Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Back from "vacation"


  • Please log in to reply

#1
sixpack6t9

sixpack6t9

    Member

  • Member
  • PipPip
  • 38 posts
I've ran XP virtually since it hit OEM, but I sit before you a broken shell, behind----uuhhhggg!...windows 2000 pro! Hating it!

The interesting part is why I had to install 2000. My fault is for not having replaced my xp a long time ago, when I first found out the cd was corrupted...M'I bad.

So the other day I was hunting driver updates on the usual sites, microsoft, hp, driverguide, winsite, etc. I got a half dozen versions because I wasn't sure which one would end up working for me. I tried them all on for size, installed the one that fit the best and rebooted.

That was the last time I saw XP! I was swimming in a sea of IBM blue, and no matter how many rabbits I yanked out of my purse (I don't wear hats), nothing but blue and undefined error codes that weren't even on the list. I went to the command prompt and attribed my windows directory. and I must be getting old and senile, because I don't remember ever seeing anything in dos with the file attribute of "d". I "readme'd" everything the type command and edit.com would print on the screen, and there was no "D" anywhere in attributes. The file size was "0" in every exe, dll and msi file, and each had a "d" file attribute. My windows inf file was actually GONE! I wasn't feeling lucky that I still had all my text files, icons, gifs and pifs!

After 2 days of wrestling with a broken mbr that refused to be assimilated, I finally found my old 2000 pro (that I never used) and low and behold---I had ----16 colors!
I keep my files all on a separate partition, as well as backup copies of drivers and installations that I like to keep, in case I need a "refresher". So I got out all 6 of those drivers and looked closely at the source with my favorite mozilla developer's tools. It's been a long time since I last did that, so it's possible I was not seeing what I thought I saw.

Can anybody help me out here, because it looks to me like the one comport driver that I got was actually uninstalling executables instead of running it's own routines to install itself. What I want to know is, is there a reasonable chance that a simple file corruption, misread/interpret or something caused this application to run it's routines in reverse? Or am I dealing with an intentional attack? One error I did not get was a "checksum". Also, my antivirus program did not intervene because this file was not identifiable as a virus definition, per se, more like a generic uninstaller, or an incompatible version that was misread or something---Although it definitely ate my system and exe files like a virus would have.

If this could be some new form af attack I'll need to report it so something can be done to protect others, but I don't want to jump the gun and find out it was an error or corruption that commonly happens with dial-up downloads. If anyone is game, I'll post the code so anyone who wants to can look at it and tell me what you think it could be.

Edited by sixpack6t9, 04 July 2005 - 06:18 AM.

  • 0

Advertisements


#2
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hiya sixpack6t9 ;)

Please do not post the code or the file on the forums as that would be in breach of the T.O.S.

Please have the suspect file scanned here.

The site that link will take you to is an online file scanner and is a usefull tool for examining suspect files. let me know the results please. :tazz:


UKBiker
  • 0

#3
Atribune

Atribune

    HijackThis Expert

  • Visiting Consultant
  • 956 posts
  • MVP
Email me the files please

submit@atribune.org
  • 0

#4
sixpack6t9

sixpack6t9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thank you ukbiker, I didn't know that, and atribune, I'll send it asap.

Edited by sixpack6t9, 06 July 2005 - 12:07 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP