If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Brand new Dell - already infected?
I just purchased a new Dell Dimension 9100 (new line for Dell). I loaded
Mcafee VirusScan, Firewall and Privacy Service and then downloaded updates for all of the preceeding Mcafee programs (there were many). I also downloaded all critical Windows Security downloads. Everything is working fine except when I work with wordpad/notepad/word or other Microsoft programs. At random, when I open these files, I recieve IE shutdown errors. I created a new wordpad and notepad file, saved both and re-opened them: everything seemed fine. Then I ran Windows Explorer and when I tried to open the wordpad file with explorer, I received IE shutdown errors. The error report included: C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\drwtsn 32.exe.mdmp C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\appcom pat.txt. The HBT directory is one that was created when I first turned on my Dell and went through the initial installation wizard. The errors do not seem to take place along any specific pattern which makes this wreak of malware. Any advice would be greatly appreciated. I ran McAfee virusscan and no problems were found. I also installed and ran Spybot S&D and Adaware, but no problems were found. Any advice would be GREATLY APPRECIATED! Bryan |
Ads |
#2
|
|||
|
|||
From: "bryan"
| I just purchased a new Dell Dimension 9100 (new line for Dell). I loaded | Mcafee VirusScan, Firewall and Privacy Service and then downloaded updates | for all of the preceeding Mcafee programs (there were many). I also | downloaded all | critical Windows Security downloads. Everything is working fine except when I | work with wordpad/notepad/word or other Microsoft programs. At random, when | I open these files, I recieve IE shutdown errors. I created a new wordpad and | notepad file, saved both and re-opened them: everything seemed fine. Then I | ran Windows Explorer and when I tried to open the wordpad file with explorer, | I received IE shutdown errors. The error report included: | C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\drwtsn 32.exe.mdmp | C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\appcom pat.txt. The HBT directory | is one that was created when I first turned on my Dell and went through the | initial installation wizard. The errors do not seem to take place along any | specific pattern which makes this wreak of malware. Any advice would be | greatly appreciated. I ran McAfee virusscan and no problems were found. I | also installed and ran Spybot S&D and Adaware, but no problems were found. | Any advice would be GREATLY APPRECIATED! Bryan Download MULTI_AV.EXE from the URL -- http://www.ik-cs.com/programs/virtools/Multi_AV.exe It is a self-extracting ZIP file that contains the Kixtart Script Interpreter { http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to remove viruses, Trojans and various other malware. C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} This will bring up the initial menu of choices and should be executed in Normal Mode. This way all the components can be downloaded from each AV vendor’s web site. The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC. You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. To use this utility, perform the following... Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT { or Double-click on 'Start Menu' in C:\AV-CLS } NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#3
|
|||
|
|||
bryan wrote:
I just purchased a new Dell Dimension 9100 (new line for Dell). I loaded Mcafee VirusScan, Firewall and Privacy Service and then downloaded updates for all of the preceeding Mcafee programs (there were many). I also downloaded all critical Windows Security downloads. Everything is working fine except when I work with wordpad/notepad/word or other Microsoft programs. At random, when I open these files, I recieve IE shutdown errors. I created a new wordpad and notepad file, saved both and re-opened them: everything seemed fine. Then I ran Windows Explorer and when I tried to open the wordpad file with explorer, I received IE shutdown errors. The error report included: C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\drwtsn 32.exe.mdmp C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\appcom pat.txt. The HBT directory is one that was created when I first turned on my Dell and went through the initial installation wizard. The errors do not seem to take place along any specific pattern which makes this wreak of malware. Any advice would be greatly appreciated. I ran McAfee virusscan and no problems were found. I also installed and ran Spybot S&D and Adaware, but no problems were found. Any advice would be GREATLY APPRECIATED! Bryan For a brand new Dell you should be calling Dell Tech Support. You paid for their service in the price of the PC. |
#4
|
|||
|
|||
Dell tech support does not want to help me despite my support agreement. They
told me that this is a problem with Microsoft programs which is not covered (which I do not believe). In a prior call, they gave me bad information. Maybe I spoke to a new person, but for now I guess I will try the above suggestions. Bryan "Alan" wrote: bryan wrote: I just purchased a new Dell Dimension 9100 (new line for Dell). I loaded Mcafee VirusScan, Firewall and Privacy Service and then downloaded updates for all of the preceeding Mcafee programs (there were many). I also downloaded all critical Windows Security downloads. Everything is working fine except when I work with wordpad/notepad/word or other Microsoft programs. At random, when I open these files, I recieve IE shutdown errors. I created a new wordpad and notepad file, saved both and re-opened them: everything seemed fine. Then I ran Windows Explorer and when I tried to open the wordpad file with explorer, I received IE shutdown errors. The error report included: C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\drwtsn 32.exe.mdmp C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\appcom pat.txt. The HBT directory is one that was created when I first turned on my Dell and went through the initial installation wizard. The errors do not seem to take place along any specific pattern which makes this wreak of malware. Any advice would be greatly appreciated. I ran McAfee virusscan and no problems were found. I also installed and ran Spybot S&D and Adaware, but no problems were found. Any advice would be GREATLY APPRECIATED! Bryan For a brand new Dell you should be calling Dell Tech Support. You paid for their service in the price of the PC. |
#5
|
|||
|
|||
I am not very technical and am not sure what these instructions mean. When I
run the command it gives me the choices you state. Do I select Mcafee? Will this run a scan that is external to Mcafee? I'm confused. "bryan" wrote: Dell tech support does not want to help me despite my support agreement. They told me that this is a problem with Microsoft programs which is not covered (which I do not believe). In a prior call, they gave me bad information. Maybe I spoke to a new person, but for now I guess I will try the above suggestions. Bryan "Alan" wrote: bryan wrote: I just purchased a new Dell Dimension 9100 (new line for Dell). I loaded Mcafee VirusScan, Firewall and Privacy Service and then downloaded updates for all of the preceeding Mcafee programs (there were many). I also downloaded all critical Windows Security downloads. Everything is working fine except when I work with wordpad/notepad/word or other Microsoft programs. At random, when I open these files, I recieve IE shutdown errors. I created a new wordpad and notepad file, saved both and re-opened them: everything seemed fine. Then I ran Windows Explorer and when I tried to open the wordpad file with explorer, I received IE shutdown errors. The error report included: C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\drwtsn 32.exe.mdmp C:\DOCUME~1\HBT\LOCALS~1\Temp\WERed75.dir00\appcom pat.txt. The HBT directory is one that was created when I first turned on my Dell and went through the initial installation wizard. The errors do not seem to take place along any specific pattern which makes this wreak of malware. Any advice would be greatly appreciated. I ran McAfee virusscan and no problems were found. I also installed and ran Spybot S&D and Adaware, but no problems were found. Any advice would be GREATLY APPRECIATED! Bryan For a brand new Dell you should be calling Dell Tech Support. You paid for their service in the price of the PC. |
#6
|
|||
|
|||
From: "bryan"
| I am not very technical and am not sure what these instructions mean. When I | run the command it gives me the choices you state. Do I select Mcafee? Will | this run a scan that is external to Mcafee? I'm confused. If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV vendor's web site and download the needed AV command line scanner and signature files. Upon the download completion and the file extraction (they are distributed in archive formats), it will ask if you wan to run a scan. If the answer is YES, it will then ask if you want to scan a particular location (such as F: or d:\program files ) either way it will scan either the selected location or all hard disks and clean the PC of infectors accordingly. Thye Multri AV Scanner front end utility will keep the three vendor's files up-to-date and and is an excellent "On Demand" anti virus scanner utility. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#7
|
|||
|
|||
Dave,
Thank you for your help. I ran the scan for Mcafee in normal mode and here are the results: Scanning C: [] Scanning C:\*.* Summary report on C:\*.* File(s) Total files: ........... 137953 Clean: ................. 137808 Possibly Infected: ..... 0 Cleaned: ............... 0 Non-critical Error(s): 2 Master Boot Record(s): ......... 1 Possibly Infected: ..... 0 Boot Sector(s): ................ 1 Possibly Infected: ..... 0 Time: 00:24.49 I ran the c:\AV_CLS\startmenu.BAT and then answered Y to run the scan. Should I repeat the same steps in safe mode? "David H. Lipman" wrote: From: "bryan" | I am not very technical and am not sure what these instructions mean. When I | run the command it gives me the choices you state. Do I select Mcafee? Will | this run a scan that is external to Mcafee? I'm confused. If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV vendor's web site and download the needed AV command line scanner and signature files. Upon the download completion and the file extraction (they are distributed in archive formats), it will ask if you wan to run a scan. If the answer is YES, it will then ask if you want to scan a particular location (such as F: or d:\program files ) either way it will scan either the selected location or all hard disks and clean the PC of infectors accordingly. Thye Multri AV Scanner front end utility will keep the three vendor's files up-to-date and and is an excellent "On Demand" anti virus scanner utility. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#8
