|
Rob, Gary makes good suggestions and if you are having to go so far as to reinstall the OS, I'd reformat the drive too. Do you have a broadband connection ? If you do, and they do it in the UK like they do it here, the cable company makes you think you have to do NOTHING once they hook you up. The FIRST thing I did was get a Linksys router to do NAT. Also use Zone Alarm and Sophos Antivirus (from your neck of the woods, by the way). If you connect up to the internet without this stuff your "had". I saw something a couple of weeks ago that said once you connect, they are I can't remember how many hundred scans (automated) that find you in a matter of minutes and then attacks coming back against that with the hour ! Unreal. Good luck ! Chuck -----Original Message----- From: pctech-bounces@xxxxxxxxxxxx [mailto:pctech-bounces@xxxxxxxxxxxx] On Behalf Of Gary Kuznitz Sent: Wednesday, August 27, 2003 1:05 PM To: PC Technical Discussion for iSeries Users Subject: Re: [PcTech] Recovering XP Pro after Thinkpad hard disk Hi Rob, Sorry to hear you are having so many problems. There are many ways to attack this problem. Probably everyone that has an opinion will give you a different solution that will probably get you going. The question is how clean will the Thinkpad be after you are done. If it was me (Only because I like a clean running PC) I'd format the drive and re-install the recovery disk. Not mandatory but that's what I would do. Then before connecting the Thinkpad to any network I would go to a different PC and download ZoneAlarm from http://www.zonelabs.com/store/content/company/products/zap/trial/zapDownload Tria l.jsp and eTrust AntiVirus from https://www.my- etrust.com/services/ipe_support.cfm?CFID=13169705&CFTOKEN=139fefe-00040695-e 51a- 1f4c-bb43-942f4512d026 I'd write them to a CD, Remove any AntiVirus currently on the ThinkPad and install both programs. Make sure to re-boot after each. Then make sure to update eTrust signature files as the first thing after connecting to the internet. Now it would be a really good idea to run Windows Update and wait for it to completely download and update your Thinkpad. That's probably going to be a days worth of work but you should end up with a clean protected Thinkpad. Ok. Now everyone can fire your cannons at me. I'm sure there are going to be lots of opinions and shorter ways of getting back to work. Gary Kuznitz On 27 Aug 2003 at 16:53, Rob (Rob Dixon <pctech@xxxxxxxxxxxx>) commented about Re: [PcTech] Recovering XP Pro after Thinkpad har: > I wonder what you all will think of this. > > My hard disk went on my Thinkpad T30 and IBM sent me 3 recovery CD's for XP > Pro. > > It took about three hours to load these. I connected to the internet > and started to download Netscape as the first stage of recovering my > other software. After a short while (20 minutes?) , my machine suddenly > reboooted for no apparent reason. At this point, it occurred to me to > implement the XP Pro firewall on my connection. > > I restarted the download which became very slow and kept > disconnecting. At one point when it had stopped downloading, I happened to > notice that there was considerable outbound traffic on my network connection, > even though I felt that there should be no traffic in either direction. I > checked and found that my T30 had sent 426,117 packets yet had only received > 53,872. When I disconnected from my network, no process on the T30 complained > that the connection was broken., but as soon as I reconnected, it started to > send out a stream of data again and continued to recieve at a lesser rate. > > I know of no way to find out on XP which process is transmitting data > (although it may exist). In Task Manager, I found that DLLHost .exe was > consuming between 55 & 98% of processor time. A search on google suggested > that this was a virus. > > I do not know whether, if I had implemented the firewall immediately, I > would have had the problem. > > I logged a call to IBM UK support. > > I explained what had happened. I said that that the T30 had been > manufactured in January 2003 yet the recovery CD's were dated August > 2002. I felt that IBM should either have sent out a recovery CD for the > current state of XP Pro or the original ones with an extra CD with MS service > packs and patches. But most importantly, how was I going to recover? > > Of course I knew what the answer would be before I asked the question - > "Re-install the recovery CD's". I said that I had better things to do > and that it would probably happen again as soon as I did. The > conversation went round and round in circles. My view was and is that > IBM had supplied a product - XP Pro - that was not of marketable quality and I > said so. I was advised to contact Microsoft but I said that I had no contract > with them as it was IBM that had sold the product. I was also told that the > T30 as supplied had a recovery partition, but I explained, through gritted > teeth(!), that that was of little use if the disk had gone. I was also told > that if I were to purchase a brand new T30 today it would have the August 2002 > version of XP Pro without any service packs. I said that I found that hard to > believe. > > In the end, all I was able to do was to log a compliant. I received no > help in working out what damage the virus might have done, although I > did find a lot of empty folders in Windows/system32 created or modified after > I had re-installed XP Pro, presumably when the virus was active. I have > killed it but don't know whether I really have to start installation again. > > The newly created/modified folders in Windows/system32 include > > 3com_dmi > 1025 > 1028 > 1031 > 1033 (& others) > CatRoot > CatRoot2 > Com > Config > .... > Reinstall Backups > > etc. > > They all seem to be empty. > > Does anyone know if they have any purpose? Should they have any contents? > > Any ideas what the virus might have been transmitting and to whom? > > Maybe these were created during installtion and modified by the virus > > Do you think I should re-install or rely on Anti-virus software to sort > it out? > > What do you think of IBM's response? > > PC's are supposed to be consumer products which we can just turn on and > use but they are not. I believe that IBM and other large suppliers > should put severe pressure on Microsoft to improve the quality of their > products. Of course, what can they do if MS does nothing other than to > create new, equally bad, products, is not clear, but I am beginning to > think of trying Linux, although I don't wish to become a Linux expert. > > It is totally unacceptable that an effectively new machine should > acquire a virus so soon after startup. > > Many thanks > > Rob Dixon _______________________________________________ This is the PC Technical Discussion for iSeries Users (PcTech) mailing list To post a message email: PcTech@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/pctech or email: PcTech-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/pctech.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.