Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: How do you slave one pc to another

  1. #1
    Join Date
    Dec 2004

    How do you slave one pc off of another?

    I was wondering if anyone could help me out with this. Im trying to clean up my buddies laptop. I looked at it once before a couple months ago but haven't had a chance to take another look at it since then, but upon awakening this afternoon I got a text message from him asking if I could go over there to check it out again. So I thought I would start this thread and enlist your guy's expertise on this matter. I did google my question and conducted a forum search on AO, but was unsuccessful in finding an answer to my question.

    But when I did take a shot at his laptop before, I pretty much stopped short at telling him he had to reformat it because it was in such bad condition. Tried running adaware and spybot numerous times, in safe mode, too, but was unable to successfully remove everything that I found. Also, I don't believe I was able to update definitions for both adaware and spyware, as well. There was something on there that wouldn't let me. I believe I ended up reinstalling both to get the updated versions and I think that worked. I ran Hijakcthis on it, saved it to a thumbnail, took it home, checked it out on my pc, went back to his, tried to remove bad ****, wouldn't let me remove all the crap I found. Said his Hijackthis was out of date. Tried reinstalling the updated version of Hijackthis, but when doing so it reinstalled it in another language, German I believe, and couldn't get it to install in English after trying to reinstall it after that again a few times.

    He was using a free AV (don't know which) that hadn't been updated in quite sometime, and when trying to run adaware and spybot, the virus alerts were off the hook, constantly popping up with different virus warnings it has detected and as soon as I would close one warning another would pop up. And it got so bad I just eventually ignored them and continued trying to run adaware/spyware

    As suggested to me by my professor for my MS Word and Excel who is also head of the network security program at my school, I was wondering how I would go about slaving his laptop off mine to run my Norton AV on his laptop in one final attempt to take back his laptop. I sent an email to my professor asking him, but he just sent one back saying he won't tell me how to do it until the end of this week cause he wants me to concentrate on studying for an exam we got coming up this week.

    And, if I were to buy an AV for his laptop like Norton or something, would that even do any good at this point or is his laptop top too far gone already and all efforts futile?

    I would have no problem in waiting for his instuction, but this buddy of mine who's pc he wants to me to look at is also my boss at the bar I bounce at and he wants to use that pc there to conduct business so I want to try to get on this ASAP for him.

    Sorry for not haing all the info you may require as of this moment, I'm going from memory right now but I just wanted to get this thread started before I get in the shower and head over there to hopefully have some better idea of what I'm up against and anything you guys had to offer either before or when I get there. We are both running XP. I'll post more within a couple/few hours after I take another look at it.

    Edit: What kind of cable am I looking for, first
    \"Champagne for my real friends, real pain for my sham friends\"-Ed Norton/25th Hour

  2. #2
    Junior Member
    Join Date
    Aug 2004
    There is a very good tutorial here about removig spyware... But people often think if they got all the best tools for removing spyware nothing bad can happen to their pc, well they are so wrong.Your buddy can`t download everything he gets to see on the web.If you somehow manage to clean his computer of spyware and viruses, and if don`t tell him about this , you will have to clean it again in a few weeks.Now there are a few good methods to solve that, first try mcafee`s stinger it sholuld clean his comp of some trojans and stuff like that, than run msconfig go to startup and uncheck everything that is strange but be carefull with that, after that run adaware spybot whatever program you use against spyware (if none of this works (small chance) reinstall windows).Once again tell your friend to be carefull about what he`s downloading on his pc.Good luck.
    P.S. yeah if you want to connect two pcs you need a crossover cable (but if you want to slave one of them than no cable will help you )
    Only those who dare to fail greatly can ever achieve greatly.

  3. #3
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    3rd Rock from Sun
    Generally to slave a HDD requires you to physically place the 'new' HDD into your PC and attach it via your own IDE cables, you might need to reset the pin link on the back to slave, and as this is a laptop, and I imagine you have a desktop, then you also require a bit of kit to allow the laptop HDD to fit your IDE .............

    Although it already sounds like it might be too late ............

    Is the data on the HDD critical ? time or otherwise ............
    I fear that a full clean re-install might be the only 'fast' option ........

    but then if the environment it is running in is not secure, then you will be doing this again - soon .......

    what are the chances of you getting a second HDD, and cloning it ?
    so when it happens again, you just swap and go cloning the ex HDD as a spare again ??

    or, getting him to change his operating style ?
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  4. #4
    Join Date
    Dec 2004
    My apollogies, this isn't the same computer that I was looking at before, but there is still a sh!t load of problems going on. Trying to go about rescanning everything but am in the dudes apartment using a low strength wireless signal coming from somewhere around here so progress is slow.

    One thing I did find was when I was trying to do something and it froze and pressed ctrl alt del and there was a sh!t load of process running that shouldn't be. See screen shot attached below:

    Edit: Oh yeah, it isn't a laptop either, it's a desktop, still using XP
    \"Champagne for my real friends, real pain for my sham friends\"-Ed Norton/25th Hour

  5. #5
    Join Date
    Dec 2004
    I fear that a full clean re-install might be the only 'fast' option ........

    but then if the environment it is running in is not secure, then you will be doing this again - soon .......

    Yeah, I know, but I'm first just trying to see if it is even repairable or if I should just go and reformat it. But even if I did go and put an AV on it, would it even be able to do anything or is it probably too far gone to be fixed.

    I was able to successfully download and install hijackthis on it and ran it through hijackthis.de and it came up with a sh!t load of "nasty" crap that I am going to go through right now and weed out, googling first, then go through and google anything else that looks that may look strange or out of the ordinary.

    Haven't checked to see if his Windows has been updated. Going to go and do that first actually before I mess with the registry. Haven't tried to reinstall spybot or scanned anything in safe mode as of yet either (adaware as well).

    Hijackthis findings are as follows:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:45:47 PM, on 10/22/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\ClockSync\Sync.exe
    C:\Documents and Settings\OCALL\Application Data\mopu.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\OCALL\Desktop\hijackthis\HijackThis.exe
    C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50141
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_p...count_id=45551
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
    O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
    O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\system32\stlb2.dll
    O2 - BHO: (no name) - {15FB6E2D-E06E-7491-8756-105509A97742} - C:\WINDOWS\System32\sksa.dll (file missing)
    O2 - BHO: (no name) - {22BEE9E8-A060-17DB-2D8C-B0028261A4EA} - C:\WINDOWS\System32\dupibhyy.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {63BB6E8B-91AB-5062-EC8F-14EED56DD706} - C:\WINDOWS\System32\mlwggyvs.dll
    O2 - BHO: (no name) - {65BE22FD-A839-3081-067D-88586A6F413D} - C:\WINDOWS\System32\adaapfoj.dll
    O2 - BHO: (no name) - {6FEDBA9C-90C8-F9D0-60AA-74AA7E593E78} - C:\WINDOWS\System32\knyqxwrl.dll (file missing)
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
    O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem218.dll
    O2 - BHO: (no name) - {91B72578-49DB-17B1-4FF7-D30704AF56FB} - C:\WINDOWS\System32\elbdsndz.dll
    O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINDOWS\System32\NDrv.dll (file missing)
    O2 - BHO: (no name) - {AA040F4F-C5A1-C555-FE7C-B8C9DAC16B92} - C:\WINDOWS\system32\wsmtm.dll (file missing)
    O2 - BHO: ICOO Loader BHO - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll
    O2 - BHO: (no name) - {B9E24211-A943-4693-9E8B-9D972232677B} - C:\WINDOWS\System32\inxyjeoz.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {E0CF4A2E-D0C4-D26F-9D5A-AAC81A8C2D95} - C:\WINDOWS\system32\ofvb.dll
    O2 - BHO: (no name) - {E6CF4A5E-D0B7-D46D-9D59-AAC8178E2D98} - C:\WINDOWS\system32\ofvb.dll
    O2 - BHO: (no name) - {F387FD89-57A9-10D2-CE60-ECBE60F162C5} - C:\WINDOWS\System32\qgoltefj.dll
    O2 - BHO: BHObj Class - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem218.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: &WebSearch Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
    O3 - Toolbar: MBKWBar - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - C:\Program Files\MBKWBar\IEToolBar.dll
    O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\system32\stlb2.dll
    O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
    O4 - HKLM\..\Run: [zuovftag] C:\WINDOWS\System32\slcevrck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
    O4 - HKLM\..\Run: [farmmext] 0
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
    O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [wqvcds] C:\WINDOWS\system32\tlyponh.exe r
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Bthl] C:\Documents and Settings\OCALL\Application Data\ttta.exe
    O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
    O4 - HKCU\..\Run: [Cpat] C:\Documents and Settings\OCALL\Application Data\emrt.exe
    O4 - HKCU\..\Run: [WeatherCast] "C:\Program Files\WeatherCast\Weather.exe" /q
    O4 - HKCU\..\Run: [Skznzwkg] C:\WINDOWS\System32\alurgpmp.exe
    O4 - HKCU\..\Run: [Rhre] C:\WINDOWS\System32\flk.exe
    O4 - HKCU\..\Run: [Nkswy] C:\WINDOWS\system32\?ttrib.exe
    O4 - HKCU\..\Run: [Stdc] C:\Documents and Settings\OCALL\Application Data\mopu.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ebates - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - http://images.hi5.com/cab/wabctrl.cab
    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll
    O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - WebSearch - C:\PROGRA~1\Toolbar\TBPSSvc.exe
    O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
    \"Champagne for my real friends, real pain for my sham friends\"-Ed Norton/25th Hour

