hutton_d

Right. So I never use Internet Exploder except to download Microsoft patches (running XP SP3 with up to date patches). But I noticed that IE starts up every now and then in the background. Actually I noticed a couple of days ago after IE full screen ads. kept appearing. Or trying to - I have a hosts file from here ... http://www.mvps.org/winhelp2002/ ... which stops them.

Using a MS tool called Process Explorer I can see that 3 copies of IE are lanched. '\IEXPLORE.EXE" -Embedding' which launces 2 copies of 'IEXPLORE.EXE" SCODEF:4000 CREDAT:79873' (the numbers here are to do with tabs etc I believe). These have as a parent '\system32\wbem\wmiprvse.exe' and then 'svchost'. Now I've run every spyware scan known and not found anything as yet. But these are still appearing. Anyone know where else to look?

I'm going to run an Avira rescue CD later (boots up and scans the disk from memory) but any other tips would be appreciated. Even if it's 'it's menat to do that' .....

Oh, and I have Zonealarm so I've just blocked all IE access in/out of my computer. But I'd still like to find out why it's happening and fix it. Aaaarrggghhhhhhh - I hate this type of problem!!!!!!!!!!!!!!

Dave

hutton_d

Nope. Like to download things through choice.

Dave

hutton_d

Done that. And tried most of the other malware SW out there. Plus AV SW - I've got Avast but I've tried the scans from several others. Nowt found. I've now replaced 'svchost.exe' with the one from my XP SP3 CD and it still happens. Thinking that, for some reason, this is meant to happen. But why ......

Dave

hutton_d

I know I know. It's just that it's such a faff! I di backups of personal stuff anyway. But reinstalling takes so bleddy long!

Dave

hutton_d

Nice try. No workie here for me.

I will be reinstalling XP. I've been putting it off for ages but now is a good time. The PC it's on isn't that bad but I need to upgrade it sometime in the not too distant future (depending on the whims of SWMBO ... !) and then I'll go for W7. At the moment it's not worth the extra cost to do so.

Just been listing/checking all my SW before I format - to ensure I have copies!!! Amazing how you can't print from 'Add/Remove programs'?! Anyhow, found a brill little utility called Belarc Advisor ... http://www.belarc.com/ ... Now got a system printout I can actually use.

Also making sure all my email/bookmarks are backed up. Found the best way is to locate bookmarks/profiles etc in a folder in My Docs. That way I just backup 'my' files and I have everything in one place. Also, 'My Docs' is on a second disc which won't be formatted so I shouldn't even need to restore a backup of all my stuff. Just point FF/Thunderbird to the correct profiles .... Famous last words .....

Dave

hutton_d

Ta! They are a bit 'overkill' ... I've done this a couple of times before and am now even more organised with backups etc so should not be a problem. Just a real faff!

Don't use Express. Main email is Tbird - which has its profile under 'My Docs', as does FF as of a couple of hours ago. I also use Outlook and use 'pfbackup' which means I can backup all mail/contacts etc up under 'My Docs' as well. Then it goes to a external disk just in case ....

I'll be back .......................

Dave

hutton_d

Right. All better now. Re-installed from scratch and my backup strategy works! Reinstalled all the SW I need, with latest versions downloaded for some. But after each install I checked the 'startup' processes etc. Jeez, doesn't stuff load a load of cr+p sometimes! For example, my Canon camera SW. I only use it for downloading to disk, everything else, if needed, is donme with other SW. But you don't get a chance to install just the 'downloader'. You have to install shed loads of other stuff. So 'Add/Remove' programs came in very handy. After that I use 'regseeker' to zap the unused registry entries then, every now and then, 'ntregopt' to optimise the registry. It is now only about 60% the size it was ... Much snappier system.

Trouble is I'll now be very an4l about doing this ....

Still wish I knew what the trojan was though ....

Dave