Restart Every 2 Hours And 15 Seconds

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post.

- BleepingComputer Management

BleepingComputer.com > Security > Am I infected? What do I do?

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

Restart Every 2 Hours And 15 Seconds

Options

rettignick View Member Profile	Aug 2 2008, 02:36 PM Post #1
New Member Group: Members Posts: 4 Joined: 2-August 08 Member No.: 227,076	i have a toshiba laptop, with windows vista ultimate installed. about a month ago something happened, when i downloaded and installed something that had a virus, well i got rid of most of what was wrong, alot of spyware and bleep, now i am stuck where for the past month my computer has restarted every 2 hours and 15 seconds, and i ahve internet explorer popups under firefox. i have run a slew of virus programs to no prevail and even followed totuorials on other websites that dont seem to help. i thing i have a problem related to a rootkit "clbdriver.sys/beep.sys" i have run GMER multiple times and every time it hangs up on a file titled clbdriver.sys that is hidden in the system32\drivers directory. i have a log from catchme, GMER, hijackthis, and combofix if u would like me to post them. please help me as soon as u can, kuz the computer restarteing every 2 hours makes it almost impossible to do anyhting. any help onto this would be greatly appreciated p.s. as im posting this i dont seem to be getting any popups from IE i think i fixed that last night when i followed the tutorial on majorgeek.com (http://forums.majorgeeks.com/showthread.php?t=139681)

Dangerous Toys View Member Profile	Aug 2 2008, 02:49 PM Post #2
New Member Group: Members Posts: 4 Joined: 2-August 08 Member No.: 227,072	Try system restore and restore to before you installed the program with the virus......

rettignick View Member Profile	Aug 2 2008, 02:56 PM Post #3
New Member Group: Members Posts: 4 Joined: 2-August 08 Member No.: 227,076	well i dont have a system restore point saved or whatever, so m only drastic option is a reformat, im trying to avoid that at all costs, and jsut hoping there is somehting i can do to get rid of this problem... untimately the only problem that i am plagued with is a computer that restarts every 2 hours, and i think it had to do with a rootkit, but ive run like 10 programs and they all always have a prblem with removing the one file "clbdriver.sys"

quietman7 View Member Profile	Aug 2 2008, 10:43 PM Post #4
Bleepin' Janitor Group: Global Moderator Posts: 13,432 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	Please note the message text in blue at the top of this forum. You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "*used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.* Please read Combofix's Disclaimer. One or more of the identified infections (Clbdriver.sys) is related to a rootkit component. Rootkits are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge. If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the rootkit has been removed the computer is now secure. Further, in some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read: • "When should I re-format? How should I reinstall?" • "Help: I Got Hacked. Now What Do I Do?" • "Where to draw the line? When to recommend a format and reinstall?" Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Let me know how you wish to proceed. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

rettignick View Member Profile	Aug 3 2008, 01:47 AM Post #5
New Member Group: Members Posts: 4 Joined: 2-August 08 Member No.: 227,076	i would really prefer not to have to reformat, so if there is another way to do this that would be great, i can run programs and gather logs togthr if you would like me to. thanx in advance.

quietman7 View Member Profile	Aug 3 2008, 06:32 AM Post #6
Bleepin' Janitor Group: Global Moderator Posts: 13,432 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	If you're using Windows 2000/XP, please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix". This program is for Windows 2000/XP ONLY. -- When using this tool, you must use the Administrator's account or an account with "Administrative rights" -- Disconnect from the Internet and temporarily disable your anti-virus and any anti-malware real time protection before performing a scan. When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply. Be sure to renable you anti-virus and and other security programs before connecting to the Internet. Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 Make sure you are connected to the Internet. Double-click on mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen: Click on the Show Results button to see a list of any malware that was found. Make sure that *everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad. The log is automatically saved and can be viewed by clicking the Logs* tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

rettignick View Member Profile	Aug 3 2008, 02:01 PM Post #7
New Member Group: Members Posts: 4 Joined: 2-August 08 Member No.: 227,076	i perforemed a malware bytes quick scan and it appears to have come up clean, the log list no infections found. i have also run gmer and catchme and they have both come up clean as well, no signs of the clbdriver.sys anymore, is there another program i should run just to be sure. (my computer is still restarting every 2 hours though, so idk what thats related to, but thtas really what i wanna try and get fixed)

quietman7 View Member Profile	Aug 3 2008, 02:55 PM Post #8
Bleepin' Janitor Group: Global Moderator Posts: 13,432 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log" and complete all the steps. There are instructions for downloading and running Deckard's System Scanner (DSS) which will create a hijackthis log for you, or automatically download and install the most current version of HijackThis if it's not already installed on your computer. When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day. Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team. Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

« Next Oldest · Am I infected? What do I do? · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 22nd November 2008 - 03:12 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides