1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

winregfile AND 0.0.0.0 feeling hopeless!

Discussion in 'Windows XP' started by W_C_Sally, Sep 11, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. W_C_Sally

    W_C_Sally Thread Starter

    Joined:
    Sep 11, 2003
    Messages:
    4
    This is an old BIOS Trojan that transfered from an old sound card to my new server! .. further complicated by the fact that the old machine suffered from PE_CIH, MTX, KLEZ.H[? --some dot H in text files] and KRIZ.
    ALL THE OLD PROBLEMS, IN ONE Creative Sound Card DRIVER INSTALL, THAT XP TRIED TO STOP --but not in time!
    --MB-BIOS TOAST IN 2.5 DAYS.

    The infecting trojan picked up the CIH in the wordperfect formats --invalid excell translator trojan.
    When the machine recovers --momentarily-- it reports the culprit as an xml problem. My old machine may have been used in the university ddos some years back .. when the briefcase became perpetually infected.
    It is a bios spread problem [avifile? .. aifffile?].. XP is backpeddling!!!! .. Black Ice constantly blocks winregfile attack from 0.0.0.0. --- System Mechanic removes files every 30 minutes, and sometimes 4+ MB and 14 or more registry entries.
    Checksums are now bad on System Mechanic, PC Cillin, AND Black Ice!--oh woe!

    I cleaned it from the registry and it reapplied itself to the next new program I installed! ... It also hijacked OOBE from XP ... it has over 200 links in the registry! ... I think it used Binary Help files to corrupt the system. [hh-control.ocx?] -0-FILES = 1033

    I have an installation of NT which seems to have appeared out of thin air! .. is it part of XP? .. it auto-installs.
    Something 16bit also tries to auto-install.

    ADDITIONALLY it turns my machine into a non-admin machine, and removes all the sound features AND THE DEVICE MANAGER COMPLETELY DISAPPEARS!! .. This happens on the second boot up. Cleaning the drive with manufacturers software [zeros 13 times], and shorting power to reset bios chip [every 3rd clean of zeros] has no effect, the BIOS BOOTS TWICE!!!

    Manufacturer had it to put in new bios chip, but flashed bios instead. It did not work! Have SP1 on CD, It asked for Win2k on one install.
    At my wit's ends, am ready to consider it junk-use it for my old peripherals; [and buy new case and MB and cards]. ... it is only 1 year old, dual proc.
    Truly, any help appreciated, am blue in the face, and fading fast, this bogey has stupefied me!!!!!!!
    Is it possible that it is all on the HD? ... or must I cope with the BIOS before getting the replacement HD?
    Thanks again,
    W_C_Sally
     
  2. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    This has to be in the hard disk. FWIW, I'd get the diagnostic tools from your disk manufacturer's website and wipe the disk clean, then dust off the distribution CD for the O/S and start there. :D
     
  3. W_C_Sally

    W_C_Sally Thread Starter

    Joined:
    Sep 11, 2003
    Messages:
    4
    But dude ... that is what I have done ..for.. ..months.. !!!
    It does not fix it! [?? is it Warez??]

    I spent 6 weeks solid in the registry! .. no fix there either!

    Taking out all ADO and IAS.SamNT.peruser.etc .. did a little, but the nasty tried to make XP think it was an upgrade... so off to the new directory WinXX and guess what ..... it is still ALL THERE!! Bit-stream [any res] fonts and all... GRRRR.
    deleting any dotH helped, too! ... but did not get the job done!

    What country is 1033?

    I do believe in addition to all PE_bugs -- listed above I have the write protected sub seven [SAVED INTO !!] --in this bios Trojan, and it sets itself up as the administrator of NT -- [as there are AdminS ... -S ... plural!!]. ...
    I take the Power users out of the registry or disable them, but they return!! ... Where is the H.drive erase anyway?

    And Windows reg file cannot be erased to my knowledge. ----- I would get my hard drive replaced, but the BIOS is booting twice {IBM's lasted 2 years -- this Tyan lasted 2.5 days -- & no dib}
    It seems a waste of a good warranty to fix HD without getting bios chips fixed!

    <b>The question is-- can it be fixed, or must I replace all?</b>?

    .... as it is being an XML stylesheet .... I am trying to learn XML [since removal results in replacement, internal disable seems better]. Not having much luck there either, I did manage to change the color of the fonts! That was interesting! Filling it with semicolons and taking out pipes and exclaims helped, the registry whined that XXX was broken! ... perhaps not...
    Thanks for reply!
    Sally
     
  4. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    I'm saying that you need to start from scratch, format the hard drive entirely and re-install Windows. BIOS Trojans are an urban myth. While conceivably possible, I've never seen or heard of one. The hard drive can indeed be wiped using the manufacturer's utility where NO data remains.
     
  5. W_C_Sally

    W_C_Sally Thread Starter

    Joined:
    Sep 11, 2003
    Messages:
    4
    I am wondering if it will take the new machine language of the Pentium 64's to defeat this!

    ?Question here, tears below: How much of the machine will I have to replace: MB, Sound, Video, Nic, Modem, ??AND RAM??, .. my MSCE says also to get new ram, does this vermin indeed burn itself into the ram after hooking it sufficient number of times?
    ... How many machines may be infected, and to what end? ... Yankee obstinance? ... well, I applaud independence, but choice is also part of the equation. Hackers are not giving you a choice!

    I can wipe my drive from here to doomsday, and it does not keep the sustem from going bonzo on the next load. I have to admit that WinXP Pro is a great improvement, and I will order my next SP CD as soon as the new ones are minted.

    I recently was doing a book, and did not have the option to wipe, so I reinstalled 4 times over the old install, Windows 2, Windows 3 and Windows 4. I have just done a 13 pass zero wipe [full hard drive fill with zeros] with the HD manufacturer's floppy, doing a CMOS dead short at the end of each 4 to 5 passes. My first install of WinXP was a flop, I am not an administrator, even though there is no one else on the machine but me. I guess I will have to check the Run entries after I type Regedit!!

    This is almost demoralizing.
    Thanks for the help, and any other pointers you may have.
    Sally
     
  6. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    I don't know what else to suggest, I know of no virus or other malware that infects computer hardware, and I've never seen it mentioned in all my travels.

    There is NO way that a virus survives in your RAM after a power cycle, it just doesn't happen!

    It is theoretically possible to burn a virus into the FLASH that is on various components, the technical hurdles of doing so and still maintaining any semblance of the original function has so far precluded that from happening.

    If this were my machine, I'd start back at the basics. Download www.memtest86.com and run it for about a day to insure you have no memory issues. Download the disk manufacturer's diagnostics and do an extended diagnostic on the hard disk.
     
  7. W_C_Sally

    W_C_Sally Thread Starter

    Joined:
    Sep 11, 2003
    Messages:
    4
    Occam's razor is a phrase I have not heard in some time.

    I guess I substituted a definition of "Elegant Solution" from a Philosophy Class:

    The solution must be conceptually simple {obvious}, and apply to all instances and at all sizes and occurances of the problem. [i.e. robust and scalable].

    It is only our present poor level of understanding which compels all this complexity. ... on the other hand, once you have your feet wet, the complexity is pretty fun. ... assuming we all adhere to the basic morals and rules of the game ... which started with the minting of laws and coin and morality for those who did not grasp these moral basics innately .... I wonder if it was a clue?--that cluelessness???

    Wishing you a wonderful Holiday Season!
    Sally :)
     
  8. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    Best wishes back at you, but did you solve the problem? :D
     
  9. Whiteskin

    Whiteskin

    Joined:
    Nov 15, 2002
    Messages:
    1,964
    THis sounds really odd.... i mean How often do you ever see this kind of thing happen.... Never. If you didnt sound so angry i would think that you were pulling our collective leg!

    First things first. My suggestion would be..

    1. Wipe CMOS
    2. Wipe Drive.
    3. Usining Minimal amount of ram atempt to install windows.

    (BTW if this is a hardware problem, there would be diffrent errors... and there is no way that a virus would hide in your flash memory... other wise that device would not work... hmm... any devices that failed recently?)
    4. If that fails and it doesnt work.... I'd try a diffrent CD. Could be problems with the cd.
    5. Try another operating system, and see if anything simmilar comes up. If you have 98 around try that... or even try a free os.... FreeBSD is awesome, but you can get good support for Linux.
    6. If none of those work.... break down and cry... somehow your mobo really frelled up.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/164066

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice