Vista? Worth it?
- Thread starter Innortal
- Start date
backup os? as in a mirror? or is it a different OS entirely?
Primary E:? Ummmm... okay. That's definitely non-standard. I honestly have to say that I don't know. It think it would depend on whether C:\ is formatted as windows readable. i.e. fat, fat32,ntfs. if windows can't read the drive then it would be on the same drive that windows is installed to.
The easiest way to find out is to navigate your start>run menu and right-click on Internet explorer, then select properties and see where it links to. It should be X:\Program Files\Internet Explorer\iexplore.exe where x is either c or e. You may have to fish through both OS installs to make sure they are both clean if you have a double-install or mirror of windows.
I will place bets that the fake iexplore process that is invoking the virus is in the \windows or \windows\system directory, or some completely unrelated directory. Like I said, Iexplore.exe should NEVER be invoked from the "run" keys in the registry. There's absolutely no reason to, short of having internet explorer automatically come up on system start, which except for demo computers isn't very practical. From what I read on the inernanet, yours is a virus that is generally included as part of a mal-ware package. Somewhere you accidentally or in the background installed a piece of software that had it in it.
I would suggest installing a anti-spyware package like Ad-Aware or a similar program. The personal version of adaware is free but doesn't have real-time scanning. In other words, you have to start the scan manually. My zonealarm firewall's spyware scanner caught my trojan, but I'm coming to find that the firewall itself is not as strong as it could be, based on comments on the net.
Primary E:? Ummmm... okay. That's definitely non-standard. I honestly have to say that I don't know. It think it would depend on whether C:\ is formatted as windows readable. i.e. fat, fat32,ntfs. if windows can't read the drive then it would be on the same drive that windows is installed to.
The easiest way to find out is to navigate your start>run menu and right-click on Internet explorer, then select properties and see where it links to. It should be X:\Program Files\Internet Explorer\iexplore.exe where x is either c or e. You may have to fish through both OS installs to make sure they are both clean if you have a double-install or mirror of windows.
I will place bets that the fake iexplore process that is invoking the virus is in the \windows or \windows\system directory, or some completely unrelated directory. Like I said, Iexplore.exe should NEVER be invoked from the "run" keys in the registry. There's absolutely no reason to, short of having internet explorer automatically come up on system start, which except for demo computers isn't very practical. From what I read on the inernanet, yours is a virus that is generally included as part of a mal-ware package. Somewhere you accidentally or in the background installed a piece of software that had it in it.
I would suggest installing a anti-spyware package like Ad-Aware or a similar program. The personal version of adaware is free but doesn't have real-time scanning. In other words, you have to start the scan manually. My zonealarm firewall's spyware scanner caught my trojan, but I'm coming to find that the firewall itself is not as strong as it could be, based on comments on the net.
Actually, it is not too widely known, but Windows NT varient OS's all have an installable file system option, in theory, it need not be the Fat/VFat/Fat32/NTFS varients that can just be read. I beleive for example, that there is software for reading OS/2 HPFS for example. I think their are also drivers for older Posix partitions. I am uncertain as I've not checked if it is possible for Windows to read Linus and Unix Journalled File partitions.
With Multiple OS's, each on their own partitions, it can get confusing, since with different file systems and priorities on how they get assigned, they would need not be the same letters to each other. Generally, it is safest to have the boot manager or Windows as the first partition, and the Linus/Unix varient as the latter one. This is not really a Windows issue, but a program issue. Even in some modern software, some of it does not like running from higher letters.
With Multiple OS's, each on their own partitions, it can get confusing, since with different file systems and priorities on how they get assigned, they would need not be the same letters to each other. Generally, it is safest to have the boot manager or Windows as the first partition, and the Linus/Unix varient as the latter one. This is not really a Windows issue, but a program issue. Even in some modern software, some of it does not like running from higher letters.
oooohhh.. the mysterious appearing folder trick...
It may be that you have a virus as well. I don't see why else a folder would pop up like that on startup. Or the settings for the "desktop" folder are remembering the previous state wrongly.
