Topic: Male pc virgin needs help, im cluless!!

[pablo piccasso]

No programmes on my pc will open!! my brother was over at my house checking stuff on the net(nothing dodgy he promised) while i was on holiday and mentioned something about "blood hound" message popping up on screen is this a virus? if it is why didnt my norton pick it up or even my iss firewall, it also mentioned something about not being able to read c drive??. Please help the last computer i had was a spectrum 48k

[Shaz]

Hi im no techie but found this on google, hope it helps
http://www.sophos.com/virusinfo/hoaxes/bloodhound.html

[Shaz]

Oh and by the way
No doubt a techie will turn up to help you pretty soon.

[pablo piccasso]

Cheers Shazzzzzzaaaaa nice to see a friendly face!!! and i dont mean Ryan Giggs.

[Shaz]

Now lets not ge off to a bad start pablo.
Leave my Ryan alone

[pablo piccasso]

Sorry! didny mean to offend i think he's a great player, word has it he is going to sign for Celtic!! does he know anything about pc's??

[Simon]

Hi Pablo,

Have you tried booting into Safe Mode (keep tapping F8 while the PC is starting)?  If you can get into safe mode, and start Norton, do a FULL virus scan and   come back to us with the results.

Oh, and if you are on XP or ME, it would be best to switch off System Restore before booting into Safe Mode.  Let us know if you need help with this.

How to disable System Restore in XP and ME.

[pablo piccasso]

Cheers Simon

Im going home now to try out your suggestion, i can still get on the net but only through accessing it through instructions for my epson printer icon??? dont know what im doing wrong, anyway ill let you know what happens Thanks again!! oh and you know down in the right hand corner of your pc you gat all the wee icons for norton, iss and various other programmes they have all dissapeared, im afarid if i go on the net ill be leaving my self wide open to hackers?? is this so??

[Simon]

If what you say is correct, and your Anti Virus protection and Firewall have been disabled somehow, it would certainly be quite dangerous going online.

To be honest, if none of your 'run' programs are starting up (the ones which start automatically with Windows), and can't be manually started either, it sounds like there could be something quite seriously wrong, but do the virus scan in safe mode if you can, and we'll see where we can go from there.

If you have any spyware protection installed, such as Ad Aware, Spybot, Spyware Sweeper, etc, you could also run them while you're in safe mode.

If none of the above works, then I fear you may be looking at a hard drive format and re-installation of Windows, but don't panic just yet, as someone more technical than me might have some other ideas.

[pablo piccasso]

Hi Simon

Tried what you suggested ....no luck, as always when i try to open up a programme i get the message...windows cannot find 'c:\windows\explorer.exe (text changes slightly depending on what your trying to open up) im still puzzled as to why i can still access the internet?, your assistance is very much appreciated.

pablo

[Simon]

I'm afraid this is a bit over my head now, so hopefully one of our proper techies will be along soon to help.  

[pablo piccasso]

Cheers for all you help Simon.

Pablo

[Sandra]

Hi Pablo, you dont happen to have Kazza installed do you or has your brother been downloading from it  
Its notorious for messing pcs up and I have come across this which may be your problem :

Infection Method
The dlder.exe spyware file, also functioning as a trojan dropper, is installed by Grokster (1.33), Bearshare (2.4.0b7), LimeWire (2.02), Net2Phone (unspecified versions) and KaZaA (unspecified versions). It may have also been installed by some versions of BonziBUDDY, but this has not been confirmed. The dlder.exe file is normally written to C:\Windows\dlder.exe. According to multiple sources, the user is asked whether or not they wish to install the "ClickTillUWin" component (carrier of the dlder.exe trojan), but the component may be installed even if the user chooses "NO".

Upon installation, the dlder.exe trojan first connects to the web site www.2001-007.com and transmits data, including a GUID, the user's IP address and browser version. According to this site (Spanish), the request is in the form: http://www.2001-007.com/index.asp?UserURL=GET+/&User_IP=127.0.0.1&userid=127&User_Browser=IE . This URL returns a numeric value that appears to count the number of unique installations.
The dlder.exe software then downloads and installs a trojan file named Explorer.exe from the same site, to C:\Windows\explorer\Explorer.exe (do not confuse this with the required Windows file explorer.exe, located at C:\Windows\explorer.exe). The dlder.exe file then places a Run key in the Registry so that the new Explorer.exe trojan runs at startup.

Manual Removal:

Terminate Dlder.exe and ExPlorer.exe using Windows' End Task (CTRL-ALT-DEL) dialogue, if possible.
Delete the files: dlder.exe (normally in C:\windows) and the phony Explorer file (normally C:\Windows\explorer\Explorer.exe). Be sure you are not deleting Windows Explorer, which is located at C:\Windows\Explorer.exe.
(Optional) Remove these programs' Registry Run keys under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Hope that this helps  

[pablo piccasso]

Thanxs for your suggestion Sandra but you have totally bamboozled me with the stuff you wrote, you really would be amazed by lack of knowlage with regard to pc's. The info you gave me is not applicable in my case or at least i dont think it is, i can still access the internet but it keeps throwing me out after about 5 mins!!!! it appears with a little counter that starts at abou 60 secs and counts down? and im still not shure if i have any protection with my norton or iss fire wall, please help someone!!

Hope your not kissing frogs for too long!!
Paul

[Sandra]

Can someone confirm that if Paul goes to  Start -> Administrative Tools -> Component Services -> Services (local).
Then to Remote Procedure Call and selects Restart Srvice after first failure and changes the Restart Service after 1 min to 999 mins whether that would do any harm  
I heard something about doing that to stop the timer from counting down from 60 seconds so he can at least get on line for a few hours until we can figure out how to sort him out permanently