Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pro Advice?


  • This topic is locked This topic is locked

#46
n3ko

n3ko

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
I wish I were kidding. :)

Worse, on a reboot, now my graphics are a mess. I just unistalled my video card adapter and am about to reinstall. Crossing my fingers...
  • 0

Advertisements


#47
n3ko

n3ko

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
I wish I were kidding. :)

Worse, on a reboot, now my graphics are a mess. I just unistalled my video card adapter and am about to reinstall. Crossing my fingers...
  • 0

#48
n3ko

n3ko

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
I wish I were kidding. :)

Worse, on a reboot, now my graphics are a mess. I just unistalled my video card adapter and am about to reinstall. Crossing my fingers...
  • 0

#49
n3ko

n3ko

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
I wish I were kidding. :)

Worse, on a reboot, now my graphics are a mess. I just unistalled my video card adapter and am about to reinstall. Crossing my fingers...
  • 0

#50
n3ko

n3ko

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
I wish I were kidding. :)

Worse, on a reboot, now my graphics are a mess. I just unistalled my video card adapter and am about to reinstall. Crossing my fingers...
  • 0

#51
n3ko

n3ko

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
OMG, Epic Face Palm.

Can you please delete these? My browser was hanging and I never thought they posted. Even after arefresh I couldn't see them. Had to close the page and log back in. *sigh*

It's so late.

Anyway, I DLed an update for the video card driver from MS Updates. I wonder if that's what that little program was? I uninstalled it and my graphics were completely insane after reboot. So, I uninstalled the original driver and reinstalled, and things are fine again.

I think this is a sign. Time to go to bed. :)

Thanks for the tips. I haven't looked at any temp folders as of yet, so I'll do that! I'll get those disks first thing tomorrow. Why not make several images as I go along? :)

See you in the morrow and have a great night!
  • 0

#52
makai

makai

    Portlock - Oahu

  • Member
  • PipPipPipPipPip
  • 2,793 posts
:) Video driver??? Not a virus??? Aint' it fun!




Why not make several images as I go along?

Nah, not necessary at this point. As long as you can make the first Windows install image you should be fine. After you're fully installed and tweaked, then make another image. You will be so pleasantly surprised if you ever have to use it.
  • 0

#53
n3ko

n3ko

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

:) Video driver??? Not a virus??? Aint' it fun!

:)
Yeah, it's weird. Not usre what it was all about really.

Two virus scanners said it was malware and potentially dangerous. I looked it up and a ton of places, including Microsoft said it was an unnecessary application from a 3rd party and creates a potential backdoor security risk. 68% or more dangerous. I didn't recognise the program, never had it before, and I don't know where it came from.

So, I uninstalled it and got rid of the BHOs with Hijack This. Reboot, and now all my graphics are hugely blown up so I could only see one corner of the screen! I uninstalled the original driver and reinstalled it, and everything was back to normal.

2 theories:

1) I DLed an update of the graphics driver from ms update. Never bothered before - if it ain't broke, you know? This could have been that, but the thing is my graphics card is nVidia so this ADSTechnology thing should never have been applied to my card. And uninstalling should have rolled me back to the original, not blown all the graphics up. Lastly, it was an exe file in my program files, which makes it even more unlikely it was actually a driver.

2) I couldn't install my firewall or antivirus right off. It kept popping up that I needed SP3 and .net framework 1.1 first. S, I went onto ms update with only the windows firewall and scanner (crappy) and got those then installed the security before I continued.

During this time, something kept pinging my desktop trying to get into my system - I forget the exact message, but it said something about blocking an attempt to access BIOS. I checked the IP and it was from a server in CA. Iana.org or something. When I had my firewall up on the laptop, there were attempts there too.

So, I wonder of a bot or crawler or something dropped this file into my computer while I had bare security. But why Program Files, is beyond me - would have thought it should be dropped into System32 if it were a backdoor.

Anyway, I definitely know I've never had this program before. I also know it's not anything I personally installed. Don't know where it came from, don't care. Gone now and all is OK. :)

OK, heading out to get some disks. Will proceed with the temp file cleaning and imaging when I get back. :)

[Edit:]
Just got back from the store, and a new threat has popped up. Looks like Theory #2 has been proven and a bot was messing around in my computer dropping stuff before I could get my own security up. I only connected to MS Update, so I don't see where else these could have come from.

