Answer posted by Alec§taar:
Originally posted by canman:Thanks, I make a ghost image every two weeks
GHOST's good stuff: BUT, in my case? It won't work on a RAID 0 array & that's what I use here!
(@ least not one driven by Silicon Image SI114 bootable RAID).
I do use Roxio "GoBack" though, pretty similar to Microsoft Windows XP's 'System Restore' feature.
It got me one last bootup that allowed me to save a few bits of data I had created recently (documents) to a second disk I have for storage here.
BUT, once I heard the RAID array making little "clicks" every so often & my system acting up (lagging really bad etc. during the clickings) I knew it was on its way out.
Originally posted by canman:but this time I didn't have any reason to open I/E so I copied over a known good image with a unknown bad one.
That's a problem no matter WHAT you use then, especially if its spyware/virus/malware infected because then even your backup image is bad!
Originally posted by canman:Oh well this is one to put in th ecookie jar for future use. I will NEVER delete a known image with a new one until everything is working.
Agreed here too 110%... if you're like me, you probably dispense with older backup images by deleting them off the drive so that excessive space is not taken up.
It's a BAD move & risky in & of itself torching the older ones. You have to keep @ least 2-3 of them online as large files just in case one of them IS bogus/bad as far as I am concerned from now on...
I.E.-> It was a learning experience for me too.
Originally posted by canman:But I did better on a recovery then it sounds like you did.
You did.
I made the "mistake" of using RAID 0, which doesn't have the stability of normal disks.
STILL, I was pretty happy to have it last 8 months...
BUT, from what I could recover using an older Microsoft Backup file? I am a good 75% of the way back already now.
I just have to update my antivirus & antispyware signatures & programs, some registry tweaks, & also some Explorer.exe shell customization programs.
Originally posted by canman:Luckly I had an 8-04 image that all I had to do was install everything from then to today.
Right, same basic situation here BUT using Microsoft Backup image instead from around 1 month ago.
I should have kept up more on that & I'd only be a LITTLE bit behind (not that I am ALL that bad off now).
My bad was?
This breakdown caught me with my pants down & I had not yet made a backup recently due to being busy & now, only like 1 month back or so.
Originally posted by canman:I am still interested if anyone has ever figured this I/E hijack thing.
Most folks here use a set of tools like a good AntiVirus, BHODemon, & Adaware or Spybot.
Between these 3 types of programs, you can do pretty well against new threats, @ least as they become known & get signatures/techniques made for removing them once they are understood.
That's the problem though - You have to wait out antivirus signatures, &/or Adware-AntiSpyware removal techniques in programs to be solid & working. Purely reactive technology & that means for the unknown ones, or variations of older ones?
* You're potentially totally vulnerable...
STOP USING INTERNET EXPLORER too... it's one of the reasons folks are seeing such a magnitude of problems imo. It's a good product but its design & extensible architecture (like Browser Helper Objects/BHO's) are one of the reasons folks are being hit so hard by this type of menace lately.
(Try out Opera or FireFox webbrowsers instead. Most everyone here will tell you that, because they're NOT as susceptible to this type of attack!)
APK
Unmark this post
| Spyware Or Trojan??? |
| Author |
Message |
canman
Member
Posts: 6
Joined: 2004-10-04
Member No.: 42797
|
 2004-10-05 10:12:11
When I boot my win2k system and opened I/E the only favorite I had was "LINKS". I looked in all folders and found the Favorite folder in my C:\Winnt folder. I went into the regisrty and found in Users/Software/microsoft/windows/current version/explorer/ shell folders that the favorites has changed to :\winnt\Favorites. When I typed in the correct path it will recreate itself every time I open I/E. I have tried Hijack, Spybot,Ad-Aware, Spy Doctor, and Spy Sweeper. Nothing helps. I did get it to stop redirecting the favorites one time but now in the C"\ root I get a %USERPROFILE%\ self generated folder on bootup and it has the same results. The only favorite in I/E is Links. All my favorites are in Documents and settings. I am really lost on this one send help please.
|
|
| Post #147398 |
|
adamvjackson
Senior Member
Posts: 2174
From: Asheville, NC
Joined: 2002-08-26
Member No.: 12643
|
2004-10-05 13:06:50
Sounds like a corrupt user profile more than anything else.
|
|
| Post #147412 |
|
canman
Member
Posts: 6
Joined: 2004-10-04
Member No.: 42797
|
2004-10-05 13:30:55
How can I tell if my profile is corrupt? I only use one profile but it might be worth a shot to logon as another user.
Thanks
|
|
| Post #147419 |
|
adamvjackson
Senior Member
Posts: 2174
From: Asheville, NC
Joined: 2002-08-26
Member No.: 12643
|
2004-10-05 14:00:19
I'm not sure if there is a definative way to check for profile corruption, you could try logging in as another user, and check for similar activity.
|
|
| Post #147422 |
|
Alec§taar
Account Disabled
Posts: 207
From: A discrete point in the Space-Time Continuum...
Joined: 2001-04-17
Member No.: 5614
|
2004-10-05 20:57:03
Originally posted by canman:"How can I tell if my profile is corrupt?"
chkdsk maybe?
(After all, alot of your "user profile" is just subdirectories/subfolders on your disk under the C:\Documents and Settings main folder & one of the only tools you have for examination of folder and file structure validity vs. the MFT$ or Fat16/32 tables IS chkdsk!)
Originally posted by canman:"I only use one profile but it might be worth a shot to logon as another user.
Thanks"
It's possible for you to backup &/or copy user profiles you know... keeping a backup/alternate of your userprofile might be a good idea!
* Control Panel -> System Icon -> User Profiles tab (use it).
APK
|
|
| Post #147439 |
|
canman
Member
Posts: 6
Joined: 2004-10-04
Member No.: 42797
|
2004-10-06 16:25:05
Thanks, Still have the problem but I will now keep an update user profile.
|
|
| Post #147500 |
|
Alec§taar
Account Disabled
Posts: 207
From: A discrete point in the Space-Time Continuum...
Joined: 2001-04-17
Member No.: 5614
|
2004-10-06 17:40:35
Originally posted by canman:"Thanks, Still have the problem but I will now keep an update user profile."
I know you will still have it... it sux, doesn't it? If chkdsk doesn't see anything wrong with the disk, then it's NOT that most likely! Not the diskbound filesystem part @ least!
Because a large part of it IS on the disk there, but also the (iirc) HKEY_CURRENT_USER in your registry is part of it as well!
(How to check that for corruption, & worse to fix it? Phew... got me!)
Best I can think of here though, for maintaining a registry backup?
Is to use the Emergency Disk facility that the Windows 2000/XP/2003 BACKUP tool provides...
That's about it, keeping a pristine/virgin uncorrupted copy available & backed up!
Of course, this means doing regular backups of it too, to keep yourself @ your last MOST CURRENT state of your system & up-to-date!
(One of the weekly pains I undergo here... but does not always guarantee me recovery either! I just had a RAID 0 array go on me & nothing I could do would fix it... I am back @ a new system redo again tonite because of it! Takes me a GOOD MONTH to get my system right where I want it to be again after that... I HATE IT!!!)
8 months worth of pretty "perfect" setup I had here, GONE! Oh well, 8 months is a good stretch I figure!
* I just thought I would turn you onto a way to preserve it again in the future IF this happens to you by making a backup copy!
APK
P.S.=> Well, I am off to keep redoing this system... after a blown RAID 0 array stripe that I mention above? NOTHING gets me that back, nothing I know of @ least when it goes belly up! apk [Edited by Alec§taar on 2004-10-06 18:21:01]
|
|
| Post #147513 |
|
canman
Member
Posts: 6
Joined: 2004-10-04
Member No.: 42797
|
2004-10-07 07:53:49
Thanks, I make a ghost image every two weeks but this time I didn't have any reason to open I/E so I copied over a known good image with a unknown bad one. Oh well this is one to put in th ecookie jar for future use. I will NEVER delete a known image with a new one until everything is working. But I did better on a recovery then it sounds like you did. Luckly I had an 8-04 image that all I had to do was install everything from then to today. I am still interested if anyone has ever figured this I/E hijack thing.
|
|
| Post #147548 |
|
Alec§taar
Account Disabled
Posts: 207
From: A discrete point in the Space-Time Continuum...
Joined: 2001-04-17
Member No.: 5614
|
2004-10-07 10:22:30
Originally posted by canman:"Thanks, I make a ghost image every two weeks"
GHOST's good stuff: BUT, in my case? It won't work on a RAID 0 array & that's what I use here!
(@ least not one driven by Silicon Image SI114 bootable RAID).
I do use Roxio "GoBack" though, pretty similar to Microsoft Windows XP's 'System Restore' feature.
It got me one last bootup that allowed me to save a few bits of data I had created recently (documents) to a second disk I have for storage here.
BUT, once I heard the RAID array making little "clicks" every so often & my system acting up (lagging really bad etc. during the clickings) I knew it was on its way out.
Originally posted by canman:"but this time I didn't have any reason to open I/E so I copied over a known good image with a unknown bad one."
That's a problem no matter WHAT you use then, especially if its spyware/virus/malware infected because then even your backup image is bad!
Originally posted by canman:"Oh well this is one to put in th ecookie jar for future use. I will NEVER delete a known image with a new one until everything is working."
Agreed here too 110%... if you're like me, you probably dispense with older backup images by deleting them off the drive so that excessive space is not taken up.
It's a BAD move & risky in & of itself torching the older ones. You have to keep @ least 2-3 of them online as large files just in case one of them IS bogus/bad as far as I am concerned from now on...
I.E.-> It was a learning experience for me too.
Originally posted by canman:"But I did better on a recovery then it sounds like you did."
You did.
I made the "mistake" of using RAID 0, which doesn't have the stability of normal disks.
STILL, I was pretty happy to have it last 8 months...
BUT, from what I could recover using an older Microsoft Backup file? I am a good 75% of the way back already now.
I just have to update my antivirus & antispyware signatures & programs, some registry tweaks, & also some Explorer.exe shell customization programs.
Originally posted by canman:"Luckly I had an 8-04 image that all I had to do was install everything from then to today."
Right, same basic situation here BUT using Microsoft Backup image instead from around 1 month ago.
I should have kept up more on that & I'd only be a LITTLE bit behind (not that I am ALL that bad off now).
My bad was?
This breakdown caught me with my pants down & I had not yet made a backup recently due to being busy & now, only like 1 month back or so.
Originally posted by canman:"I am still interested if anyone has ever figured this I/E hijack thing."
Most folks here use a set of tools like a good AntiVirus, BHODemon, & Adaware or Spybot.
Between these 3 types of programs, you can do pretty well against new threats, @ least as they become known & get signatures/techniques made for removing them once they are understood.
That's the problem though - You have to wait out antivirus signatures, &/or Adware-AntiSpyware removal techniques in programs to be solid & working. Purely reactive technology & that means for the unknown ones, or variations of older ones?
* You're potentially totally vulnerable...
STOP USING INTERNET EXPLORER too... it's one of the reasons folks are seeing such a magnitude of problems imo. It's a good product but its design & extensible architecture (like Browser Helper Objects/BHO's) are one of the reasons folks are being hit so hard by this type of menace lately.
(Try out Opera or FireFox webbrowsers instead. Most everyone here will tell you that, because they're NOT as susceptible to this type of attack!)
APK
|
|
| Post #147555 |
|
View profile
Mark this post as solution (topic starter only)
Reply with quote to post
Edit post
Delete post (admin only)