Software and Hardware -> Ok whats up with this now??

rovingcowboy - Feb-24-2004 server time

floppys were switched as to which was the master floppy and which was the slave floppy. he just did not want to tear the computer apart again but i made him do it.

rovingcowboy - Feb-24-2004 server time

not that ladytech it seems that he has this trouble small floppy sits on top of the large one there is a small ribbin comes out of the small floppy that plugs into the top of the large one looks like he has one floppy pair with one gray cable that has all plugs for all drives on it and it is the wide gray cable small floppy has cable connection to the large floppy. that means there is a jumper on the large floppy somewhere we have to change.

rovingcowboy - Feb-24-2004 server time

i think that is it ladytech, i did ask him if he put it back in the same place he said yes but he might not have done so on the cable.? being 1800 miles away it is hard to see what is going on and i forgot to ask the question in detail. will ask him that today for sure as it will make things a lot easier

rovingcowboy - Feb-23-2004 server time

oh ok thanks wren. i have been here every day, just as a guest and not posting was busy and just looking for any questions for help that i might have been able to answer fast or that one and only post that might have said hey roving cowboy git yon ovjhar an seat a spael.

Wren - Feb-23-2004 server time

Glad to hear from you...was about to send flowers, thought you had died! I know nothing about old pcs, and can't keep up with the new ones either.

rovingcowboy - Feb-23-2004 server time

that bump in the head must have done something to him? he has been trying now to get 5 computers going all of which he got for free. most of which dont work or have more virus's in. all seem to have sram in them and 250 mb hard drives. and he wants to upgrade them to windows 98. got him to understand that wont work now we are trying to get one of them formated and reinstalled with win95. but the computer wont see the floppy drive as the a drive it sees it as the b drive. he said it did see the a drive before but when he changed the floppy out to get one that worked it changed to b drive and wont go back to a drive or atleast we cant find out how to get it back in win95. he really needs to get new stuff but he is as broke as me and he is trying this on his own mostly so that is good for learning but it is a pain to get things to work. just wanted to let you know what was going on now.

rovingcowboy - Feb-10-2004 server time

after we got this informatiation in my last post we tried to get rid of it. by doing what it said. but the hacker had some how moved everything? so i did the old standby. REM: it out in the config.sys file that caught the son of a gun still though once he got it booted he tired to run norton av again this time it found another worm??? i think there might be more then 2 just might be loaded with them. still as the one listed in the last post is not in the wild it had to come in through the morpheous program as his boy was getting songs from the internet throught that. looks like he got lots more then songs. but we are slowing getting this thing working he was able to use hotmail on it the other day. he has been busy on other work last couple days. plus trying to heal up after his fall. but he wont stop or rest ?? he is just going to mess around and make it worse i told him but he still goes out in his metal shop and runs the machines with his sore arm eye and head. will let you know more when i get more.

rovingcowboy - Feb-07-2004 server time

you know that he must have got something knock in to that brain of his. because he would not rest like the doctor and all of us told him to do. he kept working at the computer and got it scanned online before it crashed. housecalls or antivirus.com has posted that he has got the newest version of this. trojon back door so now i will have to walk him through the steps to remove it. then all might be good again. by the way norton and others can not find the newst one of this. just trend micro. this new one even shuts down zonealarm.exe and lots of other ones it is a bad one. QUICK LINKS Solution -------------------------------------------------------------------------------- Virus type: Worm Destructive: No Aliases: W32/Agobot.CQ, Worm.Win32.Agobot.205824, W32/Gaobot.BZ.worm Pattern file needed: 715 Scan engine needed: 5.600 Overall risk rating: Low -------------------------------------------------------------------------------- Reported infections: Low Damage Potential: High Distribution Potential: High -------------------------------------------------------------------------------- Description: This memory-resident worm exploits certain vulnerabilities to propagate across networks. Like the earlier AGOBOT variants, it takes advantage of the following Windows vulnerabilities: Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability IIS5/WEBDAV Buffer Overflow vulnerability RPC Locator vulnerability For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages: Microsoft Security Bulletin MS03-026 Microsoft Security Bulletin MS03-001 Microsoft Security Bulletin MS03-007 It attempts to log in on systems using a predefined list of user names and passwords. It also has backdoor capabilities and may execute malicious commands on the host machine. It terminates antivirus-related processes and dropped files by other malware. It also steals CD keys of certain game applications. It only runs on Windows NT, 2000 and XP Solution: AUTOMATIC REMOVAL INSTRUCTIONS To automatically remove this malware from your system, please use Trend Micro Damage Cleanup Services. MANUAL REMOVAL INSTRUCTIONS Identifying the Malware Program To remove this malware, first identify the malware program. Scan your system with your Trend Micro antivirus product. NOTE all files detected as WORM_AGOBOT.BU. Trend Micro customers need to download the latest pattern file before scanning their system. Other Internet users may use Housecall, Trend Micro’s free online virus scanner. Terminating the Malware Program This procedure terminates the running malware process from memory. Open Windows Task Manager. To do this, press CTRL+SHIFT+ESC, and click the Processes tab. In the list of running programs, locate the process: WUMP.EXE Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system. To check if the malware process has been terminated, close Task Manager, and then open it again. Close Task Manager. *NOTE: On systems running Windows 9x/ME, Task Manager may not show certain processes. You may use a third party process viewer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions. Removing Autostart Entries from the Registry Removing autostart entries from the registry prevents the malware from executing during startup. Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter. In the left panel, double-click the following: HKEY_LOCAL_MACHINE>Software>Microsoft> Windows>CurrentVersion>Run In the right panel, locate and delete the entry: Configuration Loader = "wump.exe" In the left panel, double-click the following: HKEY_LOCAL_MACHINE>Software>Microsoft> Windows>CurrentVersion>RunServices In the right panel, locate and delete the entry: Configuration Loader = "wump.exe" Close Registry Editor. NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system. Additional Windows ME/XP Cleaning Instructions Running Trend Micro Antivirus Scan your system with Trend Micro antivirus and delete all files detected as WORM_AGOBOT.BU. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro’s free online virus scanner. Applying Patches Download the latest patch. Information and download links on the vulnerabilities exploited by the malware can be found at the following links: Microsoft Security Bulletin MS03-026 Microsoft Security Bulletin MS03-001 Microsoft Security Bulletin MS03-007 Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business or home PC.

Wren - Feb-05-2004 server time

Sorry to hear the bad news about your friend. Tell him to take it easy and get well soon, as the pc is not going anywhere...he needs to take care of himself first. We'll be around whenever he is ready to continue.

rovingcowboy - Feb-05-2004 server time

everything is on hold with this troublesome computer for about a week or two. no need to work on a soultion too fast now. my friend was coming back from work or going to work or at work some where today, he slipped on the ice. got a messed up shoulder, injured his face around the eyes. and got a concussion, and the doctors told him they found he has higy blood pressure and are wanting to check for blocked arteries for fear of him getting a heart attack. he / his wife / his kid / one of them saved all the emails with your questions and soulitions in and they will get to them when he is well. so besides all this other stuff he seems to be in a real mess. i thank you all on his behalf for answering and trying to help. and when he is able if he desides to continue with this xp computer of his. he will get in touch with me and start were we left off. but in the mean time if you find the answers to the above dont forget to post them here so i can get them and save them for him. thanks.

rovingcowboy - Feb-04-2004 server time

I am gittin' ya the info as fast as i can get it my self? but lady tech is right it is just the programs stopping as fast as we can start them. ok UPDATE. some how he got the norton to run long enough to clean out a worm that was there. so he we were online yesturday with the old win98 and he was fixing and cleaning up the computer from the junk that was in there. he said he had to uninstall norton as it did not work right after it got the worm out. so i had him reinstall it then try to get the xp online. he did get it online and norton started the updates it needed. great we got it licked it is going to work for us. WRONG it needed rebooted after norton updated so he did. and he tried to get back online so i could send him a file to clean up the junk on his computer. (as the floppie still dont work) the dangbalsted thing said warning zonealarm has found an error with your system and has blocked system from internet connetion. he tried shutting down zone alarm and got warning your system has errors and can not connect. now it is right back to square one.? and the antivirus program shuts down 2 to 3 seconds after he trys to start it. don't know if he had system restore turned off before he cleaned it with norton ? will get him to do that today we are going to try again. us verses the windows xp computer

Wren - Feb-03-2004 server time

Wren - Feb-03-2004 server time

Safe mode may work, I'm not that familiar with it since luckily, I've never had to use it. If he's using XP, system restore will have to be turned off in order to clean up any virus/trojan that may be running. Cowboy, we're shooting in the dark here, give us some more info!

Wren - Feb-03-2004 server time

I think the problem is getting the pc to run long enough to troubleshoot.

rovingcowboy - Feb-03-2004 server time

nope not going to work, as it wont let floppies go in the a drive all seems to be blocked by something.? must be a trojan?

rovingcowboy - Feb-02-2004 server time

not me but my friend ,, ? no really it is my friend not me really.. not cut that out. put really he is the one that has the old hp that is set up with troubles out the ears?? he now has the trouble of it wont let him run any antivirus , antispyware, updates, or even do any registry editing. all it does when he trys to do those things is open the program then it shuts on him faster then he can click start or enter?? i thought it might be low swap file so i upped it for him to 500 mbs as he has a small hard drive. but that did not work either. now we both think it might be a trojan?? but not sure and it wont run anything to let us find out?? this is the windows98 os upgraded to windows xp, so it is not really a computer set up for xp. could that be causing the troubles?? anyone know what to do in order to get it to run some sort or anitvirus program becasuse it is also stopping nortons cdrom from running its set up??