Anyway, am running scanners with system restore off (latest threat said it was in the restore folder). >.< This irritates the heck outta me. LOL

Malwarebytes first then. in 4 minutes it's found 11 objects! :)

Edited by n3ko, 13 September 2009 - 10:09 AM.

  • 0

#54
n3ko

n3ko

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Good lord! :)

This ADSTechnology thing seems related to my HP quickplay drivers. Those were installed from my drivers disk I created when I first rebuilt this computer - and I never had them show as a threat before! I also was not online when I installed any of those.

I uninstalled the exe from programs files last night, as I mentioned. Since then, each program I run has found some reference to them in BHOs, registry keys, etc. I remove, reboot, rescan and nothing shows up again, so I move onto the next scanner.

Am finally on AVG and NOW AVG is showing a dll & 2 new exe's.

C:\Documents and Settings\User\Desktop\Installed Drivers\Quickplay 2.0\ADSTechnologyInstall.exe\$JF\ADSTechnology.dll
C:\Documents and Settings\User\Desktop\Installed Drivers\Quickplay 2.0\ADSTechnologyInstall.exe\$JF\ADSTechnology.exe
C:\Documents and Settings\User\Desktop\Installed Drivers\Quickplay 2.0\ADSTechnology.dll

I'm going to try and fix it again with AVG, nothing is showing on other scans now: Kapersky, Malwarebytes, Adaware, Spybot. System Restore is off. How is this repopulating itself!? :)

Maybe I need to do this in Safe Mode? *Sigh*
I know this isn't the malware forum, it's just that this is apparently related to a driver I installed from HP (I guess) in my rebuild. Just let me know if you feel I should repost this there and off I'll go...

[Edit:]
OK, it's an illustration of the measure of my frustration & exhaustion from this whole process, that I didn't realise until re-reading my post that the path I just typed is the install folder on my desktop that I dropped the drivers into before installed them by hand the other day. >.<

That's the installation folder for the original file. Not an installed program repopulating. Another Face/Palm.

Gonna delete the bugger then rescan and continue with my efforts. So sorry for the sudden hysteria. I get like that when it's my own machines that are messed up. =|

Edited by n3ko, 13 September 2009 - 12:12 PM.

  • 0

#55
makai

makai

    Portlock - Oahu

  • Member
  • PipPipPipPipPip
  • 2,793 posts
Is the only reference to them in your Antispyware apps is that they are tagged as a BHO? If so, then I wouldn't worry about it right now. BHO stands for Browser Helper Object. Browser Helpers are things like Yahoo toolbar, Google toolbar... even Spybot acts like a BHO if it's monitoring IE. If this is a valid HP program, then I'm not surprised it has a BHO component. Also, if your AV is picking it up, it's possible that it's a false positive. AVG and Avira will flag false positives quite often... I know because I've had it happen several times. I had to send files to Avira several times for them to check out and every time they came up with a new definition to fix the false positive. By the way, I recommend Avira over AVG. I used to use AVG until it got bloated... basically doubled the size of the application. If you go with Avira, disable the Guard after installation if it slows down your internet usage. I recommend you contact AVG, since you're using it now, and send them the exe and/or dll file for them to check on. It may be a false positive.

However, I'm not supposed to give Malware advice, so if you believe it's actually Malware, then you need to create a post in the Malware forum. But before you do, this is what I would do. Uninstall Quick Play, and then go into Services and disable any entry with reference to Quickplay... sometimes uninstalls won't delete the Service and so the Service will may run if there are components in the registry or in the System32 folder. I would also check the msconfig Startup tab for any reference to Quickplay and uncheck them. Also use Hijackthis to scan for any other startups and kill them. By the way, this forum no longer uses HJT... we now use OTL found on THIS page. Lastly, I would send the exe and/or dll to AVG. Once you do that, and while you're waiting for AVG to get back to you, continue on with the rest of the installation.

Again, I have to ask, is the only problem is that this thing is getting flagged as a BHO?
  • 0

Advertisements


#56
n3ko

n3ko

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Hi! Sorry, errand and trying that diagnostic again.

