Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am unable to Install


  • Please log in to reply
29 replies to this topic

#1 Nate777

Nate777

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 28 July 2005 - 05:31 PM

I really could use some help... I am working on a friends comp and it started off with IE not working properly site not loading right. I have run spy bot and found nothing then ran ad-aware 1) it was unable to update 2) It found 1 thing a Tracking cookie, IE cache entry...

And i tried to DL a virus scanner and it wont let me install it or any other programs and i couldn't DL Hijack This either. PLEASE HELP!!!!!!

BC AdBot (Login to Remove)

 


#2 flann

flann

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 28 July 2005 - 05:50 PM

what is happening with IE, are there any errors, if so, what? Are you able to install anything?

#3 tromba1

tromba1

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 28 July 2005 - 07:34 PM

Re-install IE first. With Microsoft trying to decide what's best for every living person on the planet, they goof up.

#4 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:10:08 PM

Posted 28 July 2005 - 08:28 PM

What anti-spyware (malware) programs have you run?

here's a list of a number of them that might help.

Anti-malware freeware (You can run as many of these as you wish. Generally there is no conflict between these and you should always run several)

AdAware: http://www.lavasoftusa.com/software/adaware/
Microsoft Antispyware Beta: http://www.microsoft.com/athome/security/s...re/default.mspx
SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
Spybot S&D: http://www.safer-networking.org/en/index.html
Microsoft Malicious Software Removal Tool (Win XP and Win 2000):
http://www.microsoft.com/security/malwareremove/default.mspx

AČ - Free from http://www.majorgeeks.com/download4281.html . Run it, click Search for Updates, then click Scan.

If you have Win 2K or Win xp make sure you include the Microsoft Anti-spyware beta.

Download, install, update and run Spybot Search and Destroy but do not have it delete anything. Just come back here and tell us what it found.

Here are a few web based scans. Run as many as you can tolerate, checking the boxes to allow then to fix what they find:

Web based online Antivirus and anti-malware scans: (these can be run regardless of whatever else you are using. You must use Internet Explorer to run these.)

Windows Security Trojanscan
http://www.windowsecurity.com/trojanscan/trojanscan.asp

Panda Activescan (IE only)
http://www.pandasoftware.com/activescan/co...n_principal.htm

Trend Micro antivirus and malware scan:
http://housecall-beta.trendmicro.com/en/st...orp.asp?id=scan

Etrust Anti-virus web scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Kaspersky Anti-Virus Web Scanner
http://www.kaspersky.com/service?chapter=161739400#betatest
online trojan scans here -
http://scan.sygatetech.com/pretrojanscan.html
http://windowsecurity.com/trojanscan

#5 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:08 PM

Posted 28 July 2005 - 08:47 PM

Sometimes, if you walk three times backwards, then hop on one foot for ten minutes, and then puff out your cheeks, it will start working. :thumbsup:

******

Should we try something sensible now?

Maybe we should try for a little more information before recommending anything. Not every problem on a system is malware. (Glad you guys are not my doctor; you'd be treating me for some exotic tropical disease when I only had the sniffles) :flowers:
******

The first thing we find out is: What OS is on the afflicted machine?

Adaware will not update if you have an outdated version, so that might not be anything.

it started off with IE not working properly site not loading right

Can you be a little more specific about the problem. Is that "Sites are not loading right in IE", or "one site is not loading right?"

Are you getting any error messages?

Let's just hold off on those scans, if you don't mind.

#6 Nate777

Nate777
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 29 July 2005 - 11:51 AM

OK some more info... The system is running off windows 2000 sp4..... and about the sites on ocation some site will loads fine wihle others mainly with graphics won't load correctly ie. boarders don't load up and other interface graphics...
Oh I just noticed that his windows drive is compleatly full when i know that it wasn't yesterday... and there are 2 winnt files... WINNT & WINNT.0
I have notice that the WINNT folder has grown since yesterday... if there is any other info you need let me know and thanks for the replies so far.

P.S. and just to reminde I am unable to install ANYTHING.

#7 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:08 PM

Posted 29 July 2005 - 12:09 PM

Ok, we're getting a little closer. When you say the windows drive is full, do you mean the entire hard-drive? That would explain why you can't install anything. Ther's no room to put it. It would also explain why graphics are not loading correctly. I still don't think it is malware, but now would be a good time to run one of the onlice scans that Enthusiast linked to, just to help clear up a bit. They do not require a download, so they should work. Be warned though, that if there is no swap space on your disk, it wil take a long time to run...

Also, use the Disk Cleanup tool to remove all the temp entries. Go to start>programs>accessories>system tools>Disk Cleanup. Check all boxes that say temp, as well as recycle bin, and downloaded files.

Let us know how that goes. It sounds like someone tried to do a repair/reinstall on the system, and created a parallel install (WINNT & WINNT.0) I'm not usre how to uninstall one of the OSs without borking the other... maybe I am wrong though.

#8 Nate777

Nate777
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 29 July 2005 - 01:25 PM

OK now i have tried what you said but the comp wont allow it every time i free any space up i fill up fast on it own. unable to run online check due to lack of space an various active x problems. Also unable to run clean sweep for some reason it starts and lets me pick the drive but then seems to lock up and stalls on the scanning part.. PLEASE HELP

#9 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:08 PM

Posted 29 July 2005 - 03:49 PM

Try doing the disk cleanup again.. it might take two hours for it to run through completely, especially if your disk is full.

Do you know for sure that your disk is filling up as fast as you are emptying it? I'm not saying that it isn't, I'm just trying to get a very clear picture of what you are seeing, and what you are doing.

Do you know how to boot to a command prompt?

#10 Nate777

Nate777
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 29 July 2005 - 04:01 PM

ok i will try the clean sweep again but it never goes to the screen where i need to choose what to look for... and the "c" drive fills within a few minutes of any space i make on the drive... and yes i know how to boot to command prompt. thank you for what ever help you can provide me.

#11 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:08 PM

Posted 29 July 2005 - 04:12 PM

es i know how to boot to command prompt


Cool.. that means I don't have to spell everything out like I would to a total novice then. :thumbsup:

I need to do a quick consult, and then I'll be back to edit this post.

EDIT:
Ok.. now the next question is, how well do you know Dos commands? I need you to download HJT to a floppy disk as an .exe, not zipped. Do you have another computer that you can download and unzip it onto a floppy? It doesn't need any special .dlls or anything.

#12 Nate777

Nate777
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 29 July 2005 - 06:28 PM

to be honest it has been awhile since i have worked on DOS and yes i have another comp. just tell where to go and what to do... I would have to classify my self as a basic dos user... thank you for your time

#13 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:08 PM

Posted 29 July 2005 - 06:57 PM

This will be a good exercise for me too. :thumbsup: My Dos may be a little rusty, but we will get through..

Ok.. the first thing you will need to do is to go to another computer and download HJT from here:
'Hijack This!'.

Extract it to the desktop of whatever good computer that you have and copy hijackthis.exe to your floppy.

Boot your 'sick' system to the command prompt, and let's see how much disk space you have available before we start making you delete anything. At the command prompt, type in the following:
cd c:\ <-- this gets you to your root drive.
Then type;
dir
When it runs, it will show a list of directories, which we don't care. at the bottom, it will tell you how much free space in bytes. As long as you have at least 500,000, you will be able to copy HJT over to your main drive. If you have enough room, then type in the following:
move a:\hijackthis.exe c:\hijackthis.exe

Hopefully, if that part went right, you should have HJT on your C:\ drive.

Let's see how that goes first before continuing. :flowers:

#14 Nate777

Nate777
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 29 July 2005 - 07:05 PM

OK i will do thin and reply to you tommorrow... I need to goto work sorry. but i will free some space and do a cold boot to keep it as long as possible but i do understand all that you told me... thank you and talk to you sat. that is unless you will be looking at this like 6-8 hrs form now :thumbsup:

AND thank you so much for the help and patience

#15 Nate777

Nate777
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 30 July 2005 - 02:52 AM

OK good news i got Hijack This on my c: drive I didn't go through Dos but i linked my comp to his and put it in his d: drive then freed space and move to c: in time before it filled again.... (wipes sweat from brow) lol

ok this is what it found


Logfile of HijackThis v1.99.1
Scan saved at 3:51:51 AM, on 7/30/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT.0\System32\smss.exe
C:\WINNT.0\system32\winlogon.exe
C:\WINNT.0\system32\services.exe
C:\WINNT.0\system32\lsass.exe
C:\WINNT.0\system32\svchost.exe
C:\WINNT.0\system32\spoolsv.exe
C:\WINNT.0\System32\svchost.exe
C:\WINNT.0\system32\nvsvc32.exe
C:\WINNT.0\system32\regsvc.exe
C:\WINNT.0\system32\MSTask.exe
C:\WINNT.0\System32\WBEM\WinMgmt.exe
C:\WINNT.0\system32\svchost.exe
C:\Program Files\Wireless-G USB Network Adapter\WLService.exe
C:\Program Files\Wireless-G USB Network Adapter\WUSB54G.exe
C:\WINNT.0\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT.0\System32\cleanmgr.exe
C:\WINNT.0\System32\cleanmgr.exe
C:\WINNT.0\System32\cleanmgr.exe
C:\WINNT.0\System32\cleanmgr.exe
C:\WINNT.0\System32\cleanmgr.exe
C:\WINNT.0\System32\svchost.exe
C:\WINNT.0\system32\cleanmgr.exe
C:\WINNT.0\system32\cleanmgr.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT.0\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINNT.0\System\SmWizard.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [mtxclu] C:\WINNT.0\system32\mtxclu.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pantegomedical.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pantegomedical.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pantegomedical.local
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT.0\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT.0\system32\nvsvc32.exe
O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\Wireless-G USB Network Adapter\WLService.exe" "WUSB54G.exe (file missing)


I real hope this helps!!!
And if this is not what you need let me know




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users