13 replies to this topic

[systemmistress]

Lately Firefox and Thunderbird, as well as EI8 have ben crashing with error messages all pointing to .DLL's.

I have a minidump of the last BSOD...I ran scans with Avira, Malwarebytes, and SuperAntiSpyware - all negative...found only cookies and deleted them.

I also get rid of all Flash cookies with a Firefox Add-On.

I have been reading about .DLL exploits...I'll just bet this is my problem..what to do?

Exploit List:
http://www.exploit-db.com/

There are tools, one of which is a Microsoft Tool, and I need some advice about this, as there are warnings not to use the tool unless there are certain problems.

MS Tool:
http://support.micro....com/kb/2264107

The other tool is located here:
http://blog.metasplo...r-stronger.html

I found 'run dll as app' in my start-up file...1st time I have seen this!
I took it out...maybe I should have left it, as MS Update is semding me so many updates that are making big changes in my system....now when I look in my folders/files I do not recognize my system.

Thunderbird causes BSOD's, IE8 and firefox crash..flash crashes by itself and leaves Firefox open [due to plug-in container], and I get a ton of errors...but NO MALWARE that my programs can find.

Any suggestions will be welcome and needed for this mess.

Sandra

[Broni]

Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

[systemmistress]

==================================================
Dump File : Mini092910-01.dmp
Crash Time : 9/29/2010 2:52:11 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xe385c018
Parameter 2 : 0x00000000
Parameter 3 : 0xf348d4d6
Parameter 4 : 0x00000001
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+21cc5
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636)
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini092910-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
==================================================

[systemmistress]

Broni,

I thought I was a patient person, but in the last 3 days, MS has downloaded 16 updates to my computer...so I looked at them..and
SOB, @@#$%$#@

They are all updates that MS put on this computer before.

Why an I getting the same security updates re-installed time after time?

Do they concern different Browsers?
Example: When I use Firefox they install the updates for .NET 2.0 and 3.5

When I open IE*, they install the very same update to it as well.

I am disgusted, puzzled and losing the very patience I learned 16 years ago.
**&$@$@$##&&^

Ok, now I fell better..but still want to know what the he** is going on in this box.
Thanx
Sandra Agter-thought::
Is MS doing this to screw-up all XP machines so we have to buy a new one or update our OS?? It seems that they did this very thing with with WIN98SE when XP was released....

[Broni]

I can see only one BSOD report.
If it happened just once, I wouldn't worry much about it.

As for updates, go here: http://www.windowsupdate.microsoft.com and see, if all your updates are current.

[systemmistress]

It happened more than once - but I saw no little box telling me that there was a report - only a blue screen and tyhyen it went directly to a reboot.

Just before when I was copying my documents to Cd, I heard strange noises from the harddrive..I want to make a system disk mount an image but I fear that the copies will be faulty. noise:: like grinding...thrn it stopped and my Speccy report tells me it has too many errors. Do you want to see that report? Next reply I will send it.

I back up my bookmarks, and other parts, and tried one time to put those files back into the system....and I got a message that the files were corupted.

I really think the harddrive is shot.

How much will it cost me for a new one?

Also, This machine is a HP Presario - which means there is a partition with the entire WinXP on it.

How do I get that off so it is useable?

I am afraid this harddrive makes bad copies....

Can you get a good price on an external drive about 200GB like I have now?
Do I need that big of a drive?

Maybe because of the age of this computer, an External would make more sense?

Can you help me?

I can buy a drive right now.....It is the beginning of the month for me....my check came in on the 3rd.

If you can get one for me, I have paypal and will reimburse you for the postage to send it...or should I just go to a store?
Maybe it is cheaper online?
I have never done this before....

Also I am going to plug in the other HP WIN XP PRO machine tonight if I can bend down to attach all those cords..[my back is giving me some trouble this week]

I have to pay my bills and do not trust this Presario right now..It would not let me purchase a lipstick earlier to day.

Please help me..I will go crazy without a working computer

Thank you, Broni...This is a bad situation for me right now...
Sandra

[rokytnji]

Quote

I heard strange noises from the harddrive..I want to make a system disk mount an image but I fear that the copies will be faulty. noise:: like grinding...thrn it stopped

Sounds like Hardrive is ready to die.

Quote

I can buy a drive right now.....It is the beginning of the month for me....my check came in on the 3rd.

My link
You need to find out if your hard drive on laptop is IDE or SATA Hardrive. Since Windows XP. My guess is IDE but best to make sure.

Quote

Also, This machine is a HP Presario - which means there is a partition with the entire WinXP on it.

How do I get that off so it is useable?

If your dying internal hardrive can stand the strain of running just long enough. You can use a
My link

connected to your USB port and a free cloning tool like
My link

Will do the same as Acronis or Norton Ghost will for free. I have cloned my
Xp install on my EEEPC 701SD from my internal Solid State Hard Drive to a External 8gig SD Camera Flash Card using these kind of tools. To bad I don't live down the block from you. But that is the way it is.

Sounds like all your Windows problems have been with the hard drive. Just be calm. Take a big breath. Things will sort themselves out in the long run.

[systemmistress]

I FOUND THE @#$% Trojan

C:\WINDOWS\Microsoft.NET\Framework\V1.1.4322\NETFXUPDATE.EXE
TrojanAgent/Gen-MSFake {1 item}

I jsut kept running different scanners for malware - updating them each time and SuperAntiSpyware just found this this morning...

MAB did not dtect anything....not even 20 Tracking Cookies! This is why I love SAS- I have a Lifetime Subscription to this..It was gifted to me by the company, when I wrote and told them my situation.

