really weird stuff with friend's xp mce

B

binkgle

Limp Gawd
Joined
Oct 16, 2004
Messages
161
i'm staying with a friend in france; and his computer only has dial-up, but when i used it i felt that it wasn't working quite right. i hit ctrl+alt+del, and the window comes up and immediately disappears. the same goes for norton liveupdate. the norton personal firewall works (but has never been updated), and antivirus rfuses to activate. i cannot enter msconfig, nor can i edit the registry.

the computer has never had a windows update either (or at least not for a long time). when i try to do it i get an error i've never seen before: 0x80072EFD (there's a microsoft error page with the code near the top-right).

another weird thing: the computer can't go onto secure sites (like gmail, my friends bank, my parents' email, nohing. i think it's something to do with sites that are https, but i don't understand why it's happening).

i've managed to dl spybot and update it (onlyworked manually, not the in-prgram update), and found some spyware; but not boatloads. after that and a restart, nothing much changed.

we're using ie6 (we want to fix the probs before getting firefox) on win xp mce 2002, sp2

if you need moreinfo; i'll be glad to provide (after i translate from french to english as we're in france ;) )

thanks for your help
 
In all likelihood, you got hit with a virus. Many of them will try to circumvent and disable virus scanners. Best thing to do is probably scan from outside windows using something like Ultimate Boot CD or BartPE. This should help take care of the virus.

As to your other problem, my guess is that the virus set the reg key to disable registry tools. You can use something like this to get back into most of those things that you have been locked out of. Keep in mind that if the virus is set to enable this reg key all the time while active, you'll need to get rid of it first.

Good luck.
 
to at least be able to get into the registry/task editor, try finding the actual executables for them, regedit.exe (in c:\windows) and taskmgr.exe (c:\windows\system32), make copies of each and call them somehting like regedit2/taskmgr2 and you may be able to launch them, the virus is simply looking for the programs to be called "regedit" and "taskmgr" and probably won't close them if you rename them
 
i did the taskmgr/regedit renming, that worked well (thanks so much for that), and i found some processes running that i didn't like, so i've stopped them for now. i'd also like to get into msconfig. what is the name of the exe for that,; and where is it (there's no exe called msconfig in c:/windows nor in c:/windows/sytem32.

i am now going to dl avg free (we tried to copy it over from my laptop with my ipod, cause there's a setup file in the program folder, but we needed a licence key that we didn't have :( ), and i'll install that, update it; and then run it in safe mode (i can't connect via dial-up when in safe mode with networking, so all internet access has to happen with everything running ( :mad: ).

i'd love to use ultimate boot cd, but i don't carry mine everywhere with me, and it would take some time to dl on dial-up..................
 
You must log in or register to reply here.
Back
Top