Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Something is downloading from net by itself


  • Please log in to reply
37 replies to this topic

#16 LisaF

LisaF

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 07 June 2008 - 12:31 AM

Hi guys, here’s a summary of the current situation: *Unrequested downloads have ceased following Real Player being uninstalled. *Since then Kaspersky online scanner has found the following infection: C:\Documents and Settings\Owner\Local Settings\Temp\stdmemio.sys Infected: Rootkit.Win32.Small.b I installed the Sypware Terminator and did a scan. It also picked up the same stdmemio.sys problem (that was the only “Threat” it found). There was a message which said they “detected only some less harmful parts of this software. This may indicate that the software has already been removed and these parts are remaining, or that the software has been modified and Spyware Terminator didn’t detect all of its parts”. I selected the remove option, and this simply deleted the stdmemio.sys file. I have un-installed the Spyware Terminator software. I think my plan of action from here would be to: *Read instructions for HJT and post the log for analysis. See what response is. *Look into installing another firewall such as Sunbelt Kerio Personal Firewall or Comodo Firewall Pro (probably after my next month’s usage becomes available – I’ve only got 59MB left to use for the next 20 days). *Possibly disable Windows Messenger. *Possibly disable “devsvc.exe”. *Check all the items in my MSCONFIG list to see which ones can be disabled (checking with the Uniblue process library). *Once everything is resolved, uninstall NetLimiter. How does that sound? Thanks, Lisa

    Advertisements

Register to Remove


#17 LisaF

LisaF

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 07 June 2008 - 01:17 AM

Just a quick update...I've posted my HJT log at http://forums.whatth...net_t92512.html

#18 Abydos

Abydos

    WTT Tech Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 1,736 posts

Posted 07 June 2008 - 01:27 AM

Hi LisaF

Sounds like a sound plan :thumbup:

One word of advice of advice tho.

Comodo Pro 3.0 is a (very) advanced firewall. And its very "loud", meaning lots of
pop ups whenever something tries to run it don't immediately recognize. That said,
I must add its also one of the strongest free firewalls around. Actually a lot better
than most paid firewalls! It features a outstanding HIPS and Defense+ system.
But for the less experienced user, it becomes an annoyance. And the many pop up
alerts often leads to just clicking allow out of sheer frustration or habit. Making them
less observant of what is going on when there is real danger. (You know the story of
the boy who kept cry wolf)

So maybe Sunbelt's Keiro may be a better choice if you are not that experienced with
the processes running on your PC. Or you could have a look at Online Armor which
is a very strong firewall as well, but very quiet.

Regards Abydos

Abydos

Asking for Technical Help


Preventing Malware Slow PC? Recovery Console!

"I am not young enough to know everything" - Oscar Wilde


#19 Digerati

Digerati

    Built, broke, fixed, learned.

  • Tech Team
  • 3,717 posts
  • MVP

Posted 07 June 2008 - 07:47 AM

I agree with Abydos' assessment of Comodo, but as a Comodo user - after years of using ZoneAlarm Pro - I like Comodo very much and after you train Comodo, the number of pop-up alerts asking for your input drop considerably. I must also add that the new version, 3.0, is much better, in terms of the number of alerts, than the old version.

I have used and like Kerio, but I don't like Sunbelt's scare tactics they use on their website. They say, "The built-in firewall in Windows XP is worse than useless, since it is only one-way". This is [intentionally] a very misleading statement as it assumes the user is careless and does not have an able anti-virus/anti-spyware defense, does not keep the system updated with critical updates, and is reckless with downloads, attachments, filesharing, and where they visit on the Internet. It certainly is NOT "worse than useless" and is FAR BETTER than no firewall at all.

I have two XP test machines running Windows Firewall, Windows Defender, and AVG Free and they have yet to be infested, in spite of being used heavily by kids, grandkids, and house guests. Still, with Windows Firewall on XP protecting from unauthorized incoming access attempts only, I am restricted at discovering what may be causing any excess outgoing traffic, should that happen, just as you were here. So going ahead with an alternative is a wise move and any of those mentioned would be good.

I also note that of Kerio, Online Armor and Comodo, only Comodo supports Vista so if you might be migrating to Vista soon, choosing Comodo now will minimize a new learning curve later. That said, Windows Firewall on Vista is already two-way.

*Possibly disable Windows Messenger.

No "possibly" about it! Disable it! Unless you are attached to a corporate network that uses Windows Messenger (and I don't know of any that do any more) you don't need it. The easiest way to disable it is to download the very small (22Kb) program Shoot the Messenger that I mentioned earlier. Or to conserve your download allotment, follow the instructions in the Microsoft link I provided earlier. The advantage to using Steve Gibson's Shoot the Messenger program is that you can easily enable/disable Windows Messenger when needed - however, I doubt you will ever need to run the program and enable Windows Messenger again.