My symptoms were:
MSUpdate kept putting the same >NET 1.1 on the machine every hour..what a mess.

BRONI
:
Do you want me to open a new post in the proper section?

ROK:

Let's wait and see what happens when I get rid of this piece of #$@* on my computer...maybe things will be different - BUT I am going to make all the recommended disks..soon as this mess is cleaned up.

OMG>>>I cannot believe that MS is infected..It came in thru Automatic Updates....we are not safe anywhere..
Personally I have a gut feeling that MS wants all XP machines gone....so they are harrassing us...."you know the new OS's are safer" is their thinking..they are tired of supporting old OS's.

................and I thought I'd walk up to the Marion SQ market and get a fresh killed chicken for a soup...LOL I'm not going anywhere

Should I report these viruses to MS..Avira...in light of the fact they came in thru AutoUpdate? IF so, HOW?

Thanx
S

[systemmistress]

PS:

THIS TROJAN IS NOT NICE:

I copied my DOCUMENTS to CD and now they are gone off my harddrive...I stopped right there...did nothing else.
If I had my harddroive would have been empty..make sure you tell people NOT TO DO ANY BACKUPS>>PLEASE>>>or they will be sorry.
s

[Broni]

Quote

Do you want me to open a new post in the proper section?

Yes.
Read here: http://www.smartestc...ease-read-this/
Start new topic here: http://www.smartestc...alware-removal/

[systemmistress]

here is what Prevx has to say about this file in my firewall that got a pass to the internet:

File Investigation Report
DW20.EXE
Cloaked Malware
PC Cleanup in 3 Easy Steps
Use Prevx 3.0 to remove DW20.EXE, along with any other viruses, spyware, adware, trojans, rootkits, worms, information stealers, keyloggers, bots, and other form of malicious threat that may reside on your PC.

Remove this Infection »

• Think your PC might be Infected? Scan Now Prevx 3.0 will scan your PC in seconds to inform you whether your PC is clean or infected.
• Malware Removal Prevx 3.0 removes adware infections for free. More complicated infections require purchase of a malware removal license.
• Expert Assistance In the rare occurence that Prevx 3.0 malware removal fails - a Prevx Engineer will connect to your PC and manually disinfect.
• Money Back Guarantee for Individual Users If within the first 14 days, the Prevx Engineer finds it impossible to clean an infection from your PC, we give you your money back.

Associated Malware Groups
The unsafe files using this name are associated with the malware groups:

• Cloaked Malware
• Worm

File Behavior
DW20.EXE has been seen to perform the following behavior:

• The Process is packed and/or encrypted using a software packing process
• Terminates Processes
• Executes a Process
• This process creates other processes on disk
• Can communicate with other computer systems using HTTP protocols
• Adds a Registry Key (RUN) to auto start Programs on system start up
• Registers a Dynamic Link Library File

DW20.EXE has been the subject of the following behavior:

• Created as a process on disk
• Executed as a Process
• Terminated as a Process
• Deleted as a process from disk
• Has code inserted into its Virtual Memory space by other programs
• Executed by Internet Explorer

Country Of Origin
The filename DW20.EXE was first seen on May 3 2007 in the following geographical regions of the Prevx community:

• Italy on May 3 2007
• Europe on May 3 2007
• Chile on Jun 5 2007
• Germany on Oct 19 2008
• Serbia on Oct 19 2008
• Spain on Apr 15 2009

File Name Aliases
DW20.EXE can also use the following file names:

• F0375311.EXE
• 20313647.SVD
• 99868906.SVD
• 12365917.TXT
• 07304629.TXT
• 39581779.EXE
• 40888571.TXT
• 22332443.SVD
• 50750034.TXT

Filesizes
The following file size has been seen:

• 574,976 bytes
• 8,704 bytes
• 17,408 bytes
• 53,248 bytes
• 631,488 bytes

File Type
The filename DW20.EXE refers to many versions of an executable program.


Help the Prevx Community to fight cyber crime
Thanks for your input and helping us to improve the quality of our service

Virus, Spyware & Malware Center »

© Copyright Prevx Ltd 2010. All Rights Reserved

PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.

[systemmistress]

I am not using Prevx, but their info is great...tells a lot about each malware item.
s

[Broni]

Please, follow instructions from my previous reply.

[systemmistress]

rokytnji, on 09 October 2010 - 05:31 AM, said:

Sounds like Hardrive is ready to die.



My link
You need to find out if your hard drive on laptop is IDE or SATA Hardrive. Since Windows XP. My guess is IDE but best to make sure.



If your dying internal hardrive can stand the strain of running just long enough. You can use a
My link

connected to your USB port and a free cloning tool like
My link

Will do the same as Acronis or Norton Ghost will for free. I have cloned my
Xp install on my EEEPC 701SD from my internal Solid State Hard Drive to a External 8gig SD Camera Flash Card using these kind of tools. To bad I don't live down the block from you. But that is the way it is.

Sounds like all your Windows problems have been with the hard drive. Just be calm. Take a big breath. Things will sort themselves out in the long run.

Have you ever bought anything from DealExtreme?

I sometimes buy stuff from them..longer than usual shipping times, but prices on certain things are GREAT! For instance:
Flashlghts....beautiful modded ones and they sell some of the parts to mod them....great inexpensive cables like the one I bought for my HDMI TV I got 2 Christmasses ago for doing a little plaster work in a lady's home. The cable was $3 and change and the quality of picture I get is great...I have not bought any computer stuff yet..but am looking.
Link:
http://www.dealextre...dx/category.399

was wondering if you knew anything?
Sandra