I wonder what you all will think of this.

My hard disk went on my Thinkpad T30 and IBM sent me 3 recovery CD's for XP Pro.

It took about three hours to load these. I connected to the internet and started to download Netscape as the first stage of recovering my other software. After a short while (20 minutes?) , my machine suddenly reboooted for no apparent reason. At this point, it occurred to me to implement the XP Pro firewall on my connection.

I restarted the download which became very slow and kept disconnecting. At one point when it had stopped downloading, I happened to notice that there was considerable outbound traffic on my network connection, even though I felt that there should be no traffic in either direction. I checked and found that my T30 had sent 426,117 packets yet had only received 53,872. When I disconnected from my network, no process on the T30 complained that the connection was broken., but as soon as I reconnected, it started to send out a stream of data again and continued to recieve at a lesser rate.

I know of no way to find out on XP which process is transmitting data (although it may exist). In Task Manager, I found that DLLHost .exe was consuming between 55 & 98% of processor time. A search on google suggested that this was a virus.

I do not know whether, if I had implemented the firewall immediately, I would have had the problem.

I logged a call to IBM UK support.

I explained what had happened. I said that that the T30 had been manufactured in January 2003 yet the recovery CD's were dated August 2002. I felt that IBM should either have sent out a recovery CD for the current state of XP Pro or the original ones with an extra CD with MS service packs and patches. But most importantly, how was I going to recover?

Of course I knew what the answer would be before I asked the question - "Re-install the recovery CD's". I said that I had better things to do and that it would probably happen again as soon as I did. The conversation went round and round in circles. My view was and is that IBM had supplied a product - XP Pro - that was not of marketable quality and I said so. I was advised to contact Microsoft but I said that I had no contract with them as it was IBM that had sold the product. I was also told that the T30 as supplied had a recovery partition, but I explained, through gritted teeth(!), that that was of little use if the disk had gone. I was also told that if I were to purchase a brand new T30 today it would have the August 2002 version of XP Pro without any service packs. I said that I found that hard to believe.

In the end, all I was able to do was to log a compliant. I received no help in working out what damage the virus might have done, although I did find a lot of empty folders in Windows/system32 created or modified after I had re-installed XP Pro, presumably when the virus was active. I have killed it but don't know whether I really have to start installation again.

The newly created/modified folders in Windows/system32 include

3com_dmi
1025
1028
1031
1033 (& others)
CatRoot
CatRoot2
Com
Config
....
Reinstall Backups

etc.

They all seem to be empty.

Does anyone know if they have any purpose? Should they have any contents?

Any ideas what the virus might have been transmitting and to whom?

Maybe these were created during installtion and modified by the virus

Do you think I should re-install or rely on Anti-virus software to sort it out?

What do you think of IBM's response?

PC's are supposed to be consumer products which we can just turn on and use but they are not. I believe that IBM and other large suppliers should put severe pressure on Microsoft to improve the quality of their products. Of course, what can they do if MS does nothing other than to create new, equally bad, products, is not clear, but I am beginning to think of trying Linux, although I don't wish to become a Linux expert.

It is totally unacceptable that an effectively new machine should acquire a virus so soon after startup.

Many thanks

Rob Dixon






As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.