Richhs

Member
  • Content count

    25
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Richhs

Profile Information

  • OS
    XP Pro x86
  1. Scanning the machine typically will cover detection of malware in every folder on the drive, but the registry entries for each profile are independent of each other so you'll have to scan each profile if you want to do a through job.
  2. You're welcome... I'm glad this was of some help to you. It was driving me crazy as well... thanks for the reply.
  3. Never mind... I found the cause. It seems that a site called funnyracoonshow.com created about 30 instances of scheduled tasks to run every day of the week. I deleted all of the tasks that were show up as AT1...AT2...AT3...etc... in the scheduled tasks area and that seems to have done the trick. I'll post back later to confirm this was the issue.
  4. I'm sure some of the brilliant tech minds here have come across this issue, so I'm seeking some knowledge on what piece of malware causes this and how do I resolve it. I'm working on a DELL system with Windows XP Home and IE 8 that has an issue where multiple mshta.exe files open in background when accessing the http protocol. I can access the Task Manager and end the multiple processes (which build up to a dozen or more instances of the mshta.exe running) in the background, but as soon as I access the internet through IE they start repopulating. Any ideas on this one people ?
  5. Yeah, I no longer recommend AVG to others. I've noticed that in some machines it's a resource hog... that's not consistently the case but I've seen it on several occasions. I also prefer Avast, and that's what I've been recommending lately. I got the machine back to working order, but I never found the location in the registry where the setting was to remove the "Some settings are managed by your system administrator" warning. It was an XP Home machine, so there wasn't the ability to check things with the group policy editor. Other than that, all appeared to be just fine.
  6. The scans have all finished, and the only scan that found anything was the Superantispyware app. I haven't removed any of them yet, because they look like false positives. I'm researching them now. Some of the detections are in the system restore files, but they may be the same false positives that I'm suspecting. Even though I haven't removed any of the items detected, I am now able to browse the internet with IE 8.
  7. Sounds like a rootkit. Try Hitman Pro 3, I've had success with repairing windows update using this app. Here's the link : http://www.surfright.nl/en
  8. I made a little head way ! I wrote a couple of tools to reinstall the WMI and repair the winsock, rebooted, went into the recovery console and ran chkdsk /P which returned "chkdsk found errors"... then I ran chkdsk /R and rebooted. I've got internet connectivity now and I updated the anti-malware apps, along with installing Microsoft Security Essentials. I'm running all of the scans now... I'll update the thread as I progress.
  9. I've been working on a Dell desktop system with Windows XP Home SP 3 for several days now, and it's infected with some sort of malware that has set restrictive policies on and damaged IE 8... along with corrupting the TCP/IP stack, so no connection to the internet can be established. When accessing "Internet Options" for Internet Explorer 8, the "Advanced" tab has been hijacked by some sort of malware that inserts some restrictive policies on the Advanced Tab which is highlighed in gold that reads : "Some settings are managed by your system administrator" (same message at the bottom, but on the Advanced tab in my case) I've cleaned-up most of the malware, because the machine already had an anti-virus app & multiple anti-malware apps installed. AVG 2011 was installed, but was out of date on it's definitions and version. Spybot, Malwarebytes, Superantispyware, Windows Defender, Rootkit Buster, & Hitman Pro (which will not run without a successful internet connection) were installed also. I couldn't update the applications, but most of them were updated about a week ago before the problem existed. I ran all of the apps, but not much was found in terms of malware because the machine was "worked on" before I started working on the problem. I removed and replaced the winsock keys in the registry, ran winsockfix, and looked for but couldn't find the restrictive policies reg keys for the Advanced tab in the IE 8 as well. I re-registered the DLLs for IE 8 and reset the default options several times, but the message highlighted in gold at the bottom won't go away and I still can't establish an internet connection. I was also going to unistall IE 8 and re-install it... but IE 8 must have been installed prior to the install of SP3, which apparently removes the button in "Add/Remove Programs" to uninstall IE 8 if IE 8 was installed before the SP3 update. Oh, and the Windows Firewall will not and can not be turned on... I've tried many of the suggestions that are availabe to restart the service, but none of them are successful. Any suggestions on what I'm missing here, or what else I might be able to try ? I guess the priorties are : 1) Remove the "Some settings are managed by your system administrator" issue. 2) Re-establish an internet connection. 3) Re-enable the Windows Firewall.
  10. I've read that this is typically caused by an aggressive power saving mode which causes the HDD to park. Try reducing the power saving settings.
  11. I know what you mean. Although some of them are geared toward IT. Like my favorite so far is an ethernet cable wrapping around a globe. There is also a couple with a stickman working on a laptop. I'm actually very happy with some of the logos. Yes, I agree with the order that you have them ranked for what is available. Those are no doubt some very nice design concepts. : Client Rank: 1st #29 by PonetzGraphics comments: 13 Client Rank: 2nd #43 by viar comments: 2 Client Rank: 3rd #44 by viar comments: 2 The stickman logo is nice but I think the graphic might need to be a bit larger so it's intent is more obvious... I had to take a second look to actually see the "stick laptop", but now that you pointed that out I can see it.
  12. That's more than likely your problem... the Hitman detection of that rootkit should remove it after the scan completes. You just have to follow through after the scan finishes and click next to remove the items detected.
  13. Try this one : Sophos Anti-Rootkit http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
  14. Some excellent designs, but the graphics that have been utilized don't really say anything to me about technology nor convey the meaning of a virtual technician. I wish I could help with the design, but I have zero skills in that area.
  15. Sounds like a self-replicating malware. Try installing Emsisoft Anti-malware & Hitman Pro 3... both apps have a 30 day trial. Emsisoft Anti-malware - http://www.emsisoft.com/en/software/download/ Hitman Pro 3 - http://www.surfright.nl/en/hitmanpro It might be a rootkit in the MBR, so if the 2 apps I mentioned above don't do the trick try RootkitBuster by TrendMicro : http://free.antivirus.com/rootkit-buster/ I have used all of these as well as the apps that you mentioned above and I find them all to be quite useful & effective. Install all of them in normal mode of Windows and update them all, then reboot into safe mode to run them.