Bear, I've seen lately upon start-up that my 'puter generates a window with all black in the field, and it displays a name of 'netsh.exe' . This also seems to open the 'dial-up connection' window for the dialer, but it is not the sme dialer window that I get when I actually click on the ISP icon and generate THEIR dialer window, which is labeled 'Ji-Net connection' . This black window shows on a search as a 27kb PF file and in system 32 as an 84kb application. It didn't show on the last HJT log. In regedit it shows as being in about 250 places (literally) in the folder MUIcache, all with the subheading of c:\program files, with the Ohio-shaped 'AB' icon, then REG_SZ, except the last one which has what looks like 'on' over 'no' in blue letters within the icon, and then it says REG_BINARY 09 04. Could this be a virus or some other evil entity? I'll put a fresh HJT log in that thread. Thanx.

Also a question about spyware: can you recommend a good, free-to-download spyware REMOVAL program, maybe from filehippo ro a similar site? I don't trust download.com anymore, as I've downloaded some of the programs available on their site which supposedly install perfectly, then won't open, giving me a message saying some 'core files' are missing. I downloaded a spyare detection program which found 52 spyware items in a 'puter at my school, but it won't remove them unless we purchase/subscribe. Can't blame them, but what a tease!! :o

That program is a Windows file that is used to configure the computer from the command prompt (DOS). Chances are the infection you currently seem to have is opening this window, and configuring the port it uses to connect to the IRC network it uses...
Fixing it by the method(s) given in the HJT thread should fix it.
I'm thinking your AV program is not working out?

As for spyware programs not finding "core files" after installation? Might be a virus breaking the installs, to be honest. If you're infected with teh right bug, it can prevent loading of certain apps that might be used to remove it.
Spyware removal programs:
http://www.lavasoftusa.com/software/adaware/
http://www.microsoft.com/athome/security/spyware/software/default.mspx
http://www.safer-networking.org/
Should be a good start. You might also read the site you got HJT from:
http://www.spywareinfo.com/~merijn/index.html
Several interesting things to be found there...

Bear, as I write I'm downloading the adaware stuff. It's odd, though...the only option given when I open the download screen is to download to disc. I can't go straight to CD but I thought it'd let me put it on my harddrive.(Perhaps this is to guard against being unable to function due to the very presence of the spyware it's designed to remove, as you mentioned earlier?) However, it wanted a floppy, but from the stated size of the file I expected it to take two floppys. It just finished and says it loaded all 2.8 mbs onto one standard 1.4 mb floppy...:confused: :confused:

Wait...when I look, it did load it onto the HD. Why did it insist that I insert a floppy?


I know my AV doesn't seem to be working correctly, (although when I use it to scan, it performs all the functions correctly), and neither does my firewall. I used to use this firewall, (Sygate) before I had to delete and reinstall windows and it worked great, giving me reports every time it detected a port-scan attack and everything. But none of that seems to work now. I downloaded a registry cleaner today, and I think I'll delete the AV and firewall, then clean the registry to hopefully get rid of old code, then reinstall the firewall and AV. Sound feasible?

The adaware suggests I close all windows to run it. Back soon.

Hope it works. Thanx, Bear. ;)

Adaware found 1 downloader and 10 traces. Removed them all. Now on to the AV and firewall.

You're doing great! Soon you won't need me any more...
No idea why it asked for a floppy, but you're right, it couldn't save that much on a single 1.44 floppy.

Sounds to me like the bad guys disabled all your protection, and even made the AV *look* like it was scanning everything normally. It was propbably just scrolling your drives contents past you to look llike it was working. Clever.

Bear, Registry Mechanic found 46 shared dll.s, and about 80-some other things. Of course, it couldn't repair the shared dll.s without purchasing the product, but it did 'repair' some of the other things (custom controls, and a few things). What makes me wonder, though, is that a lot of the 'problems' were from 'trusted' programs like Nero, some Word doc's I'd created and edited, (which had nothing to do with the net, or anything involving an .exe other than word) even quite a few from Windows itself.

How serious is a shared dll? Are you aware of any other registry cleaners that can 'repair' dll. problems, when using the free downloaded version?

I just saw AVG, gonna download it now, run a scan and ...who knows?? I'll give the score tomorrow.

Firewall: The only thing that Sygate seems to be doing is notifying/asking me every time a program in my 'puter wants to access the net. But no warning screens about when something is trying to get in.
Any recommendations on a good firewall? I tried Kerio (sp) but it was obtrusive, and a hindrance. It always stopped me when I tried to cut n' paste text, and always identified programs by number when asking about letting them connect, so I never knew if I should allow it or not.

Lord, how depressing...the download speed here is below 4kb second. When I connect, my little window says 46 kbs, but when I begin to download something, it goes down by half each second till it bottoms out here. After (If) it completes downloading, should I delete the old AV before installing this one? The first time I scanned using the one I have now, (AntiVir/XP) it did find some viruses, and deleted them. Since then, maybe only one, and the last two times I scanned, it found none. I hope AVG works better.

Soon you won't need me any more. Sure. And my hair will grow back, and my waistline will shrink, too!! :D

Thanx, as always, and I'll keep pluggin' away. ;)

Shared dlls are *not* a problem most of the time, and frankly I'm shocked it's telling you they need fixing. Most viruses don't use .dlls to spread, although they might overwrite one, or use an existing one in it's infection.

Interesting. I have a laptop with Sygate installed, and it's never told me about intrusions, only asked about outbound attempts. The only firewall I recall telling me about inbound stuff was BlackIce or ZoneAlarm. Then again, most of the time I'm behind a router as well, so I'm less exposed.
Free:
Sygate, ZoneAlarm
Paid (my current FW):
Tiny Personal Firewall

Bear, when my friend first installed Sygate, it generated a big grey screen everytime someone/thing tried to access my system. Perhaps this was due to the way my friend configured it, but it was reassuring to see.

Shared dlls are *not* a problem most of the time,
Good, but I notice the qualifying asterisks.

and frankly I'm shocked it's telling you they need fixing.Marketing, no doubt.

I downloaded AVG, let it update today, then scanned my 'puter. It found only two items (miracle!) but both were unable to be removed, repaired (healed) or quarantined. They're listed as 'Downloader.TIBS' and one is in that kernels64.exe which I thought I'd been able to delete with HJT, and the other is in Win32.exe.

Think they'll do any harm? If AVG just updated today is there a reason they couldn't be handled?

Also, a unit at my school has some programs that I need to delete. I've tried both the Windows 'Add/Delete Programs' screen, and HJT, but they remain, impervious, apparently, to mortal man. Is there any way to 'brute-force' remove,(and by remove I mean wipe-out, terminate, eradicate, obliviate, obliterate, flat-out destroy), a program from a HD?

Got shirt yet? :confused:

Will they do any harm? Yes.
They can't be removed? Pretty good chance they are running as a service then. Windows protects programs running as services. You need to find those running processes (CTRL-ALT-DEL -> processes tab) and stop them.
kernels64.exe is the downloader.

Your best bet to remove the trojans is to reboot into safe mode (http://www.wbhelp.com/showthread.php?t=100) and running HJT and your AV program.
Also, a unit at my school has some programs that I need to delete. I've tried both the Windows 'Add/Delete Programs' screen, and HJT, but they remain, impervious, apparently, to mortal man. Is there any way to 'brute-force' remove,(and by remove I mean wipe-out, terminate, eradicate, obliviate, obliterate, flat-out destroy), a program from a HD?
Depends on the program. Is it a commercial package, or some spyware or something?

Yes, I received a cool shirt today, as a matter of fact. Mighty spiffy, thank you. :D