PC Pals Forum
Technical Help & Discussion => Windows PCs & Software: Help, News & Discussion => Topic started by: jonno_w on May 01, 2006, 21:18
-
Hi folks. I'm having two problems with my PC and am hoping you clever people can help.
[1] My sister sometimes uses the computer and is keen on chatrooms. Somehow she has managed to change the wallpaper to one provided by a website called 'chatagogo.co.uk'. Although I've managed to reset the wallpaper to one provided by Windows, the chatagogo wallpaper appears for several seconds while my PC is booting up. I don't like this, and want to completely remove it from my machine. Any ideas?
[2] When I'm starting up my PC, I get a window which contains the message: "Ibm00001 has caused an error in IBM00001.DLL. Ibm00001 will now close. If you experience any problems, try restarting your computer." At the same time that this message has started to appear, my broadband internet connection has virtually seized up. As I have absolutely no idea what this message means, could it be related to the slowness of my internet connection? And if so, can anyone suggest a remedy?
The computer runs Windows ME. Advice would be much appreciated. Cheers.
-
Hi, it's me again. I should have mentioned, so far I've tried downloading Windows updates and running system restore. However, neither of these have helped. I have Spywarelaster and Spybot installed too, both updated and activated.
-
Hi Jonno and :welcome:
It may be that chatagogo has added itself to your start up files which might explain the wallpaper showing up during boot-up. Click on Start/Run and type MSCONFIG Click on the Start Up tab and see if you can find chatagogo. If it's there, untick it, click apply and OK. You may have to re-start and it will warn you that you have made a change to the way Windows starts. That's OK - just ignore it.
It certainly seems as if you have spyware or something slowing down your computer. I know you already have some excellent antispyware programs installed, but it may also be worth trying AD-AWARE (http://www.lavasoft.de/software/adaware/)
Remember to update it before you use it. I think that removes the dreaded SpySherriff which is often associated with Ibm00001 errors.
-
Hi Jonno,
You could also try Ewido (http://www.ewido.net/en/download/), which is very effective at removing nasty spyware and trojans.
Good luck! :)
-
Brilliant. Thanks for the prompt replies, guys. Due to work comitments away from home it'll be Monday before I can try out your suggestions, but I shall report back and let you know how it went.
If anybody else has any suggestions, please leave them too in case I don't have any luck with the above.
Cheers!
-
good luck.
-
Upgrade to XP if you can. But do a clean install.
-
Hi guys. I did start - run - misconfig, and although I didn't find anything with any reference to chatagogo I did find "C:\WINDOWS\SYSTEM:ibm00001.exe". I unticked this, clicked apply and restarted the pc. Did I do the right thing, or have I inadvertantly invited more doom and chaos? Web pages still seem to be loading slow-ish. I have updated and run Adaware, Spyblaster and Spybot. Is there anything else I can try?
-
Apparently its a trojan John :(
http://www.justtext.com/processes-tasks/ibm00001-exe.html
See if you can find it in add/remove and remove it but its probably not there.
Delete it from here in safe mode with System Restore turned off :
File or folder location:
The actual hard drive location will be at C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
-
Sandra, many thanks for the advice but you credit me with too much technical knowledge. I'm sure you can advise me though.
1) How do I turn off System Restore?
2) Safe Mode - is that accessed by repeatedly tapping F8 as the computer starts up?
3) Would I find that location via My Computer?
Your advice sounds very helpful but unfortunately I am an idiot and would appreciate your help.
Cheers.
-
1) To disable System Restore, right click your My Computer desktop icon, and select Properties, then the System Restore tab. Untick the box, to switch off System Restore. It may take a few seconds to deactivate. Don't forget to enable it again, once you have cleaned your machine.
2) Yes.
3) See above. :)
You might also want to try Ewido (http://www.ewido.net/en/download/), which seems to be able to find and remove some of the more recalcitrant trojans and spyware.
Oh, and you cannot be an idiot, or you would not be here. ;)
-
I really appreciate you guys' help, but now I'm starting to get a headache. I have followed the above instructions but Sandra's suggested location yielded only four icons which read as follow:
MSONEXT.DLL
MSOWS409.DLL
PUBPLACE
RAGENT.Dll
There's no sign of anything pertaining to this ibm00001 thing. Any ideas what to do next? Actually I am a bit of an idiot; this is sort of the pc equivalent of ground crew talking down a willing but unknowledgable civillian airline passenger in the cockpit after the proper pilot has conked out. Your help is hugely appreciated!
-
Ha! You found your suspect Jon. PUBPLACE is a trojan known as Downloader-LC. I'm surprised that none of the detectors you used found it, but wait for Sandra to return before deleting it though.
-
Brilliant. You guys are stars. I'll keep checking back. This thing is driving me nuts; I really appreciate your help. Cheers.
-
Did Ewido find anything, Jonno?
-
I tried that, but I got a message which said that the software couldn't run on anything less than Windows 2000. I'm running Windows ME. I didn't look into it further than that. Is this in any way meaningful to you? As my previous posts have probably made clear, I'm no technophile ... but common sense suggests to me that ME/2000 wouldn't be that different. I don't know. 2000? Millenium Edition? My headache is getting worse. :?
-
2000 and ME are both different versions of Windows. I didn't realise Ewido doesn't support older versions, so sorry about that. What Anti Virus software are you using? Downloader-LC seems to be quite an old trojan, and I'm surprised that your Anti Virus software hasn't protected you from it.
I would also recommend you consider upgrading to Windows XP, as you may find that ME is no longer supported by some newer programs, as we have found tonight.
Don't worry about asking questions - we all had to learn from somewhere, and most of us are still learning. ;)
-
Have you got the pc set to show hidden files and folders John.
It will possibly be a hidden one.
Open any folder and go Tools/Folder Options/View then look down the list for Hidden Files and Folders.
Tick the Show Hidden Files and Folders then ok and that should show the missing file hopefully.
Check that you can see it in normal windows, update your current anti spyware and AV programs then disable System Restore as Simon said and reboot into safe mode by pressing F8 as it reboots.
Run the scans in safe mode and see if they detect and remove anything.
If the imb00001.exe file is still showing then delete it but hopefully the scans in safe mode will fix it.
-
Right. An otherwise reliable friend recently spent some time noodling around on my pc and somehow, when he returned it to me did so with no anti-virus protection (smacks forehead with realization of the jaw-droppingly obvious :blush: ). Okay, will try your advice tomorrow but am absolutely zonked out for this evening. Thank you all for your patience tonight; please check back tomorrow! Incidentally, what would you all generally think that the best free AV download would be, being as I'm endeavouring to clean up my pc at the mo'? Many thanks for your help.
-
Avast and avg are both great programs and free
-
Norton is probably the most popular Anti Virus software, but later versions have been reported to slow down PCs quite a bit. I have recently switched to F-Secure Internet Security 2006 (http://www.f-secure.com/), which is an all-in-one Anti Virus / Firewall / Spyware and Spam protector. I have found it to be excellent, but unfortunately it's not free. You can, however, download a fully functioning 1 month free trial version from here (http://esd.element5.com/demoreg.html?productid=300042694&languageid=1), which should be able to clean up your PC, then you can decide whether to purchase the full licence, or look for something else. If you do decide to buy it, you can get it cheaper from Dabs (http://www.dabs.com/productview.aspx?Quicklinx=3YPK&SearchType=1&SearchTerms=f+secure&PageMode=3&SearchKey=All&SearchMode=All&NavigationKey=0), than from the F-Secure site. Whatever you choose, be it paid for or free, you do need to have anti virus protection and a firewall installed on your PC, and kept updated. The paid for versions do automatically update, so once set up, you can usually forget about them, but some of the free programs require manual updating.
-
Right. I've run Adaware, Spybot and Spyblaster in Safe Mode and downloaded some virus protection (Antivir, on a friend's recommendation). In Safe Mode, Spybot brought up 2 entries for Torpig, which it hadn't in Normal Mode. I seem to recall that I've seen the term Torpig used in connection with ibm00001 elsewhere on t'internet. It could not fix these problems initially, and suggested restarting my pc. I did this, and Spybot said that the problem had been fixed. I'm going to have a noodle around on the net now and see if there's any improvement. Will let you know if the problem seems to be resolved. Cheers.
-
Nah, still no good. The internet connection is running at snail pace. Any ideas? I have a friend who can wipe my pc and install Windows XP; should I just call it a day and go for that?
-
Did you remember to turn off system restore before you re-booted? The sophisticated trojans use system restore to reinstall themselves after deletion. Torpig disables your antivirus too so make sure that it's still enabled.
-
Clive, System Restore was off throughout.
-
Upgrading to XP would not be a bad thing, if you have someone offering to do it for you. I would try the trial version of F-Secure, as I recommended above, first, as this may well remove your trojan for you. I have also found another spyware utility, which clims to remove Torpig, and this is XoftSpy (http://labs.paretologic.com/spyware.aspx?remove=Torpig). Unfortunately, the free version will only detect spyware - to remove it you have to purchase the product, but if you want to PM me, I may be able to help you with that. ;)
-
As I have just bought a 19 inch TFT DVI monitor I am a bit short of cash this month Simon, can you help me out with some cash too please :wink:
-
You and your toys, Sandra! :roll: :wink:
-
Bigger is usually better Simon :)