The first thing to check is to see if The start>programs>startup group has the system32 folder link in it. If it does, then delete it. If it doesn't then it might be getting pulled up by the registry. Warning!! Editing the registry can be fatal to the wellbeing of your system if it is messed up!!! Please check on the net for how to back up and restore your registry. The program 'regedit' started from the Start>run box does NOT have an undo! Regedit makes the registry look like a crapload of folders in the left pane, and their contents in the right pane.
The place that the computer starts programs from on startup is navigated down the folder tree hence:
HKEY_LOCAL_MACHINE->Software->Microsoft->Windows->currentversion->run
That key group is where programs for ALL users are started from. For just the current user navigate to:
HKEY_CURRENT_USER->Software->Microsoft->Windows->currentversion->run
what I do is open each 'run' folder and individually google each of the process names to see if they are really necessary or viruses. Highlighting the "name" field of the offending program on the right hand windows pane and hitting 'delete' will prevent that program from starting up next time the system is booted. This is also handy for preventing programs that don't seem to want to listen to when you say "Don't start on system boot".
--Caveat: if it is a virus and its executable hasn't been terminated prior to this procedure, the virus will most likely place the entry back in again. That's why I said earlier to start in safe mode. If you find a process started by a virus or malware, then take notes the the processes that need to be axed and restart in safe mode and use regedit to kill them with fire.
Desktop support sucks in today's day and age due to viruses... Too many greedy people trying to hose up my system.
It may be that you have a virus as well. I don't see why else a folder would pop up like that on startup. Or the settings for the "desktop" folder are remembering the previous state wrongly.
The first thing to check is to see if The start>programs>startup group has the system32 folder link in it. If it does, then delete it. If it doesn't then it might be getting pulled up by the registry. Warning!! Editing the registry can be fatal to the wellbeing of your system if it is messed up!!! Please check on the net for how to back up and restore your registry. The program 'regedit' started from the Start>run box does NOT have an undo! Regedit makes the registry look like a crapload of folders in the left pane, and their contents in the right pane.
The place that the computer starts programs from on startup is navigated down the folder tree hence:
HKEY_LOCAL_MACHINE->Software->Microsoft->Windows->currentversion->run
That key group is where programs for ALL users are started from. For just the current user navigate to:
HKEY_CURRENT_USER->Software->Microsoft->Windows->currentversion->run
what I do is open each 'run' folder and individually google each of the process names to see if they are really necessary or viruses. Highlighting the "name" field of the offending program on the right hand windows pane and hitting 'delete' will prevent that program from starting up next time the system is booted. This is also handy for preventing programs that don't seem to want to listen to when you say "Don't start on system boot".
--Caveat: if it is a virus and its executable hasn't been terminated prior to this procedure, the virus will most likely place the entry back in again. That's why I said earlier to start in safe mode. If you find a process started by a virus or malware, then take notes the the processes that need to be axed and restart in safe mode and use regedit to kill them with fire.
Desktop support sucks in today's day and age due to viruses... Too many greedy people trying to hose up my system.
Do you use a firewall or a malware blocker? I'm using Spybot - Search & Destroy (Free except for a request that you pray for the developer and his girlfriend and wish them luck) and have no problems. It might be of help.
---
Why is E your primary? The same thing happened when I installed XP. Tweaking the CMOS didn't help. I had to unplug the IDE cables to force XP to install to my SATA drive as Drive C in stead of as Drive E.
---
Why is E your primary? The same thing happened when I installed XP. Tweaking the CMOS didn't help. I had to unplug the IDE cables to force XP to install to my SATA drive as Drive C in stead of as Drive E.
I divided my main drive into two, and installed an OS on both, for the purpose of a backup in case I had some weird files install themselves that couldn't be removed by normal means.
For some reason, I chose to use the second one. I think it had to do that if the main was the one corrupted, then I might not be able to access the second.
For some reason, I chose to use the second one. I think it had to do that if the main was the one corrupted, then I might not be able to access the second.
You shouldn't have had to unplug the drive unless it was already Partitioned. Some of the drives come formatted out of box nowadays, so that may be why he had a drive E: as his sata partition. (c: for the ide and d: for the cdrom. Or if he had two cd-rom drives that could be his c: and d
If you wiped the partitions, then the first drive you partition should be C:.
Oh, well. It may not work that way anymore. I have an ide as my primary and 2 sata drives as well. But I keep only OS related stuff on the IDE primary (C and all my other programs go on the other 6 partitions across the sata drives. IF any one partiton gets hosed, I only lose a little. And I am able to keep all internet related stuff on a separate drive. I have NOT had good luck with RAID configurations on home PC's.
for Innortal, I would go with the aforementioned spybot or ad-aware and smite with prejudice. Some viruses are smart enough to actually block the installations of some anti-spy or anti-virus programs, so if one install goes particularly flaky, try a different one.
If you wiped the partitions, then the first drive you partition should be C:. Oh, well. It may not work that way anymore. I have an ide as my primary and 2 sata drives as well. But I keep only OS related stuff on the IDE primary (C
and all my other programs go on the other 6 partitions across the sata drives. IF any one partiton gets hosed, I only lose a little. And I am able to keep all internet related stuff on a separate drive. I have NOT had good luck with RAID configurations on home PC's.for Innortal, I would go with the aforementioned spybot or ad-aware and smite with prejudice. Some viruses are smart enough to actually block the installations of some anti-spy or anti-virus programs, so if one install goes particularly flaky, try a different one.
ctfmon.exe is the only thing that might do it, but that is the right file and has a reason to be there. I have the language bar, so it has a reason to be there. It is also installed in the right location. It isn't a big deal that the folder pops up, I usually leave my computer on for weeks/months anyway.
My primary is a SATA, and I couldn't get that to be read as C or D. I have 3 drives. C is one IDE. D, F, and G is another. E and H are the SATA. It's pretty screwy. Nothing I can really do to fix it though. It's a working configuration, I have no intention of screwing with that unless necessary.
My primary is a SATA, and I couldn't get that to be read as C or D. I have 3 drives. C is one IDE. D, F, and G is another. E and H are the SATA. It's pretty screwy. Nothing I can really do to fix it though. It's a working configuration, I have no intention of screwing with that unless necessary.
I originally had a 120 GB IDE Drive C with XP Pro, 80 GB IDE Drive D with 98SE, and a CDRW Drive E. The 80 GB was starting to fail so I decided to upgrade. Took out the 80 GB and bought a 250 GB SATA and a DVD multi-drive.
The SATA was recognized as a 3rd IDE master (Drive E). Since I planned to use it as my main drive and keep the 120 GB parallel IDE for backups, I had to redesignate the SATA as Drive C (Too many shortcuts look for their data on Drive C). Even setting the boot order in the CMOS didn't change the drive letter. Finally had to resort to unplugging the cables to the old HDD before installing XP. There had to be a better way to do that; but I was in a rush.
As it is I now have a lot of storage space (recovered the 80 GB and hooked it to a USB adapter); 2 bootable drives with XP Pro... and no way to play my old 8-bit or Dos4G games like Privateer - the Darkening. Can't have everything.
The SATA was recognized as a 3rd IDE master (Drive E). Since I planned to use it as my main drive and keep the 120 GB parallel IDE for backups, I had to redesignate the SATA as Drive C (Too many shortcuts look for their data on Drive C). Even setting the boot order in the CMOS didn't change the drive letter. Finally had to resort to unplugging the cables to the old HDD before installing XP. There had to be a better way to do that; but I was in a rush.
As it is I now have a lot of storage space (recovered the 80 GB and hooked it to a USB adapter); 2 bootable drives with XP Pro... and no way to play my old 8-bit or Dos4G games like Privateer - the Darkening. Can't have everything.
This reminds me of the time my own PC was infected with spyware. I couldn't even download the appropriate software to remove it since the virus would automatically invade my comp the moment I connected to the internet(lord knows how many times I reformatted my hard drive). Finally downloaded AVG from school, transferred it to my comp, and finally, problem solved.
Still pissed to no end when I think about it. :angry:
Still pissed to no end when I think about it. :angry:
The few times I've had issues with Drive letter assignments, after a fresh install, I go into Control Panel/Administrative Tools/Computer Management/Storage/Disk Management. That allows resetting of any drive letter except the boot one.
To change the boot one, you must be a bit trickier. In some cases it is a media drive or a floppy drive with media ports mucking up the normal assignment order. In others, it is because you inadvertently connected the devices in the wrong order or have the Jumpers wrong.
To get around such issues on a fresh install, disconnect all but the one HD, and the booting CD Rom, make certain the HD is primary master with the CD Rom as either Primary Slave, or Secondary Master. Install Windows to C as a fresh format, and then shut down and reconnect the other devices. They may not be in the order desired, but that is when you can reassign them.
To change the boot one, you must be a bit trickier. In some cases it is a media drive or a floppy drive with media ports mucking up the normal assignment order. In others, it is because you inadvertently connected the devices in the wrong order or have the Jumpers wrong.
To get around such issues on a fresh install, disconnect all but the one HD, and the booting CD Rom, make certain the HD is primary master with the CD Rom as either Primary Slave, or Secondary Master. Install Windows to C as a fresh format, and then shut down and reconnect the other devices. They may not be in the order desired, but that is when you can reassign them.
The state I live in does have a law against installing software in the background without the user's knowledge. The problem is that it's almost impossible to track who first released it in the first place.
They actually caught one little script kiddie teen who tried and made a scapegoat of him for the future. I think he's still in juvenile detention after a few years now. Apparently they were able to put some ungodly amount as a damage value due to down time and lost data. I think it was a tad excessive, BUT, we definitely don't like virus authors where I live.
It's very possible that the US govt has a similar law as well, but I'm not sure.
And yes, some adware has clauses buried deep in the EULA's. That's why I read through them when I'm installing any downloaded software.
Jakkun: you may want to navigate to your user desktop folder through explorer. I.e. "x:\documents and settings\jakkun\desktop\" and check the following:
In the explorer window that is navigated to your desktop folder, click on Tools->folder options and then click the 'View" tab. Make sure that "remember each folder's view settings" is checked. If it already is, uncheck it and then check it again so the 'apply' button becomes active, then 'apply'. My friend's computer did this kind of thing once, and it lost its settings on how to handle to folder views. It was really weird. It may not work for you but it's worth a last ditch try.
They actually caught one little script kiddie teen who tried and made a scapegoat of him for the future. I think he's still in juvenile detention after a few years now. Apparently they were able to put some ungodly amount as a damage value due to down time and lost data. I think it was a tad excessive, BUT, we definitely don't like virus authors where I live.
It's very possible that the US govt has a similar law as well, but I'm not sure.
And yes, some adware has clauses buried deep in the EULA's. That's why I read through them when I'm installing any downloaded software.
Jakkun: you may want to navigate to your user desktop folder through explorer. I.e. "x:\documents and settings\jakkun\desktop\" and check the following:
In the explorer window that is navigated to your desktop folder, click on Tools->folder options and then click the 'View" tab. Make sure that "remember each folder's view settings" is checked. If it already is, uncheck it and then check it again so the 'apply' button becomes active, then 'apply'. My friend's computer did this kind of thing once, and it lost its settings on how to handle to folder views. It was really weird. It may not work for you but it's worth a last ditch try.
I did that, but I won't know if it worked until I restart, which probably won't be for a while.
One company put a reward in their EULA, saying that if you read it, you could get money. I think only one person found it. Maybe it was just the first person to find it, and it took a while for that to happen.
One company put a reward in their EULA, saying that if you read it, you could get money. I think only one person found it. Maybe it was just the first person to find it, and it took a while for that to happen.