Broke a friend's computer - afraid she'll be fired!

Hi folks,

What an introduction, eh? It's true. Tried to help a friend, had not enough time (she's only here 1.5 day/wk), 'fixed' malware w/HJT and that unleashed a great deal of problems (some contributed by my panicking).

If anyone might be available, knowledgeable of WinXP Pro/Home file systems, malware removal -and- so kind and courteous as to help a malware removal classroom trainee - I swear I'll find a way to make it up to you!

I don't need but about 10-15 mins phone time... if that's at all possible, please reply to this msg - I will check back often!

Since this is a very critical issue, I'll post about -me- (other than being a colossal hose-up!) in a reply post.

MANY MANY THANKS IN ADVANCE! If someone could just help me figure out WHERE I should post for help with this issue, I would GREATLY appreciate that!

THANKS Again!
--Tom

(I'm sure I"m never gonna live this one down...)

 

Hi Tom,

Welcome to Major Geeks!

Please follow this thread then make a new post in malware with the results. They should have you fixed in no time!

 

BTW - I have LOTS of detailed info regarding the situation depicted in my prior post. I can also d/l and run scanners, and post logs. I've just been w/o sleep so long now I can't remember the stuff I -know- that I know!

SO... about me. I'm 43, single, and live in the beautiful North Georgia Mountains with my cat. If she's not already posted as my 'avatar' in my profile, that's only because I haven't gotten around to setting that up yet. I only registered here this morning, so I could get MGTOOLS asap! I found that wonderful System Cleaning checklist via Google (wish I had the link handy for others... maybe some kind moderator will cut/paste that into my post for me?).

Anyhow, I literally fell into the computer industry back in 1980, I believe. I was 16, had worked in food service and retail for about a year before falling into 'Automotive Engineering' (or, twisting wrenches as we say here in the South!). Did that for a year, got my two weeks vacation, and started dialing across the country to see who might be able to put up with me for a couple of weeks! (grin)

I wound up in NYC. Stayed with a friend I met on a whirl-wind trip there about a year prior. Drove up from Atlanta in an immaculate '68 Impala I picked up at the Chevrolet dealership from a coworker - for $200! (Of course, I would later find out this wonderful car was known by the cops for trafficking illegal substances... another day on that one!).

So, here I was, with a car, in New York. My friend was a computer nerd - built his own 8-bit computer in a wooden box, complete with a paper-tape reader for one of the drives... an 8" Single-sided floppy drive for the other. Added a keyboard and a monochrome monitor (fashioned from an old b&w TV) and viola! Home computer!

It ran some very crude version of CP/M (pre-DOS, Motorola processor - Intel was yet to 'become') for an op sys, and WordStar for it's sole 'killer - application'. Personally, as I stared at this box with hand-wrapped wiring on 1.5" posts - I was truly amazed that anyone would put so much effort into something which could only produce a typed page (well, printed by dot matrix). Sure, it was editable, but I'd not been introduced to computers, or word processing - until then.

Next day my friend went to work. We were to meet for lunch, and I was all concerned about driving through Manhattan (from Cliffside Pk, NJ). I left early so I'd have time to get lost and find myself again. I arrived at the office around 10AM... My friend suggested to kill time until lunch, I should apply for an entry-level position as a word processor. They needed folks, and I did spend about 45 mins looking at WordStar the night before... which just happened to be the WP app this company used!

Well, they hired me on the spot. Never learned to type, and here I was with a computer job! How did this happen??? It was in the stars, somehow I guess. (smile) But the more I looked at WordStar, the more I enjoyed it, grew to really appreciate it and love it! Well, within two weeks of starting this job, I was asked to TRAIN new folks coming into the WP dept - no one had experience with word processing back then - it was always done on typewriters! (Yes, I am that old...)

Well, before long I was learning MailMerge and using 'dot commands' in WordStar as a very crude 'batch processing' environment where I could write (very basic) scripts that were sort of the Flintstones version of programming! One of the tech guys there caught me playing with this at my desk after work hours one day and shoved dBASEII in my face. Well, that was it! I was hooked.

I was losing my mind in NYC from the noise, smells, traffic, pollution, and all the constant, non-stop movement everywhere! I grew up just south of Altanta (when it was considerably smaller than today!!!), and nothing had prepared me for New York. The newness wore off quick, and the it just got on my nerves!

By the time I decided I needed to put together an exit plan (about eight weeks up there), my supervisor presented me with a physical check - the company was offerring to send me to Columbia University for a 4-year degree in computer technology - and pay for it ALL up front! I nearly cried. I had just two days prior finalized my plans to move to Raleigh, NC at the end of 7 mos in NYC. I figured I wanted an advantage over folk w/6 mos exp, and knew I'd never last a year there. (Somehow that made sense to me at the time...)

