RE: Recovering XP Pro after Thinkpad hard disk

Wow Rob that is AWESOME ! Have any pictures you could share ? I don't blame
you then. What about satellite ?

And I would HIGHLY recommend Sophos. They are made up of a group of the
heart and soul of Dr. Solomon. They formed Sophos after Network Associates
bought every PC utility software vendor no the face of the earth years back
:-)

I've been using them about 6 years and if I have a question they bend over
backwards to help. If I have a suggestion they run with it ! Really neat !

Chuck

-----Original Message-----
From: pctech-bounces@xxxxxxxxxxxx [mailto:pctech-bounces@xxxxxxxxxxxx] On
Behalf Of Rob Dixon
Sent: Thursday, August 28, 2003 2:04 AM
To: PC Technical Discussion for iSeries Users
Subject: Re: [PcTech] Recovering XP Pro after Thinkpad hard disk

Chuck



Chuck Lewis wrote:

>Gary makes good suggestions and if you are having to go so far as to
>reinstall the OS, I'd reformat the drive too.
>
It is mandatory when you reinstall.

>
>Do you have a broadband connection ?
>
I live and work in a rural area and although wireless broadband has been 
promised by a local entrepreneur, it hasn't happened yet, so my only 
choice is ISDN.  The UK is very backward on high speed  connections, 
unless you are in a big town or city.  I could move but I live and work 
in a nearly 700 year old fortified medieval stone gatehouse and I don't 
wish to leave at present.  There are no others around!

>If you do, and they do it in the UK like they do it here, the cable company
>makes you think you have to do NOTHING once they hook you up. The FIRST
>thing I did was get a Linksys router to do NAT. Also use Zone Alarm and
>Sophos Antivirus (from your neck of the woods, by the way). 
>
I was thinking of using Sophos as they are not far away..

>If you connect
>up to the internet without this stuff your "had". I saw something a couple
>of weeks ago that said once you connect, they are I can't remember how many
>hundred scans (automated) that find you in a matter of minutes and then
>attacks coming back against that with the hour ! Unreal.
>  
>
Apalling!  Why aren't the large companies, such as IBM, doing anything 
about this?

Many thanks

Best wishes

Rob

>Good luck !
>
>Chuck
>
>
>-----Original Message-----
>From: pctech-bounces@xxxxxxxxxxxx [mailto:pctech-bounces@xxxxxxxxxxxx] On
>Behalf Of Gary Kuznitz
>Sent: Wednesday, August 27, 2003 1:05 PM
>To: PC Technical Discussion for iSeries Users
>Subject: Re: [PcTech] Recovering XP Pro after Thinkpad hard disk 
>
>Hi Rob,
>
>Sorry to hear you are having so many problems.  There are many ways to
>attack
>this problem.  Probably everyone that has an opinion will give you a
>different
>solution that will probably get you going.  The question is how clean will
>the
>Thinkpad be after you are done.  If it was me (Only because I like a clean
>running PC)  I'd format the drive and re-install the recovery disk.  Not
>mandatory but that's what I would do.  Then before connecting the Thinkpad
>to
>any network I would go to a different PC and download ZoneAlarm from
>http://www.zonelabs.com/store/content/company/products/zap/trial/zapDownloa
d
>Tria
>l.jsp
>
>and eTrust AntiVirus from
>https://www.my-
>etrust.com/services/ipe_support.cfm?CFID=13169705&CFTOKEN=139fefe-00040695-
e
>51a-
>1f4c-bb43-942f4512d026
>
>I'd write them to a CD,  Remove any AntiVirus currently on the ThinkPad and
>install both programs.  Make sure to re-boot after each.  Then make sure to
>update eTrust signature files as the first thing after connecting to the
>internet.
>
>Now it would be a really good idea to run Windows Update and wait for it to
>completely download and update your Thinkpad.
>
>That's probably going to be a days worth of work but you should end up with
>a
>clean protected Thinkpad.
>
>Ok.  Now everyone can fire your cannons at me.  I'm sure there are going to
>be
>lots of opinions and shorter ways of getting back to work.
>
>Gary Kuznitz
>
>On 27 Aug 2003 at 16:53, Rob (Rob Dixon <pctech@xxxxxxxxxxxx>) commented
>about
>Re: [PcTech] Recovering XP Pro after Thinkpad har:
>
>  
>
>>I wonder what you all will think of this.
>>
>>My hard disk went on my Thinkpad T30 and IBM sent me 3 recovery CD's for
>>    
>>
>XP
>  
>
>>Pro.
>>
>>It took about three hours to load these.  I connected to the internet 
>>and started to download Netscape as the first stage of recovering my 
>>other software.  After a short while (20 minutes?) , my machine suddenly
>>reboooted for no apparent reason. At this point, it occurred to me to
>>implement the XP Pro firewall on my connection.
>>
>> I restarted the download  which became very slow and kept 
>>disconnecting.  At one point when it had stopped downloading, I happened
>>    
>>
>to
>  
>
>>notice that there was considerable outbound traffic on my network
>>    
>>
>connection,
>  
>
>>even though I felt that there should be no traffic in either direction.  I
>>checked and found that my T30 had sent 426,117 packets yet had only
>>    
>>
>received
>  
>
>>53,872.  When I disconnected from my network, no process on the T30
>>    
>>
>complained
>  
>
>>that the connection was broken., but as soon as I reconnected, it started
>>    
>>
>to
>  
>
>>send out a stream of data again and continued to recieve at a lesser rate.
>>
>>I know of no way to find out on XP which process is transmitting data 
>>(although it may exist).  In Task Manager, I found that DLLHost .exe was
>>consuming between 55 & 98% of processor time.  A search on google
>>    
>>
>suggested
>  
>
>>that this was a virus.
>>
>>I do not know whether, if I had implemented the firewall immediately, I 
>>would have had the problem.
>>
>>I logged a call to  IBM UK support. 
>>
>>I explained what had happened.  I said that that the T30 had been 
>>manufactured in January 2003 yet the recovery CD's were dated August 
>>2002.  I felt that IBM should either have sent out a recovery CD for the
>>current state of XP  Pro or the original ones with an extra CD with MS
>>    
>>
>service
>  
>
>>packs and patches.  But most importantly, how was I going to recover?
>>
>>Of course I knew what the answer would be before I asked the question - 
>>"Re-install the recovery CD's".  I said that I had better things to do 
>>and that it would probably happen again as soon as I did.  The 
>>conversation went round and round in circles.  My view was and is that 
>>IBM had supplied a product - XP Pro - that was not of marketable quality
>>    
>>
>and I
>  
>
>>said so.  I was advised to contact Microsoft but I said that I had no
>>    
>>
>contract
>  
>
>>with them as it was IBM that had sold the product.  I was also told that
>>    
>>
>the
>  
>
>>T30 as supplied had a recovery partition, but I explained, through gritted
>>teeth(!), that that was of little use if the disk had gone.  I was also
>>    
>>
>told
>  
>
>>that if I were to purchase a brand new T30 today it would have the August
>>    
>>
>2002
>  
>
>>version of XP Pro without any service packs. I said that I found that hard
>>    
>>
>to
>  
>
>>believe.
>>
>>In the end, all I was able to do was to log a compliant.  I received no 
>>help in working out what damage the virus might have done, although I 
>>did find a lot of empty folders  in Windows/system32 created or modified
>>    
>>
>after
>  
>
>>I had re-installed XP Pro, presumably  when the virus was active.  I have
>>killed it but don't know whether I really have to start installation
>>    
>>
>again.
>  
>
>>The newly created/modified folders in  Windows/system32 include
>>
>>3com_dmi
>>1025
>>1028
>>1031
>>1033 (& others)
>>CatRoot
>>CatRoot2
>>Com
>>Config
>>....
>>Reinstall Backups
>>
>>etc. 
>>
>>They all seem to be empty.
>>
>>Does anyone know if they have any purpose?  Should they have any contents?
>>
>>Any ideas what the virus might have been transmitting and to whom?
>>
>>Maybe these were created during installtion and modified by the virus
>>
>>Do you think I should re-install or rely on Anti-virus software to sort 
>>it out?
>>
>>What do you think of IBM's response?
>>
>>PC's are supposed to be consumer products which we can just turn on and 
>>use but they are not.  I believe that IBM and other large suppliers 
>>should put severe pressure on Microsoft to improve the quality of their 
>>products.  Of course, what can they do if MS does nothing other than to 
>>create new, equally bad, products, is not clear, but I am beginning to 
>>think of trying Linux, although I don't wish to become a Linux expert. 
>>
>>It is totally unacceptable that an effectively new machine should 
>>acquire a virus so soon after startup.
>>
>>Many thanks
>>
>>Rob Dixon
>>    
>>
>
>_______________________________________________
>This is the PC Technical Discussion for iSeries Users (PcTech) mailing list
>To post a message email: PcTech@xxxxxxxxxxxx
>To subscribe, unsubscribe, or change list options,
>visit: http://lists.midrange.com/mailman/listinfo/pctech
>or email: PcTech-request@xxxxxxxxxxxx
>Before posting, please take a moment to review the archives
>at http://archive.midrange.com/pctech.
>
>
>_______________________________________________
>This is the PC Technical Discussion for iSeries Users (PcTech) mailing list
>To post a message email: PcTech@xxxxxxxxxxxx
>To subscribe, unsubscribe, or change list options,
>visit: http://lists.midrange.com/mailman/listinfo/pctech
>or email: PcTech-request@xxxxxxxxxxxx
>Before posting, please take a moment to review the archives
>at http://archive.midrange.com/pctech.
>
>  
>
_______________________________________________
This is the PC Technical Discussion for iSeries Users (PcTech) mailing list
To post a message email: PcTech@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/pctech
or email: PcTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/pctech.