PC Pals Forum
Technical Help & Discussion => Windows PCs & Software: Help, News & Discussion => Topic started by: pablo piccasso on May 10, 2004, 15:54
-
No programmes on my pc will open!! my brother was over at my house checking stuff on the net(nothing dodgy he promised) while i was on holiday and mentioned something about "blood hound" message popping up on screen is this a virus? if it is why didnt my norton pick it up or even my iss firewall, it also mentioned something about not being able to read c drive??. Please help the last computer i had was a spectrum 48k
-
Hi im no techie but found this on google, hope it helps :)
http://www.sophos.com/virusinfo/hoaxes/bloodhound.html
-
Oh and by the way :welcome:
No doubt a techie will turn up to help you pretty soon. ;D
-
Cheers Shazzzzzzaaaaa nice to see a friendly face!!! and i dont mean Ryan Giggs.
-
Now lets not ge off to a bad start pablo.
Leave my Ryan alone ;D :slug:
-
Sorry! didny mean to offend i think he's a great player, word has it he is going to sign for Celtic!! does he know anything about pc's??
-
Hi Pablo,
Have you tried booting into Safe Mode (keep tapping F8 while the PC is starting)? If you can get into safe mode, and start Norton, do a FULL virus scan and come back to us with the results.
Oh, and if you are on XP or ME, it would be best to switch off System Restore before booting into Safe Mode. Let us know if you need help with this.
How to disable System Restore in XP and ME. (http://tinyurl.com/movy)
-
Cheers Simon
Im going home now to try out your suggestion, i can still get on the net but only through accessing it through instructions for my epson printer icon??? dont know what im doing wrong, anyway ill let you know what happens Thanks again!! oh and you know down in the right hand corner of your pc you gat all the wee icons for norton, iss and various other programmes they have all dissapeared, im afarid if i go on the net ill be leaving my self wide open to hackers?? is this so??
-
If what you say is correct, and your Anti Virus protection and Firewall have been disabled somehow, it would certainly be quite dangerous going online.
To be honest, if none of your 'run' programs are starting up (the ones which start automatically with Windows), and can't be manually started either, it sounds like there could be something quite seriously wrong, but do the virus scan in safe mode if you can, and we'll see where we can go from there.
If you have any spyware protection installed, such as Ad Aware, Spybot, Spyware Sweeper, etc, you could also run them while you're in safe mode.
If none of the above works, then I fear you may be looking at a hard drive format and re-installation of Windows, but don't panic just yet, as someone more technical than me might have some other ideas.
-
Hi Simon
Tried what you suggested ....no luck, as always when i try to open up a programme i get the message...windows cannot find 'c:\windows\explorer.exe (text changes slightly depending on what your trying to open up) im still puzzled as to why i can still access the internet????, your assistance is very much appreciated.
pablo
-
I'm afraid this is a bit over my head now, so hopefully one of our proper techies will be along soon to help. :)
-
Cheers for all you help Simon.
Pablo
-
Hi Pablo, you dont happen to have Kazza installed do you or has your brother been downloading from it ???
Its notorious for messing pcs up and I have come across this which may be your problem :
Infection Method
The dlder.exe spyware file, also functioning as a trojan dropper, is installed by Grokster (1.33), Bearshare (2.4.0b7), LimeWire (2.02), Net2Phone (unspecified versions) and KaZaA (unspecified versions). It may have also been installed by some versions of BonziBUDDY, but this has not been confirmed. The dlder.exe file is normally written to C:\Windows\dlder.exe. According to multiple sources, the user is asked whether or not they wish to install the "ClickTillUWin" component (carrier of the dlder.exe trojan), but the component may be installed even if the user chooses "NO".
Upon installation, the dlder.exe trojan first connects to the web site www.2001-007.com and transmits data, including a GUID, the user's IP address and browser version. According to this site (Spanish), the request is in the form: http://www.2001-007.com/index.asp?UserURL=GET+/&User_IP=127.0.0.1&userid=127&User_Browser=IE . This URL returns a numeric value that appears to count the number of unique installations.
The dlder.exe software then downloads and installs a trojan file named Explorer.exe from the same site, to C:\Windows\explorer\Explorer.exe (do not confuse this with the required Windows file explorer.exe, located at C:\Windows\explorer.exe). The dlder.exe file then places a Run key in the Registry so that the new Explorer.exe trojan runs at startup.
Manual Removal:
Terminate Dlder.exe and ExPlorer.exe using Windows' End Task (CTRL-ALT-DEL) dialogue, if possible.
Delete the files: dlder.exe (normally in C:\windows) and the phony Explorer file (normally C:\Windows\explorer\Explorer.exe). Be sure you are not deleting Windows Explorer, which is located at C:\Windows\Explorer.exe.
(Optional) Remove these programs' Registry Run keys under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Hope that this helps :)
-
Thanxs for your suggestion Sandra but you have totally bamboozled me with the stuff you wrote, you really would be amazed by lack of knowlage with regard to pc's. The info you gave me is not applicable in my case or at least i dont think it is, i can still access the internet but it keeps throwing me out after about 5 mins!!!! it appears with a little counter that starts at abou 60 secs and counts down? and im still not shure if i have any protection with my norton or iss fire wall, please help someone!!
