An Apple a Day

If I recall using a linux based password "recovery" tool usually ends up you resetting the password to gain access to a passworded computer. Not the best thing if you dont want to leave tracks you were there. For the file extraction you want to do, I have not done this but am told it will do it, use a "live cd". A "live cd" is a operating system on one cd. The operating system is loaded in to the computer Ram and not the harddrive. You can access the hard drive but no files are written to it from the Ram. The one cd os loads its own drivers to operate the hardware, ie printers, cd reader/writers, usb ports, Dvd ect. Once shutdown and the cd removed there generally is no trace, because windows OS was never started. Knoppix (a popular one cd os) might just be the ticket. (sorry no link doing this on the fly) Regards

I do believe that all of the devices will default to the slowest "nic" on the network. Most of the "nic's" are auto-sensing. Example: if three devices were on the same network. one with a 10mbs nic, another with a 10/100mbs (auto sense nic) and another with a 10/100/1000mbs (auto sense nic) All devices will default to the 10mb speed. :)-->good luck

Paw, you missed this one. Most likely the cause of most of the problems: O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:MAIN.MHT!http://d.dialer2004.com//tv/main.chm::/load.exe This one is called "TrojanDownloader/dropper.Win32.Small.cw" Its whole purpose in life is to retrieve and install additional files, when run. Most will be configured to retrieve files/images from a designated web or FTP site. Notice the "dialer2000" website part of it, probly "adult content" is associated with it. Do you see the /load.exe? I would suggest checking that O16 entry as well for fixing while in safe mode. If it (the browser hijacking) does not go away, a number of file deletions and registry editing might be in order. This one is probly getting loaded at boot. There are a number of other bed-bugs present as well (such as odd browser helper objects (BHO's)) But will let you drive the bus Also very very important C:WINDOWSTEMPORARY INTERNET FILESCONTENT.IE5GHAJ0LQVHIJACKTHIS[1]HIJACKTHIS.EXE One last thing, never run Hijackthis from a "temp file" always make a folder, preferably on your root directory..(ie c:hijackthis) put the program exe in it and run it from there. Reason being is that Hijackthis does make a back up should you need to put back what you deleted/fixed. If you run it from a temp file you will lose everything when you reboot. Now back to your regularly schedualed program....

herbiejuan Try booting into safe mode and running Adaware. after scan reboot again into normal mode and see if it has gone. Another thing you may have to do is show hidden files and folders. Here is how How to unhide files Try to search for your baddie files/folder that way. Sometimes Adaware complains about a file that Spybot has put into backup archives. Could be a false positive so to speak. There are a few more things to try. But give those a shot first.

I use this tool to profile a computer when the user/owner is not sure of what they have or what the model numbers of the equiptment they own. Plus so much more! Belarc Advisor Next step once you have the model/serial numbers is to search out the information on the Web.

Well as long as you are not a (must I say it) a Dis"grunt"led poster? I will see you get some help. You know one of these times we will catch up in the chatroom!

Ok, Bacon girl sorry for the difficulties for getting in the forum at SWI. If you get nowhere with getting on the forums there (SWI), I have another forum you can post your log can get some attention. Tomcoyote forums Pretty much the same folks that post and help at SWI (including me) and is a bit easier to post to. (less traffic) You do have to do the register thing unfortunately, most forums are having to do this now. Even here at GS you have to be a member just to read certain content. Once you register at Tomcoyote's post your log and such in the Open forum and under the topic Hijackthis logs and problems. Yes your firewall is definetly keeping you from connecting. You might try this fix for SWI.(or any other site you might have trouble with) In IE, do Tools->Internet Options, and delete cookies. In IE, do Tools->Internet Options, Privacy, click Edit, add URL for SWI forums, click Allow. Close all browser windows. Open just one IE. SWI like many forums want to set cookies for the browser session to remember your name and login across the sections and pages there. To keep you logged in so to speak. Please let me know where you landed with your post. There are these two missionaries who have been lost and wandering in a jungle for days, and they're at death's door with hunger. As they stumble on, hoping for salvation in the form of a mircle or something to eat, they suddenly spy, through the bramble, a peculiar tree off in the distance. As they get closer, they can see that the tree is draped with rasher upon rasher of bacon. There's smoked bacon, crispy bacon, life-giving juicy nearly-raw bacon, all sorts. "My God, John" says the first man. "It's a bacon tree !!! We're saved!!!" "You're right" says John, "Praise the Lord!" "Its a mircle!" So John, goes on ahead and runs up to the tree salivating at the prospect of food. But as he gets to within five feet of the tree, there's the sound of a sackbutt, and he is shot down in a hail of Pigpellets. His friend quickly drops down on the ground, and calls across to the dying John. "John, John - what happened?".... With his dying breath John calls out ... ."Ugh, run , run ! ... it wasn't a Bacon Tree it was a........Ham Bush."

Why not use the WEP (Wired Equivalency Protocal/Privacy) and MAC filtering together? Wep may cause some network slowdown, but depending on the bandwidth being used currently by the connected devices you may not notice. Wep isnt perfect but better than nothing. Using the Wep would encrypt data between the device to the Base. Would stop/slow the "Unauthorized" User from getting a connection for starts and monitor traffic for legit Mac addresses and passwords. That and get rid of any "factory" SSID's or Keys and make some of your own. A step better than WEP is that your Router supports a newer technology called Wi-Fi Protected Access™ (WPA) wireless security. The Router protects your PC from most known Internet attacks with a powerful Stateful Packet Inspection firewall. It can also serve as a DHCP Server, supports VPN pass-through, and can be configured to filter internal users' access to the Internet. A real advanced step would be to make the Wireless base station one network, and the devices another and use Virtual Private network connections (VPN,s) using certificates as authentications. But as Steve put it, Mac filtering might be enough for what you need to do. But I would be sure tempted to enable the WEP.

Balsamic,err Pslamy, no..no..wait I will get it..Ptooey, Psalty,..Psalmy! I look forward to see you there. Just let me know who to look for. More about the ZoneAlarm: Try putting the privacy and security settings in the internet settings control panel on medium or lower. Does that fix the access problem at GS? Here is a tutorial on how to set access for sites you like to visit on Zone. Privacy settings/ZoneAlarm

Ad-Aware/Spybot SD are very good "General" tools but the number and types of exploits are becoming exceedingly more difficult to detect and remove. The tools generally require to be able to "see" the files and the crapware is getter better at hidding them. Spybot SSD is coming out with a new version in the next few days (or so promised) to better detect more of them. (version 1.3) Yes, Pacman's portal has a presence on many security websites and is a very good database for discovering "what is this thing" But startups are not the only issue. There are BHO's system files, and applications. (such as that Aveo that never really went away) The Hijackthis program frequenly mentioned and used is very simple to use. You download the executable file into a permenant folder and run it. Here is a link to a quick start on the program Quick Start on Hijackthis You do nothing but explain in a post at one of the security forums recomended about what happened to you and post the Log created by hijackthis if a Helper or Expert asks for it. About the ZoneAlarm, its a good thing you are getting the alerts. It means it is catching them! But for the most part its just "noise" that has always been there and you are just seeing it for the first time. Once the novelty of having it pop up on you each time one happens you can shut off the notifications. Zone alarm is chatty when first installed because it does have to learn from you what access is acceptable or not. ( both outgoing and incoming) If acceptable always, you check the box on the popup not to bug you about it again. If not acceptable ever you check the box saying so. Even if you make a mistake you can find that entry and remove it from being blocked or allowed. A bit of fine tuning and you probly can get Greasespot to work as you want it to. I dont use zonealarm, I use kerio personal firewall and do fine on GS. I know this no fun, but its the exploiters which have made the internet this way. Best you can do is lock down your machine as reasonable as possible. birdy birdy in the sky, dropped some whitewash in my eye...boy I am glad pigs cant fly..

Psalmy, Psalmy, Psalmy!!! You can continue to use outlook express. It has nothing do with Firefox the browser. Yes mozilla does have a email client but thats not what was recomended to you by the other Chatters. sigh... Browser exploits in internet explorer allowed other people via websites you visited to execute code on your computer as if they were sitting at your keyboard. Thats why so many updates and security patches had been released to remove the vunerabilites. That is why probly why mozilla firefox (say it with me--> "Browser") was recomended to you. It doesnt have the exploits IE has/had. Now do you know if you have a keylogger, malware, ect still on your computer? I dont, nor will anyone else unless you run some tools. I am not trying to panic you into a rash thing, I just want to help you secure your computer and to keep it from happening to you again. oh by the way, apple a day does keeps the ah-hem Doctor away.

A snip from a Tech/tv article for getting you IE favorites to Mozilla firefox. Things to Know about Firefox There you go

Great let me know under what Nick or handle you are posting over on spywareinfo. Better yet a link so I can baby sit your post should you not get a quick response. Mozilla firefox is what you want to download. About 6.5 megabytes. So you do have room for it. Here is a link to it so you can learn all about it. Firefox-Browser Now with that said, I have not used it myself but come recomended highly by those who do just for the feature of tab browsing and ad blocking built in. No more continuing to back and forth and open new windows to follow links. Why havent I used it? Just have not taken the time on a shared dial up to grab the file. One of those when I get around to it I will do it. I have not have had problems with IE because of the security tweakings and layered applications I have running. See you soon.

Run both adaware (by lavasoft) and spybot search and destroy. Each looks for different exploits by crapware, keyloggers, and hijackers. The way things are currently, unless you are a computer professional, it is very difficult for the average user to identify any malware they might have. Malware has become stealthy in hidding its self by changing names or places it resides. I would suggest you go have a visit at spywareinfo Make a post in The spyware removal-Hijack forum with your problem. With the number of posts they recieve you may have to bump your post to the top of the list on occasion. Follow what the experts or helpers suggest, and ask for assistance to avoid getting reinfected. I would walk you through this, but would rather have the resources of that site to be sure you get the best help possible. (oh by the way proverb17 says he still has sackbutt envy, and still complains about Psalms before proverbs...)

Update, if you dont want to install a new program and already have musicmatch as a media player. This snip is from TechTv snip You can also use MusicMatch to capture the analog signal being played. Go into the Options menu, select Recorder and change the source to System Mixer. You'll need to make sure your computer's volume level is turned up as it will effect the level of the recording (capture) end snip Even cheaper would be to capture the sound from the sound card on one of the speaker/lineouts rerouted to a line in. Any thoughts why that wouldnt work? Other than quality of sound?