Announcement

**Chemical Ollie** · January 10, 2004, 20:26

Originally posted by Spiffor
If you're under winxp, try ctrl+alt+suppr, and go for the "process" tab. Kill suspicious processes on sight. I don't think you can do anything harmful to your computer here, but this may lead to a disconnect or a restart.

If you have another computer in your home, connect both computers through a Network cable, and have the folders with suspicious files shared with writing-rights. Delete the files from the other computer.

I did this. I killed mslaugh.exe and about 5 other suspects, one by one, and there's no suspects left now. 8 hours since I rebooted now. Earlier this afternoon, msblast went out the same way and did not come back, but I soon realised that the Blaster Worm was only ONE of the problems. When msblaster was on, I had to reboot every second minute to keep the comp alive. That problem is gone.

**Monk** · January 10, 2004, 20:28

When confronted with these problems, I usually save the few necessary files on a CD or two, then start all over re-installing everything. It doesn't save me any time but it isn't half as annoying as getting those ridiculous pop-ups and the adventures of a Danish nun and three Dutch sailors thrown at me when I least expect it.

**Chemical Ollie** · January 10, 2004, 20:32

Originally posted by Monk
When confronted with these problems, I usually save the few necessary files on a CD or two, then start all over re-installing everything. It doesn't save me any time but it isn't half as annoying as getting those ridiculous pop-ups and getting the adventures of a Danish nun and three Dutch sailormen thrown at me when I least expect it.

My family photo album would probably fit on one CD, but I have about 30 or so GB of music and video that would be gone if I did what you suggest. I would rather buy an new hard disk and keep the old as a slave. But then the worm/virus would just transfer, right?

**The Andy-Man** · January 10, 2004, 20:40

This sort of stuff worries me like hell. But i am not personally good with PC's

I dunno how to rptect myself, i have spybot, but don't really know what I am doing, and most stuff out there isn't free, and i am not a rich man

advice?

**Seeker** · January 10, 2004, 20:41

"advice?"

Read this thread.

**The Andy-Man** · January 10, 2004, 20:43

I am, but as i said, can't aford adaware

Also, as i said, I dunno what i am doing with spybot

**Seeker** · January 10, 2004, 20:48

Start-up mechanic is free.

So is whatever Apolyton uses on the frontpage.

These things are in the thread.

Shields-Up! Test is free, and they have links and reams of advice on that site.

**The Andy-Man** · January 10, 2004, 20:55

thx, i will goto the fron page now and refesh furiously

**Chemical Ollie** · January 10, 2004, 20:55

Originally posted by Seeker
Ending 'suspicious' looking processes when you don't really know what you're looking for is a great way to see the 'Remote Call Procedure Terminated' error message in XP.

Same thing for manually opening up regedit and deleting suspicious Registry Entries....they may simply be re-installed the next time you restart your computer if the Bad Stuff in question is well hidden.

---

This is something I have seen about 30 times this afternoon

**Seeker** · January 10, 2004, 21:06

Any chance you'd remember which registry entries or processes (if any) you ended?

How often do you have system restore set to save your system?

Also: Do you keep a keystoke log of yourself? A 1-Day keystroke log can be helpful to find out how you managed to put your &#$% in your own !@#%.

**Mr. Harley** · January 10, 2004, 21:17

If you purchase a new hard drive, and do a clean install of Windows and this should fix your problems. Make sure you old hard drive is disconnected while you do this. As soon as you boot up, install Norton, get the updates, and scan your old hard drive. You can then use something like Norton Ghost to run a mirror (RAID level 1) of the other hard drive, or actually run a RAID level one if you motherboard supports it. It still doesn't solve the problem I had - a capacitor blew in my power supply, and blew both hard drives

.

**The Andy-Man** · January 10, 2004, 21:23

the hting i'd like to know is who actually benefits from all these virus' and spyware and stuff

**Chemical Ollie** · January 10, 2004, 21:36

Certainly, I don't. I've been off-line for 3 days until now. I'm quite sure the msiesh.dll 1.0.0.4 SearchHook Module ilocated in the otherwise empty iefeatsl folder s the culprit, but I don't know. At least it matches the occurance of the problem on the minute and my system will not let me remove it even after I removed the write-protection.

And my system still wants to reboot every time I get get even close to solving the problem, just to make life harder to me

**The Andy-Man** · January 10, 2004, 21:41

do you have to reboot every few minutes without choice?

**Spiffor** · January 10, 2004, 21:44

Formatting your copy after having saved the archivable content is the way to go then. This is the kind of thing that very rarely fails. Unfortunately, it takes time, and it's difficult if you're not experienced.

Announcement

Evil script killing my comp

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment