Hello,

I have had to put in a new hard drive and re-load XP pro. The problem I have now is that when I went on-line to get the XP updates, I've been hit with viruses and trojans. I've removed Sasser, bugbear and blaster, but still have a keylogger that I know of. I still haven't been able to stay online long enough to d/l all updates yet.

My biggest problem is that now when I select Shutdown or restart from the start menu, I get no response. I also notice that when I select either shutdown or restart I lose access to some programs including outpost firewall and also anti-virus program. Then when i try to restart the program, i get a message saying that I have used "fast switch" to change to another user.
I only have my user profile and a guest profile (which is turned off). I have also turned off the fast switch function, but I still get switched.

Any assistance would greatly help me and my stress levels.

Regards,
Brad

If you can get online long enough, try downloading a copy of "Stinger" from here:

http://vil.nai.com/vil/stinger/

Let us know how you go...

Cheers ;D

Stop shutdown command.

Type the following into the Run box on the Start Menu: shutdown -a


http://www.microsoft.com/security/incident/sasser.mspx

Do you have access to any other functioning PC that you can use to download a software firewall like ZoneAlarm, Outpost, Sygate, Look 'n Stop, etc.? I would just wipe my harddrive and start over, this time installing ZA or one of the others via "sneaker-net" prior to plugging into my DSL/cablemodem/whatever and going to Windows Update. That should give you enough breathing room to go directly to WU and get your patches.

Thankfully, I have a hardware firewall for just this sort of problem. An unwashed internet connection is pretty nasty these days. :o

By the way, anyone know what RAT or worm variant is listening on TCP 5969? I have been getting TONS of stuff thrown at that port for some time now and I haven't really come across anything in particular about that port (although I haven't looked that hard for info).

Hi Alec,

Please feel free to start a new thread in the appropriate forum regarding your question about ports so as not to have this thread go off topic. ;)

Regards,

snap

-{ Quote: "Do you have access to any other functioning PC that you can use to download a software firewall like ZoneAlarm, Outpost, Sygate, Look 'n Stop, etc.? " }-
It appears from his post that he already has Outpost.

-{ Quote: "It appears from his post that he already has Outpost." }-Err... my bad... you are quite correct. Nevermind! No seriously, though, that does raise the question of just how he got hit so hard so quickly even running a personal firewall. Perhaps he tried to install Outpost AFTER he noticed the worm/trojans and tried to add it during the clean-up process.

snapdragin: Sorry about the question. I guess I was just thinking out loud.

dear Bradf, please tell us if you're able to thwart the shutdown timer. if yes then download the free MWAV utility from www.mwti.net its good for keyloggers. if no then tell us what service is causing this error. we'll provide a step-by-step process to tweak that service. in any case try pressing CTRL-ALT-DEL to bring up the task manager and try shutting down from there. or try this command from command-line to shut down "SHUTDOWN -s -t 01".

Thanks for the feedback here. I did have Outlook running before I went on-line, but am now realising that it is re-installed as the original version without the last 12 months of updates.
I had also tried to shutdown or restart via the task manager and that didn't work either. I'll try the shutdown commands as soon as I get home from work and training.
I'm thinking Alec's suggestion of wiping everything and starting again could be the easiest option, as I haven't loaded much else onto the PC.
I have been able to install a patch to remove and prevent re-occurence of the shutdown timer. I've been downloading stuff at work and using my Flash drive MP3 player to transfer the files home and stay off-line.