Post by mister frau blucher on Dec 22, 2011 14:46:24 GMT -5
This is not a tech forum, of course, but all those are in a different language, anyway. But I know that a few of the regulars on this forum are as computer-challenged as I. Or at least that is what I tell myself when I need encouragement.
So I got this nasty virus. I did not get it checking out midget Polynesian acro-porn (really), but instead one of two places – videos of old music on youtube, or google images of frogs. So it came in innocuously.
It started up with the standard-issue yadda-yadda of “XP 2012 home security alert” “Virus scan has detected 29 infected files – click here to activate your firewall.” So you know its BS, and no way are you going to click that. So I ran Spybot and it took care of it. Hooray for the Neutral Good guys!
Until my computer slowed to a snail’s pace, a noticeable difference than my regular inchworm’s pace. After various panics and eliminations, I did the CTL-ALT-DELETE thing to get to the Processes. Sure enough, there was “ping.exe” taking up close to 100% of my CPU.
Ping.exe is a legit Microsoft program, a very minor part of Office (I believe, after google research) that does something or other – but you don’t want to delete it of course. Anyway, I Search functioned ping.exe on my computerand found six entries, five spanning 2004-2008, and the sixth one yesterday. Viola! So I deleted it. Hooray for NG! Etc.
So of course five minutes later it was back in Processes. You can turn it off there, but two or three minutes later it is back. It starts at about 7400 and swells within a minute to 300,000 and then 100% of your CPU (I watched in horror a few times). Hooray for CE, etc.
Spybot couldn’t take care of it, so after using a second computer and googling it a few different ways (it goes back a few years but there has been a tremendous spike the last month) I downloaded and ran Malwarebytes – no success. I went into Safe mode and ran both these – no success.
For reference – running Malwarebytes in Safe mode took an hour and a half, Spybot took 25 minutes.
So back to google (and my seventh beer). Now, there are a lot of entries, and the tech forums are the obvious place to go, despite my lack of earlier success. A bunch of removal tools, manual methods that make no sense, technobabble, man this stinks. So back to the first page, and I find a reference to Kaspersky’s tdsskiller, version 2.6.21.0 and I think, What’s one more free useless tool? Particularly one that seems legit? So I download it and run it. Took a minute!
I had allowed myself to hope so the disappointment lasted into my ninth beer when the results were the same. Five minutes after re-booting, ping.exe starts up, giving me the e-finger. Having lost the whole day, I was on the verge of pouring my tenth beer directly into the computer when I noticed a line at the bottom of the tdsskiller’s window saying “Change parameters.” Whatever that meant, I decided it was worth checking out. There were two options, checked ‘em both without knowing what they meant.
This time the scan took two minutes. And it found two problems, with three different options for each (delete, quarantine, live and let live) and being in the dangerous mood I was in, delete it was! So it did that and then told me it had to reboot. After the fifteenth re-start, no problem, eh?
When it rebooted it ran the chkdsk utility, which I had tried to unsuccessfully run earlier because of messages I kept getting. I had suspected after a while that the messages were part of ping.exe.
So when it was rebooting with the chkdsk thing happening, a glimmer of hope sullied my body. It took a while – well, five minutes or so – and then started up. To cut out the rest of the suspense, it actually worked. No more ping.exe crud!
And if you think my account got hijacked and this is a spambot for Kaspersky, Yes, I still sleep in my Conan pajamas. It’s MFB.
So hurray for Neutral G…guh.
Can’t get online. Aol can’t find a modem, Internet Explorer says to call the computer manufacturer. If you have a Dell, you know how laughable that advice is. So…now what?
Well there was a diagnostic button on IE, that could not diagnose anything, but it did give a log of the errors in trying to connect. The Error 12007 was a common denominator. So again googling with the second computer. Lots of tech talk, la la la, could mean one million different things. But the gist is that IE is trying to communicate with a device, but can’t. After power-cycling (unplugging them off for 30 seconds and starting again – worked one time last year) the computer and device, still can’t.
More googling. I find a forum where this guy talks about getting into Tools somehow and checking four entries, making sure they are running. Hey – DHCP is not running, and will not start – Error 1086. So more googling leads to three drivers that need to be running or present for DHCP (and therefore internet access) to run. I check my Drivers folder in Explore, and sure enough, one is missing – afd.sys.
Which all the forums I see on Google claim annot be reinstalled with XP (& is supposedly different). Now I have the disc with all the drivers, and I am tempted to give it a shot, even though I have no idea how to proceed. Windows Help has a little, but as usual the one-size-fits-all nature of it leaves me uninspired.
So I google it different ways, and while the exact problem I have is happening to many on the webs, all the solutions are way beyond my technical ability. But I finally find a forum where this guy claims there are backup files to these drivers in the i386 file on the C drive. My interest is piqued. He gives a series of command prompts to replace it. I begin to hear triumphant trumpets. I search the i386 file, and sure enough, there it is!
I follow his command prompt, reboot and…the computer says it can’t find the afd.sy_ file. I had typed afd.sy_ as this dude directed, as it is supposed to be compressed.
But at this point, I am not too concerned if I screw something up, as I am just about resigned to reloading all of windows anyway (probably would have saved six hours and 7 beers) so I retype the command prompt to replace the damaged file with .sys rather than sy_. And the computer assured me that it was successful.
I rebooted and clicked on IE – and it worked! Hooray for everybody!
I honestly cannot believe that a computer barbarian like me could get rid of this complex virus, which few of the techies seemed to be able to deal with, and then isolated the resulting problem and fixed it. All without doing majorly techie things.
For those who might experience something similar, the command (Start>Run>type “cmd” to bring up the DOS screen prompt) is “expand c:\i386\afd.sys c:\windows\system32\drivers\afd.sys”. Note the two spaces, after “expand” and between the “s” and the “c” as they are important. I imagine you can use this to replace other missing or corrupted files, if you have the i386 folder. If yours is compressed, I guess you would replace the first “afd.sys” above with “afd.sy_” as the dude originally recommended.
Hope this helps other people like myself way over their heads.
Bottom line: when you have the option to click on a second page of google frog pictures, drink 14 beers instead.
Bret
So I got this nasty virus. I did not get it checking out midget Polynesian acro-porn (really), but instead one of two places – videos of old music on youtube, or google images of frogs. So it came in innocuously.
It started up with the standard-issue yadda-yadda of “XP 2012 home security alert” “Virus scan has detected 29 infected files – click here to activate your firewall.” So you know its BS, and no way are you going to click that. So I ran Spybot and it took care of it. Hooray for the Neutral Good guys!
Until my computer slowed to a snail’s pace, a noticeable difference than my regular inchworm’s pace. After various panics and eliminations, I did the CTL-ALT-DELETE thing to get to the Processes. Sure enough, there was “ping.exe” taking up close to 100% of my CPU.
Ping.exe is a legit Microsoft program, a very minor part of Office (I believe, after google research) that does something or other – but you don’t want to delete it of course. Anyway, I Search functioned ping.exe on my computerand found six entries, five spanning 2004-2008, and the sixth one yesterday. Viola! So I deleted it. Hooray for NG! Etc.
So of course five minutes later it was back in Processes. You can turn it off there, but two or three minutes later it is back. It starts at about 7400 and swells within a minute to 300,000 and then 100% of your CPU (I watched in horror a few times). Hooray for CE, etc.
Spybot couldn’t take care of it, so after using a second computer and googling it a few different ways (it goes back a few years but there has been a tremendous spike the last month) I downloaded and ran Malwarebytes – no success. I went into Safe mode and ran both these – no success.
For reference – running Malwarebytes in Safe mode took an hour and a half, Spybot took 25 minutes.
So back to google (and my seventh beer). Now, there are a lot of entries, and the tech forums are the obvious place to go, despite my lack of earlier success. A bunch of removal tools, manual methods that make no sense, technobabble, man this stinks. So back to the first page, and I find a reference to Kaspersky’s tdsskiller, version 2.6.21.0 and I think, What’s one more free useless tool? Particularly one that seems legit? So I download it and run it. Took a minute!
