|
To run the mcrepair fix just click on it. This fix ONLY applies if you have Microsoft Office 2000 or an office 2000 component on your system.
|
Thanks again, Godfrey. In that case I have run it. And it should have worked if it was going to because I am running Word 2000. But it hasn\'t fixed the problem. So maybe down to something in the HijackThis lists I sent you. Many thanks for all your time.
HJ
|
HJ:
i will quote from just one of many other people who had the same problem, and how they fixed theirs.
Problem:
Internet Explorer Script Error - help! posted by Rita on October 12, 2002 at 1:01 pm:
Line:228
Char:1
Error:Incompatable version of the RPC stub.
Code:0
URL:res://C:\WINDOWS\SYSTEM\SHDOCLC.DLL/preveiw.dlg
This is the error message i get when trying to print on the IE6 or Outlook Express---I am using Win98 (not SE )
I can print if i highlight then Point & copy go to Word pad & paste it in !!!
solution:
posted by Leon Soski on May 23, 2003 at 9:44 pm:
I started getting this particular error message after trying to get rid of another one. This is what I did today and it seems to be working:
1. Go to control panel and add/remove programs
2. Choose to uninstall your internet explorer. Another window will come up and give you three options. Choose the one that says to restore the previous one. It sent me back to explorer 5. Follow the directions to restart.
3. After restarting check to see if you can print or whatever problem you had is still there. If your problem is gone go back to microsoft.com and install the explorer 6 (or whichever you wanted).
in other words, you need to repair or unistall/re-install IE6 sp1 plus the latest cumulative patch.
|
HJ can you go to this URL please:
office.microsoft.com/officeupdate/default.aspx?CTT...3
Under Office Update and Click check for updates.
I haven't received your HijackThis logs as yet
|
Tough one this can you also download and install this script update at:
tinyurl.com/7zh0
|
OK classic Microsoft drop off you neeed the older version of
dispex.dll
Tough one this can you also download and install this script update at:
tinyurl.com/7zh0
When it says do you want to replace dispex.dll with an older version click yes.
|
|
|
|
Huge thanks, Dalglish. That worked. Everything back to normal.
HJ
|
Many thanks, Godfrey. Dalglish\'s solution worked. You should have received my e-mail because I\'ve had no notification that the mail failed. I e-mailed to the address that comes up in your backroom profile.
HJ
|
Bit worrying didn't get your email. Re-installing IE would also install an older version of dispex.dll. Not easy to find beacause MS aren't putting their hands up. Glad all is now OK.
I'm off now to send myself an email.
|
|
|
|
Why do I almost invariably get the message "Done but with errors on page" in the bottom left corner when I am on the HJ pages? Well, except now of course! Doesn't seem to make any difference by the way!
Phil
|
|
Ignore it Phil unless sites stop working. Minor website coding problems can give you this message. If you have certain security filtering software installed you will also get this message. Nothing to worry about.
|
|
Thanks G - I wondered whether it might be Spybot, Adaware etc. Naturally since I asked the Q the message has not reappeared!
|
|
|
|
Huge thanks, Dalglish. That worked. Everything back to normal. HJ
you are welcome hj.
i will pass on the thanks to my uncle.
he has an even better memory than my dad's photo memory!!
my uncle came up with the answer.
|
|
I'm sure everyone in this thread will be overjoyed to hear that an announcement regarding Bill Gates' forthcoming knighthood is going to be made tomorrow!
|
Us linux & mac users can but dream that the sword slips ;-)
teabelly
|
|
I quite agree, but imagine the cult of the blessed martyr. It could be worse than the living saint: all those Windows machines following the virtual cortege in zombie deference, controlled by a thirteen year-old hacker in Ohio. It would ruin our Internet for a few days, that's for sure.
|
|
goto Annoyances.org as ask your question there. Select your operating system search for any similair probs and if no luck ask your question clearly. Regards Peter
|
Thanks everyone HJ's problem is now fixed. Just a bit of tidying up to do. Dalglish got the same fix as me by a different route
GH
|
Just a quick note to all those souls who, unfortunately, aren't running Mac OS X or Linux ..... ANOTHER Windoze virus !
Mydoom virus
=============
DAMAGE CAUSED
=============
In addition to sending itself on from an infected computer to any email address it can find, the worm "listens" to the internet whenever you are online, exposing your computer to remote control by the creators of the virus. This means that further unknown damage may be caused. In addition, between 1 February and 12 February only the virus will seek to attack a particular website, and so you may find internet access slow during that period because of the automatic activity it will be doing.
WHAT TO LOOK FOR
================
The virus arrives in an email with a spoofed "sent from" address, varying subject messages, different text in the body of the email, and attachments of varying names too! However, the attachment is always about 22kb in size. The virus is therefore very difficult to detect, and our advice is to MANUALLY update anti-virus software immediately.
ACTION TO TAKE
==============
Users of Norton's anti-virus should double-click the yellow shield icon that is displayed in the bottom right hand corner of the screen, near the clock. The "Symantec anti-virus" screen will be displayed. The date of the virus definition file should be 26/01/2004. If not, click the "Live update" button. The program should then connect to the Internet and obtain recent updates. If it does not appear to do anything, go to a webpage using internet explorer, and then click the Live update button again.
Users of other anti-virus software should update as per the manufacturer's instructions.
SYMPTOMS OF INFECTION
=====================
The Notepad program starts automatically, and displays nonsense characters. There will also be high modem usage for a period, as the virus emails itself on to everyone you know.
ACTION IF INFECTED
==================
Do not turn computer off. This causes a further component to be installed.
Update anti-virus software as above, and scan computer.
|
Thanx Arnold.
It's been a nightmare this morning.
Worst e-bombing I've ever had. Over 1,000.
Fortunately Symantic live update live-updated before the s*** hit.
But I've had to re-set a few things in order to cope.
HJ
|
I had this one too and I am currently infected. McAfee didn't stop it although I haven't got the latest updates installed - yet. It does seem to be stopping at least some of the attempts to send mails though.
us.mcafee.com/virusInfo/default.asp?id=mydoom gives removal instructions.
The reason I'm sharing this is that I too have had a message apparently from HJ which was infected so maybe, just maybe, HJ isn't as clean as he'd hope. Neither, for that matter am I.
|
The address in the from line your email package displays probably isn't the person that is infected. You need to set your email package to view full headers and in the headers section there will be another from line with a machine name and a HELO= blah. The HELO can be faked but I don't think the Received : blah can be. The From address which doesn't match the retun path address is the likely source of the problem.
teabelly
|
Of course, that's the problem with these e-mail viruses ... they send out loads of new e-mails, hence overloading e-mail servers, whatever OS they're running !
|
Hmmm... okay, I may be clean now. I ran the update at the link I gave and it wouldn't delete the file until I edited the registry as my link suggests and it seems to be okay at the moment.
Day off work and this happens... had I been in work I wouldn't have had the access permissions to do the damage and would probably have read or heard about it before I got home too.
|
I never sent DavidHM anything, so obviously some ****head has targeted me to try to **** me up. If I find out who it is I will **** the b******.
HJ
|
Hello.
Hj what has happened.
Martin Winters.
|
Panda AV has also updated, if you use the daily auto-update feature. They have removal tools if your PC is infected.
A lesson to (a) Use a good AV with DAILY updates and (2)make sure you either update manually every day or set to auto update.
|
Obviously the mail was deleted without being examined too closely. I could have read the header information but decided not to bother.
It is possible that someone else with me and the letters@honestjohn.co.uk address in their address book is also infected and the virus has chosen to pick up on that address to spoof the sender but not all viruses do that. After all, who would you trust more if a little bit naïve - your brother, or some random address from a friend's address book?
Don't ask me why I opened the virus - I know it's wrong and I know what to do to avoid it. I just idiotically chose not to.
HJ - It's highly unlikely that anyone chose your address to set you up. If your system is clean now, then it is almost certainly a fellow backroomer or moderator who sent the virus to me.
|
Thing is I'm getting literally thousands of e-mails returned by servers (because they contain viruses) that I never sent.
HJ
|
OK, here's what's happening. Someone with your email address stored in their address book on a vulnerable Windows machine has picked up the virus. The virus looks through that user's address book and sends out messages to people listed in it. But it inserts random addresses from the address book in the "reply to" line. Therefore, when/if an email fails the mail server bounces the message back to the address in the "reply to" line, which in these cases is you. You personally haven't sent the messages, but an infected Windows machine is sending them as if they came from you. I'm also getting these bounced messages and it is absolutely impossible that my machine is infected by this virus. Just delete them and use your Mac instead.
Ignorant and/or stupid people with badly set up machines and poor quality software are being exploited by the people who write these things and making life difficult for the rest of us.
|
Chris
I was advised to enter the first address in the address book as
AAAAAAAAAAAAAAAAAA. This is supposed to stop anybody/thing reading and obtaining addresses further on.
Is this correct?
DVD
|
That used to work against certain specific threats, but not any more. It didn't take long for the virus writers to get past that. Best thing is just to not open any attachments--check independently with the sender to see if they sent an attachment--keep your system patched and keep your AV and firewall software up to date. Using a mail program other than Outlook or Outlook Express is also a good idea as address book locations and formats vary. Try Eudora or Mozilla Thunderbird.
More drastic is changing your operating system. I've recently been looking at Lindows and Xandros, Linux-based operating systems, and I am impressed. Xandros will cost you $89 but it does include software to allow you to run Word, Dreamweaver and other Windows progams in Linux. Lindows installed and configured everything in about half an hour. Xandros is apparently even quicker but I haven't tried it yet. I recommend getting the boxed sets of these rather than downloading, because the manuals are useful.
Having said that the main problem with Windows is the way people use it--it is full of holes, but holes can be plugged if you're careful.
|
Having said that the main problem with Windows is the way people use it--it is full of holes, but holes can be plugged if you're careful.
Ditto. I have agreed with ChrisR in the past on this point. Simple housekeeping and security measures will prevent most problems.
Despite having only ever using Windows, I have never yet been infected by an e-mail virus. And I get maybe 1 or 2 spam e-mails in a month, 8 max in a year. The only virus I had was a simple bios attack, way back in the nineties, from an infected floppy diskette.
|
VMT to HJ for starting this very useful thread, born of desperation but already most useful, and to Arnold2 for alerting us in such detail to this new nasty.
Before reading Arnold's wise words, I received two messages today with attachments (which were "greyed-out" by existing antivirus software) which, for interest, were described under the "paperclip" as "message.zip" and "body.zip" and 22.7KB and 22.6KB respectively - just like Arnold said - plus a virus warning message regarding a Japanese language email from Sony which has been deleted because it too has a "body.zip" attachment (size unknown).
AVG Grisoft and Ad-aware users please note that both have issued updates today so do what Arnold says - without delay!
With renewed thanks.
Jack
|
|
With quite a lot of email sporned viruses they use your address book to transmit out of your machine but fail if the email address is invalid. So enter an email adress of !000 and description of Suspect Virus. !000 is always at the top of your email list so fails to let the virus spead at the first hurdle. Regards Peter
|
I suffer from lots of spam emails which don't bother me in the least. However, I am curious to know why, after a paragraph offering me their service, there often follows a long paragraph of gobbledegook - here's an example:
"dizygotic cuttoe eightangled bind bog bean venlo veale . clipped conkers amugis dispatchbearing antioxygenation blastocoele adz eye armored woolsey's ziggy capital gain azotemia aqualunger bisexualism faipule durometres boneidle blanket ballot blood mole air letter blush rose flowerlessness zuniga cablelaid. chess opening duikers corsned acylate. dimsighted enhypostatises banshees allred afara uroceridae big business architraves commendingly blazons dishumanize commutativity electrolysises fillipeen amyosthenia dispersedly brain box centrolinead. zulus flossed bailiwicks chinook faintful confirming acetaminophen atazir animalizing drias acarpous backstroking curling machine who bedeck featherer angiocardiography fancy-feeding daytide empty-headed dakoits dolefuls birdland weissert creosotes beaned existentialistically foreteach enarbour abrogator bestrapped curve anther car wheel batmen cart horse antisyphons clattery fashions bestness chickening alienabilities extracellular deep-pitched finfold theory colaphize chalkeating fire beater amarettos copperalloyed cageman enlivener browless dissensualises widmaier bivalve blindnesses carabins cetera blood sugar bed hinge creta baubling disseminates woller fairspokenness fiery-eyed dazedness extrapolate content word complutensian didies alniviridol formability conspicuousness fishskin belly button felanders. bookleaf trachea"
What's that all about then?
The Register had it's own take on the origins of these items - see www.theregister.co.uk/content/28/34840.html
|
To the best of my knowledge this random junk text is just to confuse spam filters. I've noticed a lot of it gets past the Brightmail filtering used by my ISP. The same applies to odd1y sp£1t, s p a c e d or p`uncuated words.
(By the way, I originally put a Euro symbol in the above but the rest of the sentence got ignored when I previewed it. I wonder if there's any automatic Euro filtering on the site!)
|
|
Doesn't work. Used to work in some cases. Doesn't any more. This current one even checks your browser cache for likely-looking email-alike addresses. Outlook and Outlook Express are Typhoid Mary and her sickly younger sister. Use another mail client and don't ever ever open an attachment unless you have verified its origin.
|
Thanks for warnings above - just updated my virus checker and scanned - no virus! (yet)
Changing tack and hoping this is right place to ask Q. My wife has just had a laptop passed to her at work but the person who passed it on left and went to work in Korea(?)The laptop demands a password when switched on but no-one knows it and the previous user seems to be uncontactable. Is there a (simple!) way of bypassing this problem password? Seems a pity if not since the laptop is only about a year old.
The "workplace " is a school and the "IT specialist" doesn't seem to know much -to the extent that he did know the password but didn't write it down (!) and has forgotten it!!
Education, education, education!
Thanks
Phil
|
If it's a power-on password (one you get before the PC even boots) you might find that the manual tells you how to override this. If you don't have the manual, have a look on the manufacturer's web site: these are usually available to download.
With desktop PCs it's normally a matter of fiddling with a jumper on the motherboard but I've never needed to do this on a laptop.
|
|
Presumably this is a password set in the BIOS settings: your tech person should have password protected the BIOS settings in the first place so a user couldn't set this boot up password... Rather than fiddle around with jumpers I prefer to take out the battery for a minute or so--this is the tiny battery on the motherboard, not the main laptop battery. It's possible that one of the removable plates on the bottom of the laptop conceals this, but otherwise it's a dismantling job--may not be too onerous, but do earth yourself.
|
This could also be a product like Safeboot which requires a password at boot and used to be in fairly widespread use on corporate laptops.
Safeboot is designed to protect data but, being an encryption product which works at very low level, but there's not much a complete OS reload won't cure! Make sure you have all necessary drivers etc before starting.
|
Not just us Mac-heads who think their OS is better.....
www.theregister.co.uk/content/55/35175.html
"Dave" (Dave Thomas, FBI,Assistant Special Agent in Charge of the St. Louis Division) "had some surprises up his sleeve as well. You'll remember that I said he was using a ThinkPad (running Windows!). I asked him about that, and he told us that many of the computer security folks back at FBI HQ use Macs running OS X, since those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box. "
Read the rest of the article - quite frightning !
|
"And they're secure out of the box. "
Oh dear...
Much as I like Macs (I own two alongsode my PCs, and look after over a hundred of them at work) nothing is secure out of the box.. yup, that includes Unix.
