Jack

Go here

http://forums.techguy.org/19-hardware/

Join up, find the correct subforum and post your Hi Jack this

Some geek will help you out

I have sent two emails and have a geek standing by until after 1 am (geek hours)

Our first look shows that .dll is "the Task Scheduler interface library" (dll=Library). My XP pro box shows it's 256K and XP home shows 268k in size. My geek says "His must've been truncated to 0 bytes, Google Update is trying to schedule itself to run at a certain time but it can't load the library because it's 0 bytes"

A first check is search for a mstask.* (dot wild card) or open c:\Windows\System32\ and look for it there. This is because it may have had the ext changed by the virus.

There's only one mstask dot anything in the System32 folder -- mstask.dll, size 0kb. Can't seem to find an mstask anywhere else on the computer, either.

Opening it in Notepad, it's completely blank.

I sent you an e-mail with something to try. However, if the dll is blank, then it will have to be replaced. You may be able to do it using the Repair function on the Vista installation disk.

Try my suggestion and see if it helps.

I am also wondering id there are any other errors as well.

Here's another thought. Since that file is blank, you can get a copy of that dll from another computer running Vista with the same service pack and replace the blank with that file.

To fix one of the problems, go to control panel-> internet options-> connections and uncheck proxy server. There is a new bug that causes your computer to access all internet sites through it's "portal" of spam via a proxy server. This would not be triggered when accessing through the iPhone tethering. Hope this helps.

Best bet is to reinstall the OS, or, barring that, revert to a previous restore point. Any unauthorized program that is able to overwrite DLLs has surely installed undetectable rootkit.

Oh, instead of swapping to a Mac, why not swap to Linux?

Have been in deep transplant surgery.

we tried Lawrence's suggestion- Since that file is blank, you can get a copy of that dll from another computer running Vista.
The permissions is a major PITA

If you won't buy a Mac then maybe we could all chip in and give you one as a Holiday gift.

Root kit! Duh! They are still around? I haven't seen this one show up for several years. Not here but in other people's computer problems.

I'm glad you are up and running. I was pretty sure replacing the dll would help, but that would be insufficient to completely solve the problem.

On Vista, if permissions are a problem, you need to right click the task and use "Run as Administrator". There are two levels of Admin in Win7 for sure and I also believe it's true in Vista. That normally is all you need.

Of course, normal is a weasel word!

Windows is like owning a Yugo.

Vista is like owning a Yugo that was made by drunken Serbians at midnight after covering their hands in duct tape.

HEY! I protest on behalf of drunken Serbians!

To overcome permission problems you can boot from a live CD.
I use a Fedora live CD. The latest is here:
http://fedoraproject.org/get-fedora

Each OS has its purpose. No one needs to abandon one to occasionally use another.

It is useful to have a Live CD at hand so that if your Windows OS goes batty that you can boot from the Live CD and access the internet to search for answers.

It is useful for looking at hard drive partitions and managing them, if use wish. There is a convenient graphical interface (for common disk tasks). A geek can use ntfsclone (from the command line of a terminal window) to backup/restore a windows system partition (while paying very close attention to the source and destination parameters).

It seems to be the easiest way, for example, to locate and delete the hiberfil.sys file from the C drive. Or to get a copy of a .dll from one computer (copy to a flash drive) and copy it to another.

My work laptop got this same rootkit about a month ago now. I was able to clean it up and figured out which website I got it from. It's hit me 3 more times from that website so no more going back.

Unfortunatly my IT guy wont let me download the programs that would keep me from getting infected again. Symantec is what we get and nothing more and it is useless.

It had given itself the name "7uOCEI3," although I'll bet it goes by a different name with every infection.

Jeez, all it wanted was money to get back to Welches.

And Flynn wins the morning!

To give some feedback to those interested, I will give some of my own observations. The situation is late evening, 250 miles away. It appears from his post the main problem was removed but the damage done was not repaired. After a few web postings and emails we were connected through instant messaging. On this side are two geeks with over lapping skills surrounded by several computers running several OS's.

On Jack's side was the ability to use the computer and also showing a lot of ability.
For those in the know, sometimes you have to pull the HDD and use a separate computer to run a lot of different scanners to flush the "stuff" out. (Is nothing to find 30 to 60 Separate/different infections)

Also you have to take in the "ability" of your person at the keyboard. Jack is very bright and picked up things very quick and didn't need to be nursed along.
So on this side we started burning up the search engines I going one way and my co worker going the other. I feed Jack questions and instructions. Like some of you figured out, we couldn't just take a common name for the virus and get a pre made fix. We were not sitting in front of the puter with our bag of disks and hardware. We certainly didn't want to risk an overwrite of his data. After determining the use of the blanked file, we looked on replacement possibility's, install files and cache files. He had another system with vista and little of our intervention he was able to find the file and have it thumb drived to the ill computer. When he tried copy paste we discovered and had to quickly research the joy of "trusted installer" used in vista and win7
So we walked him through that, and "ta da" the new file pasted in. He rebooted and no error window. On his own he did some research through his logs and found traces of the culprit. He cleaned out the recycle file in case it was hanging there.

Some additional observations.
If you know computers you know there are 7 different ways to basically do the same thing. Afterwards we know what one was the fastest and easiest.
Before you recommend a OS, have you taken the time to see the what, when, where, and why of the user? Then what is the support? Ive built custom puters for friends and then figured out that the replacement should be a simple plug it in and turn it on from a big box store.

Great job, dman. Next time I am in a jam with a user, I'll send 'em to you!

My preferred working method is to sit by the machine and let me do my job. I would do poorly as phone support, although with someone like Jack, it would be a piece of cake!

A nagging issue still left is exactly what did it have? Was it a rootkit and could it be at least classified?

I went on line and looked at the whole rootkit problem, which I thought had been put to bed, but it hasn't. So I downloaded a rootkit revealer for Win7 64 and had a look at my system. No problems, as I expected, but I did find quite the collection of "hidden" files, a great many from Adobe. Nothing needed to be done with them, fortunately.

My recommend to Jack is that he upgrade to Win7. It's very stable even before any service packs and such. I used a Win 7 RC doing software validation and couldn't wait for the final release to update my box.

I also use MS Security Essentials and a router which functions as a hardware firewall and so far, so........uh oh!

No, just kidding!

Perfect skill set for a lawyer: an aptitude for cleaning up stuff that shouldn't have happened in the first place.

you need to right click the task and use "Run as Administrator".

It was harder than that. To overwrite that .dll file, you have to first "own" it, then give the administrator permission to mess with it. The way it was set up, the only person who had permission to write on it was "Trusted Installer," which I believe is Microsoft. The D Man walked me through it.

I was able to clean it up and figured out which website I got it from. It's hit me 3 more times from that website so no more going back.

Which site was that?

BTW, I don't do instant messaging, but then I remembered Facebook Chat! The D Man and I are now Facebook friends.

Never heard of trusted installer, Jack. It sounds like perhaps it was the builder of the computer, like Dell, although I don't see it on my second computer, which is a Dell.

I do know about taking ownership, and had to do that sometime back. It was a mess, I figured it out but then promptly forgot how! (old age I guess!).

I"m googling Trusted Installer now.

Happy it worked out and that Facebook Chat will do the job.

Ok, the way to take ownership from Trustedinstaller is exactly what I had to do:

http://tinyurl.com/ybc577v

This is for Win7 but I think if you check the website, Vista version should show up.

It's added to my kit of tools.

Drudge, IT says ads are being hijacked on multiple news sites to inject the rootkit.

First time it happened I had just updated flash so I'm guessing that's where the security hole is.

a curse on those worthless bas-stids that create malware,viri ( plural of virus??) and adware. And bountious blessings to those who know enough to spare us from the scourge of digital hell.
What makes someone want to create a virus or malware, anyways? Unloved as a child? Bedwetters?

Unfortunately I happen to know a lot about that the type of sociopath that is wired to crave negative feedback. Think fire starters and the person that shouts POOP in a crowded restaurant...

Think fire starters and the person that shouts POOP in a crowded restaurant...

Think Russian and living the dream with several M3s and paid-off law enforcement...

http://www.msnbc.msn.com/id/39916705/ns/technology_and_science-security/

I've had continual problems with eastern Europeans for >10 years due to software piracy, both from myself and clients. Sadly, there is next to nothing that can be done to reach them.

PJB.. Word.

Well, there are several things to notice about malware. Maybe for now I can put a sock in it, but ....

Yeah, what somebody said, in your situation, Jack, get Win 7.

Someone else said get Linux, some version. That's best. ... but, there's that learning curve thingie

Either way, get to gathering a toolbox, bag o' tricks, like dman and Lawrence gather for themselves and their clients -- arm yourself with know-how or else hire someone 24/7 who knows how, (like what you are saying about "the great gift the readership" support network is, just that hiring a steady 'cornerstone' person to facilitate the support, and network, makes it formal and better ... and it decrements joblessness by 1 ... maybe its even non-profit tax-deductible although I am sure that you will look at that angle first of all).

You don't have to get a mac, but I do wonder why someone who loves them some iPhone doesn't want that same sort of experience in their computer.