I had allowed myself to hope so the disappointment lasted into my ninth beer when the results were the same. Five minutes after re-booting, ping.exe starts up, giving me the e-finger. Having lost the whole day, I was on the verge of pouring my tenth beer directly into the computer when I noticed a line at the bottom of the tdsskiller’s window saying “Change parameters.” Whatever that meant, I decided it was worth checking out. There were two options, checked ‘em both without knowing what they meant.
This time the scan took two minutes. And it found two problems, with three different options for each (delete, quarantine, live and let live) and being in the dangerous mood I was in, delete it was! So it did that and then told me it had to reboot. After the fifteenth re-start, no problem, eh?
When it rebooted it ran the chkdsk utility, which I had tried to unsuccessfully run earlier because of messages I kept getting. I had suspected after a while that the messages were part of ping.exe.
So when it was rebooting with the chkdsk thing happening, a glimmer of hope sullied my body. It took a while – well, five minutes or so – and then started up. To cut out the rest of the suspense, it actually worked. No more ping.exe crud!
And if you think my account got hijacked and this is a spambot for Kaspersky, Yes, I still sleep in my Conan pajamas. It’s MFB.
So hurray for Neutral G…guh.
Can’t get online. Aol can’t find a modem, Internet Explorer says to call the computer manufacturer. If you have a Dell, you know how laughable that advice is. So…now what?
Well there was a diagnostic button on IE, that could not diagnose anything, but it did give a log of the errors in trying to connect. The Error 12007 was a common denominator. So again googling with the second computer. Lots of tech talk, la la la, could mean one million different things. But the gist is that IE is trying to communicate with a device, but can’t. After power-cycling (unplugging them off for 30 seconds and starting again – worked one time last year) the computer and device, still can’t.
More googling. I find a forum where this guy talks about getting into Tools somehow and checking four entries, making sure they are running. Hey – DHCP is not running, and will not start – Error 1086. So more googling leads to three drivers that need to be running or present for DHCP (and therefore internet access) to run. I check my Drivers folder in Explore, and sure enough, one is missing – afd.sys.
Which all the forums I see on Google claim annot be reinstalled with XP (& is supposedly different). Now I have the disc with all the drivers, and I am tempted to give it a shot, even though I have no idea how to proceed. Windows Help has a little, but as usual the one-size-fits-all nature of it leaves me uninspired.
So I google it different ways, and while the exact problem I have is happening to many on the webs, all the solutions are way beyond my technical ability. But I finally find a forum where this guy claims there are backup files to these drivers in the i386 file on the C drive. My interest is piqued. He gives a series of command prompts to replace it. I begin to hear triumphant trumpets. I search the i386 file, and sure enough, there it is!
I follow his command prompt, reboot and…the computer says it can’t find the afd.sy_ file. I had typed afd.sy_ as this dude directed, as it is supposed to be compressed.
But at this point, I am not too concerned if I screw something up, as I am just about resigned to reloading all of windows anyway (probably would have saved six hours and 7 beers) so I retype the command prompt to replace the damaged file with .sys rather than sy_. And the computer assured me that it was successful.
I rebooted and clicked on IE – and it worked! Hooray for everybody!
I honestly cannot believe that a computer barbarian like me could get rid of this complex virus, which few of the techies seemed to be able to deal with, and then isolated the resulting problem and fixed it. All without doing majorly techie things.
For those who might experience something similar, the command (Start>Run>type “cmd” to bring up the DOS screen prompt) is “expand c:\i386\afd.sys c:\windows\system32\drivers\afd.sys”. Note the two spaces, after “expand” and between the “s” and the “c” as they are important. I imagine you can use this to replace other missing or corrupted files, if you have the i386 folder. If yours is compressed, I guess you would replace the first “afd.sys” above with “afd.sy_” as the dude originally recommended.
Hope this helps other people like myself way over their heads.
Bottom line: when you have the option to click on a second page of google frog pictures, drink 14 beers instead.
Bret