A8V Deluxe - To Raid or not to Raid, that is the question

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

In article <m01s21dnlp66fc5bpsf09495db1vu7seso@4ax.com>,
donald@SafetyPin.odcombe.demon.co.uk says...
>
>
>I hang my head in shame, tail between legs and exit stage left,
>groveling all the way :=}
>
>Wayne, its been a delight to chat...


Yeah, it sounds like it Sorry, I didnt mean it that way, was just hoping
to be helpful. Looking back now, it probably stemmed from missing quotes
being a problem on the source too.

Instead of being optimistic, programmers develop this flaw in character of
always looking for anything might possibly might go wrong. Makes them gloomy
in society, but the code usually works better that way

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

On Tue, 08 Mar 2005 15:19:58 -0600, Wayne Fulton <nospam@invalid.com>
wrote:

>In article <m01s21dnlp66fc5bpsf09495db1vu7seso@4ax.com>,
>donald@SafetyPin.odcombe.demon.co.uk says...
>>
>>
>>I hang my head in shame, tail between legs and exit stage left,
>>groveling all the way :=}
>>
>>Wayne, its been a delight to chat...
>
>
>Yeah, it sounds like it Sorry, I didnt mean it that way, was just hoping
>to be helpful. Looking back now, it probably stemmed from missing quotes
>being a problem on the source too.
>
>Instead of being optimistic, programmers develop this flaw in character of
>always looking for anything might possibly might go wrong. Makes them gloomy
>in society, but the code usually works better that way

Nahhhh - I didn't take it in the way you thought - trouble with
typing, you can't get the intonation...

Machine now crashing 3 times out of 4 boots now, so I may have to do
the biz sooner than later. Just taken me an hour to 'export' outlook
files (1000+ emails and 521 addresses in the book + appointments et
al!)

I still want to retrieve other valuable data (such as DOOM 3 Levels)
before I do the Format C jobby!!!!

I really do appreciate the time and trouble you have gone to, to help
me. And indeed the others who gave valuable guidance...

I'll catch you later - how much later depends on Uncle SATA!

Cheers...


--
Donald Gray
Putting ODCOMBE on the Global Village Map!
www.odcombe.demon.co.uk
You do not have to email me, but if you wish to...
Please remove the SafetyPin from my email address first
Thanks

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

On Mon, 07 Mar 2005 21:23:38 -0600, Wayne Fulton <nospam@invalid.com>
wrote:

>In article <ll0q21dnktcc2vbbjkape2jasuap90k3hv@4ax.com>,
>donald@SafetyPin.odcombe.demon.co.uk says...


>All the VIA drivers are online at http://www.viaarena.com
>so it shouldnt be any problem. There are also user forums there.
>( This is a link from http://www.via.com.tw/en/ )

Hi Wayne (and Paul, Ben & the KC man)
A big THANK YOU for all your help, I am now up and running with RAID
consigned to the history file.

2 x 200Gb sitting on sata ch0 & ch1, looking as C & F - I would like
to have had them as C & D but...

All I have to do now is rebuild the machine. I followed the mobo
manual and stripped it down as a bare bones machine - Audigy 2zs, WiFi
board, additional usb2 board etc needs putting back, the appropriate
drivers & Software for them.

Next job - install firewall (AV already in!) Giant Antispy and Ghost.
The latter will be in conjunction with your idea of using a batch file
to do the initial backup and then incremental backups....

I certainly learned much over the last 48 hours or so.... Thanks
again.
--
Donald Gray
Putting ODCOMBE on the Global Village Map!
www.odcombe.demon.co.uk
You do not have to email me, but if you wish to...
Please remove the SafetyPin from my email address first
Thanks

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

> Hi Wayne (and Paul, Ben & the KC man)
> A big THANK YOU for all your help, I am now up and running with RAID
> consigned to the history file.
>
> 2 x 200Gb sitting on sata ch0 & ch1, looking as C & F - I would like
> to have had them as C & D but...

You can change the drive letters of your drives by going into Control Panel/
Administrative Tools/Computer Management/Storage/Disk Management.
Right click on each drive and you will see that option. You
should move your optical drive letters down the list first
so you can open up the D: letter for your 2nd hard drive.


