Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hi!


  • Please log in to reply
17 replies to this topic

#1 slither

slither

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 18 July 2005 - 09:57 AM

Hi guys, I have searched for a solution to my java byte verify problem, and after reading a couple of old posts decided to get and show you guys my hijackthis log.
Here you go:

Logfile of HijackThis v1.99.1
Scan saved at 15:43:27, on 18/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\AVG Free\avgamsvr.exe
C:\PROGRA~1\AVG Free\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG Free\avgcc.exe
C:\PROGRA~1\AVG Free\avgemc.exe
C:\Program Files\Labtec\Wireless Mouse\MulMouse.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\na\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG Free\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\AVG Free\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [NCLaunch] C:\WINNT\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Advanced Uninstaller PRO 2004] C:\Program Files\Advanced Uninstaller PRO 2004 version 6\Uninstaller.exe
O4 - Startup: HDDlife.lnk = C:\Program Files\HDDlife\HDDlife.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Labtec Mouse Software 2.0.lnk = C:\Program Files\Labtec\Wireless Mouse\MulMouse.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Torrent Search IE Toolbar - {C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} - (no file)
O9 - Extra 'Tools' menuitem: Torrent Search IE Toolbar - {C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Free\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\Abigails iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINNT\zeta.exe (file missing)

Any help/advice appreciated. Cheers in advance. Dan

BC AdBot (Login to Remove)

 


m

#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:02:52 PM

Posted 20 July 2005 - 03:03 PM

How do you know you have a java exploit issue?

Put a checkmark next to the following entries in HijackThis. Make sure all
other windows and browsers are closed before clicking on “Fix Checked”
.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
********************************************************

Go to Start>Run, and then type in services.msc and find the following service in the list:
ZESOFT

Right click on the service, select properties, then select stop, and set the service to disabled.

Then reboot and post a new log. :thumbsup:

#3 slither

slither
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 20 July 2005 - 06:07 PM

Hi, I searched with AVG and it found it. 15 occurences of it. AVG can't remove them for some reason. I've done what you asked, here's the new log:

Logfile of HijackThis v1.99.1
Scan saved at 00:01:44, on 21/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\AVG Free\avgamsvr.exe
C:\PROGRA~1\AVG Free\avgupsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG Free\avgcc.exe
C:\PROGRA~1\AVG Free\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINNT\NCLAUNCH.EXe
C:\Program Files\Labtec\Wireless Mouse\MulMouse.exe
C:\Documents and Settings\na\Desktop\HijackThis\HijackThis.exe
C:\Program Files\Abigails iPod\bin\iPodService.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVG Free\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\AVG Free\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [NCLaunch] C:\WINNT\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Advanced Uninstaller PRO 2004] C:\Program Files\Advanced Uninstaller PRO 2004 version 6\Uninstaller.exe
O4 - Startup: HDDlife.lnk = C:\Program Files\HDDlife\HDDlife.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Labtec Mouse Software 2.0.lnk = C:\Program Files\Labtec\Wireless Mouse\MulMouse.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Torrent Search IE Toolbar - {C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} - (no file)
O9 - Extra 'Tools' menuitem: Torrent Search IE Toolbar - {C9D0879E-F33F-4CA8-9137-6F2A0AEDCFB9} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVG Free\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\Abigails iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

I use firefox, and thats been crashing every now and again recently, is that connected to the java byte verify? Thanks for your help.

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:02:52 PM

Posted 20 July 2005 - 06:25 PM

What your AV is finding is an application that is trying to exploit a hole in Microsoft's Java Virtual Machine, so it isn't a Virus exactly.. well, it could be, but it probably has something to do with CoolWebSearch, or some other form of Adaware.

To read more about this issue, and to download the necessary patches, go here:
http://www.microsoft.com/technet/security/...n/MS03-011.mspx

Part of the problem is that your system is about 2 years behind on patches and updates, so your system is going to be vulnerable to about everything and anything. What is the full warning message that AVG is giving you? It should be giving you a path name to where the malicious application is hiding.

#5 slither

slither
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 21 July 2005 - 06:15 AM

AVG hasn't really given me a warning message, it's just scanned, found them and told me it can't do anything with them. Here's the path to the files.

C:\Documents and Settings\na\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar

When you say behind on updates and patches are you talking about the servicepack 2? if you are my bro said he didn't want to d/l it because some of his games wouldn't work. I didn't question him about it, TBH I just thought sod it.
Another Q, could I just extract the .zips and delete them that way? And how come AVG can't just remove them? It's never said it couldn't remove anything before.

#6 slither

slither
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 21 July 2005 - 06:22 AM

I just followed that link and checked on patches etc. Should I d/l sp2? Should I get all the IE updates? (I use firefox, apart from sometimes when videos wont play on it.) Could it affect any games my bro plays?

