Lefen
I think Clavis wins my heart <3   SSHOLE |
Posts: 896 Registered: 9/16/2003 Offline
|
2/4/2005 at 14:31 |
Right, I know that a lot of Swarmers have good tech knowledge, even if they don't like to show it. So if you can help, then please be nice 
Right, after hunting round my system, I've managed to find out that the fuking downloader trojan that I got last week has written itself into the registry and keeps resurrecting no matter what I do.
I have no wish to delve about in the registry because I have no idea how to go about it.
Now a few people (include the tech support guy where I work) have said to me that a complete re-install of windows would do the trick and whilst I'm not bad at computer stuff, I've never done a complete wipe and install of an OS before.
I've googled for a few tutorials and most seem to tell you that it's as easy as putting in the windows xp disk that comes with the computer and selecting the correct option, but I've still got a few questions and I'm hoping someone can help me with the answers, so here goes:
1) If I just run the reinstaller from my windows XP CD, I assume it'll just write itself over the existing copy of windows on my hard drive, but will that remove the trojan?
2) Is it a better idea to wipe the hard drive first and then re-install windows from the CD? Assuming this is possible, would I need to create a floppy boot-disk in order to run the installation CD or (assuming my BIOS is setup that way) would the installer just run by itelf from the CD?
Thanks for any help
____________________
< barfass> hey, fuck your crumpets, postman pat
|
| |
vasudeva
Bad Taste in your Mouth  SSHOLEPosts: 4413 Registered: 3/8/2002 Offline
|
2/4/2005 at 14:41 |
2) Is it a better idea to wipe the hard drive first and then re-install windows from the CD? Assuming this is possible, would I need to create a floppy boot-disk in order to run the installation CD or (assuming my BIOS is setup that way) would the installer just run by itelf from the CD?
If you're going to reinstall, you might as well have a blank slate.
If your machine can boot from CD, that's all you need.
Once the XP installer gets to the point where it's asking you what partition to install to, you'll be at an interface where you can delete any existing partitions. Do that and make a new one and install XP into it.
It's really easy, even for a English person. I just did it twice last night for this real estate chick in about 60 minutes.
DISCLAIMER: Me myself I wouldn't reinstall the OS because of a trojan, but if you just don't want to fuk around with fixing it, reinstalling will definitely fix your problem. At least until the next time you run IE and start browsing vomit porn and Internet lottery sites. ^__^
____________________
mundhra: And its crocobody is made of dile. |
| |
freakmachine
Web Fucko Extraordinaire  SSHOLEPosts: 588 Registered: 4/15/2004 Offline
|
2/4/2005 at 14:43 |
It all depends. If your computer can boot from a cd, and if your xp cd is bootable (meaning it is an microsoft licensed cd and not a bootleg copy of the install files) then the installer program will offer you the choices of formatting your drive and doing a fresh install, reinstalling over the old windows without formatting, and repairing the old install.
I always opt for format/fresh installation. This will for sure remove the trojan, as there will be nothing left on your disk. If you have anything you want to save like email, music, naked pics of Metatr0n, etc, then copy them to a cd or something first. |
| |
freakmachine
Web Fucko Extraordinaire SSHOLEPosts: 588 Registered: 4/15/2004 Offline
|
2/4/2005 at 14:56 |
Oh yeah, if your pc can't boot from floppy, or your cd isn't bootable you can make a set of boot floppys with a proggy called makeboot.exe. You will need six floppys for this.
Get the proggy here:
fucking program
|
| |
Dumbskull
I'm assuming the position!  SSHOLEPosts: 1896 Registered: 4/22/2004 Offline
|
2/4/2005 at 15:04 |
I have reinstalled the XPee system on this computer twice... long story... don't ask...I was expecting to loose everything and when it was finished all of my shit and files were still there. Lemon party, vas' nad sac, the Seth F. file of cute pics...
The Xpee I have booted from a CD.
I also have a stinger.exe from McAfee (free download) that checks for a kills trojans.
____________________
Easier to get into than a community college. |
| |
Lefen
I think Clavis wins my heart <3 SSHOLEPosts: 896 Registered: 9/16/2003 Offline
|
2/4/2005 at 15:18 |
thanks all, feeling a lot better about doing this shit now. i'd prefer not to re-install but i'm 99% sure that i've exhaused every other option short of excising the fuker out of the registry.
will prolly do it over the weekend after i've backed up all my porn and music
____________________
< barfass> hey, fuck your crumpets, postman pat |
| |
ghostrider
liberal exit  SSHOLEPosts: 2421 Registered: 7/29/2004 Offline
|
2/4/2005 at 15:21 |
haha, you all..
____________________
Dude, Opera is totally fag and he's fucking your ex. ~ Wotak |
| |
freakmachine
Web Fucko Extraordinaire SSHOLEPosts: 588 Registered: 4/15/2004 Offline
|
2/4/2005 at 15:40 |
Yay! I like seeing my post numbers go up!
There are softwares you can get to remove trojans. Did you try that first? |
| |
magicchex
Fuckin' your bitches and stealin' your cars since 1985.  SSHOLEPosts: 406 Registered: 1/5/2005 Offline
|
2/4/2005 at 15:41 |
that made me giggle |
| |
mundhra
dread pirate neckbeard  SSHOLEPosts: 1620 Registered: 3/25/2002 Offline
|
2/4/2005 at 15:49 |
lefen, honestly, if you're going to reinstall anyway, why not fuck with the registry?
a) you might not have to reinstall (and be able to share the knowledge with other peeps)
b) you might learn something regardless of whether it works or not
c) it's not like it'll matter if you break anything
also, what vas said. just opt to format the partition or delete and recreate when you install. most modern machines can boot from cd. you may have to check boot device order in the bios. |
| |
magicchex
Fuckin' your bitches and stealin' your cars since 1985. SSHOLEPosts: 406 Registered: 1/5/2005 Offline
|
2/4/2005 at 15:59 |
i dunno... one of my roommates managed to cripple his computer SO badly that even all the engineers and computer nerds in the house, myself included, decided to finally just tell him to reformat.
then, after he reformats, he sits there for 2 hours trying to install off the cd and being unsuccesful. finally he gives in and comes and gets me. i walk in his room, glance at the computer, switch the cd from the DVD to CD drive, and walk out. of course it installs now.
after he gets it installed, he tries to set up his wireless internet by renaming his 1394 (or something similar) to "INTERNET" and double clicking it.
 |
| |
Lefen
I think Clavis wins my heart <3 SSHOLEPosts: 896 Registered: 9/16/2003 Offline
|
2/4/2005 at 16:31 |
mundhra: lefen, honestly, if you're going to reinstall anyway, why not fuck with the registry?
i know that you can just export the thing and then mess about with it without fear, but i only caught the downloader becuase i was trying out MS's new anti-spyware tool (spybot found the programs it downloaded but not the cause), so i'm thinking that even if i do kill the one, whats to say there isn't another that i dont know about?
also, what vas said. just opt to format the partition or delete and recreate when you install. most modern machines can boot from cd. you may have to check boot device order in the bios.
is there an easy (n00b) way of checking if my machine can boot from cd?
as an aside, i didnt realise until this week that spybot comes with a program called TeaTimer which runs in the background and monitors your registry for changes and then prompts you to allow/disalow anything before it happens (microsofts new antispyware tool does a simmilar thing, but looks after other system processes too).
i'd strongly suggest that everyone reads up a bit on TeaTimer and seriously considers installing it on their machine - if i'd have had it running on monday, then i wouldnt be in the mess i'm in now.
freakmachine:There are softwares you can get to remove trojans. Did you try that first?
yeah dude, i tried every program i could find, and even a tool designed to specifically remove the exact thing i had (eXact.downloader for the record - installs the IST searchbar and a shitload of other programs).
____________________
< barfass> hey, fuck your crumpets, postman pat |
| |
mundhra
dread pirate neckbeard SSHOLEPosts: 1620 Registered: 3/25/2002 Offline
|
2/4/2005 at 17:13 |
Lefen: is there an easy (n00b) way of checking if my machine can boot from cd?
sure. take your windows xp install disc, put it in your primary disc drive, then reboot your machine. if it boots normally, like it always does, then try the other drive. otherwise:
watch carefully when booting and press DEL to enter the BIOS (i usually just tap it every couple seconds when the memory count is going on). it could be another key, so use that if it tells you to press (F1, F2, ESC, etc) to enter setup.
then go to the boot options section (you may have to look around a little for this). you should see stuff like:
first boot device: floppy (FD0)
second boot device: HD0
third boot device: disabled
in the above example, you'll want to change the 3rd device to HD0 and the 2nd device to CDROM0 or something similar.
Keep in mind, everything above will probably look different for you, but that's generally how it goes. when you're done, scan the bios menu for the save settings and exit option (F10 maybe).
if you change anything else other than the boot devices and aren't totally sure what you're doing, DO NOT SAVE.
otherwise, you should be fine. |
| |
Lefen
I think Clavis wins my heart <3 SSHOLEPosts: 896 Registered: 9/16/2003 Offline
|
2/4/2005 at 18:21 |
vasudeva:
Once the XP installer gets to the point where it's asking you what partition to install to, you'll be at an interface where you can delete any existing partitions. Do that and make a new one and install XP into it.
is making a new partition easy? this is the only part of the process that i'm not feeling ok about at the moment..
____________________
< barfass> hey, fuck your crumpets, postman pat |
| |
mundhra
dread pirate neckbeard SSHOLEPosts: 1620 Registered: 3/25/2002 Offline
|
2/4/2005 at 18:37 |
Lefen: vasudeva:
Once the XP installer gets to the point where it's asking you what partition to install to, you'll be at an interface where you can delete any existing partitions. Do that and make a new one and install XP into it.
is making a new partition easy? this is the only part of the process that i'm not feeling ok about at the moment..
it's extremely easy. delete the partition. it will then list your drive as unpartitioned space. create a partition and just press enter to use all of the space. it's THAT simple.
if you have multiple partitions, you could delete and recreate them as well, or just leave the other (non-os) partitions alone. keep in mind that it will destroy data, so if you have a second partition for data, don't delete it. in fact, i'm not sure if i'd repartition at all in that case. just format the os partition and reinstall.
don't wig yourself out, just read instructions and pause to think if you're not sure what you're doing. |
| |
vasudeva
Bad Taste in your Mouth SSHOLEPosts: 4413 Registered: 3/8/2002 Offline
|
2/4/2005 at 20:15 |
Inside the XP installer, deleting and creating new partitions is going to be anywhere from 2 to 5 keypresses.
HAHAHAHA YOU ARE FUCKING DOOMED.
____________________
mundhra: And its crocobody is made of dile. |
| |
wolfer
DARTH MENSES  Posts: 427 Registered: 12/1/2003 Offline
|
2/4/2005 at 20:23 |
Have you tried downloading ad aware and spybot and running these yet. If not I highly recommend trying it first. The first time I did it I had like 450 entries found that ad aware deleted. Now I do it about every 2 weeks. Unless im clicking on certain links But when you do this remember to do the ad aware first. update it then run the program then do spybot second. you can find these
http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10319876.html?tag=pop
and
http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10289035.html?tag=pop
Dont ask me to quick link em cause i will fuck it up
____________________
My Dixie Wrecked! |
| |
Dumbskull
I'm assuming the position! SSHOLEPosts: 1896 Registered: 4/22/2004 Offline
|
2/4/2005 at 22:03 |
Every two weeks? I run both every couple of days.
____________________
Easier to get into than a community college. |
| |
fastlane
Zombie scream style  SSHOLEPosts: 649 Registered: 2/7/2004 Offline
|
2/4/2005 at 22:43 |
Have you tried HiJack This to see if it is in, or remove it from the registry? There is a program called Killbox that will kill and delete shit if you find it. If all else fails just throw in the XP disc and with a few clicks you will have a new start.
____________________
I love the sound of silence. It gives me something else to break. |
| |
Lefen
I think Clavis wins my heart <3 SSHOLEPosts: 896 Registered: 9/16/2003 Offline
|
2/5/2005 at 12:21 |
OMFG, I think I just removed the little cunt...
I always use spybot and lately I've started using MS's new antispyware tool (it's really good). Spybot only found the downloaded components of the IST toolbar, while MS's tool could find the downloader trojan and delete it, although it would always return when I restarted the computer.
So I open up spybot's tools menu and look under the system startup menu (this is the same as run>msconfig except spybot tells you what everything is - better for n00bs like me).
Now I'm looking at my computers startup processes, I find the downloader trojan and spybot identifies everything else except for an executable called dhpck.exe, so I hop my limey ass over to Process Library and it can't identify the thing either.
Lefen disables trojan and dhpck.exe by unchecking the boxes and reboots his computer. He checks the startup programs and finds new copies have inserted themselves - this suggests that theres a startup entry for either dhpck.exe, the trojan or both. Lefen does not understand the windows registry and conseders wiping his box and starting over.
So it occurs to me, why not just run spybot and MS antispyware and then manually shred dhpck.exe from my c:WINDOWS folder? gotta be worth a try, right?
Lefen makes it so, and reboots his computer (after disabling the new startup entries) AND GUESS FUKING WHAT, BITCH??? Yep, the little cunt is gone! No startup entries, no resurrection of eXact.downloader trojan. I WIN.
So heres what I think happened. The trojan inserted a startup entry for dhpck.exe in the registry. dhpck.exe installs eXact.downloader if it doesn't already exist. eXact downloads IST searchbar. IST searchbar hijacks IE.
I hope all that information is useful to someone with a simmilar problem, the registry entry for dhpck.exe is still there but since it points to nowhere, I assume it's now impotent.
Thanks to everyone who answered all my n00b questions - I will probably have to reinstall my OS at some point, so I'll def be referring back to this thread.
For the record, I do use FF1.0 and I got the thing because I clicked on a "do you want to install this thing" warning by mistake at 1am on monday morning, after a few cans of beer.
What have I learned from this? Use Spybot's TeaTimer (tools>resident>teatimer checkbox).
Werd.
____________________
< barfass> hey, fuck your crumpets, postman pat |
| |