No, it's not just getting flagged as a BHO. The actual program is being flagged as a trojan and Malware. I did a search on the BHO, the dll and on the file. There was nothing specific about what the file was, which confused me, but there was a lot calling it Malware and a backdoor trojan etc.

http://www.microsoft...2FAdstechnology
http://www.prevx.com...NOLOGY.DLL.html
http://www.file.net/...nology.dll.html

I do know sometimes viruses are named similar or the same as system files, and there wasn't any reference anywhere saying how to check specifically. Since it was in Program files I uninstalled it - Did think to look in msconfig, but not services. I'd be nervous about doing that now because I know which program exactly it is now. The may relate to HP's quickplay buttons and the DVD Drive - if I disable one that helps them work... Yeah, I could turn it back on again, but I can investigate that more later. Unless you think it's not likely I'd end up throttling one of my devices?

Services to me are like the Registry. I get very nervous at the thought of messing with them at all and don't like to unless it really seems I have to - and then I take careful instruction. :)

There were several types of files that were found related to the program, not just BHOs (I know what they are :)). They were all flagged as dangerous. Also, it wasn't just AVG and Kapersky. Every program I have found them - Malwarebytes, Spybot, Adaware. Perhaps they are all false positives flagging a program they find as a possible security threat. Either way, at the moment I don't want to take any chances, and not knowing what it was at first - and reading all those articles was alarming. :)

I may decide to reinstall it later, when I get a chance to read more on the program. Or if it seems I may need it after all for any reason.

BTW, I ran ATF Cleaner, but am only down to 10.1 gb. LOL, I bet it's all the crap I have to load onto this thing from HP. I've honestly never seen so many drivers and programs. And I left some out - like HP Updater etc. That ADST file was one of these. :) Then again, perhaps it's something else.

I can't believe yet that my HD is going south, but I've yet to get the diagnostic working. New burn stops it at the same place. I'm going to DL directly from Hitachi's site and try again after I make that image of my drive. :)

Is there any other diagnostic or program that may work or give a picture of the drive?

Edited by n3ko, 13 September 2009 - 05:58 PM.

  • 0

#57
makai

makai

    Portlock - Oahu

  • Member
  • PipPipPipPipPip
  • 2,793 posts
So, after you uninstalled the program and ran your scanners, did you get anymore detections? The problem with Antivirus/Malware definitions is that they sometimes will detect valid software. Many times, especially so, if the software is old. I would contact AVG and send them the exe and dll, or later visit the Malware forum. This is all I can recommend for this. By the way, I figured you knew what BHO's were, but I had to state it anyways. You know how that goes in this kind of forum environment. :)

As for Services, yes, you can sort of look at it like the registry, but not as bad. Many times, Windows won't allow you to disable or stop required services from running. But, then, there are services that you could disable that will cause problems. If you need help later, I can help you identify which services you don't need. We'll get to that later. You can also visit Black Viper's website HERE to learn about many of the services. In the Service Configuration table, you'll see a "Safe" column. If you use these settings, you'll basically be safe from causing any major problems. Of course, your services window will display other items depending on what you install. BV is only listing Windows services.

Is there any other diagnostic or program that may work or give a picture of the drive?

Full blown diagnostics is best run by the manufactures software. I'm not sure what kind of problem you're having burning the app, but if you have a floppy, you can also run it from there. Do you have a floppy drive? I also linked a small program in post #45 to view the SMART data of the HDD in a graphical window. Check it out.

10.1GB still sounds like a lot for being only as far as you are. What does the System Volume folder report as it's size? What does Documents and Settings report for size? Riht-click on both these folders and see what the sizes are.
  • 0

#58
n3ko

n3ko

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts

By the way, I figured you knew what BHO's were, but I had to state it anyways. You know how that goes in this kind of forum environment.

Posted Image I know, and I figured too. Just wanted to verify in case. :)

I hadn't thought of it just detecting it because it's an old file. And all of them would detect it? Wow, never ran into that before, but I bet you're right. I did send it to AVG when you suggested, but forgot t mention. Good thought. I'll also stop by the Malware forum after, too. Thanks for the suggestion. :)

Yeah, after uninstll, there were a few small items that were caught, and I removed the BHO after with HjT. I want to check out OTL another time, how could anything be better than HjT? LOL

I'll go back and check out post 45 - sorry I missed it. It may be the best I can do. I have no idea why the program is freezing either. My first thought would be the site I'm DLing from. Possible there's something wrong with the file and I may get a better one from the manufacturer's site.