You said earlier that you are not using a router, I recommend you get one. The basic budget models with NAT from Linksys, D-Link, and Netgear can be had for under $50US and offer a tremendous security advantage. The more expensive models offer even greater security features, but in reality most folks do not need them - especially with a wired (Ethernet) network. Everyone on broadband should be behind a router, IMO, even if they only have one computer.
kIbxonF.gif Bill (AFE7Ret)
Freedom is NOT Free!
fl3leAE.gif Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

─────────────────────

#20 LisaF

LisaF

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 07 June 2008 - 10:14 PM

Thanks for the further info. Just a note to let you know that I've received a reply re the HJT log and have been asked to supply more logs...have done that, now waiting for further advice there. One interesting thing I saw in the log, bit embarassing...I thought I had XPSP3 but it shows I actually have XPSP2. Will let you know what happens..... Lisa

#21 Digerati

Digerati

    Built, broke, fixed, learned.

  • Tech Team
  • 3,717 posts
  • MVP

Posted 07 June 2008 - 10:17 PM

Thanks for the followup - we'll talk about SP3 when you logs are done, if you want.
kIbxonF.gif Bill (AFE7Ret)
Freedom is NOT Free!
fl3leAE.gif Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

─────────────────────

#22 LisaF

LisaF

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 09 June 2008 - 05:20 AM

Hi guys, great news, my HJT and other checks are fine and the problem seems to be finally sorted out! Yes, Digerati, I'd be interested to know what you have to say re SP3. Thanks, Lisa

#23 Digerati

Digerati

    Built, broke, fixed, learned.

  • Tech Team
  • 3,717 posts
  • MVP

Posted 09 June 2008 - 08:41 AM

Great news on the HJT log. NOW is a perfect time to run a full backup/image of your computer and then store it for safe keeping - I keep a hard drive with full image backup "offsite" at the bank.

As for SP3, well, my general rule for, and key component of "practicing safe computing" is to be disciplined at keeping our systems (OS and security defenses) patched, updated, scanned and blocked. Therefore, I generally recommend upgrading to SP3 immediately. For the vast (100s of millions) of folks that have kept Windows updated, installing SP3 is a piece of cake because the biggest portion of SP3 is a "roll-up" of all previous patches and updates.

That said, some folks with AMD machines from HP/Compaq have encountered constant rebooting problems due to a bug in the image HP used. And some Norton AV users have had some issues too. If you fit that category, check your maker's website for patches first. Since SP3 was in beta for many months before release, it is very sad, and obvious these companies were remiss in testing their products properly.

I would also download Windows XP Service Pack 3 Network Installation Package for IT Professionals and Developers and install SP3 from that. It is 316.4Mb so it is big. Otherwise, you have to download it through Windows Update, which can take forever, or so it seems.

Or, you can download Windows XP Service Pack 3 Network - ISO-9660 CD Image File and create your own SP3 install CD - but that is 544.9Mb.
kIbxonF.gif Bill (AFE7Ret)
Freedom is NOT Free!
fl3leAE.gif Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

─────────────────────

#24 Ztruker

Ztruker

    WTT Technical Elder

  • Tech Team
  • 8,292 posts
  • Interests:Helping people fix MS Windows related computer problems of all kinds.

    Waking each morning to see the green side of the Earth!

Posted 09 June 2008 - 01:20 PM

Some additional information that many may not be aware of (I certainly wasn't).

Per Microsoft: http://technet.micro...s/cc164204.aspx

To install SP3, your computer must meet the hardware and operating system requirements listed below. In addition, your computer must at least be running Windows XP with Service Pack 1 installed.
. The link was posted by Ari on Annoyances.org in response to a question I asked there.

This makes no sense at all to me since Service Packs are supposed to contain all fixes for Windows XP up to the release date of the service pack. But since MS makes the rules ... :pullhair:

Rich
 

Die with memories, not dreams. – Unknown


#25 Digerati

Digerati

    Built, broke, fixed, learned.

  • Tech Team
  • 3,717 posts
  • MVP

Posted 09 June 2008 - 04:19 PM

Service Packs are supposed to contain all fixes for Windows XP up to the release date of the service pack.

I don't see this as an issue. SP1 came out in Sept 2002, nearly 6 years ago, and, as always, old versions are recalled out of the (legitimate) marketing channels when new versions hit the shelves. And the big PC makers start pre-installing them on their systems before then. So while I expect there are quite a few pre-Sept 2002 Windows XP Install disks around, I suspect the vast majority are post -Sept 2002 disks - meaning they have at least SP1 included. Since every Windows install disk made since Sept 2002 has SP1 or newer included in the disk, and since every SP is free, I don't see this impacting very many computers.