Hope your not kissing frogs for too long!!
Paul
-
Can someone confirm that if Paul goes to Start -> Administrative Tools -> Component Services -> Services (local).
Then to Remote Procedure Call and selects Restart Srvice after first failure and changes the Restart Service after 1 min to 999 mins whether that would do any harm ???
I heard something about doing that to stop the timer from counting down from 60 seconds so he can at least get on line for a few hours until we can figure out how to sort him out permanently ???
-
Hi Sandra
The problem with me going on line is that i dont know if im protected or not, my norton icon or firewall icon do not appear in the bottom right hand side but are still on my desk top? is there another way to find if im still protected??
By the way if thats your picture, your never 53!!
Paul piccasso.
-
By the way if thats your picture, your never 53!!
Paul piccasso.
::) Gawd Paul dont start telling her that! I get enough of her droning on about her drop dead gorgeous looks as it is :P ;) by the way :welcome:
-
Paul if you do Ctrl + Alt + Delete all at the same time it will bring up the task manager, you may have to do it a few times to bring it up.
That will list all the programs that are running at that time and hopefully will show your AV and Firewall progs are running.
I would think that whatever is affecting your pc though has stooped both your av and firewall from loading though :(
Did you find out if you have Kazza installed or if your brother downloaded from it by the way ?
The camera never lies Paul, that was taken on the 21st of Feb this year, 2 weeks after my 53rd birthday thank you very much :-*
-
You will have to excuse my ignorance but what is kazza?
-
Its a P2P (peer to peer) downloading program.
You "share" your music and other files with other people who have it installed but its notorious for causing problems for PCs either by the spyware that the program itself installs when you install it or by getting infected files from other pcs.
There are lots better P2P programs around but some people seem to like living dangerously and insist on using Kazza :(
-
Hi Sandra
My computer is not linked up to anyone elses and im not sharing files either ive only had my pc for two months and everythings went t**s up!!do you think that it might be worth my while getting someone to visit my house and see what the problem is??
-
Try finding your Nortons AV on your desktop, or, if it's not there, under Start/ All programs. Launch it and click on Options. Click "enable autoprotect" and it should then be back in your list of start up progs.
-
Hi Clive
Tried that, as soon as i go into all programmes it comes up with the message about the c drive that i refered to a few e-mails ago and does not let me go any further, everything i go into referes to the c drive??
Pablo
-
Since you can get in the Internet, why not try downloading a free virus checker such as AVG, getting the updates, and running it from the net?
-
Hi Paul,
That?s what I could find and arrange for you from another forum (if you can do it) :
1. Disable System Restore (Windows Me/XP).
2. Remove from the registry (Regedit) ?svckernell.com? everywhere you find it.
3. Update the virus definitions. And follow the instructions here: http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.packed.html
4. Restart the computer in Safe mode or VGA mode.
5. Run a full system scan and delete all the files detected as Bloodhound.Packed.
6. Clear the Temporary Internet Files folder, if required
7. Restart Computer normally.
8. Reactivate System Restore.
9. If the problem is still there, passé AD-AWARE.
Hope it helps. :)
-
Just to recap a little, Paul, can you get into Safe Mode, by continuously tapping the F8 key while your PC is starting?
If so, are you saying that you still cannot start any of your programs, even in Safe Mode?
It definitely sounds like you have been infected with a virus, and possibly more than one, but if you can get into Safe Mode, you should[/i] be able to launch your anti virus software from your desktop, and run a complete system scan. Before you go into Safe Mode, assuming you have XP, you should disable System Restore by the method in the link in my earlier post.
1. Right-click My Computer (on your desktop), and then click Properties.
2. Click the System Restore tab.
3. Tick the "Turn off System Restore" tick box.
The only difficulty with the above is that your anti-virus protection may not be up to date, and as you can't launch it while you are online, that would be a bit tricky, but it should still find something, which might help a little, then we can progress from there.
-
I heard something about doing that to stop the timer from counting down from 60 seconds so he can at least get on line for a few hours until we can figure out how to sort him out permanently ???
SASSER VIRUS!!
Just like the "BLASTER" Virus, the SASSER virus exploits an RPC, which means the PC shuts down in 60 secs.
=YOU CAN GET THE VIRUS FROM JUST BEING ONLINE!=
-Thats right, you don't have to check mail or anything - the virus spams random IP addresses with itself: FIREWALL'S REQUIRED TO STOP THIS!
Firstly, there are now 6 different versions of the virus.
sasser.a to sasser.e can be removed by using the removal tool from Symantec (Norton):
http://sarc.com/avcenter/venc/data/w32.sasser.removal.tool.html
IF you have sasser.f, read removal instructions here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.f.worm.html
Once you have removed the virus, GO TO THE WINDOWS UPDATE WEBSITE, to obtain the latest patch to fix the 60sec problem.
-edit-
The virus basically stops your computer from working, if you do have a firewall stopping it from getting out. Usually it starts the process SKYNETAVE.EXE at startup, which calls RARMON.EXE, and then executes FTP.EXE - can you guess what it's trying to FTP? :-*