Moderator
I ran that last night, and then at the end reported it had not found it????Originally Posted by Argos
This morning My PC crashed twice on boot up. It happened before the Norton icon is due to come in and when it checked an empty drive. It only made it because I put a disc in there after it got to the wall paper.
Right now I am looking at getting someone more competant in than I
Moderator
Additional symptoms that occured this morning
While I was looking at firefox, the automatic live update started and it seems the PC froze, and I needed to use Task manager to restart
After another agonising reboot, when it got to MSN IM, IM quibbled about some files (sorry but in my stressed out state here I can not remember what it was.) MSN fixed it and it seemed fine.
I closed down
Some minutes later I rebooted, and on this reboot, my Norton icon did not appear. I tried to go into the program and enable auto protect and it would not. I rebooted and on that reboot I got my Norton back.
I have left a telephone message with a PC engineer I got from our Thompson local directory and have e-mailed him giving this thread as a link, so he can see how this has progressed.
Order of Kilopi
Sticks, it looks like you have a lot of hand work to do.Your registry is corrupted and you´ll have to delete entries one by one. I think you should post a HijackThis log for further instructions.
Did you run Norton on Safe Mode? That´s important because the worm may not let the AV run properly in normal mode.
Moderator
I now have a local PC engineer booked to come and visit me tomorrow morning.
I have never worked out how to do safe mode and this incident has highlighted just how limited is my knowledge in this area.
It seems that I am more an applications, and internet protocol person.
On a previous machine, when it came to install a CD-Writer, I opened the box and froze up. I had to call a church minister I knew from south of the river to install it.
I admit I am just a big Wuss when it comes to things like this
Administrator
Don't be hard on yourself. Early in the personal computer age I kept up with all of this stuff and was pretty good with it. But there is just too much to keep up with for ordinary mortals like us. I drive my car everyday and take my medications - why should I be expected to fix my car and formulate the drugs. If computers are "appliances" then there is no shame in calling in the repair guy to fix them. Good luckI admit I am just a big Wuss when it comes to things like this
Bad Post-Doc
Amen. Our hopelessly corrupted computer is in the hall, unplugged, waiting for Heather's-mom-the-computer-person to fix it. (Blessedly, she will in this case be trading labor; I'll sew something for her instead of having to pay her.) I just don't know enough to fix it, and I did everything I did know how to do before giving up.
But you know what? I bet I know a lot more about etymology than Heather's mom does. Granted, I can't make a living at it, but I do find it more interesting; doesn't that count for something?
_____________________________________________
Gillian
"Now everyone was giving her that kind of look UFOlogists get when they suddenly say, 'Hey, if you shade your eyes you can see it is just a flock of geese after all.'"
"You can't erase icing."
"I can't believe it doesn't work! I found it on the internet, man!"
Moderator
Tonight I downloaded Microsoft AntiSpyware Beta version and ran it. It cleard a loade more stuff out, like sidebar
I wish I had heard about it before coming across that XoftSpy, I could have saved some money
However on close down I am still getting complaints that that QOSMEDIA.EXE and HHSBDAZE.exe can not be initialised due to windows shutting down.
Any word on what those programs are?
Earlier this evening, before the Microsoft AntiSpyware, I had applications failing due to insufficient resources.
Member
Suggestion: go to your task manager / Processes, and cut and paste it here, so the informed can see what processes you have running. That's a start.
The failure to initialize part sounds very much as if one of the anti-virus apps you got disabled part of whatever is causing this, and the error is due to it trying to run and failing to find files it requires.
Established Member
Just to help simplify this thread, would you mind listing what anti virus/spyware programs you have run recently? also, if you've updated them recently or not. There really isn't much we can do from this end, so I hope that the PC engineer can solve your problem without a complete HD wipe, if that is the only option don't worry too much, just back up all of your key files, Installing Windows is fairly painless, if incredibly tedious.
Member
So far, I have located the following:
QoS RSVP
http://securityresponse.symantec.com...r.spotcom.html
HHS.url
http://securityresponse.symantec.com...e.savenow.html
These may not even be the same viruses, but who knows? Once you can show what's running on your machine, we can figure out what it is and how to remove it.
Member
Ok.
So far, I have located references to similar acronyms as QoS and HHSB. QoS appears to be a legitimate part of the OS, and HHSB part of RealPlayer.