  6. #6
    Join Date
    Dec 2004
    Was unsuccessful in removing the majority of the "nasty" files and haven't even gotten to googling the possibles and unknowns.

    After doing a scan with Hijackthis, was unable to locate at all the following files:


    Also, the files that were listed either an missing or no file that I deleted came back. All IE windows were closed and I disabled the wireless connection on that pc before I ran the scan. Done mesing with this for the night. Going to the bar to get drunk.


    Edit: Enabled wireless connection and ran netstat -ao, nothing unusual. Opened IE and after closing two pop ups and letting it settle down ran it again an again nothing unusual. Haven't gotten to trying to download ethereal on it to see if there is anything else going on with it, either.
    \"Champagne for my real friends, real pain for my sham friends\"-Ed Norton/25th Hour

  7. #7
    Senior Member
    Join Date
    Oct 2005
    wow, the internet 'p0wned' that one for sure. Boot into safemode with networking. Install & run adaware. Goto housecall.trendmicro.com run the AV scan. Open hijack this and delete everything thats shady. So theres probibly gunna be like 20 legit entrys hahah.

    Ive also noticed youve got nail.exe womp womp wananana. Check this out. should help.

    Also, this machine is a wreck. Tell the user about safe surfing and all that good stuff. I would also install FireFox and some sort or real time spyware protection like MSantispyware or ewido to help cut down the crap. Hope you make it out alive mate.
    meh. -ech0.

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Do not attempt to repair the machine. Don't even boot it in that state, it could be sending your data over the internet constantly, or used as a bot in a botnet.

    If you need the data on the box, buy a hard disc converter (fairly cheap) to convert the laptop HD to a desktop, load the data on to backup media (without any executables you might have), then reformat the laptop's HD without booting it ever again.

    Continuing to use an obviously compromised machine is asking for trouble. Just wipe it.

    When you restore your data files from the backup, be very careful. Ensure that your AV is up to date; don't restore anything executable from your backups if possible. Viruses could still be in any MSWord docs etc, so be careful.


  9. #9
    Senior Member DakX's Avatar
    Join Date
    Jul 2005
    Note: I don't know if this is in vialation with the AO rules, if so please delete my post or ask me to re-write it. No bad intentions here

    I just read about some programs that allow you to "take over" the pc you want. If you installed the program there to. Its not a virus its some sort of remote desktop program. I don't know if it will do you any good but if you want the site send me a pm.

    [T]he future is now.

  10. #10
    Blast From the Past
    Join Date
    Jan 2003
    i think what Dakx is refering to would be programs like WinVNC

    allows you to control a computers keyboard, mouse, and 32bit gui remotely

    very usefull in:
    small networks
    houses with 1 computer savvy child and 3 "i always click yes" computer users <-- my house
    work it harder, make it better, do it faster, makes us stronger

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts