Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Where did it go so wrong?


  • Please log in to reply
3 replies to this topic

#1 shioru

shioru

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 23 November 2004 - 12:48 PM

Hello,

I am not sure if I am posting this in the correct forum, but I got hit with a t.swapx.cc version of malware last night. I googled my "new" home page, and got this forum, and found lots of very helpful instructions on how to start cleaning it up. However, two problems:

Whenever I run either an online virus scan (eg TrendMicro) or when I tried to run Hijack This, or Spybot or any other app. my comp crashes (NT Administrator is restarting your computer due to unexpected termination of remote process call server?????) I am running Windows XP.

After a couple of reboots, explorer.exe would crash (you get the little screen that says explorer.exe is no longer responding, press to end task etc etc and then it treis to send the error message back to microsoft etc)

Now pretty much nothing works without crashing. I am sorry I have no HJT log for you, but I couldn't get one. Does this mean it can't be fixed?

Thanks,
shioru
Edited for silly typo

Edited by shioru, 23 November 2004 - 12:56 PM.


BC AdBot (Login to Remove)

 


#2 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:05:04 AM

Posted 23 November 2004 - 02:53 PM

Lets try this:
If you are on a high speed connection - disconnect it.
Reboot in Safe Mode
Run HijackThis
Shutdown,plug the network back in,boot to normal mode and try to post the log.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#3 shioru

shioru
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 23 November 2004 - 03:54 PM

Thank you for the reply. I did unplug my cable connection. Reboot, run again, still crashes, same error? This really confuses me. I have now given up and reinstalled Windows XP (very drastic I know) but its worked SO FAR> Does anyone know if this is enough? Any further housekeeping neessary to ensure no reinfection?

I am now running Firefox on that comp, and will switch from McAfee to ..???

Sorry to give you on you guys but i was going to burn the damn thing.

#4 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:05:04 AM

Posted 23 November 2004 - 06:18 PM

Any further housekeeping neessary to ensure no reinfection?

  • Firewall: A first line of defense
  • Javacool SpywareBlaster and Spywareguard: Helps prevent spyware infection
  • Anti-Virus: I use and recommend AVG-Free 7 from Grisoft.com
  • Firefox: Doesn't have near the holes IE is plagued with.
  • Basic cleaners: Ad-Aware and Spybot S&D installed, kept up to date and run regularly will find and kill a lot before it gets out of hand.
  • Common Sense: Do you really need to download or install something to view a web page? Is that "free" program really that great? What's in the EULA that you're clicking OK to?
Some time back I posted a link to a great story titled "Infected in 20 minutes" Thats how long a Windows XP computer, fresh out of the box,connected to the internet takes to become infected.

http://www.bleepingcomputer.com/forums/ind...370&hl=infected

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users