you restored after wiping and starting over; how
    sure are you that it is free of malware that can re-spawn?


    >-- Risk Management is the clue that asks:
    "Why do I keep open buckets of petrol next to all the
    ashtrays in the lounge, when I don't even have a car?"
    >----------------------- ------ ---- --- -- - - - -
  38. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    On Thu, 18 Aug 2005 13:33:29 GMT, Leythos <void@nowhere.lan> wrote:

    >Do you realize that for all of the time you've spend, that you could
    >backup the files you created on your own and have restored the entire
    >computer in a known good state by wiping it and reinstalling everything.

    Two things:

    1) It takes longer, the more you do during the install.

    Not all of us are content to live with duhfaults, and it can be quite
    difficult to find automated ways of doing things that one knows how to
    do on an interactive basis. So that makes it longer to rebuild.

    2) It takes longer to troubleshoot a recurrance

    If you "just" wipe and re-install everything, and then promptly get
    re-infected, then what are you going to do - what I did in the first
    place? Or are you going to live "Groundhog Day" forever?

    If I have to spend time, and can do so in two different ways, I'll
    choose the way that teaches me something, and that makes it less
    likely for me to have to fight the same battle all over again ;-)


    >------------------------ ---- --- -- - - - -
    Forget http://cquirke.blogspot.com and check out a
    better one at http://topicdrift.blogspot.com instead!
    >------------------------ ---- --- -- - - - -
  39. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In article <p0dag1d3jmf9qb4fju2qgvr2o75ba0uloh@4ax.com>,
    cquirkenews@nospam.mvps.org says...
    > 2) It takes longer to troubleshoot a recurrance
    >
    > If you "just" wipe and re-install everything, and then promptly get
    > re-infected, then what are you going to do - what I did in the first
    > place? Or are you going to live "Groundhog Day" forever?
    >
    > If I have to spend time, and can do so in two different ways, I'll
    > choose the way that teaches me something, and that makes it less
    > likely for me to have to fight the same battle all over again ;-)

    Well, the OP has been given TONS of advice in this thread and now has
    about 1000000 AV scanners at his disposal, in addition to having things
    explained to him about security.

    There is a good chance, if the OP were to follow the instructions in
    this thread, that he would not get compromised again - did you miss all
    of it and just come in at the end of the thread?

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  40. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    On Thu, 18 Aug 2005 15:06:06 -0700, "bryan"

    >I MAY HAVE FOUND THE PROBLEM. There is a program called Data Execution
    >Prevention (DEP).

    Ah! OK - are you on an AMD processor that supports DEP?

    DEP isn't a program as such; it's a capability built into some
    processors, starting with AMD and now with Intel playing catch-up. XP
    understands DEP, starting with SP2 (pre-SP2 had no DEP awareness).

    What DEP does, is to bring back an old concept; that data and
    instructions should be kept separate, so that data is never executed
    as processor instructrions. This kills a common exploit pattern,
    where code is contained within malformed data that overruns beyond
    where it should be, causing the system to run it as code.

    The trouble is, some programs fall foul of this - especially some
    antivirus apps that may "sample" material as code to assess it for
    potentially malicious behavior.

    You can disable SP2's DEP awareness via a parameter entered after the
    partition OS loader line in C:\Boot.ini, or add a copy of that line
    with the parameter added, so you can choose which mode to start up
    with. But do research that syntax carefully; a botched C:\BOOT.INI
    can prevent XP from booting at all, and that's bad news on NTFS.


    >--------------- ----- ---- --- -- - - -
    Who is General Failure and
    why is he reading my disk?
    >--------------- ----- ---- --- -- - - -
  41. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    >There is a good chance, if the OP were to follow the instructions in
    >this thread, that he would not get compromised again - did you miss all
    >of it and just come in at the end of the thread?

    My God man the op never was compromised in the first place!

    --
    Mike Pawlak


    Leythos wrote:
    > In article <p0dag1d3jmf9qb4fju2qgvr2o75ba0uloh@4ax.com>,
    > cquirkenews@nospam.mvps.org says...
    >> 2) It takes longer to troubleshoot a recurrance
    >>
    >> If you "just" wipe and re-install everything, and then promptly get
    >> re-infected, then what are you going to do - what I did in the first
    >> place? Or are you going to live "Groundhog Day" forever?
    >>
    >> If I have to spend time, and can do so in two different ways, I'll
    >> choose the way that teaches me something, and that makes it less
    >> likely for me to have to fight the same battle all over again ;-)
    >
    > Well, the OP has been given TONS of advice in this thread and now has
    > about 1000000 AV scanners at his disposal, in addition to having
    > things explained to him about security.
    >
    > There is a good chance, if the OP were to follow the instructions in
    > this thread, that he would not get compromised again - did you miss
    > all of it and just come in at the end of the thread?
  42. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "bryan" <bryan@discussions.microsoft.com>

    | Good Evening,
    | Right-on Cquirke regarding your point #2: reinstalling would have
    | resulted in spinning my wheels since I strongly felt that the problem was on
    | the computer 'out of the box' - which it was. I followed the help file
    | instructions in order to disable DEP for IE. Everything is now working -
    | even Access. Before disabling DEP, I created a 3 line wordpad file consisting
    | of ABC, testing and 123. DEP even shutdown this file. ONE QUESTION REGARDING
    | DAVID's AV arsenal: If I need to run this series of AV programs in the future
    | (I hope not!!!!!), should I re-download the files in order to get the latest
    | definitions? Thanks again to all of you. Bryan
    |

    Bryan:

    The scripts will automatically download new AV signature and scanner files as needed.

    If you want to do another "On Demand" scan, just choose a AV vendor module (McAfee, Trend or
    Sophos).

    Ocassionally I do post new versions of the Multi_AV.exe file. Every so often you can
    download a new version and execute it to update your version.

    Version information is kept in; C:\AV-CLS\readme.txt
    The present version is; v2.26

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  43. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi David,
    I just wanted to take a moment to thank you again for your assistance.
    Take care.

    "David H. Lipman" wrote:

    > From: "bryan" <bryan@discussions.microsoft.com>
    >
    > | Good Evening,
    > | Right-on Cquirke regarding your point #2: reinstalling would have
    > | resulted in spinning my wheels since I strongly felt that the problem was on
    > | the computer 'out of the box' - which it was. I followed the help file
    > | instructions in order to disable DEP for IE. Everything is now working -
    > | even Access. Before disabling DEP, I created a 3 line wordpad file consisting
    > | of ABC, testing and 123. DEP even shutdown this file. ONE QUESTION REGARDING
    > | DAVID's AV arsenal: If I need to run this series of AV programs in the future
    > | (I hope not!!!!!), should I re-download the files in order to get the latest
    > | definitions? Thanks again to all of you. Bryan
    > |
    >
    > Bryan:
    >
    > The scripts will automatically download new AV signature and scanner files as needed.
    >
    > If you want to do another "On Demand" scan, just choose a AV vendor module (McAfee, Trend or
    > Sophos).
    >
    > Ocassionally I do post new versions of the Multi_AV.exe file. Every so often you can
    > download a new version and execute it to update your version.
    >
    > Version information is kept in; C:\AV-CLS\readme.txt
    > The present version is; v2.26
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
  44. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "bryan" <bryan@discussions.microsoft.com>

    | Hi David,
    | I just wanted to take a moment to thank you again for your assistance.
    | Take care.

    You are most welcome Bryan. That includes emailing me. Just remove ~nospam~ from either of
    the below email addresses...

    DLipman~nospam~@Verizon.Net
    David_H_Lipman~nospam~@Yahoo.Com

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  45. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In article <OzlZfBMpFHA.320@TK2MSFTNGP09.phx.gbl>,
    mikepawlak2REM@OVEhotmail.com says...
    > >There is a good chance, if the OP were to follow the instructions in
    > >this thread, that he would not get compromised again - did you miss all
    > >of it and just come in at the end of the thread?
    >
    > My God man the op never was compromised in the first place!

    Nice of you to not follow the entire post that it was a reply too - the
    chap asked about how reinstalling would have kept him from being
    compromised again - but you missed that.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  46. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In article <88D63F40-45DB-4230-9261-B98791AF91E1@microsoft.com>,
    bryan@discussions.microsoft.com says...
    > Good Evening,
    > Right-on Cquirke regarding your point #2: reinstalling would have
    > resulted in spinning my wheels since I strongly felt that the problem was on
    > the computer 'out of the box' - which it was. I followed the help file
    > instructions in order to disable DEP for IE. Everything is now working -
    > even Access. Before disabling DEP, I created a 3 line wordpad file consisting
    > of ABC, testing and 123. DEP even shutdown this file. ONE QUESTION REGARDING
    > DAVID's AV arsenal: If I need to run this series of AV programs in the future
    > (I hope not!!!!!), should I re-download the files in order to get the latest
    > definitions? Thanks again to all of you. Bryan

    I hate to say this, but if you had to modify DEP to get Wordpad to work,
    then you still have problems with your computer - something is
    definitely NOT right with it.

    I've never seen a computer yet that required any changes to DEP, and
    we've got more than 1000 of them running XP with SPS2.

    Since AV wasn't your issue, and since you still don't know what the
    actual problem is, I would suggest that in order to prevent additional
    problems that you do a factory restore on the machine. We've got tons of
    Dell systems and, again, nothing with DEP had/has to be changed.

    Before you write back and say it's working fine - consider what you
    actually did and why you had to do it with Wordpad, and remember that no
    one has reported needing to modify DEP for Wordpad that I've read
    anywhere.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  47. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Leythos,

    I located the article in the Microsoft Knowledgebase;

    You receive a "Data Execution Prevention" error message in Windows XP
    Service Pack 2 or in Windows XP Tablet PC Edition 2005
    (875351) - Describes the Data Execution Prevention feature in Windows XP
    Service Pack 2 and why the feature may generate an error message.
    http://support.microsoft.com/default.aspx?scid=kb;en-us;875351


    "Leythos" wrote:

    > In article <88D63F40-45DB-4230-9261-B98791AF91E1@microsoft.com>,
    > bryan@discussions.microsoft.com says...
    > > Good Evening,
    > > Right-on Cquirke regarding your point #2: reinstalling would have
    > > resulted in spinning my wheels since I strongly felt that the problem was on
    > > the computer 'out of the box' - which it was. I followed the help file
    > > instructions in order to disable DEP for IE. Everything is now working -
    > > even Access. Before disabling DEP, I created a 3 line wordpad file consisting
    > > of ABC, testing and 123. DEP even shutdown this file. ONE QUESTION REGARDING
    > > DAVID's AV arsenal: If I need to run this series of AV programs in the future
    > > (I hope not!!!!!), should I re-download the files in order to get the latest
    > > definitions? Thanks again to all of you. Bryan
    >
    > I hate to say this, but if you had to modify DEP to get Wordpad to work,
    > then you still have problems with your computer - something is
    > definitely NOT right with it.
    >
    > I've never seen a computer yet that required any changes to DEP, and
    > we've got more than 1000 of them running XP with SPS2.
    >
    > Since AV wasn't your issue, and since you still don't know what the
    > actual problem is, I would suggest that in order to prevent additional
    > problems that you do a factory restore on the machine. We've got tons of
    > Dell systems and, again, nothing with DEP had/has to be changed.
    >
    > Before you write back and say it's working fine - consider what you
    > actually did and why you had to do it with Wordpad, and remember that no
    > one has reported needing to modify DEP for Wordpad that I've read
    > anywhere.
    >
    > --
    >
    > spam999free@rrohio.com
    > remove 999 in order to email me
    >
  48. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    In article <7683C116-A6AD-4FC0-9DF8-F0709738B5D5@microsoft.com>,
    bryan@discussions.microsoft.com says...
    > Leythos,
    >
    > I located the article in the Microsoft Knowledgebase;
    >
    > You receive a "Data Execution Prevention" error message in Windows XP
    > Service Pack 2 or in Windows XP Tablet PC Edition 2005
    > (875351) - Describes the Data Execution Prevention feature in Windows XP
    > Service Pack 2 and why the feature may generate an error message.
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;875351

    In all of this I've not seen the OP post anything about using "Tablet PC
    Edition 2005".


    --

    spam999free@rrohio.com
    remove 999 in order to email me
  49. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    On Fri, 19 Aug 2005 16:49:37 GMT, Leythos <void@nowhere.lan> wrote:
    >bryan@discussions.microsoft.com says...

    >> Right-on Cquirke regarding your point #2: reinstalling would have
    >> resulted in spinning my wheels since I strongly felt that the problem was on
    >> the computer 'out of the box' - which it was. I followed the help file
    >> instructions in order to disable DEP for IE. Everything is now working -
    >> even Access. Before disabling DEP, I created a 3 line wordpad file consisting
    >> of ABC, testing and 123. DEP even shutdown this file.

    >I hate to say this, but if you had to modify DEP to get Wordpad to work,
    >then you still have problems with your computer - something is
    >definitely NOT right with it.

    Are you thinking of a hardware issue, then?

    I still think this could be av, in that av will be active whenever you
    "open" anything. If the way the av handles material picks a fight
    with DEP, you may see problems - or just spontaneously restart, if the
    duhfault XP "Restart on system errors" setting's still in effect.

    >I've never seen a computer yet that required any changes to DEP, and
    >we've got more than 1000 of them running XP with SPS2.

    It's been one of the themes post-SP2. Not as common as some problems,
    but common enough to come to mind. As to 1000 PCs, it's a bit like a
    comment I heard between two academic professionals discussing a third:
    - "He's been in that post for 12 years, so he has the experience..."
    - ' Yes, but is that 12 years' experience, or 1 year 12 times? '

    IOW, if those 1000 PCs are all in one corporate network with
    tightly-controlled settings, aopps, the same av rolled out throughout
    the organisation, same hardware vendors, etc. then there may be plenty
    of configurations you haven't had experience with.

    That's certainly my case; none of the kit I use is currently
    DEP-capable, so understandably I haven't seen the issue first-hand.

    >Since AV wasn't your issue,

    How do you conclude that? I don't remember really seeing that
    excluded, though I may have missed something.

    > and since you still don't know what the actual problem is, I would
    > suggest that in order to prevent additional problems that you do a
    > factory restore on the machine.

    Nah, I still think that's one of the worst ideas I've heard so far.

    Earlier on, it sounded as if you suspected an underlying hardware
    problem - in which case, this is a recipe for disaster; you go from a
    code base that mainly predates the start of the hardware issues, and
    replace it with a code base 100% subjected to those issues.

    As to malware, falling back to unpatched status is likely to make
    re-infection a lot easier too.

    As to DEP, then falling back to pre-SP2 code is going to "fix the
    problem" the same way as disabling DEP would do, but with FAR more
    side-effects and lost protection. Disabling DEP leaves him with an
    SP2 code base and no DEP, whereas your "solution" drops him back to
    who knows what exploitable patch level.

    >We've got tons of Dell systems and, again, nothing with DEP
    >had/has to be changed.

    Dell are Intel, whereas AMD were the initiators of DEP hardware
    support, with Intel recently catching up. So experience on Dell
    systems up to a year ago isn't going to expose you to DEP issues.

    >Before you write back and say it's working fine - consider what you
    >actually did and why you had to do it with Wordpad, and remember that no
    >one has reported needing to modify DEP for Wordpad that I've read
    >anywhere.

    Hint: Background tasks :-)

    It's not Wordpad that's likely to be crashing on DEP, as much as the
    av that scans Wordpad when it starts, and the document file that
    Wordpad opens and closes - especially if that's a .doc

    Really, if using the relevant Boot.ini parameter to suppress DEP
    support solves the problem, then he's in good company with a familiar
    issue, and the fix is a lot cleaner than "just" re-install.

    Let's Google this stuff... Google(XP SP2 DEP):

    http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2mempr.mspx

    http://support.microsoft.com/kb/875352

    http://www.tech-recipes.com/windows_tips566.html

    Zone Alarm has some issues with DEP:

    http://www.zonelabs.com/store/content/company/products/xpInfoCenter/faq.jsp?lid=ts_xpsp2faq

    ProTools has problems with DEP:

    http://www.digidesign.com/compato/xp/os.cfm

    F-Secure has problems with DEP:

    http://support.f-secure.com/enu/corporate/supportissue/general/xpsp2.shtml

    Kaspersky av and DEP:

    http://gladiator-antivirus.com/forum/index.php?showtopic=17753

    Dongles screw up on DEP:

    http://www.scala.com/miscellaneous-faq/miscellaneous-faq-index.html

    OK... I think we see the trend here; usually new versions from vendors
    to fix issues with DEP. So what I'd do is:
    - build a list of what software's running on the box
    (especially underfootware)
    - test suppressing these in MSConfig
    - if offender's identified, check that vendor's FAQs etc. on DEP
    - stay off the 'net while firewall and av are disabled

    You may need more than MSConfig on this, as that doesn't cover all
    possible underfootware integration points. You can use HiJackThis,
    SystemInternals tools, Faber Toys or NirSoft's utilities to get a
    better handle on what's running in the background, or as a side-effect
    of (say) listing files in Explorer or even a File Open dialog box.


    >------------ ----- ---- --- -- - - - -
    The most accurate diagnostic instrument
    in medicine is the Retrospectoscope
    >------------ ----- ---- --- -- - - - -
Ask a new question

Read More

Dell Windows XP Product