#7 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:02:52 PM

Posted 21 July 2005 - 09:21 AM

It might affect games, but I have not so far had it affect anything, and I play lots of games. The only thing that is really different is that it will enable the firewall by default, so that might cause temporary issues until the firewall is disabled.

Update your system..at a minimum, get SP1 (if you can still get that even).

#8 slither

slither
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 21 July 2005 - 02:43 PM

Hi again, I've just spoken to my bro, and he says he didn't want to get the sp2 because we haven't got the Windows XP pro disk, if you know what I mean ;);). He then went onto something about the cd-key we don't have but I wasn't exactly listening. I don't know where the hell I got the 'not play games' idea from, haha.
Will MS be able to tell we use a dodgy windows cd-key if we update? my bro seems to think they will.

#9 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:02:52 PM

Posted 21 July 2005 - 04:09 PM

Actually, you won't be able to update at all. What version of AVG are you using.. the free version, or the pro version?

#10 slither

slither
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 21 July 2005 - 04:53 PM

How come you say we wont be able to update? My comp d/l'd sp2 ages ago but we never ran it. I use AVG free, would pro be able to delete it?

#11 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:02:52 PM

Posted 22 July 2005 - 08:59 AM

You might be able to update, but if the updater recognizes that you either used a crack, or that it has a pirated key, it won't work..and that's not really even the point. You choose to run a pirated OS, and by doing so, you run the risk of not only being infected, but acting as a transmission point that infects other systems.

So in short, if you don't want to update the system, I can't waste my time trying to fix it. I have plenty of other people that actually paid for their OS that need help, and I'm reasonably sure that they won't be infecting a bunch of other people because they will get the needed updates.

#12 slither

slither
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 22 July 2005 - 11:22 AM

Having a pirated OS has not got anything to do with me, my brother or anyone in my household. About 6 months ago, my computer 'blue-screened'. I don't don't what happened or even what a blue screen means, but I was told it couldn't get much worse.
The pc went away fro a couple days while a programmer sorted it. When my pc came back it was running XP Pro rather than the Home edition it came with, when we bought it brand new. Home edition came pre-installed, so we never had the disk. I've never really considered it being pirated, until my brother informed me that it must be, seing as we weren't given the disk when my comp return to us. I suppose there's a chance it could be cosher, but the guy just neglected to give us the disk. I wish I knew the bloke, or even who he worked for because I'd have a few harsh words for him. The more likely scenario is that the programmer came to install the OS, use his own disk and then 'cracked' it. (What does 'crack' mean?).
I would love to have a safe PC for me and other people that connect to it, but if that means updating and not having an OS that works, what can I do? It isn't my fault some tw*t got paid for installing a dodgy copy of XP on my computer is it.
Anyway I can't see my trying to 'clear my name' helping anything.
Thanks for the help so far, I understand why you got pissed.

#13 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:02:52 PM

Posted 22 July 2005 - 11:54 AM

I'm not pissed...not sure how you got that impression. If you paid for illegal copies of an OS, then someone owes you two copies, and should be turned over to the authorities. I really don't care what you have going on.

Obviously though, someone knew ahead of time that the OS was pirated, otherwise your brother would not have been concerned about trying to update it. If you didn't get an OS disk to start with, then there should at least be a recovery disk. If you started from scratch, you would then have a legitemate version that could be upgraded and be made safe.

My point is, if you don't want to at least apply some security patches to harden your system, then I don't have time to help. It's as simple as that. Get the updates, and I will be more than happy to help. :thumbsup:

#14 slither

slither
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 22 July 2005 - 02:04 PM

I forgot to add that we have got sp1, we've had it since it became available. I asked my bro why we've got that and not sp2 and he said because MS have changed their update procedures, or something to that effect.
To the best of my knowledge we have no recovery disk, do you think if I contacted 'e-machines' and gave them my model and s/n (dunno what the s/n is exactly but its on the front of my pc) then they might send me a recovery disk?
Just curious how much would I be looking at for xp home/pro? Do I have to order direct from MS, and if not do you know any suppliers to the UK?

#15 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:02:52 PM

Posted 22 July 2005 - 03:07 PM

I am not familiar with any vendors in the UK, so I couldn't say.... it is ridiculously expensive though. You should have gotten a recovery disk with your system though. I would try contacting eE-machines and see what they say. Part of the problem with buying a new OS is that the recovery disks that come with the e-machines are specially designed for the specific system, ie., all the drivers necessary for the particular hardware are included, so you might have issues getting all of your hardware working properly.

There are any number of vendors where you can buy it... pretty much any store that carries software should have it. If you happen to know someone that is going to University, they may be able to get a student discount.

Regarding your error, I have a feeling that it is a false positive. A good way to check it though is to use Ewido.
http://www.ewido.net/en/download/

It's free, and does a really nice job of cleaning up nasties. See if that gets rid of it for you. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users