Unfortunately, no floppy. Haven't had one in years. May be worth buying an outboard one someday - so I could use it on any of my computers, laptop included. Never missed them before, but I sure wish I had one now. :)

Let's see...

System Root: 4.73 Gb
Program Files: 1.2 Gb
System Volume Information: 0.00 Gb
nVidia: 77.4 Mb
Documents and Settings: 1.18 Gb
SWSetup: 418 Mb

There's also one with a random string of alpha-numeric - oh that has my chipset drivers in it.
Those are the size they're taking on disk. Most are pretty much the same if not a teeny bit larger than the actual size.

[Edit:]
Oh, and yes please to helping out with the services later! I love learning new things, and this would be incredibly helpful too - I run more crud on this system. :)

Edited by n3ko, 13 September 2009 - 07:23 PM.

  • 0

#59
makai

makai

    Portlock - Oahu

  • Member
  • PipPipPipPipPip
  • 2,793 posts

I hadn't thought of it just detecting it because it's an old file.

I used to use Juno back about 5 years ago and before uninstalling it, I kept the program files. At the beginning of this year, Avira picked up my Juno folder and flagged it as containing a virus. For years and years, it was never flagged as a virus by any AV, but now this. So I contacted Avira and sure enough it was a false positive. Not saying that what you have there is nothing to be concerned about... so, you might want to take a visit to the Malware forum later.

Floppies still come in handy. I still build every computer with a floppy drive. This is mainly so I can run floppy applications. I don't use it much, but I insist on running all HDD software via floppy. It's just me, and maybe I just can't break away from old habits! I also have a USB floppy drive. I use this when I work on laptops. USB floppy drives are relatively cheap nowadays.

Let's see...

System Root: 4.73 Gb
Program Files: 1.2 Gb
System Volume Information: 0.00 Gb
nVidia: 77.4 Mb
Documents and Settings: 1.18 Gb
SWSetup: 418 Mb

It appears you're not able to read the contents of the Sys Vol Info folder. Do this... go to Start>run... type in... cmd and hit OK.
In the command prompt window, type in cd.. then hit enter. Do this until you reach the root directory. You'll see C:\> displayed. At this prompt, type in EXACTLY what you see here...

cacls "System Volume Information" /E /P yourusername:F... then hit enter

This reads... cacls(space)"System(space)Volume(space)Information"(space)/E(space)/P(space)(your user name):F
It's important you include the spaces where required and type in whatever your user profile name is. This is just an easier way of gaining ownership/permission to access the System Volume Information folder. After you do this, you can right click on the folder to find out what size it is. If you want to revert the permissions back, just get back to the cmd prompt and type in cacls "System Volume Information" /E /R yourusername
Please be careful with typing any of this or you'll mess something up! :)

Your Documents and settings folder is also large. It may be that you either have data stored in your profile, or you have applications sitting on your desktop. You can find out which profile is responsible for the high value by going through D and S tree and right clicking on each profile. My D and S folder is only 267Mb. The reason... no data is stored on my OS partition.
  • 0

#60
n3ko

n3ko

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 143 posts
Am running the Active Hard Disk Monitor at the moment. :) So far so good. It shows health status OK and am currently scanning. About half done and all is green.

I'm pretty comfortable in DOS, I should be able to do this OK. Was wondering if it was a permissions thing or not. Thanks! Am wondering my I used to be able to see it before my system melted but I can't now?

I don't want to try any DOS file manipulation while it's scanning, so I'll wait till the can is done and get back to you. Don't know if it could create a problem, but I have a sneaking feeling. :)

As to the Desktop, yes, that's where a LOT of my program installers are downloaded to. I haven't removed them yet. I'm filing them and will move the folder later.

Going through the D&S folder, my profile has a little over 1 Gb.
Desktop, 972 Mb.
My Documents (under my user name), 56 Kb
Local Settings 21.6mb
Application Data, 29.2 Mb
Start Menu, Size is 23.5 Kb and Size on Disk 92.0Kb

It's definitely the installers I'm filing as I go on the Desktop - don't worry, they won't stay there. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP