I wonder what you all will think of this.
My hard disk went on my Thinkpad T30 and IBM sent me 3 recovery CD's for
XP Pro.
It took about three hours to load these. I connected to the internet
and started to download Netscape as the first stage of recovering my
other software. After a short while (20 minutes?) , my machine suddenly
reboooted for no apparent reason. At this point, it occurred to me to
implement the XP Pro firewall on my connection.
I restarted the download which became very slow and kept
disconnecting. At one point when it had stopped downloading, I happened
to notice that there was considerable outbound traffic on my network
connection, even though I felt that there should be no traffic in either
direction. I checked and found that my T30 had sent 426,117 packets yet
had only received 53,872. When I disconnected from my network, no
process on the T30 complained that the connection was broken., but as
soon as I reconnected, it started to send out a stream of data again and
continued to recieve at a lesser rate.
I know of no way to find out on XP which process is transmitting data
(although it may exist). In Task Manager, I found that DLLHost .exe was
consuming between 55 & 98% of processor time. A search on google
suggested that this was a virus.
I do not know whether, if I had implemented the firewall immediately, I
would have had the problem.
I logged a call to IBM UK support.
I explained what had happened. I said that that the T30 had been
manufactured in January 2003 yet the recovery CD's were dated August
2002. I felt that IBM should either have sent out a recovery CD for the
current state of XP Pro or the original ones with an extra CD with MS
service packs and patches. But most importantly, how was I going to
recover?
Of course I knew what the answer would be before I asked the question -
"Re-install the recovery CD's". I said that I had better things to do
and that it would probably happen again as soon as I did. The
conversation went round and round in circles. My view was and is that
IBM had supplied a product - XP Pro - that was not of marketable quality
and I said so. I was advised to contact Microsoft but I said that I had
no contract with them as it was IBM that had sold the product. I was
also told that the T30 as supplied had a recovery partition, but I
explained, through gritted teeth(!), that that was of little use if the
disk had gone. I was also told that if I were to purchase a brand new
T30 today it would have the August 2002 version of XP Pro without any
service packs. I said that I found that hard to believe.
In the end, all I was able to do was to log a compliant. I received no
help in working out what damage the virus might have done, although I
did find a lot of empty folders in Windows/system32 created or modified
after I had re-installed XP Pro, presumably when the virus was active.
I have killed it but don't know whether I really have to start
installation again.
The newly created/modified folders in Windows/system32 include
3com_dmi
1025
1028
1031
1033 (& others)
CatRoot
CatRoot2
Com
Config
....
Reinstall Backups
etc.
They all seem to be empty.
Does anyone know if they have any purpose? Should they have any contents?
Any ideas what the virus might have been transmitting and to whom?
Maybe these were created during installtion and modified by the virus
Do you think I should re-install or rely on Anti-virus software to sort
it out?
What do you think of IBM's response?
PC's are supposed to be consumer products which we can just turn on and
use but they are not. I believe that IBM and other large suppliers
should put severe pressure on Microsoft to improve the quality of their
products. Of course, what can they do if MS does nothing other than to
create new, equally bad, products, is not clear, but I am beginning to
think of trying Linux, although I don't wish to become a Linux expert.
It is totally unacceptable that an effectively new machine should
acquire a virus so soon after startup.
Many thanks
Rob Dixon
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.