no desktop picture, why?

Date when first noticed


I deployed over 20000 XP SP1 systems with up to date patches last aug 2004. None of these systems have had this issue. I have seen this on lots of PC's I fix for people outside of work that were not up to date.

I agree with what you are surmising. Can you recall the first time you ran across this issue and what service packs were install, or more important what was not installed.

Thinking about it, I believe the first time I personally came across this particular nasty was about a month ago - on a college kid's computer. That one had all sortsa P2P stuff, of course, along with MIRC, ICQ and MessengerPlus, and plain old WinXP Home OEM, not even SP1 - no updates whatsoever - not even to the long-expired, never-activated 90-day trial of Norton AV that came on the thing. That machine was one of the worst I've ever seen; so screwed up format-and-reinstall turned out to be the practical answer - couldn't even make any headway using BARTPE; even the BIOS was corrupt. Since then, I've seen it several times, in various guises, all, as I recall, on machines lacking Windows and/or IE updates from around May-June of this year or earlier, as I mentioned, I've not seen a fully current SP2 machine affected - something which may just mean I haven't seen one yet.

The more I think about this, it seems to me it just might be related either to smitfraud or wintools, but that impression also could be due to the coincidence of finding all of them together on the same machines. While not an absolute, one fairly common coincident occurence is the presence of any or several of the P2P/Filesharing apps known to be yuckware vectors, if not themselves actual carriers, and apart from being vectors for infection, many in fact bear yuckware incorporated into their code.

If I were better organized, I prolly could help you further track this one down, and I woulda noticed this one right off, but I ain't, and I didn't - I generally take infected machines one-at-a-time, as presented. Most often, online scans, particular reputable free antiyuckware apps, and/or standard downloadable fixes clean things up pretty reliably, but once in a while, there comes along something a little trickier. This was one of them, and it took me a while to realize it.

In the troublingly tricky category, btw, are Hidden Alternate Data Streams[/i][/u] and rootkit-based exploits - fortunately, though very, very resistant to detection and cleaning, they're still relatively rare, and considerable ongoing effort among the antiyuckware community is bringing about more and more effective countermeasures. Its a war out there, and viruses no longer are the main enemy; they haven't gotten any tamer, but their freinds, relatives, and allies are getting meaner every day, with Organized Crime taking an increasingly dominant role.

Here is come interesting and supportive reading. You are probably aware of them but the P2P reference rang a bell.

http://forums.net-integration.net/index.php?showtopic=3051
http://forums.techguy.org/t394874.html
http://www.able2know.com/forums/viewtopic.php?p=1581419#1581419

The last one is close to your post. It may be a complete solution.

LOL - I think you meant the one from techguy.org was close to This post of mine - you linked to the post of mine just above your latest :wink:

CookieGal, the advisor on that one at techguy, is real good, better than me, really; I'm quite familiar with her work, and respect her abilities greatly. I feel pretty good about my suggested fix for laydback's problem, seeing that CookieGal went the same direction on a similar problem :cool:

Oh, and if I came off a little mean to you at first, thats mostly 'cause I'm very engaged in the yuckware fight, have been for years, and I'm deficient in social skills :wink:

Goofy hugh


I have been working pc's as toys for a long time. I have not relied too much on articles on the net. I usually find my own solutions. I worked for Digital Equipment for over twenty years. I got used to our own internal support. I miss working on Alpha's, Vax's, PDP11's, and PDP8's. We did not have security issues like what happens in this toy land.

Don't be offended by me I am sometimes set in my ways.

No problem. I ain't particularly noted for flexibility either. Deep in the dark recesses of my past are Honeywell and IBM - go figure.

I hasten to add, though, I never was a "Suit" :wink:

Did you work at Maynard? DEC was sure a key ancestor of today's computer scene. I sorta remember the first PDP I saw - a PDP 4, I think, in the early '60s, and I put in some hours on PDP 8s, PDP 11s, and VAX/VMS machines way back when. I remember Decnet/DEC Pathworks well. As I'm sure you know, some PDP 11s are still in day-to-day service, in control and monitoring applications - a few even in nuclear power plants. Thats pretty impressive.

Its really sad the way DEC fell apart, literally piece-by-piece - I think Olsen and Anderson were blindsided by the future they were so instrumental in creating, and Palmer was damned near as clueless about what was required to survive in the rapidly changing environment. Ironic that much of the driving force changing the environment so rapidly came right out of DEC.

A book you might enjoy, if you haven't already come across it;
DEC is Dead, Long Live DEC: The Lasting Legacy of Digital Equipment Corporation

Read it and lived it. You are very accurate about the impact DEC had on todays hardware and software.

I have seen a PDP4 and a PDP1 long time ago. I worked out of the Henderson Kentucky Field Service Office and covered 140 mile radius.

Most of the Automation machines I installed and maintained are still in use, they just don't break.

I love VMS and the way security was inbeded in the operation codes by the processor status long word. It truly allowed protection between virtual processor spaces.

I was privileged to have Dave Cutter give a lecture in about 1980 in Bedford while I was at school for VMS Level II internals and device drivers.

Dave wrote the Kernel, Pager, queue manager, and swapper for VMS. Guess who wrote WNT.

Take the next letter in the alphabet from VMS
V ->W
M ->N
S ->T

I could read the first WNT blue page dump the first time I saw one.

Billy G. pirated just about everything. What he didn't get Intel now has. Now security is not implemented in hardware, big loss.

Water under the bridge.

If you ever need documentation on any DEC stuff I am your man, when the office closed I was responsible for disposal of print sets and manuals. I also have a complete set of microfiche. Guess where they are located.

My son is a Senior in CS @Purdue and he has a PDP11/23 with 8"floppies and RL02's. It has RT11 version 3b running. I also have a picture of Bill G. while he was in school at Cambridge sitting at the console of the same type of machine, typing on a LA120 printer/terminal. The similarity to MSDOS is startling. and RT11 runs better even now, just doesn't have nested folders. He is trying to install Linux and add it to his cluster.

I get depressed sometimes thinking where computing should be now, instead look at what we have. Very few people really know why we are where we are now. And what could have been.

Nice to meet you.

Mis-Spelled his name "Dave Cutler". He was Harley Biker. Smartest man I ever listened to on OS