So, being the FOOL I was obviously born to be... I declined the offer and moved to Raleigh where I could barely eak out a living doing word processing through a temporary staffing company which opened there just a couple months before I arrived. Every job I went on had a completely different setup. Different hardware, different software - everything just different. I figured out pretty quick that it wasn't so important to learn the specific quirks of any of these setups, but rather I needed to focus on the similarities and determine how do I get to the feature I know is contained somewhere inside that box? And, I gotta do it with a keyboard (only Xerox had mice then... and trackballs! They were all the rage then...). (grin)

So, after two and a half years in Raleigh, I found myself in a position as night-shift supervisor of data entry operations for a construction company (I probably shouldn't mention names, huh?). They (we) were building/repairing a nuclear power plant - and it was truly an exciting environment!!! There wasn't any radioactive material scheduled to be on-site for another year or two (at least!), so I felt pretty okay with that aspect. But I was what, 20 years old and making almost $40K/yr - twenty minutes south of 'Mayberry'!

Continuing my trend of incredibly foolish career choices, I gave notice to leave this job so I could pursue a geographical move with my first serious relationship. Some of those lessons are REALLY hard-earned! In this new place I couldn't even find a company that had a computer, much less one that needed 'me' to operate it for them! After a few months of daily violent nausea from a paper-processing plant about half an hour upwind of me, and a total of three weeks employment across four months, something had to go - even if that thing was 'me'. My job in Raleigh was already filled, so I headed back to Atlanta.

Did more temp work. Had a real hard time doing what the very conservative business community (back then) considered 'women's work'. It was a very strange time to be in such a very strange place. All different now, but we're talking 25 years ago to now...

I signed up with every agency that came about - since it was so very difficult to locate a client who would accept a temp employee who wasn't wearing 'heels and hose'. (yes, I was desperate for work, but even -I- have limits!) (grin)

After more starvation spells between sporadic moments of employment - noise or not, I went back to NYC. No problems with finding jobs there. I started finding consulting jobs on the side of doing admin/wp because I found so many places putting the same data into three or four different applications, and I could easily automate that process for them. So began my career as a consultant/programmer (albeit dBASE III Plus by then, w/generous usage of DOS batch files).

I returned (again) to Atlanta and started my own home-based business. I made scads of money, had wonderful projects that I really enjoyed, but had no idea 'when to quit'. After about 20 months working for myself, I wound up working about 17-18 hours a day (minimum) and sleeping about 5-6 (maximum). Did that for another two years or so while I discovered alcohol and 'recreational pharmaceuticals' - to the detriment of my self-care. I took on even MORE jobs.

Well, the partying on weekends and killing myself through the week didn't last long. I just did NOT enjoy it. I am really glad, however, that I got all that out of my system in my early-mid twenties. It doesn't appeal to me at all. In fact, I wonder (now) what I ever saw in it! (grin)

This is probably WAY more than a good start... and most likely TMI - to an extreme. But at least now folks know how I got started in technology, if they care to read all this drivel. (grin) I'm glad I did - technology truly is my life. I was built for it and I thrive on it. I still have trouble knowing when to go to bed, though. (grin) Like right now. I need to close this and do that - go to bed! I'm surely not going to solve this problem while I've not slept in two days!

Thanks for listening to my story... I'll save some for another day.
Take care, all!
--Tom

 

Hey dyamond, THANKS SO MUCH! I missed your reply while I was writing that 'novel'... Gosh, I've had SOOOoooo much coffee!!!! I gotta get some sleep now (been a couple days), but I'll take a look at that post in case it's something I haven't seen - and I can 'sleep on it' as they say!

THANK you so VERY much!
--Tom

 

Yepper! This is what my afternoon consisted of (including a healthy dose of hair pulling and gnashing of teeth). (grin) I did all this with my friend's system drive (XP Pro - SP2 w/OLD JAVA) connected into my system (XP Hm - SP3 w/NEW JAVA). Only thing found was after I ran out of scanning 'steps' to follow, I ran a-squared free (it found stuff on my notebook before that nothing else would...) and it popped up that SD.EXE was malware. I dl'd that 'in case' someone told me specifically to run it, but as I have no experience with or knowledge about SD.EXE, I have not run it. I'm sure it's NOT malware, but rather a2f alerted on some special feature/function/ability it has/provides.

BIG LESSON HERE FOLKS - KEEP YOUR OPERATING SYSTEMS -and- COMPONENTS UPDATED!! If you don't know how, read through these posts. If that doesn't help, ask someone here! This situation w/friend's computer started with Virtumonde (I believe - but I know nothing... really), attacking via JRE 6.1 - two patches older than current.

My online tech-forum research indicates this particular malware takes advantage of a weakness in older versions of the Java Runtime Environment. None of -that- is really important for most users, except that if you keep your system updated, you're a LOT less likely to have these problems. And don't expect you're safe because you rely on automatic updates. That was my friend's plan... and that plan toasted her system drive.

(Then of course, some idiot came by and shot at the malware -with the wrong tool-, then panicked and made things MUCH worse... but that's another issue! I'll never do THAT again!!!!!).

Off to sleep for a few hours (I hope!). Then back to 'toasted XP Pro' for another day of fun (and maybe less hair-pulling).
--Tom

 

Wow, that's some introduction. Welcome to MG. :wave
You remember typewriters, huh? There are some here that remember chiseling on a rock! LOL

Follow dyamond's advice. The malware guys here are good.
If there is something deleted from XP that shouldn't have been, start a new thread in the Software Forum and give us an idea what it was. It is possible to fix that if you have a recovery partiton or an XP / Recovery disc.

Sounds like we'll see more of you here.

 

:wave and welcome to the forums..

 

Hi folks - update.

What an incredible difference a bit of sleep makes!

My friend called corporate this morning and said what's happening - she's not being fired! (at least not today...) Apparently the email server with her local ISP has been down, and no one at corp ofc has received any of her emails saying her computer was having problems. Whew! I'm so glad they're all very calm about her not being able to submit her EOM and EOY reports (from December!).

I'm still confused about posting malware logs as I've hosed this system to the point it won't boot. I've pulled her XP Pro SP2 (Java 6.1) system drive and have it attached via SATA port on my XP Home SP3 (Java 6.3) computer.

I corrupted the drive (terribly) by attempting a repair install when it went all goofy after I used HJT to 'fix' the 'mljji.dll' in System32 directory under Windows (there were two other entries, reversed name - ijjlm.something, I think maybe in Windows directory? I 'fixed' those too). That was when it went all goofy and I tried the repair install.

Repair install proceeded fine for about 3-4 minutes, spit the CD out, and restarted. When it came back up, it stopped displaying error msg that it could not find iastor.sys. Retried repair install and now it's hanging (same spot) with error 'can't find hal.dll'

I've been trying to edit boot.ini manually using info from MS knowledgebase and whatever I can cull from net via Google. Just not sure what I am doing here because:
1. I never had a repair install choke on me
2. I never attempted a repair install on an infected system
3. I haven't had a chance to thoroughly play with/learn XP system files setup to know how and where to go for just what, and in what order.

While connected to my XP Home system, her drive seems very stable and there seems no malware activity. I have full/updated protection on that system (built a new XP install from formatted drive just to work on this...).

With her drive plugged into my system, I've scanned with everything I know:
CCleaner (fresh install, run from desktop)
CleanUp! (fresh install, run from desktop)
ComboFix (fresh download, run from desktop on -my- system)
Spybot S&D (fresh download, freshly updated, run from it's default install directory)
AVG (fresh download, freshly updated, run from it's default install directory)
MGTOOLS.EXE (fresh download, run from C:\ of my system)
SUPER Antispyware (fresh download, freshly updated, run from default...)
Ad-Aware 2007 (fresh download, freshly updated, run from default...)
a-squared plus (fresh download, freshly updated, run from it's default...)

Nothing shows up in HJT logs (happy to post...), or any scans - except a-squared plus finds SD.EXE on -her- desktop directory to be malware. I'm sure it's not, it probably just does things that 'look' like malware to a2p.

I'm certain that nothing is appearing in scans/logs because -her- system drive (normally C: and D are remapped as additional storage devices in my system (now D: and F:, my DVD/CD-ROM is E. But I believe all these scanners are looking primarily on C: for malware - I need something I can point specifically to D: in order for it to 'see' her drive in my system.

Since her corporate office said to go ahead and ship the unit back to them to have the drive wiped, XP Pro rebuilt and their 'custom software' reloaded, I've got until 4PM to fix this if I can. She said there's nothing to lose at this point, so I'm going into 'hacker-mode' and trying just about anything. If I can get it to boot itself and stop locking on the failed repair install and the missing hal.dll, then I might be able to approach the 'malware' perspective again.

For now, however, I've got it so hosed up it won't boot, or run anything on it's own, in it's own hardware (mobo, etc). I'm trying to fix that piece first.

I really appreciate all the responses, but so far I can't produce any useable HJT log to submit, and it makes no sense to me to tie up folks time here looking at a clean log! There's other folks with problems they haven't severely complicated by my fumbling (-embarrassed-).

If anyone might be able to help me rebuild the boot.ini/sytem loader files, I would greatly appreciate a hand! But until I can get it to boot again, HJT logs and any scans are just showing my own clean XP SP3 install.

Thanks in advance!
--Tom

 

Welcome to MajorGeeks.com

As advised twice now by both Dyamond and Musksnipe, please make technical posts in the correct forums (Malware Forum possibly in this case). Before posting in the malware forum, ensure you follow the Read and Run Me First link that Dyamond provided in her post below.

The Welcome Forum is simply to introduce yourself to others.

Thanks.