[dba-Tech] W2K won't explore/run things normally - FIXED

MartyConnelly martyconnelly at shaw.ca
Thu Feb 3 13:16:44 CST 2005 

There is a way to save these refresh or restore dll's in a seperate 
directory so you don't need the CD
You may have done this previously.
I think it is in the I386  directory, I would have to look up.
Also if infected don't forget to run these methods in Safe mode

One trick used by trojan writers is to place a  DLL as an a "A­lternative
Data Stream" (ADS) on your System32 directory , so you can't "de­lete" the
file using the regular way . plus the DLL component injects itself into 
the EXPLORER
 process making it invisible in the Task Manager process list.

http://www.sysinternals.com/ntw2k/source/misc.shtml#streams

DJK(John) Robinson wrote:

>1, 2, 3: no effect.
>
>#4 sfc (even without the CD, which I hadn't got to hand) - SUCCESS
>
>Andrew Haslett, of Australia's Indigenous Land Corporation - thank you very
>much indeed!  Take a bow !!!
>
>Now, bed (1.20am here), greatly relieved.
>John
>
>
>  
>
>>-----Original Message-----
>>From: dba-tech-bounces at databaseadvisors.com 
>>[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of 
>>DJK(John) Robinson
>>Sent: 02 February 2005 23:32
>>To: 'Discussion of Hardware and Software issues'
>>Subject: RE: [dba-Tech] W2K won't explore/run things normally
>>
>>
>>Yup.  I think:
>>1. complete the remote virus scan
>>2. give up on Panda?
>>3. replace explorer and reboot
>>4. try sfc.exe
>>5. try repair install
>>6. switch to a Drive Image a took a few weeks back
>>
>>But sleep, work and singing are going to interrupt this over 
>>the next 24 hrs.
>>
>>Many thanks for all your good ideas, guys.  Much appreciated. 
>> I'll report back in due course - probably Friday.
>>
>>John
>>
>>
>>    
>>
>>>-----Original Message-----
>>>From: dba-tech-bounces at databaseadvisors.com
>>>[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of 
>>>      
>>>
>>Jon Tydda
>>    
>>
>>>Sent: 02 February 2005 23:21
>>>To: Discussion of Hardware and Software issues
>>>Subject: RE: [dba-Tech] W2K won't explore/run things normally
>>>
>>>
>>>Try the repair install first John
>>>
>>>
>>>Jon
>>>
>>>-----Original Message-----
>>>From: dba-tech-bounces at databaseadvisors.com
>>>[mailto:dba-tech-bounces at databaseadvisors.com]On Behalf Of
>>>DJK(John) Robinson
>>>Sent: 02 February 2005 23:14
>>>To: 'Discussion of Hardware and Software issues'
>>>Subject: RE: [dba-Tech] W2K won't explore/run things normally
>>>
>>>
>>>I'm trying to avoid that, but it come to it...
>>>
>>>John
>>>
>>>
>>>      
>>>
>>>>-----Original Message-----
>>>>From: dba-tech-bounces at databaseadvisors.com
>>>>[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of
>>>>Ralph Bryce
>>>>Sent: 02 February 2005 22:40
>>>>To: Discussion of Hardware and Software issues
>>>>Subject: Re: [dba-Tech] W2K won't explore/run things normally
>>>>
>>>>
>>>>John
>>>>
>>>>Had exactly these symptoms last week. In the end, I reinstalled 
>>>>Windows 2000 from the original disks (thankfully, I 
>>>>        
>>>>
>>didn't have to 
>>    
>>
>>>>reformat, etc). Problem disappeared
>>>>but then had to download SP4 and other updates from the 
>>>>Microsoft website 
>>>>as the
>>>>versions I had on disk just would not install.
>>>>
>>>>Then Word and Excel wouldn't open files (Access worked 
>>>>        
>>>>
>>OK) so had to 
>>    
>>
>>>>also reinstall
>>>>Office 2000 and service packs.
>>>>
>>>>HTH
>>>>
>>>>Ralph Bryce
>>>>
>>>>
>>>>At 20:41 02/02/2005 +0000, you wrote:
>>>>
>>>>        
>>>>
>>>>>I have an old PC running Win2000 (fully up-to-date) and
>>>>>          
>>>>>
>>>>looking after
>>>>        
>>>>
>>>>>my ADSL connection, running firewall, centralised anti-virus
>>>>>          
>>>>>
>>>>updates,
>>>>        
>>>>
>>>>>etc. Occasionally something else, but mostly just these
>>>>>          
>>>>>
>>>>essentials.  PC
>>>>        
>>>>
>>>>>is on all the time, typically two weeks between reboots.
>>>>>
>>>>>It's suddenly become unhelpful -
>>>>>1.      trying to run programs via Start gives "Windows 
>>>>>          
>>>>>
>>>>Explorer   Unable to
>>>>        
>>>>
>>>>>run this command"
>>>>>2.      Winkey+E (shortcut to run Explorer):  "Access to the 
>>>>>          
>>>>>
>>>>specified
>>>>        
>>>>
>>>>>device, path, or file is denied."  (I'm running as 
>>>>>          
>>>>>
>>Administrator.)
>>    
>>
>>>>>3.      Double-clicking on a file to invoke the associated 
>>>>>          
>>>>>
>>>>program:  no
>>>>        
>>>>
>>>>>effect at all.  (eg .txt to run notepad)
>>>>>4.      Very few system things in the Control Panel work: 
>>>>>          
>>>>>
>>>>most give symptom
>>>>        
>>>>
>>>>>2 or 3 above.
>>>>>
>>>>>It's not just shortcuts, either.  Locate notepad.exe itself
>>>>>          
>>>>>
>>>>and double
>>>>        
>>>>
>>>>>click:  nothing.
>>>>>
>>>>>BUT Winkey+R (to Run something) works fine!  Explorer and
>>>>>          
>>>>>
>>>>all the rest - IF
>>>>        
>>>>
>>>>>you know what to type in the Run window, eg  compmgmt.msc /s
>>>>>          
>>>>>
>>>>  Everything
>>>>        
>>>>
>>>>>works OK in itself: I just can't run anything the normal way.
>>>>>
>>>>>Same after rebooting.  And the services are all running
>>>>>          
>>>>>
>>>>fine: ADSL, ZA,
>>>>        
>>>>
>>>>>Sophos, ...   And nothing interesting in the Event Viewer.  
>>>>>          
>>>>>
>>>>Did a full virus
>>>>        
>>>>
>>>>>and spyware scan, to be on the safe side - nothing.
>>>>>
>>>>>Can't find anything useful on MSKB (and it's not Q172223).
>>>>>          
>>>>>
>>>>Just had a
>>>>        
>>>>
>>>>>quick Google, but nothing useful so far.  And no, I don't
>>>>>          
>>>>>
>>>>have a folder
>>>>        
>>>>
>>>>>call "Program" on my C drive, nor am I trying to play an
>>>>>          
>>>>>
>>>>audio CD, ...
>>>>        
>>>>
>>>>>Has anyone come across a problem like this?  Or have any
>>>>>          
>>>>>
>>>>bright ideas?
>>>>        
>>>>
>>>>>I strongly prefer to tackle and solve problems than give up and 
>>>>>reformat, reinstall, etc.
>>>>>
>>>>>John
>>>>>_______________________________________________
>>>>>dba-Tech mailing list
>>>>>dba-Tech at databaseadvisors.com 
>>>>>http://databaseadvisors.com/mailman/listinfo/dba-tech
>>>>>Website: http://www.databaseadvisors.com
>>>>>          
>>>>>
>>>>_______________________________________________
>>>>dba-Tech mailing list
>>>>dba-Tech at databaseadvisors.com 
>>>>http://databaseadvisors.com/mailman/listinfo/dba-tech
>>>>Website: http://www.databaseadvisors.com
>>>>
>>>>        
>>>>
>>>_______________________________________________
>>>dba-Tech mailing list
>>>dba-Tech at databaseadvisors.com
>>>http://databaseadvisors.com/mailman/listinfo/dba-tech
>>>Website: http://www.databaseadvisors.com
>>>
>>>--
>>>This email has been verified as Virus free
>>>Virus Protection and more available at http://www.plus.net 
>>>_______________________________________________
>>>dba-Tech mailing list
>>>dba-Tech at databaseadvisors.com 
>>>http://databaseadvisors.com/mailman/listinfo/dba-tech
>>>Website: http://www.databaseadvisors.com
>>>
>>>      
>>>
>>_______________________________________________
>>dba-Tech mailing list
>>dba-Tech at databaseadvisors.com 
>>http://databaseadvisors.com/mailman/listinfo/dba-tech
>>Website: http://www.databaseadvisors.com
>>
>>    
>>
>_______________________________________________
>dba-Tech mailing list
>dba-Tech at databaseadvisors.com
>http://databaseadvisors.com/mailman/listinfo/dba-tech
>Website: http://www.databaseadvisors.com
>
>  
>

-- 
Marty Connelly
Victoria, B.C.
Canada

More information about the dba-Tech mailing list