Could be wrong though.
Moderator
What the PC engineer did
Disabled Unnecassary software from the start up section
Removed Norton completely and replaced it with Avast!
Used Avast to do a boot up virus sweep and found a whole load of malware in the Restore point sections.
Re-enabled the Windows XP fire Wall, which he thought was ok.
The service charge was Ģ45.00
After He left I discovered my version of Acrobat Distiller had stopped working. I thought it was in the installation disc of my Lexmark printer. It was not
I checked the MSCONFIG start up and found some acrobat names unchecked so I checked them, and discoved some checked programs which appeared to be duplicates on the list of my Re-installation of the Lexmark Software. So I checked them.
On boot up, two times I got a nasty error message. I left a panic message for the engineer on his answering service.
I noticed an empty check box, normally I do not check any box. I checked it and it successfully booted up.
I left another message to say it had booted up, but my distiller was not working. (This is important as I produce church documents that are too big to send as the original word file)
Re-tested the Acrobat distiller from word and from printing directly and that worked
I then left a third message to apologise for the previous panic messages and explained about the on startup config settings I had to re-enable.
The engineer Left me a copy of Zone Alarm, so I have re-installed Zone Alarm. I originally got rid of it due to contention with Norton, which I no longer use.
Avast! put up a dialogue box to point out a contention issue but allowed me to click a button to enable the work around.
(Do I need to disable the XP firewall if I am using Zone Alarm?)
The boot up time is back to being several minutes, as I also get MSN to start up as well.
I now need to let zone alarm know which programs to alow and to do a system re-boot, now I have already rebooted with Zone Alarm in place.
Zone alarm is asking to be updated AGGHHHH
Member
Well, glad you got it more or less repaired. I hadn't considered that your restore points would contain malware. I live and learn.
Moderator
According to the engineer that was where they hide, so they could re-infect the system when the unwitting victim trys to do a system restore.
The reboot up took ages, I suppose that is the price I have to pay for the ability to convert documents to adobe.
I want to stay away from MSCONFIG now
I am still having anxiety attacks on every start up
BTW If I am using Zone Alarm, should I turn off the XP firewall?
Member
I couldn't answer the question about Zone Alarm. Sorry.
However, when you do a system restore, it actually provides you a calendar and asks you how far back to restore. You just go back to *before* the trouble began. I've had to do it on occasion myself.
Script-Kiddies are insidious. And their adult counterparts deviously so.
Damnit.
Moderator
I have been informed that with ZoneAlarm I do not use the XP firewall
I mentioned this sorry saga to friend of mine and he immediatley homed in on my copy of Acrobat Distiller 5.0. I have no idea to this day where I got it as I do not recall trying to get it. I have had it for months if not over a year.
He said that it might be a forgery with a trojan in it, and I should go to sourceforge.net to get a free one and be legal (i.e safe)
I ran Microsoft AntiSpyware again and after it gave a clean response, (I had produced 2 documents using my distiller since the clean out), I tried to close it, and Microsoft AntiSpyware appeared to shut down, but the indicator on the taskbar still remained and the whole start bar was frozen, so I had to use task manager to reboot.
I rang the PC engineer for the 4th time and mentioned this.
He said it was unlikely that my Acrobat Distiller was a copy with a nasty in it and Avast! would have spotted it.
He thought the freeze was just an anomally.
I still seem to have anxieties about my computer, is this normal or am I being irrational.
Established Member
Well, it sounds like things are pretty much fine. I'd recommend that you do a full virus/spyware scan once a week. I know that they take a while, but it's well worth it to stop this sort of thing from happening again. I'd also try Defragging your Hard drive, as that may help reduce boot times. (Actually, it's also not a bad idea to defragment your HD every month or so, it can greatly increase performance, even if it takes forever to finish.)
Order of Kilopi
Because of too many processes running. Safe mode can reduce that time by a half (ok this is the last time Iīm pronouncing that scary expression).
Moderator
Just when you thought it was safe to go back into the water...
Win Fix 2005 seemed to make an appearence, while I was visiting the log on
screen for netscape male. While viewing that page, Zone Alarm flagged a program NGENERICS.dll which wanted to access the internet. As an earlier program in the evening turned out to be part of the new Avast! update routine, I thought this was the same and so allowed it access. At that point the starting of Winfix 2005 tried to start so I cancelled it and used Zone Alarm to block further net access to NGENERICS.dll.
I can not find anything on google about it.
Any clues?
A standard scan on Avast! and Microsoft AntiSpyware revealed nothing, but on shutting doen I got the return of the HHSBDAZE is trying to initialise and
the QOSMEDIA is trying to initialise error messages.
Just before 9pm I did managed to start a boot scan, but Avasti did not find
anything.
What am I doing wrong?
Established Member
I wouldn't bother trying to fix it at this point, personaly. I'd just backup my data to cds/dvds and do a full wipe and reinstall. That will 100% fix it absolutely no doubt.
Banned
Sticks, I'm pretty good at getting rid of problems like yours. I'll look for you tomorrow and if you're on & willing, I'll do a remote-assistance session with you. I have some tools that might help.
Let me know..
Established Member
Sticks,
I'm sorry about your Windows problems.
Here's a board I lurk at on occasion, and these folks seem pretty knowledgable:
http://www.hardcoreware.net/forum/
Maybe they can help!
Good luck!
Moderator
Sorry I missed you, as I was at a conference all day yesterday
So far yesterday and this morning on shut downs I have not yet seen the error dialogue about QOSMEDIA and HSSBDAZE trying to initialise on a shut down.
Earlier this morning QOSMEDIA on start up was flagged by ZoneAlarm as trying to connect to the internet, so I denied it access. I know at least that file is not part of Microsoft AntiSpyware or Avast!
So far the list I have of files trying to access the net, which I have denied are:
0y r
8666-3AFC75704AB8
LINKINFO.DLL
NGENERICS.DLL
QOSMEDIA.EXE
Also a Window explorer search does not seem to pick them up
Moderator
I just noticed that my recently purchased copy of the musical version of "War of the Worlds" had Sony on the label.
I understand there is a problem with CD's coming from Sony. Is this just a US phenomenon or have the problem Sony CD's come to the UK?
I did a virus scan on one of the audio CDs, but it registered as clean.
Member
Sticks,
Sorry to be the one to brake it to you, But sony has a program on it's music CD's that can allow hackers direct access to your computer. Go to Sony's website, I think it is WWW.Sony.com they are suppose to have a program that will help project you. Others on the board my know more.
Moderator
According to this report on the BBC website it says
That BBC page has a link to this site which details how the anti-piracy software was found.The CDs affected are only being sold in the US.
I bought my Audio CD via Amazon UK, and on their site there is no reference to this issue, unlike this album where the reviewers are issuing warnings. One thing I did notice with my war of the worlds album is that it would only play in my CD-Writer and not my normal DVD player on my PC, which is confirmed by one of the reviews. I played it with Windows Media Player.
So does this all mean, taking inconsideration the BBC report, that my copy of "War of the Worlds" was not the cause of my recent problems?
Moderator
Looks like Microsoft are gunning for Sony as well now
linky
Moderator
I managed to see the full published list of all the affected Sony discs, and my War of the Worlds one was not on the list, so that seems to clear that disc.
This evening, while visiting the Dilbert site in Firefox, that WinFix 2005 tried to come in.
I initiated a Thorough scan using Avast, and for over an hour this evening sat with my PC, and it found a Trojan
It was around that Xoftspy I was compelled to shell out Ģ27.70 to register, so it would remove the 614 or so items of malware
I am still getting occasional shut down errors, where either QOSMEDIA.EXE or HHSBDAZE.DLL were trying to initialise while windows was shutting down.
Yesterday afternoon, I witnessed a system crash on boot up. This was one week after the engineer had been. I contacted the engineer who says that PC's crash from time to time and so long as it restarts ok, I should not worry.
Established Member
If I were that 'engineer' after all this fuss I would just wipe and reinstall windows. Once windows gets FUBAR'ed its usualy much less trouble to just reinstall.
Established Member
I think Sticks wants to do everything but a re-install. I must say that I agree with doing a complete HD wipe and starting over, it will solve all of your problems, and with Windows the problems you're having now will probably just get worse over time, I know my Windows install got a virus and it just hasn't been the same since, unfortunately it's a family PC and I can't convince the family that a full re-install is worth it.
Posting Permissions
Reply With Quote