× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. PCTECH
  3. August 2003

RE: Recovering XP Pro after Thinkpad hard disk

Rob,

Gary makes good suggestions and if you are having to go so far as to
reinstall the OS, I'd reformat the drive too.

Do you have a broadband connection ?

If you do, and they do it in the UK like they do it here, the cable company
makes you think you have to do NOTHING once they hook you up. The FIRST
thing I did was get a Linksys router to do NAT. Also use Zone Alarm and
Sophos Antivirus (from your neck of the woods, by the way). If you connect
up to the internet without this stuff your "had". I saw something a couple
of weeks ago that said once you connect, they are I can't remember how many
hundred scans (automated) that find you in a matter of minutes and then
attacks coming back against that with the hour ! Unreal.

Good luck !

Chuck


-----Original Message-----
From: pctech-bounces@xxxxxxxxxxxx [mailto:pctech-bounces@xxxxxxxxxxxx] On
Behalf Of Gary Kuznitz
Sent: Wednesday, August 27, 2003 1:05 PM
To: PC Technical Discussion for iSeries Users
Subject: Re: [PcTech] Recovering XP Pro after Thinkpad hard disk 

Hi Rob,

Sorry to hear you are having so many problems.  There are many ways to
attack
this problem.  Probably everyone that has an opinion will give you a
different
solution that will probably get you going.  The question is how clean will
the
Thinkpad be after you are done.  If it was me (Only because I like a clean
running PC)  I'd format the drive and re-install the recovery disk.  Not
mandatory but that's what I would do.  Then before connecting the Thinkpad
to
any network I would go to a different PC and download ZoneAlarm from
http://www.zonelabs.com/store/content/company/products/zap/trial/zapDownload
Tria
l.jsp

and eTrust AntiVirus from
https://www.my-
etrust.com/services/ipe_support.cfm?CFID=13169705&CFTOKEN=139fefe-00040695-e
51a-
1f4c-bb43-942f4512d026

I'd write them to a CD,  Remove any AntiVirus currently on the ThinkPad and
install both programs.  Make sure to re-boot after each.  Then make sure to
update eTrust signature files as the first thing after connecting to the
internet.

Now it would be a really good idea to run Windows Update and wait for it to
completely download and update your Thinkpad.

That's probably going to be a days worth of work but you should end up with
a
clean protected Thinkpad.

Ok.  Now everyone can fire your cannons at me.  I'm sure there are going to
be
lots of opinions and shorter ways of getting back to work.

Gary Kuznitz

On 27 Aug 2003 at 16:53, Rob (Rob Dixon <pctech@xxxxxxxxxxxx>) commented
about
Re: [PcTech] Recovering XP Pro after Thinkpad har:

> I wonder what you all will think of this.
> 
> My hard disk went on my Thinkpad T30 and IBM sent me 3 recovery CD's for
XP
> Pro.
> 
> It took about three hours to load these.  I connected to the internet 
> and started to download Netscape as the first stage of recovering my 
> other software.  After a short while (20 minutes?) , my machine suddenly
> reboooted for no apparent reason. At this point, it occurred to me to
> implement the XP Pro firewall on my connection.
> 
>  I restarted the download  which became very slow and kept 
> disconnecting.  At one point when it had stopped downloading, I happened
to
> notice that there was considerable outbound traffic on my network
connection,
> even though I felt that there should be no traffic in either direction.  I
> checked and found that my T30 had sent 426,117 packets yet had only
received
> 53,872.  When I disconnected from my network, no process on the T30
complained
> that the connection was broken., but as soon as I reconnected, it started
to
> send out a stream of data again and continued to recieve at a lesser rate.
> 
> I know of no way to find out on XP which process is transmitting data 
> (although it may exist).  In Task Manager, I found that DLLHost .exe was
> consuming between 55 & 98% of processor time.  A search on google
suggested
> that this was a virus.
> 
> I do not know whether, if I had implemented the firewall immediately, I 
> would have had the problem.
> 
> I logged a call to  IBM UK support. 
> 
> I explained what had happened.  I said that that the T30 had been 
> manufactured in January 2003 yet the recovery CD's were dated August 
> 2002.  I felt that IBM should either have sent out a recovery CD for the
> current state of XP  Pro or the original ones with an extra CD with MS
service
> packs and patches.  But most importantly, how was I going to recover?
> 
> Of course I knew what the answer would be before I asked the question - 
> "Re-install the recovery CD's".  I said that I had better things to do 
> and that it would probably happen again as soon as I did.  The 
> conversation went round and round in circles.  My view was and is that 
> IBM had supplied a product - XP Pro - that was not of marketable quality
and I
> said so.  I was advised to contact Microsoft but I said that I had no
contract
> with them as it was IBM that had sold the product.  I was also told that
the
> T30 as supplied had a recovery partition, but I explained, through gritted
> teeth(!), that that was of little use if the disk had gone.  I was also
told
> that if I were to purchase a brand new T30 today it would have the August
2002
> version of XP Pro without any service packs. I said that I found that hard
to
> believe.
> 
> In the end, all I was able to do was to log a compliant.  I received no 
> help in working out what damage the virus might have done, although I 
> did find a lot of empty folders  in Windows/system32 created or modified
after
> I had re-installed XP Pro, presumably  when the virus was active.  I have
> killed it but don't know whether I really have to start installation
again.
> 
> The newly created/modified folders in  Windows/system32 include
> 
> 3com_dmi
> 1025
> 1028
> 1031
> 1033 (& others)
> CatRoot
> CatRoot2
> Com
> Config
> ....
> Reinstall Backups
> 
> etc. 
> 
> They all seem to be empty.
> 
> Does anyone know if they have any purpose?  Should they have any contents?
> 
> Any ideas what the virus might have been transmitting and to whom?
> 
> Maybe these were created during installtion and modified by the virus
> 
> Do you think I should re-install or rely on Anti-virus software to sort 
> it out?
> 
> What do you think of IBM's response?
> 
> PC's are supposed to be consumer products which we can just turn on and 
> use but they are not.  I believe that IBM and other large suppliers 
> should put severe pressure on Microsoft to improve the quality of their 
> products.  Of course, what can they do if MS does nothing other than to 
> create new, equally bad, products, is not clear, but I am beginning to 
> think of trying Linux, although I don't wish to become a Linux expert. 
> 
> It is totally unacceptable that an effectively new machine should 
> acquire a virus so soon after startup.
> 
> Many thanks
> 
> Rob Dixon

_______________________________________________
This is the PC Technical Discussion for iSeries Users (PcTech) mailing list
To post a message email: PcTech@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/pctech
or email: PcTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/pctech.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.