More Computer Problems! I bet you are happy you checked in today!
Before I get going on this I just want to mention that I am going to name a hell of a lot of programs that are free for download, some of which are extremely usefull, I am not going to link to any of them though (nor am I going to link to the viruses and spyware that I mention). If you can not find one of the programs on your own just email me and I will point you to it. Now to the PC problems.
The PC with the problems this time was my Mother-in-Law’s. Even though my Brother-in-Law is Microsoft certified, he is strictly a hardware tech, this pc was having serious software problems. It turns out that I am this families resident computer geek so I got the joy of looking at it. Lucky me. It isn’t that I didn’t want to help them, more that I really hate getting involved with big pc problems since they can often take so long to fix that it would seem so much more effecient to throw it out and start with a new one. In this case that was not an option. A lot of files necessary for their business are on the machine, as well as a lot of imaging software (very expensive imaging software) that will not work on machines that are not running windows 98. Note that the machine is using windows 98 as a lot of the problems they were having would likely not have happened if it was a newer OS. Anyway, on to the problems.
I plugged the machine in on Monday evening. While it only has a 400mhz processor, it has 384mb of ram and two enormous hard drives, still a usuable system (in theory). It took, and this is not a joke, about fifteen minutes to get it booted to windows. That was just doing a normal startup and letting it load everything that was in it. Once it was loaded the mouse moved very slowly, like it would go an inch or so across the screen, completely freeze, then go another inch or so, rinse and repeat. I opened the task manager to see a listing of about 30 files, the PC being a Hewlit Packard I was able to quickly figure out which ones the machine was actually needing, but the others ran the gamit from outright viruses to malicious spyware to worms. Just for fun I tried to connect to the internet and it told me that there was no modem installed on it (even though they had been on the internet when my wife picked it up thirty minutes before), and it could not detect a modem when I tried to manually install it.
I ran Hijack This on it and found that there were about 100 things running that should not have been there. I deleted all of them with the Hijack This software and rebooted to find them all back. Next I went into msconfig and manually disabled all startup items, then I set it to load only the system.ini and win.ini (this is a trick I often use on my old pc to get better performance on graphics heavy games). The reboot went a bit faster this time, but Hijack This was still showing tons of crap that shouldn’t be there. This time I removed every single item that Hijack This had found, which would be a really bad idea if the pc wasn’t as totally hosed as it was. I was still not able to get it to detect the modem, so I booted to safe mode.
For reasons that I still don’t understand, the modem was detected in safe mode, but windows would not search for a driver in safe mode. I was thinking that I might have gotten rid of some registry crap that was killing the detection of the modem, that would require a restart to take effect. I ran Ad-Aware while in safe mode anyway, but it simply froze. Not the machine, just the program. So I booted it back up in the (I’ll call it clean boot) selective startup mode. The modem was no longer identified, the majority of the crap was back, and I was feeling a wee bit helpless. I said fuck it for the night, that being in addition to various other words of curse that I may have uttered at the piece of shit.
The next day it was on. The two biggest problems with the pc (as found by google searching for some of the files loaded) were a vicious spyware called ISTBAR and a recent virus named Bagle.b. I figured that the spyware was the reason that I was not able to run AD-Aware, so I decided to tackle that problem first. Symantec.com has a fix for it, but it could not even detect it on the PC, even though I could search for the term ISTBAR on the system and find over 40 references to it, all zip files, oddly. So I did what us back room techs do; I deleted every occurance of the ISTBAR that I found then ran Hijack This again. I found several files with ISTSVC.exe in them, so I searched for that term and deleted all of them as well. I closed everything that was running in the close program dialog -except explorer- and ran Ad-Aware again. It worked this time.
On the next clean boot Ad-aware would not run, but all references to ISTbar were gone. As a bonus the PC also detected a modem. Of course the modem driver could not be found solo online; I had to download a zip file with the driver for every operating system from windows 95 to windows xp, it was almost 5 megs, and I am on a dialup…Once the modem driver was installed, I was easily online, albeit very slowly. I then downloaded Spybot, Spyware Doctor, Startup Mechanic and Registry Mechanic. The only usefull file out of that bunch was the Startup Mechanic. It was not usefull in that it got rid of anything for me, no, it just showed the directory where I could find the file myself and delete it manually…Once again, in theory…
It actually took me cleaning the suspect files manually from the machine to get rid of the known garbage. The PC is running at least %1000 better now, but I am still not able to get rid of two files. One is in the system.ini and the other in the win.ini directory. The problem is that none of the software I used ever told me exactly where they were. In addition to that I am not able to get completely rid of a few references to the ISTSVC.exe that are in the startup group: As far as the computer is concerned there is no file with that name present, but I know it is there since I can see it when I run msconfig.
The viruses (and let me tell you she had the beagle.b virus, the Netzky virus, and one other that I can’t place) were far easier to take care of than the Malware. She (Mother-in-Law) is going to buy a new antivirus program and bring it over tomorrow to see if we can get rid of the last little signs of all the crap that was on the machine. I am honestly not all that optimistic about it, I mean if symantec.com can’t find it what are the odds that some other virus protection can? I must also mention that I re-subscribed to my Norton virus protection as a result of this. My thought was that I would be able to scan her machine using my info, that was not the case. I thought briefly about sticking her hard drive into my tower, but that idea was quickly nixed when I remembered how long it took me to get that hard drive to work correctly.
Perhaps it is the anal, perfectionist part of me that really wants to get rid of every single trace of the problem in her PC? I think most people would be happy to get it back in working order; probably ecstatic to see that it is working at least %1000 percent better. I dunno. I just really wish that I could find the system.ini file and the win.ini file that are seeming to keep it from running spyware and virus scans. Of course the software that would do that is worth more than the pc at this point.
Even as I type this I am downloading another program. If this one doesn’t find it, and if the antivirus that she buys doesn’t find it, then I am just going to show her how to use a couple of the programs that I downloaded. I will probably delete Hijack This from her machine since she really could do damage with it, but the program Startup Mechanic shows basically the same thing, only they identify the files by necessary, usefull, useless, harmfull or unknown. In my experience they have been right on every count. I do wish they knew what the unknown ones were though, since those are the same ones that no other program has been able to identify and point me to.
I sure hope that the next time I post it isn’t computer related. I would think that you share that sentiment, but if you actually read this whole post you must at least sympathize.