And if, by chance there is still a pre-Sept 2002 machine that has had NO services patches applied since then, then shame on the owners!!!! It is an owner responsibility to keep their machines updated in a timely manner. There really is no reason for any XP machine to not be up to SP1, or SP2 for that matter anyway, except for the owner failing do what it takes to get it done. I take that back - computers used in 100% private networks, or fully stand-alone configurations - that is, there is no way the computer is ever exposed to data from an uncontrolled source (e.g., the Internet, or removable media), in that case, I see no reason to ever worry about any malicious code, software based firewalls, AV, spyware, etc.

But since MS makes the rules ...

Well, they do try to slam some down our throats but really didn't this time. It is not a hard set rule that every subsequent service pack go all the way back the initial release. I used to work for a major software company for the Defense Industry and we only went back to the last supported Service Pack - and I think that is a common practice across many other sectors of the software industry as well. So, the fact that SP3 upgrade supports everything from SP1 forward and through SP2, and it is free, is actually generous.
kIbxonF.gif Bill (AFE7Ret)
Freedom is NOT Free!
fl3leAE.gif Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

─────────────────────

    Advertisements

Register to Remove


#26 Ztruker

Ztruker

    WTT Technical Elder

  • Tech Team
  • 8,292 posts
  • Interests:Helping people fix MS Windows related computer problems of all kinds.

    Waking each morning to see the green side of the Earth!

Posted 09 June 2008 - 08:00 PM

All good points but it still surprised me. The problem arises with older computers that have recovery CDs or hidden partitions that are pre SP1. They need to restore the computer for some reason and get bit with the "You need SP1" error message. This just came up on Annoyances.org which is what prompted me to post the info here. I don't think it applies specifically to this thread but as I said, it surprised me.

Rich
 

Die with memories, not dreams. – Unknown


#27 Digerati

Digerati

    Built, broke, fixed, learned.

  • Tech Team
  • 3,717 posts
  • MVP

Posted 09 June 2008 - 09:47 PM

The problem arises with older computers that have recovery CDs or hidden partitions that are pre SP1. They need to restore the computer for some reason and get bit with the "You need SP1" error message.

I am sure that is right, and for those people, they get a raw deal, for sure. But I just don't think we're talking big numbers here. They didn't sell as many computers back then and of those that sold, most have been scrapped. But even so, for the pre-Sept 2002 computers that are still around, SP1 is available for download to get those few systems caught up in less than 1 hour.

But yeah, I think most of the time, you do think of Service Packs to be all inclusive back to day 1 - but XP is pushing 7 years old, that is a long time for the same "version" of any software.
kIbxonF.gif Bill (AFE7Ret)
Freedom is NOT Free!
fl3leAE.gif Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

─────────────────────

#28 LisaF

LisaF

    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 09 June 2008 - 10:08 PM

316.4Mb!!!! I don't think I'll be updating to SP3 this month! (I've only got 44Mb for the next 17 days). But yes, that is now one the things on my list to do, so that hopefully, I won't be having any more problems like this. Thanks again to everyone for their help, information and advice. Regards, Lisa

#29 Digerati

Digerati

    Built, broke, fixed, learned.

  • Tech Team
  • 3,717 posts
  • MVP

Posted 09 June 2008 - 10:12 PM

You are welcome. BTW, there are no licensing restrictions for the SP3 file, so if you know any body who can download it, then you are perfectly legal to make as many copies of it as you want - you can copy it to CD, then take it to your machine and install from there.
kIbxonF.gif Bill (AFE7Ret)
Freedom is NOT Free!
fl3leAE.gif Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

─────────────────────

#30 Ztruker

Ztruker

    WTT Technical Elder

  • Tech Team
  • 8,292 posts
  • Interests:Helping people fix MS Windows related computer problems of all kinds.

    Waking each morning to see the green side of the Earth!

Posted 10 June 2008 - 06:22 PM

You can order the SP3 CD from Microsoft for a nominal charge ($5 or so):

Asia: https://om2.one.micr...?...&NewTrans=1

Europe & Africa: https://om2.one.micr...?...&NewTrans=1

North America: https://om2.one.micr...?...&NewTrans=1

South America: https://om2.one.micr...?...&NewTrans=1

Above posted here: http://www.microsoft...g...p;sloc=&p=1

by Shenan Stanley, MS-MVP (see last post in thread).

Rich
 

Die with memories, not dreams. – Unknown

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users