Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#198953 - 17/01/2004 11:16 Can't disconnect!
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
I've been working on my girlfriend's dad's computer. They were so hopelessly overrun with adware, spyware, and viruses that the whole system was nearly impossible to use. Browsing the internet was impossible due to all the browser hijacks running on his system.

I brought over a disc with all kinds of software on it, but mainly AdAware, Spybot, and AVG. The final results: over 600 objects found in Adaware and Spybot, and a total of 61 viruses. I have no idea what the hell these people are doing with their computer.

I had him buy AdAware Plus so he could have that Ad-Watch program it comes with. He needs it since he won't run these tests very often.

So the final problem is that of his modem. It seems it's impossible to get his dialup modem to stop attempting to connect. He's always had this problem, so I think it's unrelated to the crap that was on his system. During one reboot, the Windows GUI hadn't finished loading and his modem was already attempting to connect to his provider. Then if you attempt to disconnect from the service, it will, but it'll just start connecting again.

What could the problem be?
_________________________
Matt

Top
#198954 - 17/01/2004 11:20 Re: Can't disconnect! [Re: Dignan]
pgrzelak
carpal tunnel

Registered: 15/08/2000
Posts: 4859
Loc: New Jersey, USA
Look to see if he has anything that he is (by default) trying to access remotely. A network share. An IP address. It might be that there is something there (spyware? virus?) that is trying to call home over IP, and his network settings are rigged to try an autoconnect on demand.
_________________________
Paul Grzelak
200GB with 48MB RAM, Illuminated Buttons and Digital Outputs

Top
#198955 - 17/01/2004 12:22 Re: Can't disconnect! [Re: Dignan]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Can't you simply tell the dial-up connection to "Never dial"? Then he can just manually connect with an icon when he wants to. Having windows set to automatically dial is so dangerous and irritating, I don't see why people like that feature at all.

Odds are, the thing that's trying to dial is a program in the startup group, the load= or run= lines in the win.ini, or a program in the run sections of the registry. Maybe it's even AVG or Ad-Aware trying to look for the latest updates. So your only defense would be to disable the automatic dialing or remove the offending programs.
_________________________
Tony Fabris

Top
#198956 - 17/01/2004 12:29 Re: Can't disconnect! [Re: tfabris]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
I'll look, but I haven't heard of that "Never Dial" option before. Interesting.

How would I create that icon??
_________________________
Matt

Top
#198957 - 17/01/2004 12:44 Re: Can't disconnect! [Re: Dignan]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Microsoft keeps moving the location of the options around in each version of Windows. I'm not sure where it lies in your version. On my OS (windows 2000) you do it thusly:

Run Internet Explorer. Select Tools, Internet Options, Connections. You should see a box with the dial-up connection in it. Hopefully there's only the one. You can set its settings from there. The "Never Dial a Connection" is the first option.

To create the desktop icon for dialing, you have to locate the dial-up-networking screen. Again, microsoft keeps changing the way you reach this screen, so you'll have to find it yourself. On win2k, you reach it thusly:

Start, Settings, Control Panel, Network and Dial-up Connections. On that screen should be the icon for the dial-up account. Use the right mouse button to drag that to the desktop and select "Create Shortcut Here".

_________________________
Tony Fabris

Top
#198958 - 17/01/2004 12:56 Re: Can't disconnect! [Re: Dignan]
g_attrill
old hand

Registered: 14/04/2002
Posts: 1172
Loc: Hants, UK
I used SpyBot on a relative's computer last week - it found five porn diallers and one resident keylogger! I ran AdAware afterwards and it picked up a few cookies and crap files.

Gareth

Top
#198959 - 17/01/2004 16:49 Re: Can't disconnect! [Re: g_attrill]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
I really only used Spybot because this computer was in such bad shape. In general I dislike using it because I ran it on my system once and felt that it had too broad an opinion on what is spy/adware. It found several files in games on my systems which were links to game demos and such. They weren't hurting anyone, but it was picky.

Thanks for the help, Tony. This is XP, but the procedure is the same.
_________________________
Matt

Top
#198960 - 17/01/2004 16:53 Re: Can't disconnect! [Re: tfabris]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12341
Loc: Sterling, VA
*edit*
Found the correct properties menu. It's annoying that there's a different properties menu for the same connection depending on if you get to it through IE or Network Connections. I think it's getting solved.

I seem to remember there being some way to see exactly what is being run at startup (aside from the "Startup" program folder). What was it?


Edited by DiGNAN17 (17/01/2004 17:35)
_________________________
Matt

Top
#198961 - 17/01/2004 17:57 Re: Can't disconnect! [Re: Dignan]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
I seem to remember there being some way to see exactly what is being run at startup (aside from the "Startup" program folder). What was it?
I listed them earlier in the thread. The ways something can run at startup are:

- Startup group.
- Load= and Run= lines in win.ini.
- A group of registry entries with names all starting with RUN.

The location of the run registries are HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, and there are several of them.

The trick with messing with the registry is that there are some entries which are supposed to be there and you'll kill your system if you delete the wrong ones. Since the correct answer to this question varies from system to system, this is the farthest I can go with support on this. Perhaps there's a web site that covers this in detail that someone could link for you.
_________________________
Tony Fabris

Top
#198962 - 17/01/2004 18:42 Re: Can't disconnect! [Re: Dignan]
Yonzie
journeyman

Registered: 21/09/1999
Posts: 71
Loc: Denmark
If you run win98, I believe you can run `msconfig' (ditched win98 in 2000 or so) ...
Start > Run > "msconfig" > ok
_________________________
#00182, 10GB, Amber, Denmark, Peugeot 206, Rebuilding my stereo - great things to come

Top
#198963 - 17/01/2004 20:17 Re: Can't disconnect! [Re: Yonzie]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
MSConfig also works in XP, and is a much better way to get rid of startup items compared to editing the registry by hand.

Top
#198964 - 18/01/2004 00:33 Re: Can't disconnect! [Re: drakino]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
I've seen the mess MSConfig makes of the run entries in the registry, and actually I prefer to do it by hand.

(MSConfig copies off prior versions of the sections into new key names when you make edits. I understand why they do it, I'm just (a) more of a hands-on guy, and (b) anal retentive about not leaving crap on the system I don't need to.)
_________________________
Tony Fabris

Top
#198965 - 18/01/2004 11:27 Re: Can't disconnect! [Re: tfabris]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
Oh, being that it is an NT based OS (XP), it has one last place to check for startup items, the Services section of computer managment. To make the task a bit easier to find forreign services, use MSConfig and go to the services tab. At the bottom, hit the "Hide All Microsoft Services" and you should be left with only 3rd party ones.

Top
#198966 - 19/01/2004 09:32 Re: Can't disconnect! [Re: drakino]
JBjorgen
carpal tunnel

Registered: 19/01/2002
Posts: 3584
Loc: Columbus, OH
Also, for the sake of completeness while we're in the registry, Tony mentioned the registry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
...

But failed to mention:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
...

Which is where programs like AIM like to hide.
_________________________
~ John

Top
#198967 - 19/01/2004 10:18 Re: Can't disconnect! [Re: Yonzie]
Phoenix42
veteran

Registered: 21/03/2002
Posts: 1424
Loc: MA but Irish born
http://www.mlin.net/StartupCPL.shtml
Something similar to MSConfig I assume.
I haven't used it as I work through the registry most of the time.

Top
#198968 - 19/01/2004 12:04 Re: Can't disconnect! [Re: JBjorgen]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
I didn't realize that a key under CurrentUser would even work. Thanks for the heads-up.
_________________________
Tony Fabris

Top