Flavours of Unix and Linux have just as many vulnerabilities as windows, but admittedly they're mainly in supplied applications rather than the OS itself. The issue is that they're a damn sight harder to patch for Joe Public than simply running Windoze Update. This is changing for the better with systems like Redhat and SuSE, but it shouldn't be ignored. Sendmail anyone?... ;)
On the whole though, you do have less things to worry about in terms of the more common hacks when you're using a Unix derivative, simply because Unix user/file rights techniques force certain limitations from the start. Let's hope Bill learns this for the next release of Windoze, because he ignored everyone with XP...
|
Even removing the batteries isn't guaranteed - companies like Dell have a sort of dual BIOS system where the second chip can only be accessed by the first and contains the password needed to override the system, so even reflashing the bios won't help. When you supply the service tag from the machine to a Dell engineer, you'll receive a master password in return. Dell also keep track of users (or at least, used to) so if a laptop is stolen and the user requesting the code isn't the registered one, the person on the books will be contacted to validate a change of ownership. No consolation for having one stolen, but at least you have the satisfaction of knowing that some thieving toerag won't be getting the benefit of your ex-PC!
As it happens though, there are some key generators available for certain models, but I think the encryption has been toughened up since these started to become widespread.
|
|
Thanks for your responses - not quite as simple as I imagined! But I suppose that's the point of a password. Quite why the school (the actual owners of the machine) didn't keep a record, or even forbid use of these passwords (can't imagine much that is secret on it) is beyond me. Especially in our cash strapped system. Waste of a thouand quid or so - that's a lot of textbooks!
|
You could try looking on this site to see if helps with your bios problem.
www.wimsbios.com
|
I will cut to the chase here, have read the posts and am in the same position, getting emails returned by servers undeliverable but I have not sent these. Understand from previous posts how this happens.
I have Norton AV, updated date 28/01/04 but when these are being sent back to me there are files attached. Now I have never opened these opting to delete straight away, but I would have thought that Norton would have alerted me at that point? Or does it only alert when I click on the file to open it?
Incidentally, the emails are all "Hello".
|
Hello.
I have the same problem too Hj must have infected everyone.
No offence sir its just a silly internet problem.
Kind Regards
Martin Winters
|
|
No, the emails I am receiving are not from HJ.
|
The emails are not from me. I\'m currently getting about 2,500 returned emails a day, returned by virus protected servers because the emails allegedly sent by me contain viruses. That\'s the nature of the latest zit-faced American virus. It steals your address from someone\'s address list then sends e-mails to everyone else on it apparently from you so they get sent back to you and clog up the system. Apparently the Feds are on the case.
HJ
|
|
HJ, you could always check the IP address within the message propeties of the sender, then goto swhois.net and enter the IP address there, and with any luck the site will tell you who you send an abuse report email to. When you forward the spam to the relevant abuse address, remember to include a copy of the full message properties.
|
|
Crikey, DD, with 2500 per day. I know HJ is a miracle worker but............................
|
|
Actually I feel unloved by the world - so far I haven't had a single one of these pesky things!
|
Crikey, DD, with 2500 per day. I know HJ is a miracle worker but............................
True, but after just completing a similar task myself (but on a much smaller scale) it turned out that a lot of the spam came from the same source/network when I checked the IP addresses. I reported quite a few to the relevant abuse depts, and it has also stopped a lot of the other spam messages to one of my Freeserve email addresses.
|
Sorry Dave, I can't understand this. Could you re-write it in very simple language.
HJ
|
HJ, not sure what email software you're using, but with Outlook Express you highlight the email message and then press the "Ctrl" and "F3" key, which will then bring up the message source. Within this info will be the IP address of the sender. You have to be careful as sometimes there will be more than one IP address.
Anyway, once armed with these numbers, copy and paste them in the site I mentioned above. Hopefully you'll then be presented with details of who to contact - usually in the form of abuse@whatever.co.uk or webmaster@whatever.com , for example.
Armed with this info, forward the email to the relevant address, copying in the full message source that you previewed ealier to get the IP address, and a short message as to why you are forwarding the email to them.
I generally put something along the lines of "Dear sir/madam, I am drawing your attention to this spam email that appears to have originated, according to the IP address of the message, from your network. Can you action please?"
|
Fortunately Symantic live update live-updated before the s*** hit. But I've had to re-set a few things in order to cope.
HJ
Hey John, you better watch your words or we may have to edit your messages "s***hit" ????
|
|
|
|
