Hijack This Log...

Discussion in 'adware, spyware & hijack cleaning' started by MarkS, Jan 24, 2004.

Thread Status:
Not open for further replies.
  1. MarkS

    MarkS Registered Member

    Joined:
    Jan 24, 2004
    Posts:
    13
    Dear all,

    I have been a long time lurker on these forums (fora?) and have been constantly impressed by the quality of the advice given.

    I consider myself to be fairly well protected (firewall, AV, AT and antispyware scanners and guards).

    Some slightly unusual behaviour (by my computer not by me!) has prompted me to post my Hijack This log however... - Blue Screen of Death for no apparent reason - complete system lockup at unexpected times - etc. etc..

    So if any of you Guru's could pass you expert eye over my log and see if there is anything untoward buried there I would be very grateful.

    Many Thanks and Best regards

    Mark S.

    Logfile of HijackThis v1.97.7
    Scan saved at 18:18:57, on 24/01/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
    C:\WINDOWS\STARTER.EXE
    C:\PROGRAM FILES\TROJANHUNTER 3.7\THGUARD.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\UTILS\SECCOPY\SECCOPY.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\PGP\PGPTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
    C:\PROGRAM FILES\GHOSTSURF\GHOSTSURF.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
    C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Gateway Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM\IETie.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHELPER.DLL
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 3.7\THGUARD.EXE"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKCU\..\Run: [Second Copy 2000] "C:\PROGRAM FILES\UTILS\SECCOPY\SECCOPY.EXE"
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: PGPtray.lnk = C:\Program Files\Network Associates\PGP\PGPTray.exe
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: GhostSurf.lnk = C:\Program Files\GhostSurf\GhostSurf.exe
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - User Startup: PGPtray.lnk = C:\Program Files\Network Associates\PGP\PGPTray.exe
    O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - User Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
    O4 - User Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - User Startup: GhostSurf.lnk = C:\Program Files\GhostSurf\GhostSurf.exe
    O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O8 - Extra context menu item: Block this advertisement - file://C:\PROGRAM FILES\GHOSTSURF\menu.blockimg.html
    O8 - Extra context menu item: Allow this advertisement - file://C:\PROGRAM FILES\GHOSTSURF\menu.allowimg.html
    O8 - Extra context menu item: Block popups on this site - file://C:\PROGRAM FILES\GHOSTSURF\popup.block.html
    O8 - Extra context menu item: Allow popups on this site - file://C:\PROGRAM FILES\GHOSTSURF\popup.allow.html
    O8 - Extra context menu item: Block personal info from this site - file://C:\PROGRAM FILES\GHOSTSURF\info.block.html
    O8 - Extra context menu item: Allow personal info to reach this site - file://C:\PROGRAM FILES\GHOSTSURF\info.allow.html
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: GhostSurf Privacy Center (HKLM)
    O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center (HKLM)
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - http://fdl.msn.com/public/chat/msnchat4.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020124/qtinstall.info.apple.com/qt505/uk/win/QuickTimeInstaller.exe
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://62.39.141.135/tools/FlipsideWebLauncherControl.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002092801/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {E522120B-0CF2-4C26-A8EA-50A7591F10F1} (blueyonder Game Launcher Control) - http://gaming.blueyonder.co.uk/activex/launcher.ocx
    O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://sc.communities.msn.com/controls/chat/msnchat42.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: Yahoo! Chat - http://cs5.chat.sc5.yahoo.com/c381/chat.cab
    O16 - DPF: ConferenceRoom Java Client - http://irc4.bondage.com:8080/java/cr.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37865.4625
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Arthur Dent,

    Welcome at Wilders. :)

    I hate to disappoint you after your friendly words, but all I could find was one tiny dialer:
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
    that never got a chance to do anything if you use SpywareBlaster.

    Did you write down the error reports on the Blue Screen?

    You do have quite a few unnecessary programs starting up. Check the items listed as O4 against this list http://www.sysinfo.org/startuplist.php to see which ones you like to keep.

    To save you some work I have listed the ones I thought were superfluous:

    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

    O4 - HKCU\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup

    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O4 - Startup: PGPtray.lnk = C:\Program Files\Network Associates\PGP\PGPTray.exe

    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

    O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
    -EPSON Status Monitor 3 Environment Check (E_SRCV03.EXE)

    O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O4 - User Startup: PGPtray.lnk = C:\Program Files\Network Associates\PGP\PGPTray.exe

    O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

    O4 - User Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
    -EPSON Status Monitor 3 Environment Check (E_SRCV03.EXE)

    Since your needs for having programs handy is very likely different from mine, check out what they are for and then decide.

    Regards,

    Pieter
     
  3. MarkS

    MarkS Registered Member

    Joined:
    Jan 24, 2004
    Posts:
    13
    Hi Pieter,

    Thanks for your speedy and, as ever, helpful reply.

    I do use SpywareBlaster (but I only installed it a couple of weeks ago). I do however regularly run both Spybot S&D and Adaware 6. Why did neither of those remove that dialler?

    Can I remove it with Hijack This?

    Unfortunatley I did not record any details from the Blue Screen(s). If it happens again I will do so. I guess this weird behaviour is nothing to do with malware but just a flaky system?

    If that's the case I suppose any further discussion would be Off Topic here. Do you know of any useful diagnostic tools and/or other similarly helpful forums where I might try to sort out the problem?

    I will look again at my startup items - I do have a startup manager - but I do use most of those programs fairly frequently (except for the Real Update which is a pain in the ar**!)

    Thanks again for your help and advice...

    Best Regards

    Mark S.
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    As soon as a problems is adressed, anything related is not off-topic, so don't worry about that.

    We'll have to take it from the error report.
    It could be a hardware problem or a driver acting up.

    You can use HijackThis to remove that ActiveX element, or remove it manually from your Downloaded Program Files folder. Whichever you prefer.
    It never got a chance to install, I guess.

    Regards,

    Pieter
     
  5. MarkS

    MarkS Registered Member

    Joined:
    Jan 24, 2004
    Posts:
    13
    Hi Pieter,

    I've just been Blue-Screened again...

    The apps I had open at the time were Agenet Newsreader (Just started downloading some files from a NG), Outlook Express and IE 6 (both idle). I wanted to open up Windows Explorer and clicked on its icon and BAM...

    "A fatal exception 0D has occured at 0028:C1510000 in VXD DCR(01) + 00052450. The current application will be terminated." .... You know the rest...

    Pressing a key allowed me to recover from the Blue Screen and the the download in Agent then continued. Each attempt to launch Windows Explorer produced an identical result (Blue Screen of Death - same error message).

    Any ideas where I should begin? - I am reasonably PC literate but at an application level - NOT at the deep-down dirty techie under-the-bonnet stuff so you might have to explain things in words of one syllable :doubt:

    Thanks for you help...

    Mark S
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Please backup your registry before trying this.

    Start > Run > regedit > OK
    Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD
    and see if there is a entry referring to dcr in the right hand pane.
    If so rightclick it and delete that entry.

    It may take a reboot for the changes to take effect.

    Regards,

    Pieter
     
  7. MarkS

    MarkS Registered Member

    Joined:
    Jan 24, 2004
    Posts:
    13
    Hi Pieter,

    The only thing in that branch of the registry is "Default - Value not set".

    Is that good or bad?

    Mark S
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    That is neither good or bad, but it doesn't help much. :(

    I'll have to do some more research.

    Regards,

    Pieter
     
  9. MarkS

    MarkS Registered Member

    Joined:
    Jan 24, 2004
    Posts:
    13
    Hi Pieter,

    Another Blue-Screen episode this morning. This time the details are as follows:

    Open programs - only IE6 and Outlook express. Both idle. in fact I went out of the room for c. 5 minutes to talk to my wife (receive orders :doubt:) )and when I came back there was a blue screen waiting for me.

    "A fatal exception 0D has occured at 0028:C186B754 in VDHCP(03) + 00007664. The current application will be terminated." ....

    I wonder if some process kicked off while I was away from the PC - perhaps OE checking for new mail or Windows Update runningo_O

    Pressing a key allowed me to return to either of the programs as normal - but when I tried to access a .rtf file on the website I was looking at IE6 locked up.

    I CRTL-ALT-DEL'd out of IE6 and thought that it would be a good idea to restart.

    Shutting down proceeded normally for a while and then Blue-Screened, this time the message was:

    "A fatal exception 0E has occured at 0028:C001545A . The current application will be Closed."

    There was no way back from this one. Even CTRL-ALT-DEL didn't work. The only option was the Big Red Button.

    I don't know if this gives you any further clues or just muddies the waters...

    I do appreciate you trying to help on this - esspecially as we are way off topic here!

    Thanks again

    Mark S
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
  11. MarkS

    MarkS Registered Member

    Joined:
    Jan 24, 2004
    Posts:
    13
    Hi Pieter,

    Thanks for the info. As far as I could tell there were no exact matches of the errors I have been receiving in the knowledge base. It is also, I have to say, a little bit too "techie" for me...

    One thing I did spot however was a suggestion to use System File Checker tool in the MS System Information application. I never even knew this existed.

