WTF?

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

hi guys, sorry i haven't been here for ages but ive been on my courses and spending too much time on salisbury plain!

anyway, got a problem and no idea what it is so cant fix it!

thought ive had a virus or some kind of infection for a while as with tuneup one click i always get 53 errors on the registry references.

avg, ewido, ad-aware, spybot and za cannot find anything. za has also started to close randomly.

also when i start up avg and ad-aware i get a za message saying that they are trying to modify WINDRVDIR/HOSTS?

this might be part of the problem or maybe not but my printer has stopped working too! it'll print the blur test page but not the main test or any kind of word doc.

thanks in advance for any help folks.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Version of Windows would help here!

There are a number of trojans that modify the hosts file. There is also an anti-popup system that does the same.

Difficult to know where to start on this, but I think that getting a HijackThis log might be a good place to start.

Harry.

 

lol! sorry harry, xp sp2 home i have, i did google but nothing really conclusive.

i checked hijackthis myself but i couldn't see anything untoward but i will post a new one as soon as possible.

i just find it strange that all my security products are only picking up cookies and not much else when it seems obvious that it is the same thing that is corrupting my registry on 53 items, but also with that, its not like it only happens when ive just switched on.

so even though it may be in memory something else is starting it up.

 

Hm - I agree - nothing obvious.

The only comments I would make are:
1) I'm not a fan of running two AV progs at once - it can easily cause trouble.
2) You have a lot of stuff being started/running. I'd try and disable a lot of it temporarily.
3) I don't really trust some of the 3rd party reg checkers.

Harry.

 

Here you go, moomin. The link will explain the WINDRVDIR/etc/hosts message you are getting.

I think your printing issues are unrelated. Try running a reinstall/repair of Office to fix that as I am guessing you are trying to print from inside Office.

 

harry, i did this log when i was scanning so i think it was just showing up the various parts of avg not 2 seperate programs. tune up has been fairly reliable to but tbh, i haven't tried the windows stuff yet so i might give it a go. but i do have a fair bit of stuff going on so i'll try that too. thanks!

also found a RAR file that will not budge as it's "being used" so im gonna try safe mode and get rid see if it helps.

freddy, thanks for that, that was kinda where everything else led me to and i'll give it a bash.

i can see what ya mean about the office part but wasn't printing its own test page. however, ive cleaned the nozzles loads of times and it is printing now, albeit very very badly!

thanks a lot guys, i'll try your suggestions and get back to ya with what happens. while im here tho, any new or updated a/v to recommend?

 

Yeah. Debian, Ubuntu, Gentoo, Slackware, SuSe, FreeBSD, etc....

 

Have you tried rebooting in safe mode and running the file checkers?

 

lol! thanks freddy!

funny you should say that TG, i went to try that after my last post, and now my config has changed, the timeout is 30 and when i try to start with the line "windows xp home edition" it tells me system32\drivers\ntfs.sys file is missing or corrupt. i have to use th backup line to get in, which takes ages.

same as when i try to boot into safe mode.

i've just started a google on this one now so hopefully i'll soon have it sorted....

or i might just spend my sunday installing ubuntu...

 

Was that using "msconfig"?

 

yeah, i can't seem to get into safe whatever i do, my backup line is fine to use tho 'cept for some strange audio playing.

i found out the command lines to correct it so fingers x'd, should be able to get into safe and sort it out for good.

 

Moom, can you explain what you mean by *backup line*

You could download NOD32, I believe it is fully functional for 14 days and then you have to pay. It's good at finding stuff others miss.

Also, have you opened and checked your hosts file?

It's located in the "windowz\system32\drivers\etc" folder and should, by default, look like this..

Also, have you tried re-loading the printer drivers?

 

yes thanks blu, i did have to roll back the printer drivers then update and it's tickety boo now.

tbh, im not %100 sure how i ended up with this backup line but if you remember i installed ubuntu ages ago and had trouble with the grub?

then i formatted c/ because i didnt really know how to correct the grub fault, anyway, ever since i've had 2 boot options,ie, windows xp home edition and (backup line) windows xp home edition.

maybe somehow i've still got the linux boot partion which has had xp installed over it and therefore named "backup"?

i'll have a look at the hosts file but i think this may be a ZA fault rather than anything else. i also have nod32 but still none of my av/a *ware have found anything, and there still is that one RAR file that will not delete!!

im going to repair the ntfs drivers after work and have a look at the hosts too, and hopefully i can get into safe before dinner.

cheers for te help guys,

 

What's the name of your RAR file that you can't delete?

It's been a few years since I had to do the following and can't remember all the details but I know it works on Win2K. I did some Googling and can find very little on using a Posix shell in XP so I'm not sure if this still exists. You could find out by taking a look at your XP installation disk and see if a Posix folder is still included on the install disk.

Using the Posix shell it's possible to delete many files that you cannot delete with any other method. I have used the Posix shell to create and delete files that used names reserved for the system such as com. I have also used it to take ownership of and delete files that I could not delete in any other way.

There is no support from MS for the Posix shell, but years ago when I was playing with the Posix shell I found a web page with explanations of how to use the Posix commands. There is the same built-in help that the cmd prompt gives, but this page had explanations that were much more complete.

I'll look around and see if I can find if the Posix utilities are still included on the XP installation disk, and you're interested in trying it.

 

it's called data3 but it was only supposed to be a patch for a game i have, nothing more.

i'll have a look on my disc but it's the fujitsu disc and not a proper xp disc if you see what i mean.

i'd be happy to try out the posix idea mate if you think it could work, at the very least it'd be something i haven't tried before.

not saying the RAR file has anything to do with my infection but it's always being used and i almost always have the errors? hmmm.