|
Morethanpretty,
You get all of that with AVG as well (and they also publish an anti-rootkit utility). Like I said, a toss-up. |
Quote:
|
I don't know, but I have been having problems with my computer and I don't know if it's the computer or the wireless or bad software...or what.
It just stops acting like it's even connected yet the icon at the bottom says 54.0 Mbps...which is good, right? I'm going to have to call geek squad or something. |
TW,
A rootkit is a type of virus/malware that uses "cloaking" techniques to hide itself from the OS and end user. If you've read what I've mentioned, the Windows API makes it really easy to create one. And, yes I have seen them. Rootkits are the reason why I scan machines with a bootable CD that has the latest virus definitions and tools I can use to determine what loads when a machine boots up. The only effective way to get rid of a rootkit is to scan the machine with a known good alternate OS, not the OS itself. When you have a rootkit, the only way to be sure is to use an alternate OS. Anti-rootkit technology is nothing more than AV technology that scans for the API hooks that rootkits use to cloak themselves. It's effective a good portion of the time, but I've seen rootkits get past the Sysinternals tool (Rootkit Revealer). UNIX, Linux, and Windows have this issue, as does any other OS that runs on a Von Neumann architecture where the OS and program data are loaded into the same memory banks and intermingle. The best way to rid yourself of a rootkit is the same on UNIX, Linux, Windows, or any other OS. Boot into an alternate OS and scan that way, because you cannot be sure that the OS that has been compromised has any integrity. |
Shawnee, try the following:
Shawnee,
Open a command prompt, and type in: netsh winsock reset Then reboot. Make sure you have the latest Wireless drivers as well. Quote:
|
Thanks. I'll try that later. It seems to be OK right now. :)
|
Quote:
Never looked at Systeminternals Rootkit Revealer because I never saw any reason to need it. |
Quote:
Next, your machine must ask for an IP address. The router's DNS server provides (leases) an IP address to your wireless card. I have seen some routers make the connection (ie 54 Mbps), but the DNS server refuses to lease an IP address. The solution was to power cycle the wireless router. Don't know why. Never had sufficient time to learn why. But if you are having the same problem, the Geek squad would never see the problem and still charge you. First suggestion: determine if the problem is in the router. IOW any computer that has not connected wirelessly to that router in over a day would demonstrate the same problem. (Any computer connected wirelessly in less than a day may not see the problem.) If both connect at some speed but will not talk, then you have saved yourself a payment to the Geek Squad. A second suggestion: enter "IPCONFIG /ALL" in the same command window where "netsh winsock" was entered. If the IP address for your "Wireless Network Connection" does not start with 192.168.xxx.xxx or 10.xxx.xxx.xxx, then an IP address is not provided by the router. A computer can connect. But without an IP address, it still will not communicate. Later in the day, that routers DNS server can fail. But your computer would continue to work for the next 24 hours - when the lease for the IP address expires and it was ask the router's DNS server for an new address lease. No new lease from a failed DNS server means it would again connect only to the router at 54 Mbps, but not connect to the network. |
Quote:
I don't know how to check the wireless drivers? Quote:
I found the IP address with 192... For the first part, are you saying check with another computer? I don't have another, but maybe I misunderstood. Guys, thanks so much. I know that irl folks like you get paid to help people like me, so I appreciate the free advice. You don't have to keep helping if it seems I am taking advantage. I am just amazed at IT people...you speak a whole other language. :p Thanks again. |
Tom, it's DHCP
Tom,
It's DHCP server :). There are many issues with the IP stack in Windows. When certain pieces of malware "attach" to your Windows installation, one of the first things many of them do is attack to the TCP/IP stack to subvert DNS and redirect name lookup traffic to a DNS server that will return erroneous (i.e. more malware, advertisements, bad Windows Updates) traffic to it. Running "netsh winsock reset" restores the TCP/IP stack to a known good state without malware or the "hooks" that would point to the DLL files and executables that malware uses to redirect traffic. If you don't run this after removing malware, your TCP/IP stack may be broken due to those hooks existing and pointing to nowhere. Quote:
|
This is what I have seen
tw,
I've seen rootkits that have patched Windows DLL files and caused functions which other programs depend upon to be disabled. If a rootkit is going to infect your system, it's going to patch the Win32 APIs for IP Activity, Unexplained Processes, CPU Time, and Registry Entries, and patch other functions as needed. This is what rootkits do via APIs on Windows, and via APIs or trojaned copies of ls, ps, and other file utilities on Linux or UNIX variants. Your average user will not be running Wireshark on another PC and scanning their network to see the unexplained IP traffic. If they did, chances are that they are smart enough to not get rooted. I caught one because it didn't patch functions well enough and I was able to use Rootkit Revealer to figure out its existence due to that. Quote:
|
Quote:
If after 24+ hours, you always have the 192.168.xxx.xxx address and the computer does not connect over that 24 hours, then then your wireless card has connected to the router. Then the DHCP (not DNS) servers is working. Move on to other suspects. IOW the "IPCONFIG /all" does not report anything useful if the computer is working. It only reports useful facts when the computer will not connect. And you have also manually started and executed the long anti-virus software scan? "No problem found" does not say your wireless is working. It just says it is working at a lower level. Malware can exist at higher levels. Or other problems exist. Proper drivers: depends on the machine. Better machines (ie Dell or HP) mean you go to their web site and check for updates. Sometimes, www.windowsupdate.com will download a corrected driver - not always. Further information is found in Device Manager and in the System (event) logs. If you don't know where these are (and it cannot be told here because even the OS was not listed), then use Windows' Start>Help and Support - or whatever the help is called on your machine. Well, maybe it has been connected all along. But your firewall (or anti-virus software) is blocking access to some site. Time to better define what you mean by no connection. Using that command prompt, enter PING 192.168.1.1 It should ping your router and report echoed back replies. PING cellar.org It will also report useful facts. From the browser (ie Internet Explorer), enter as the address: 192.168.1.1 or 192.168.2.1 That should talk to the server inside the router. What happens. If Windows puts up a screen about no connection and has somewhere to diagnosis a connection, well do that. Windows should report if the computer is not connected, why, and may even correct it. But again. What computer? What OS? Just some ideas. None are intended to fix anything. Every one is only to report the minute detail that actually says what is wrong. First and more important - identify the problem. Fixing comes later. |
Quote:
Is there somewhere to look at a currently stored DNS table? Is that where a rootkit would corrupt DNS? (Had not thought about that type of corruption). Popups are supposed to be blocked on my machine. However zedo.com does get their advertisement pop up when I access one web site. I have their IP address blocked in the firewall. However that has always bothered me that that their popup gets through. |
TW,
Port 445 has been scanned for since 2000, since Windows 2000 and up use it for file sharing, instead of ports 137-139. The Messenger service, which is the reason for many pop-ups, has been disabled by default since Windows XP Service Pack 2 in August, 2004. |
Quote:
Still don't know how that web site permits c5.zedo.com to open a popup. But the popup enters on a new window using port 80. Meanwhile, you have roused my curiousity. I must try that Rootkit Revealer. |
Well guys, I got rid of avast, and downloaded AVG and Spybot. I ran spybot first (before getting rid of avast) and it found 13 pieces of crap.
AVG seems friendlier to a novice like me. After all that I ran netsh winsock reset and rebooted. So far so good. Later I want to look at some of the stuff tw wrote about. Thanks so much for all your help, and for teaching me a few things. If you're ever in my neck of the woods let me know. Dinner's on me. :) |
I was having trouble again last night. Tonight I will look around some more. I may call one of my old IT buddies. Any of them would do it for a couple drinks, but I would like to offer a little better than going rate for a housecall. Just to make sure everything is good. What is the going rate?
|
Quote:
Not to fix it. Long before fixing anything, first the problem must be identified. Currently nobody even knows yet what your problem is. So, you did all those "PINGs" when it worked fine. Then when it was not working, you did those "PING" programs again. Those are critically essential facts. Same with "IPCONFIG /ALL". What did the anti-virus scan report some hour plus later when it finished working? Where is the information from system logs and Device manager? Those also were not idle questions. They were critically important facts that reported your system was still completely failed when you thought it was working. What were the lights doing on the wireless router both during good and failed operations? What is your OS? What is the computer? You probably have access to talent far superior to anything that the Geek Squad or you friend can provide. But you are stifling it by not answering all questions and doing everything requested - regardless of whether the machine is working or not. Are the wireless drivers current? That also was not a question to avoid because you did not understand it. What did www.windowsupdate.com report? What does the manufacturer report as the latest drivers? Again, not to fix anything (even though it might). To identify a problem that still exists even the machine appears to be working. What exactly did "netsh winsock reset" report? Nobody can be helpful if you filter out facts. Command prompt provides an easy way to cut and past every numeric detail from that window. Right click on the C:\ icon in the top left corner. In Edit, Select Mark. Then select everything on the screen to copy. Right click on the icon again to select Copy. Now the critical numbers that mean nothing to you can be pasted in a post. Those unanswered questions and every fact that means nothing to you is probably the critical fact that says what is wrong. Therefore you have stifled your help. Numerous questions and requests for information were posted. Most were not answered. Answers them all. Otherwise spend money on a less knowledgeable repairman. What's the going rate? $70 per hour? Either you can do the labor or pay someone else to do these same things. |
tw, you do realize this isn't a bullshit session in the geek break room, don't you?
Quote:
You and Mitch post great information, but the fact is most of us only grasp bits and pieces of it, and to attempt to accomplish your diagnostic procedures is frankly intimidating. IPCONFIG, Command prompt, and stuff like that, are a completely foreign language. When our machines start making funny noises, or break down beside the road, we appreciate the help but keep in mind we're drivers, not mechanics. :o |
Quote:
Only reason to fix things is to learn. If the solution is posted and not understood, then ask or quit. Those are the two options. Therefore learn or not learn. Most every reason for doing those things (netsh winsock reset) were never provided - intentionally. If not done, then one does not learn why they were so critically important. But again, fix things first and foremost to learn. Or stay ignorant and pay someone $70 per hour to do what is not really complex. It only looks complex because it is unknown. Again the point because so many are bad at problem analysis. Don't try to fix it immediately. First objective is to only learn what is wrong. Fixing comes much later. Those who never fixed things always want instant solutions. Rarely learn how to break problems - even non-technical problems - down into parts. Command prompt is where Shawnee entered "netsh winsock ..." IPCONFIG is also entered there. You would not know that if you had not yet done what Shawnee did. If you also do not do it (if you only read), then you also do not learn anything. I never used that "netsh ... " option. So I too did what mbpark recommended. Why? Otherwise I also would have no idea what he posted. To learn means 1) all those actions must be performed, 2) all those questions answered, and 3) anything not understood requires asking for details. Only other option is to quit and learn nothing. Furthermore, its a two way street. All parties (not just Shawnee) learn from the experience. |
Personally, you lost me long ago on this issue. I wouldn't know where to begin and I'm afraid that if I messed something up while attempting some of what you said to try I wold have no net access and then be double screwed as I couldn't post for more help.
Hence I've been reading along trying to absorb some of what you are all talking about. Now you just seem nasty and condescending. You gotta realize that there are others with no idea what you, any of you, are saying. |
Quote:
Just like in Science lab. If you did not execute Command Prompt, then you have no idea what Shawnee learned. If you did not do IPCONFIG or PING, then there was no reason to provide additional information. That’s not condescending. In short, if you only read, well, welcome to technology - you learned nothing. People who do not fix things are poor at breaking problems into parts – making problems easier to solve. Too many want an instant solution. An experienced problem solver first finds a defect – fixes things later. Another famous sound byte that says the same thing: Patience, grasshopper. That may be condescending to those who don't do the work. Silly emotion is not relevant. Fact. Either you do what Shawnee did or you learned almost nothing from this thread. In which cause, you could only become emotional - and therefore 'feel' condescendence. Your choice. Did you do as mbpark suggested? Did you enter “netsh winsock reset”? If you feared you might break something, then did you post, “Can I do this without breaking something?” Learning by doing is that simple; not condescending. Nothing useful could have been learned by only reading. But that also is obvious from doing rather than only reading. Of course you have no idea what is being said if you also did not execute those programs yourself. I know that. You apparently did not only because you did not execute those programs. In a parallel thread, GIF is discussed. Did you understand those posts? Only if you also did the lab work. If you did not execute the program, then you had little grasp of that discussion either. |
Well guys, quit it! ;)
I think tw is right. I do want to learn these things. To be honest, I have not tried everything he has mentioned because I'm too lazy to write it all down (I need printer ink) and go through it. I go through cycles of what I do on my computer, and I just haven't felt like putting in the work right now. When we got our very first computer, my exes cousin came from IL and made the ex put it all together and set it up. He learned a lot. Cousin's reasoning was "if something goes wrong you'll know how things work..." and it came in handy. But I will, eventually. I just need to be in that "mood" so to speak. Anyway, I appreciate everything. |
Quote:
|
TW, I did explain why in detail :)
TW,
I did post why that command (netsh winsock reset) works in great detail. It's one of the enhancements MS added to XP SP2 for consumers to fix a large problem with spyware attaching itself to the TCP/IP stack by replacing the Winsock (TCP/IP) stack with a known good set of settings. Quote:
|
Quote:
|
Quote:
It was actually a bad example of my point because you discussed some things that others still would not understand even after running the program. Few really would know what the TCP/IP stack is even after resetting it. netsh involves much of the black art. I have mostly avoided netsh because so little of that program actually solved something that was not otherwise repaired by a driver reload. I will have to play with it more. I suspect few really grasped what you had posted. But the point is that without executing those programs, one really cannot grasp them. |
TW,
Unfortunately, Windows is a complex beast. I'd need a whole series of posts to explain what I've picked up over the past 11+ years of working with Windows NT and its successor OSes. It is this complexity that is the reason for Windows having the issues that it does. Even when you execute these programs, you can't tell what they do. |
Quote:
|
Quote:
I'm not dissing your ability or sincerity to the fix, just reminding him to remember he's talking to (other than you) novices. |
Quote:
I'm certain tw knows a lot about this stuff too, but he's grouchy. :haha: |
What good is having knowledge if. . .
oh nevermind. |
It is that reason...
TW,
It is that reason why Mark Russinovich's company (Sysinternals) was bought by Microsoft. He was brought in to clean it up. Quote:
|
Quote:
Microsoft basically had no useful analysis tools for Windows. System Internals are informative tools. That spaghetti code is a symptom of poor planning at the architect's level. Is probably why the head of Windows was removed because of Vista's development. Are Russinovich and Cogwell working as architects for Microsoft Windows? |
Quote:
I know. I appreciated that as well. I just wanted to point out that I do need to learn...or be a slave to others forever. I wouldn't make a good slave. I'm too mouthy. ;) |
Yeah, but you'd look great in a Princess Leia slave outfit. :yum:
|
You have no idea. ;)
|
Russinovich is
TW,
Mark Russinovich is one of the lead Windows architects now. He was one of the forces behind MinWin, which was the refactoring of the Windows code to remove dependencies and make it easier to build and maintain the product. Quote:
|
Quote:
|
TW,
MinWin, as I stated, is the re-architecture of Windows itself to remove circular dependencies and build issues. It's a complete refactoring of the base of the system itself and the components to make it easier to build, maintain, and debug. Windows, before Windows 7, was devilishly complex to debug and fix issues with. Mark Russinovich did something nearly impossible, which was to help resolve that. |
Quote:
|
And now for something completely different ...
I came across an item on the MSN home page for Sunday, 08 FEB 09 that reminded me of this thread. It was a link titled Ranked: Security software which led to an article by PC World on evaluations of security suites (pay for packages).
Though a bit off topic, I found the ranking of security suites in that article versus the ranking of components in this thread to be interesting; so, I linked it here FYI. |
Quote:
How many architects does Microsoft use on Windows? And what happened to Bruce Cogwell? |
Quote:
|
Ok, that's reaching.
TW,
Somehow I think re-architecting the core of the product is more important than addressing Paint, Notepad, Solitaire (which got a redesign for Vista anyway), or Defrag (which Microsoft does not own, and is licensed from the Diskeeper corporation) :). Microsoft doesn't publish how many architects they use on Windows. They just publish the ones that are the most famous, such as Mark Russinovich, David Cutler, and Bryce Cogswell (who is still at MS from what I understand). Quote:
|
so, a friendly dwellar pointed me to the ultimate boot cd, and helped me with the creation of a boot cd that runs a basic windows environment. this allows you to run the utilities it contains....one of them is AVG.
i'm running it now.....we're up to 15 threats...no 16....5 are viruses, 11 trojan horses ooop...19~and counting.....jeesus. |
183......and still scanning
:blush |
even after this avg cleanup, i still have spybot coming up repeatedly with kewedojisu trying to change some registry.....i blocked it, but it keeps coming back...
is this a normal thing, should i let it do it's thing? |
No it is not
Lumberjim,
Boot back into the Ultimate Boot CD and open a command prompt. Go to c:\windows\system32 and type in the following: attrib -r -h -s kewedojisu.* erase kewedojisu.* This will un-hide the file and erase it. |
file not found
|
One other thing to try. Download malwarebytes anti-malware from malwarebytes.org and run that.
I've been testing that and have found it to be actually pretty decent at cleaning up "unknown" processes like that. |
Jim, I had that problem and after trying a bunch of removal crap, I just had to go to the "control panel" then "add and remove programs". Found the strange program and removed it. I don't remember the name, but you should be able to spot a program that you don't know, if you have the same problem I had.
|
im running spybot that came with the boot cd.....its finding stuff too. the version i have installed wont update....
after i ran avg from the boot cd, I went online and tried to dl and install the free avg, but when i went to instal, it said it wouldnt work with my puter. it referred to windows 2000, although im using xp on this machine it did fix the pop up problem it was havng though. which was the main complaint. |
Lumberjim,
Give malwarebytes a try and let me know how it works :). |
will do
|
that found 69 items and fixed them
start up took forever afterwards |
Did it work well otherwise?
|
seems to have. either the malware one or the spybot from the boot disk got rid of the kewets...thing. i ran them back to back
thanks a million for your help. i was ><thsi close to nuking it. |
From the Washington Post of 12 Feburary 2009: A Little Economic Stimulus: Free Antivirus
|
Quote:
I read the review of Kaspersky (my weapon of choice) and have to agree that its confusing as hell to configure although I think it works better than the author does - nothing gets by Kaspersky. I even get warnings (including the IP address) when anything other than the browser I have open attempts to connect to the internet. And as a general tip to the class, if the protection software you are running has a registry guard, enable it. If it doesn't, get one that does. A registry guard stops anything from making a change in the registry and asks for approval first. I think Spybot has one. -----EDIT Since MSN didn't think NOD32 was worth reviewing, I was not surprised to learn that opinions vary. Check out this side-by-side comparison. |
| All times are GMT -5. The time now is 11:40 AM. |
Powered by: vBulletin Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.