    I ran it and it came up with 2 errors - user.exe and setupx.dll which it said were corrupted. I did not allow the tool to fix them however and went and did a quick Internet search first. Now I found quite a few articles that said that problems with user.exe had caused the system to fail to boot at all and had necessitated a complete re-installation of Windows - NOT something I feel like doing this weekend!

    I am naturally a little hesitant about replacing these files. What do you think?

    Thanks again (yet again)

    Mark S
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    You can let the System File Checker replace the files, without expecting any problems.

    It will certainly not make things worse.

    Regards,

    Pieter
     
  13. MarkS

    MarkS Registered Member

    Joined:
    Jan 24, 2004
    Posts:
    13
    Well I did it...

    I made sure I had a DOS boot disk to hand and placed backups of those two files in an easy-to-find (in DOS) directory, took a deep breath and pressed the button.

    Rooted - no problem... Shut down, rebooted again - stiil all fine. Shut down went to bed. Woke up this morning, checked mail - shut down. Booted up this afternoon, went to put the kettle on while it was booting and came back to... - yep you guessed it... another Blue Screen!

    Terminating thread due to a stack overflow problem. A VxD, possibly recently installed, has consumed too much stack space. Increase the settings of 'MinSPs' in SYSTEM.INI or remove recently installed VxD's. There are currently 5 SPs allocated. Press any key to continue.

    Now, I haven't installed anything - I've told you *everything* i've done. I do, however remember seeing that exact same message a few weeks ago just after I *had* istalled something - I can't remember what - It could have been Trojan Hunter or it could have been Ghostsurf. Even on that occasion I ignored the message rebooted and never saw it again - until today.

    From the Blue Screen today, one key press resulted in the same Blue Screen, the next returned me to my normal desktop. I re-booted and here I am - ererything fine... (or is it?)


    What are VxD's? What are SPs? Is 5 too many? Too few?

    Sigh...

    Any ideas? - Anybody?

    Best Regards

    Mark S
     
  14. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
  15. MarkS

    MarkS Registered Member

    Joined:
    Jan 24, 2004
    Posts:
    13
    Hi Pieter,

    Firstly, many thanks for your continuing patience!

    The Microsoft article says...

    "The Config.sys startup file may not be properly configured for the Windows installation. Use the following values:
    STACKS=64,512 ;(this is the maximum allowed)
    FILES=60
    BUFFERS=40
    "

    But here is my Config.sys file - in its *entirety*:

    DEVICE=C:\WINDOWS\HIMEM.SYS
    DEVICE=C:\WINDOWS\EMM386.EXE
    REM [Header]
    REM == PISETUP Begin Delete ==
    REM == PISETUP End Delete ==

    REM [CD-ROM Drive]

    REM [Miscellaneous]

    REM [SCSI Controllers]

    REM [Display]

    REM [Sound, MIDI, or Video Capture Card]

    REM [Mouse]
    REM ------------------
    device=c:\windows\COMMAND\display.sys con=(ega,,1)
    Country=044,850,c:\windows\COMMAND\country.sys


    ... not much there... I haven't knowingly changed anything in there since I bought the system - but the file date is 09/11/03 (UK format).

    Should I add those lines?


    Secondly,
    the "Experts Exchange" folks want me to register in order to get their solution. Are they on the good guy's side? Do I need to use a throwaway email address to register to avoid a mailbox full of spam or can I use my real address?

    Thanks Pieter - I reall do appreciate your help.

    Mark S
     
  16. RIFLEMAN

    RIFLEMAN Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    50
    Hello---I am by no means an expert but had a similar problem after getting a Nachi and MsBlast trojan. I had to download a security update from microsoft to keep from a reoccurence.
     
  17. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    This is the short version of their solution:

    Go to start-run, type "sysedit" without the quotation mark and OK to open the System Configuration Editor. Select the system.ini window.

    Go to the section and add the following line to the [386Enh] section of the System.ini file.

    [386Enh]
    MinSPs=12

    Save the system.ini. Exit the System Configuration Editor and restart the computer.

    If the problem persists, increase the number of spare stack pages in increments
    of 4 (for example 12, 16, 32, 64).

    Regards,

    Pieter
     
  18. MarkS

    MarkS Registered Member

    Joined:
    Jan 24, 2004
    Posts:
    13
    Thanks Pieter,

    I'll give it a go...

    Do you think I should also add the

    STACKS=64,512
    FILES=60
    BUFFERS=40 "

    lines to my config.sys file? What effect would that have?

    Thanks (yet) again!

    Mark S
     
  19. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Try the solution from Experts Exchange first.

    Some more information about what you can change in config.sys and what it all means can be found here:
    http://www.winguides.com/registry/category.php?204

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.