|
|||
|
|||
I rebooted into safe mode and ran C:\AV_CLS\Startmenu.bat. The results were
similar: Summary report on C:\*.* File(s) Total files: ........... 137950 Clean: ................. 137823 Possibly Infected: ..... 0 Cleaned: ............... 0 Non-critical Error(s): 2 Master Boot Record(s): ......... 1 Possibly Infected: ..... 0 Boot Sector(s): ................ 1 Possibly Infected: ..... 0 What should I do next? "Leythos" wrote: In article , says... If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV vendor's web site and download the needed AV command line scanner and signature files. NO IT WONT - Mcrappy requires you to register the product and agree to a control being installed before you can get automatic updates. I've seen more McCrappy protected machines infected due to their now doing automatic updates without registration. -- remove 999 in order to email me |
#10
|
|||
|
|||
WAIT! I did NOT install any of the ms applications. My Dell came
pre-installed with xp sp2 and Microsoft Office. I did not mess ANYTHING up. It came this way! Why do you say that I admitted to messing up? "Leythos" wrote: In article , says... When I installed Mcafee, I registered the product and downloaded ALL updates. I am completely up-to-date with Mcafee. Sorry, I thought I had mentioned that in my original post. Thanks. Now what do I do? Dell says they won't help me unless I pay them $50 for special support (despite the fact that I have a support agreement). I should have some support calls free from Microsoft - right??? I think I'm starting to panic. If your machine is compromised there is only one way to ensure it's clean - load the system restore CD's and wipe everything. When we have to certify that a machine is clean, we wipe the drive and reinstall from scratch, that's the only way to be sure. No matter how many AV scan's you run, no matter how many spyware tools you use, they are all "reactionary", meaning they don't always have a cure until it's already been in the wild and exposed. Since Dell doesn't have an obligation to support software you've installed, and since you admitted to them that you messed it up, don't feel bad about Dell wanting money to help you fix a software issue that you created. If you want it clean, wipe it and start over - this time get a NAT device connected before you start, and don't surf anywhere until you get all of the Windows Updates and your AV software installed - and Use FireFox as a browser from now on. "Leythos" wrote: In article , says... I rebooted into safe mode and ran C:\AV_CLS\Startmenu.bat. The results were similar: But you didn't say if you registered McAfee or not? If you don't register it, it won't have the updates to catch the latest bad things. Summary report on C:\*.* File(s) Total files: ........... 137950 Clean: ................. 137823 Possibly Infected: ..... 0 Cleaned: ............... 0 Non-critical Error(s): 2 Master Boot Record(s): ......... 1 Possibly Infected: ..... 0 Boot Sector(s): ................ 1 Possibly Infected: ..... 0 What should I do next? "Leythos" wrote: In article , says... If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV vendor's web site and download the needed AV command line scanner and signature files. NO IT WONT - Mcrappy requires you to register the product and agree to a control being installed before you can get automatic updates. I've seen more McCrappy protected machines infected due to their now doing automatic updates without registration. -- remove 999 in order to email me -- remove 999 in order to email me |
#11
|
|||
|
|||
In , bryan typed: WAIT! I did NOT install any of the ms applications. My Dell came pre-installed with xp sp2 and Microsoft Office. I did not mess ANYTHING up. It came this way! Why do you say that I admitted to messing up? I don't think you need to take affront here....what I understood Leythos to mean is that the machine didn't ship to you with a virus on it. That happened after you started using it. The issue seems to be that you connected to the Internet without a firewall enabled. Is that the case? It takes only nanoseconds for you to get hit by something - and this is true on dialup, as well. Given that you haven't used the computer much, it may indeed be faster to reload everything from the recovery CDs. Also - if you haven't paid for McAfee, you may want to look into another antivirus program - McAfee isn't a favorite of many of us. I personally like Trend's PC-Cillin for standalone workstations, but there are as many opinions on this topic as there are insert analogy here. "Leythos" wrote: In article , says... When I installed Mcafee, I registered the product and downloaded ALL updates. I am completely up-to-date with Mcafee. Sorry, I thought I had mentioned that in my original post. Thanks. Now what do I do? Dell says they won't help me unless I pay them $50 for special support (despite the fact that I have a support agreement). I should have some support calls free from Microsoft - right??? I think I'm starting to panic. If your machine is compromised there is only one way to ensure it's clean - load the system restore CD's and wipe everything. When we have to certify that a machine is clean, we wipe the drive and reinstall from scratch, that's the only way to be sure. No matter how many AV scan's you run, no matter how many spyware tools you use, they are all "reactionary", meaning they don't always have a cure until it's already been in the wild and exposed. Since Dell doesn't have an obligation to support software you've installed, and since you admitted to them that you messed it up, don't feel bad about Dell wanting money to help you fix a software issue that you created. If you want it clean, wipe it and start over - this time get a NAT device connected before you start, and don't surf anywhere until you get all of the Windows Updates and your AV software installed - and Use FireFox as a browser from now on. "Leythos" wrote: In article , says... I rebooted into safe mode and ran C:\AV_CLS\Startmenu.bat. The results were similar: But you didn't say if you registered McAfee or not? If you don't register it, it won't have the updates to catch the latest bad things. Summary report on C:\*.* File(s) Total files: ........... 137950 Clean: ................. 137823 Possibly Infected: ..... 0 Cleaned: ............... 0 Non-critical Error(s): 2 Master Boot Record(s): ......... 1 Possibly Infected: ..... 0 Boot Sector(s): ................ 1 Possibly Infected: ..... 0 What should I do next? "Leythos" wrote: In article , says... If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV vendor's web site and download the needed AV command line scanner and signature files. NO IT WONT - Mcrappy requires you to register the product and agree to a control being installed before you can get automatic updates. I've seen more McCrappy protected machines infected due to their now doing automatic updates without registration. -- remove 999 in order to email me -- remove 999 in order to email me |
#12
|
|||
|
|||
From: "bryan"
| Dave, | Thank you for your help. I ran the scan for Mcafee in normal mode and | here are the results: | | Scanning C: [] | Scanning C:\*.* | | Summary report on C:\*.* | File(s) | Total files: ........... 137953 | Clean: ................. 137808 | Possibly Infected: ..... 0 | Cleaned: ............... 0 | Non-critical Error(s): 2 | Master Boot Record(s): ......... 1 | Possibly Infected: ..... 0 | Boot Sector(s): ................ 1 | Possibly Infected: ..... 0 | | Time: 00:24.49 | | I ran the c:\AV_CLS\startmenu.BAT and then answered Y to run the scan. | Should I repeat the same steps in safe mode? No. You could run Sophos and Trend Micro as a verification. The idea of running in Safe Mode is if there is an infector found and it is easy to remove in Safe Mode. McAfee AV scan found no viruses or non-viral malware -- that's good ! { BTW: 138,000 files in 25 mins. nice speed ;-) } -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#13
|
|||
|
|||
From: "Leythos"
| In article , | says... If you choose; McAfee, Trend or Sophos it will automatically go to the respective AV vendor's web site and download the needed AV command line scanner and signature files. | | NO IT WONT - Mcrappy requires you to register the product and agree to a | control being installed before you can get automatic updates. I've seen | more McCrappy protected machines infected due to their now doing | automatic updates without registration. | | -- | | | remove 999 in order to email me Thaey are NOT MS updates. This is my own scripted front end to McAfee and Sophos' Command Line Scanners and Trend Micro's Sysclean utility. If you run the script it will provide a menu and if you choose a scanner module it will do as I indicated. Give it a shot Leythos ! -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#14
|
|||
|
|||
From: "Leythos"
| In article , | says... I rebooted into safe mode and ran C:\AV_CLS\Startmenu.bat. The results were similar: | | But you didn't say if you registered McAfee or not? If you don't | register it, it won't have the updates to catch the latest bad things. | NO Registration is needed ! -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#15
|
|||
|
|||
From: "bryan"
| WAIT! I did NOT install any of the ms applications. My Dell came | pre-installed with xp sp2 and Microsoft Office. I did not mess ANYTHING up. | It came this way! Why do you say that I admitted to messing up? There is confusion in this thread... Your system is clean, and doubtfully compramised. Run the Sophos and Trend Micro modules in the Multi AV Scanner utility for verification. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
DELL goes down hill. | Richard Goh | General XP issues or comments | 49 | July 18th 05 05:15 AM |
Reformatting a Dell Dimension 4550 | Cbarton | Windows XP Help and Support | 14 | February 13th 05 05:15 PM |
new dell won't allow dialup after xp upgrade | elaith | Windows XP Help and Support | 2 | November 24th 04 04:49 PM |
Infected files | T | Security and Administration with Windows XP | 2 | September 2nd 04 04:00 AM |
XP SP2 worked great. | The Celtic Warrior | Windows Service Pack 2 | 5 | August 23rd 04 04:39 AM |