---
Kevin Chalker, Owner KC COMPUTERS
E-mail: kc@kc-computers.com Web: www.kc-computers.com
Internet dealer since 1991!!! See WWW.RESELLERRATINGS.COM!!!

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

On Thu, 10 Mar 2005 17:22:55 GMT, "KC Computers"
<kc@REMOVEkc-computers.com> wrote:

>> Hi Wayne (and Paul, Ben & the KC man)
>> A big THANK YOU for all your help, I am now up and running with RAID
>> consigned to the history file.
>>
>> 2 x 200Gb sitting on sata ch0 & ch1, looking as C & F - I would like
>> to have had them as C & D but...
>
>You can change the drive letters of your drives by going into Control Panel/
>Administrative Tools/Computer Management/Storage/Disk Management.
>Right click on each drive and you will see that option. You
>should move your optical drive letters down the list first
>so you can open up the D: letter for your 2nd hard drive.

Hi Kevin
Thank you for the comment. I had thought of that but read somewhere
that re-assigning optical drive letters can lead to problems with some
software looking for the drive from which it was installed. I then
decided that I can put up with second hard drive being F. I intend it
being the internal 'Backup' drive. I was only being an 'old dog' but I
guess I have to learn the new trick!
--
Donald Gray
Putting ODCOMBE on the Global Village Map!
www.odcombe.demon.co.uk
You do not have to email me, but if you wish to...
Please remove the SafetyPin from my email address first
Thanks

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

On Fri, 04 Mar 2005 16:43:06 +0000, Donald Gray
<donald@SafetyPin.odcombe.demon.co.uk> wrote:

>Current setup:
>A8V Deluxe with Athlon 63FX-35
>1Gb DDR 400mhz
>2 x 200 Gb SATA Maxtor DiamondMax Plus 9 in Raid 0 (Performance)
>XP Home
>
The machine is almost rebuilt...

I have a problem/query reference "run.exe". Is this a legitimate file
or is it a 'nasty'? Can anyone shed light on this please. see below

history:
Machine was stripped down of all non essential peripherals.
reconfigured from Raid0 to 2 conventional 2 x sata drives.
ex raid drives partitioned & formatted.
used ASUS and Via branded drivers etc and all is well.
installed XP Home & activated
upgraded to XP Home sp2
installed my ISP's adsl kit to get on Internet
installed Forte Agent News reader

At this moment in time those are the only programmes *I* have put on
the machine. Certainly no key logger or the like that I know of.

I then went on line and XP Firewall reported that run.exe was trying
to access Internet.

I then installed Zone Alarm Pro 5 - That reports same thing but with
more detail. It wants to log on to 163.17.30.18 port 6444 (Somewhere
in Australia)

A google search shows run.exe could be part of Bedrill Trojan.
Associated Trojan files: sisinfo.exe, mkernel.dll,mcom.dll and
inst.exe were not present on my system (Searched hidden files as well)
so I feel it is not a Trojan.

run.exe is sitting comfortably in C:\windows\system32 - the instant I
am logged on to Internet it wants access - so far denied.

Advice please...
Is it benign or nasty?
which programme put it on the machine?
what does it do?

Am I getting paranoid now? YES! [:=]]]]] (tin hat time!)


--
Donald Gray
Putting ODCOMBE on the Global Village Map!
www.odcombe.demon.co.uk
You do not have to email me, but if you wish to...
Please remove the SafetyPin from my email address first
Thanks

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

On Fri, 11 Mar 2005 11:55:46 +0000, Donald Gray
<donald@SafetyPin.odcombe.demon.co.uk> wrote:



>A google search shows run.exe could be part of Bedrill Trojan.
>Associated Trojan files: sisinfo.exe, mkernel.dll,mcom.dll and
Correction:
sisinfo.exe should read sysinfo.exe
--
Donald Gray
Putting ODCOMBE on the Global Village Map!
www.odcombe.demon.co.uk
You do not have to email me, but if you wish to...
Please remove the SafetyPin from my email address first
Thanks

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

In article <f503315bsfg18a3dib31kgg9tk9ima6jcb@4ax.com>,
donald@SafetyPin.odcombe.demon.co.uk says...

>I have a problem/query reference "run.exe". Is this a legitimate file
>or is it a 'nasty'? Can anyone shed light on this please. see below

Dont know, but I dont have any file named run.exe on my XP Home SP2
system.

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

In article <ieq131l75o1mu23712873vnlm0rs3q56uh@4ax.com>,
donald@SafetyPin.odcombe.demon.co.uk says...

>Thank you for the comment. I had thought of that but read somewhere
>that re-assigning optical drive letters can lead to problems with some
>software looking for the drive from which it was installed.

Some software does, but it will also have a Browse button so that their file
dialog can always be updated to the new drive letter, when and if it comes up.

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

On Fri, 11 Mar 2005 14:13:10 -0600, Wayne Fulton <nospam@invalid.com>
wrote:

>In article <f503315bsfg18a3dib31kgg9tk9ima6jcb@4ax.com>,
>donald@SafetyPin.odcombe.demon.co.uk says...
>
>>I have a problem/query reference "run.exe". Is this a legitimate file
>>or is it a 'nasty'? Can anyone shed light on this please. see below
>
>Dont know, but I dont have any file named run.exe on my XP Home SP2
>system.
Thanks for the info. I have it blocked in Zone Alarm from access to
the net. Its name worries me!

I think I shall rename it run.exeOLD and leave it there for a while
and see if anything pops up to gripe about it missing, then later
trash it.

Cheers

--
Donald Gray
Putting ODCOMBE on the Global Village Map!
www.odcombe.demon.co.uk
You do not have to email me, but if you wish to...
Please remove the SafetyPin from my email address first
Thanks

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

In article <rgi5311ra3vmnibbjhs7ja54imt5g2n9tj@4ax.com>,
donald@SafetyPin.odcombe.demon.co.uk says...
>
>Thanks for the info. I have it blocked in Zone Alarm from access to
>the net. Its name worries me!
>
>I think I shall rename it run.exeOLD and leave it there for a while
>and see if anything pops up to gripe about it missing, then later
>trash it.


I assume you have seen this:

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.stanex.
html

However it says it installs at \windows\run.exe, and other places too.
Maybe a variation, but file size 408730 bytes may indicate if same or
not?

I was puzzled, you said XP Firewall blocked it, but I didnt think XP
firewall blocked outgoing?

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

On Sat, 12 Mar 2005 10:34:46 -0600, Wayne Fulton <nospam@invalid.com>
wrote:



>http://securityresponse.symantec.com/avcenter/venc/data/backdoor.stanex.
>html
>

No, its not there... BUT checking registry, I have fount:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, a
key: run = run.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Krypton\"C-WINDOWS-System32-run.exe"
key: K-Key = [8 digit hex number]

HKEY_LOCAL_MACHINE\SOFTWARE\Krypton\C-WINDOWS-System32-run.exe
key: K-Key = [different 8 digit hex]

HKEY_LOCAL_MACHINE\SOFTWARE\Krypton 1728 "C-WINDOWS-System32-run.exe"
key: K-Key = [another 8 digit hex]

HKEY_LOCAL_MACHINE\SOFTWARE\Krypton\run.exe"
key: K-Key = [another 8 digit hex]


Interesting dialog on: http://forum.aumha.org/viewtopic.php?t=12117

Might be traces of a Trojan - dunno - I feel inclined to format C
again and check registry at each stage of reinstall to find out where
the little ah heck is coming from!

I'll let you know

In the meanwhile, If anyone can shed any info on KRYPTON or RUN.EXE
please post info - thanks
--
Donald Gray
Putting ODCOMBE on the Global Village Map!
www.odcombe.demon.co.uk
You do not have to email me, but if you wish to...
Please remove the SafetyPin from my email address first
Thanks

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

On Thu, 10 Mar 2005 17:22:55 GMT, "KC Computers"
<kc@REMOVEkc-computers.com> wrote:

>You can change the drive letters of your drives by going into Control Panel/
>Administrative Tools/Computer Management/Storage/Disk Management.
>Right click on each drive and you will see that option. You
>should move your optical drive letters down the list first
>so you can open up the D: letter for your 2nd hard drive.

Have now done so. I shall probably be doing a format C and doing a new
installation in next few days... (XP sp 2 disk just arrived from
Machine manufacturers - I'll use that rather than first edition and
upgrade to sp2.)

Cheers & Thanks
--
Donald Gray
Putting ODCOMBE on the Global Village Map!
www.odcombe.demon.co.uk
You do not have to email me, but if you wish to...
Please remove the SafetyPin from my email address first
Thanks

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

Donald Gray wrote:
> On Thu, 10 Mar 2005 17:22:55 GMT, "KC Computers"
> <kc@REMOVEkc-computers.com> wrote:
>
>
>>You can change the drive letters of your drives by going into Control Panel/
>>Administrative Tools/Computer Management/Storage/Disk Management.
>>Right click on each drive and you will see that option. You
>>should move your optical drive letters down the list first
>>so you can open up the D: letter for your 2nd hard drive.
>
>
> Have now done so. I shall probably be doing a format C and doing a new
> installation in next few days... (XP sp 2 disk just arrived from
> Machine manufacturers - I'll use that rather than first edition and
> upgrade to sp2.)

You can do that yourself if you have a burner, it's called slipstreaming:

http://www.winsupersite.com/showcase/windowsxp_sp2_slipstream.asp

Ben
--
A7N8X FAQ: www.ben.pope.name/a7n8x_faq.html
Questions by email will likely be ignored, please use the newsgroups.
I'm not just a number. To many, I'm known as a String...

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

Donald Gray wrote:
> In the meanwhile, If anyone can shed any info on KRYPTON or RUN.EXE
> please post info - thanks

It's probably a variation of W32.Kwbot, there are several.

Ben
--
A7N8X FAQ: www.ben.pope.name/a7n8x_faq.html
Questions by email will likely be ignored, please use the newsgroups.
I'm not just a number. To many, I'm known as a String...

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

On Sun, 13 Mar 2005 15:21:51 +0000, Ben Pope
<ben_popeREMOVE_ME@hotmail.com> wrote:

>Donald Gray wrote:
>> In the meanwhile, If anyone can shed any info on KRYPTON or RUN.EXE
>> please post info - thanks
>
>It's probably a variation of W32.Kwbot, there are several.
>
>Ben
Hello Ben

I have spent a few hours trawling the AV, anti spy, Google, Yahoo et
all trying to track down what dropped the files there , especially the
HKEY_LOCAL_MACHINE\SOFTWARE\Krypton\ entries in registry...

I have check the entries against all the various viruses, Trojans,
worms and spyware. None of the other fragments or files are present.

I am going to do a clean install of XPsp2 and check registry at each
stage thereafter and see if & when run.exe re-appears!
--
Donald Gray
Putting ODCOMBE on the Global Village Map!
www.odcombe.demon.co.uk
You do not have to email me, but if you wish to...
Please remove the SafetyPin from my email address first
Thanks

 

[Guest]

Archived from groups: alt.comp.periphs.mainboard.asus (More info?)

On Sat, 12 Mar 2005 10:34:46 -0600, Wayne Fulton <nospam@invalid.com>
wrote:



>
>I was puzzled, you said XP Firewall blocked it, but I didnt think XP
>firewall blocked outgoing?
>
Yup - It was XP Firewall that blocked it.

After doing three clean installs of XPsp2, I had the XP Security alert
that my Broadband client was trying to access Internet. It was the
same alert that I had with run.exe.

For general information - GoBack 3.2 nor 4.0 does not appear to be
compatible with sata. Not sure if it is sata in general or Via sata on
the A8V - (That is why I had to do three installs...)

Does anyone know if Ghost is OK on sata?


--
Donald Gray
Putting ODCOMBE on the Global Village Map!
www.odcombe.demon.co.uk
You do not have to email me, but if you wish to...
Please remove the SafetyPin from my email address first
Thanks