forster Posted September 15, 2003 Share Posted September 15, 2003 I built a new machine about a week ago. Windows XP Home, McAffee AV + Firewall, adaware 6. Installed all my software etc and all is working fine. Until... Last night I downloaded a file from Kazaa. As soon as the download finished, my machine is suddenly really slow, like all the memory was being used on a process. I navigate to the file I just downloaded, double clicked it, and nothing happens. Explorer now crashes and I reboot. I navigate to the folder again, execute the file, slows and crashes again. Reboot. Navigate back to the folder, try and delete the file - single click to highlight, my machine again slows, crashes, reboot. Get back into XP and ctrl+alt+delete and start closing down the processes I dont recognise - navigate to folder and deleted the file. Knowing that the file that I have downloaded may include something horrid in the .exe (and no, Im not going to say what it was) I run adaware and mcaffee - both come up blank. My main concern is that my firewall was down at the time (I took it down to get my PS2 online) and I'm not sure if someone could have gotton in after I downloaded the program. Basically, after all that, I am left with this problem. All outgoing internet requests (such as for webpages, kazaa, messengers) aren't finding their respective sites. My connection to my ISP connects fine. Although there is a small trickle (a few bytes per second) incoming and outgoing - I'm presuming this is from and to my ISP. I have two other machines, which can connect fine through the same line, so I know the ISP and line are fine. /me thinks that there is something suspect on my machine - suggestions? I'm left with reformatting (a bit extreme) but I dont want to. All internet settings are checked and looking OK, tried connecting via IE and Firebird and nothing. :cry: Please no flames about using Kazaa or P2P products, I know that they are a cesspit of virus's :whistle: Link to comment Share on other sites More sharing options...
mAcOdIn Veteran Posted September 15, 2003 Veteran Share Posted September 15, 2003 Are you're computers in a workgroup where one can see the other? If so you can share the whole drive of the infected computer and give everyone full control overit. To do this just right click on the C:\(or whatever for you), choose sharing and security, choose share the folder on the network, and then check allow network users to change my files. Then you can map that drive on one of your clean systems in My Network Places. After you've done that you can use whatever anti virus is on your other pc's to scan and hopefully fix the infected pc from over the network. Also do a search on your infected pc's hard drive for a lmhosts.sam file usually in your windows\system32\driver folder and see if there's any IP's in there. You really don't need the file so you can delete it and see if you get net access back. Also alot of antivirus programs allow you to make rescue disks but I don't know if mcafee has that option. Using that you could boor from the disk and it could scan your system. Link to comment Share on other sites More sharing options...
forster Posted September 15, 2003 Author Share Posted September 15, 2003 Are you're computers in a workgroup where one can see the other? If so you can share the whole drive of the infected computer and give everyone full control overit. To do this just right click on the C:\(or whatever for you), choose sharing and security, choose share the folder on the network, and then check allow network users to change my files. Then you can map that drive on one of your clean systems in My Network Places. After you've done that you can use whatever anti virus is on your other pc's to scan and hopefully fix the infected pc from over the network.No, none of the 3 are networked. When one machine is connected, the other two cannot - its a 'pull the modem from one machine and plug it into another' scenario.Also do a search on your infected pc's hard drive for a lmhosts.sam file usually in your windows\system32\driver folder and see if there's any IP's in there. You really don't need the file so you can delete it and see if you get net access back. Will do when I get home - all I can think of is that there is a file like you mentioned that is somehow 'blocking' the outgoing connections. Link to comment Share on other sites More sharing options...
YaZoR Posted September 15, 2003 Share Posted September 15, 2003 sorry but, a hahahahahahahha. i had a prob, similar. check your hosts file isn't filed with bogus stuff. Link to comment Share on other sites More sharing options...
AdzzzUK Posted September 15, 2003 Share Posted September 15, 2003 Something I use regularly to find out about the latest nasties doing the rounds is securityresponse.symantec.com - have a look at http://securityresponse.symantec.com/avcen....hllw.cake.html - specifically the filenames it spreads as! Ring any bells? HTH, Ad Link to comment Share on other sites More sharing options...
Groovedude Posted September 15, 2003 Share Posted September 15, 2003 Look in Main Directory of C: + D: make sure you have hidden files / folders so you can see them. and look for a "explorer.exe" laying around. What was the files you downloaded BTW ? Link to comment Share on other sites More sharing options...
forster Posted September 15, 2003 Author Share Posted September 15, 2003 What was the files you downloaded BTW ? Which part of 'no im not going to tell you what i downloaded' did you miss ;) Needless to say that it was a 170ish meg .exe. Thanks for all your suggestions, I'll have a peep this evening. And where is the 'hosts' file? :pinch: Tah Link to comment Share on other sites More sharing options...
forster Posted September 15, 2003 Author Share Posted September 15, 2003 Something I use regularly to find out about the latest nasties doing the rounds is securityresponse.symantec.com - have a look at http://securityresponse.symantec.com/avcen....hllw.cake.html - specifically the filenames it spreads as!Ring any bells? HTH, Ad Mmmmm caKe ;) I'm just gutted because mcaffee is up to date as of yesturday AM - and it is find nothing. Link to comment Share on other sites More sharing options...
mAcOdIn Veteran Posted September 15, 2003 Veteran Share Posted September 15, 2003 And where is the 'hosts' file? :pinch: Tah It's in the second paragraph you quoted me on from my first post. Link to comment Share on other sites More sharing options...
forster Posted September 15, 2003 Author Share Posted September 15, 2003 And where is the 'hosts' file?? :pinch:: Tah It's in the second paragraph you quoted me on from my first post. Gotcha :blush:: Link to comment Share on other sites More sharing options...
forster Posted September 15, 2003 Author Share Posted September 15, 2003 Well, deleted hosts file, no change, and no explorers anywhere they shouldnt have been. Nuked the XP partition and am installing Linux. Always wanted a linux box and an xp box ;) Thanks for your help guys. Link to comment Share on other sites More sharing options...
Recommended Posts