Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm Not Sure What To Do...


  • Please log in to reply
13 replies to this topic

#1 Mish

Mish

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 02 August 2007 - 04:17 AM

I'm having an issue with my computer continually turned itself off & re-booted without warning.

I use AVG anti-virus, but I'm guessing I have gotten a bug that it doesn't recognise?

I did a full system scan with RemoveIT Pro 4 - SE and it said I have a "dangerous & malicious file" the name of which was Sys32.Uninstall_CDS

I tried doing a google search to see if it was a virus or if there was a fix, but the search came up with nothing.

I had previously run Spybot & AdAware & cleaned up some Spyware with those, and I've actually had a problem with my PC constantly shutting itself down unexpectedly for MONTHS but today was the first time anything I have tried has shown anything up.

Does anyone know if Sys32.Uninstall_CDS IS a virus & if it is how to fix it please? I really don't want to keep loosing Data & just want my PC to work properly again.

Yesterday it shut itself down on me more than 20 times, it's driving me INSANE.
I have a P4 with 2 Gig RAM & run Windows XP... I hope that's enough system info, I'm not terribly "up" on this stuff.

Edited by Mish, 02 August 2007 - 04:19 AM.


BC AdBot (Login to Remove)

 


m

#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 02 August 2007 - 04:55 AM

Your computer shutting off unexpectedly can be caused by it overheating. If you haven't cleaned inside the case recently now is a good time. While you've got the case open, check that all your fans are spinning correctly.

Cleaning the Interior of your PC
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 buddy215

buddy215

  • BC Advisor
  • 12,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:27 PM

Posted 02 August 2007 - 05:53 AM

RemoveIT Pro is dangerous in the way it identifies problem files and if you then remove them. I would recommend you "remove it".
Have you checked your event viewer?
Do you get a message before the computer reboots?

Since you mentioned you have had previous malware problems, here is links to two of the best to scan with.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#4 Mish

Mish
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 03 August 2007 - 03:27 AM

Your computer shutting off unexpectedly can be caused by it overheating. If you haven't cleaned inside the case recently now is a good time. While you've got the case open, check that all your fans are spinning correctly.

Cleaning the Interior of your PC



Hi,

Thanks for your response, the fans are all working correctly (I have 3 fans - top, side & rear) but I'll give it a clean anyway. Thank you!

#5 Mish

Mish
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 03 August 2007 - 03:30 AM

RemoveIT Pro is dangerous in the way it identifies problem files and if you then remove them. I would recommend you "remove it".
Have you checked your event viewer?
Do you get a message before the computer reboots?

Since you mentioned you have had previous malware problems, here is links to two of the best to scan with.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html



Thanks for your reply... I'm sorry I'm a bit in the dark on some computer things.

What is the event viewer?

I can do stuff when told how without a problem, just not sure what that is!

There's no message when it re-boots, it just switches off & starts up again.

I'll go run those 2 scans right now. Thankyou!

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 03 August 2007 - 03:37 AM

Thanks for your response, the fans are all working correctly (I have 3 fans - top, side & rear) but I'll give it a clean anyway. Thank you!

You should look to see if you have any small fans directly on the CPU or video card and check that these are okay also.

What is the event viewer?

How To Use the Event Viewer
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 Mish

Mish
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 03 August 2007 - 08:17 AM

UGH UGH UGH!!!

Ok, I ran those scans, cleaned off a bunch more Malware & when I ran BitDefender it found 99 viruses, and said the computer is STILL infected. Good flipping grief!!!!

Since it says it's still infected, what do I need to try next? I will check the event viewer in the morning (11pm here, I'm exhausted) and then will come back here.

Thank you so so much for all the help, I'd never have found all this stuff without it!

Mish

P.S. What's the best way to prevent this happening again?? AVG Anti Virus is obviously NOT doing its job!! :thumbsup:

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 03 August 2007 - 08:22 AM

I think you should post a HijackThis Log in the appropriate forum and let the experts sort it out.

Preparation Guide for use before posting a HijackThis Log
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 buddy215

buddy215

  • BC Advisor
  • 12,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:27 PM

Posted 03 August 2007 - 08:23 AM

Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 Mish

Mish
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 03 August 2007 - 05:03 PM

Ok, shall do. Thank you again for all the help!!

#11 Mish

Mish
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 03 August 2007 - 11:57 PM

Have you checked your event viewer?



I just went through the Event Viewer & there's a whole bunch of Errors on there, but they don't mean anything to me. Also, I have noticed frequent blocks of about 10 or so warnings all in a row... this is all in the System Log, there's more under applications, but under Security there was not one line of information at all. Should there be anything written in there at all?

Some of the System ones are:


There are hundreds of the following error, but they're all just the two versions below:
Error 2/07/2007 7:42:19 PM W32Time None 17 N/A
Error 2/07/2007 7:42:19 PM W32Time None 29 N/A

(this following one there was about 20+ of these all in a row)
Error 26/06/2007 9:40:09 PM cdrom None 7 N/A
Error 26/06/2007 9:40:03 PM cdrom None 7 N/A

There are hundreds of the ones below throughout the Log. When I saw TCPIP on them I really got worried as that's Internet isn't it? I was worried incase it meant something to allow pople to access my machine.
Warning 26/06/2007 1:24:05 PM Tcpip None 4226 N/A
Warning 26/06/2007 1:10:24 PM Tcpip None 4226 N/A


Application logs were:

There's lots of warning such as this one
Warning 27/07/2007 6:20:59 PM Userenv None 1517 SYSTEM

and I frequently seem to have large blocks of warnings such as this
Warning 22/07/2007 5:00:47 PM MsiInstaller None 1001 Michelle
Warning 22/07/2007 5:00:47 PM MsiInstaller None 1004 Michelle
Warning 22/07/2007 5:00:47 PM MsiInstaller None 1001 Michelle
Warning 22/07/2007 5:00:47 PM MsiInstaller None 1004 Michelle
Warning 22/07/2007 5:00:47 PM MsiInstaller None 1001 Michelle
Warning 22/07/2007 5:00:47 PM MsiInstaller None 1004 Michelle
Warning 22/07/2007 5:00:47 PM MsiInstaller None 1001 Michelle
Warning 22/07/2007 5:00:47 PM MsiInstaller None 1004 Michelle
Warning 22/07/2007 5:00:47 PM MsiInstaller None 1001 Michelle
Warning 22/07/2007 5:00:47 PM MsiInstaller None 1004 Michelle
Warning 22/07/2007 5:00:46 PM MsiInstaller None 1001 Michelle
Warning 22/07/2007 5:00:46 PM MsiInstaller None 1004 Michelle
Warning 22/07/2007 5:00:45 PM MsiInstaller None 1001 NETWORK SERVICE
Warning 22/07/2007 5:00:45 PM MsiInstaller None 1004 NETWORK SERVICE

and hundreds of errors such as the ones below:
Error 3/08/2007 6:42:31 PM AVG7 Error 100 Michelle
Error 3/08/2007 6:42:13 PM AVG7 Error 100 Michelle

Error 1/08/2007 7:49:06 AM Application Error None 1001 N/A
Error 1/08/2007 7:48:58 AM Application Error None 1000 N/A


I hope that means something to someone!!

I'm also still working through multitudes of scans, etc as directed before doing the HijackThis Log for the other forum.

Thanks again for all the help!

#12 Mish

Mish
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 04 August 2007 - 06:35 AM

Since you mentioned you have had previous malware problems, here is links to two of the best to scan with.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/



I did this step, but now my PC is permenantly stuck in Safe Mode. I am not able to access Boot Safe from in there (I get a message saying the installer is not accessible??) and according to the help menu I can't get out of safe mode without using Boot Safe.

I tried doing a System Restore & System Restore won't work at all. I ran Hijack This, but I can't get the log from that PC onto this one, so I have no idea what to do. :thumbsup:

#13 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 04 August 2007 - 06:47 AM

See this article.

Scroll down to the section "Problems that can occur by forcing Safe Mode using the System Configuration Utility".

The information there may be of some help to you.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#14 Mish

Mish
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 04 August 2007 - 09:31 AM

Thank you so so much! :thumbsup: :flowers: :trumpet:

It took me a little while to figure out what it all meant, but I can boot my system normally again.

Now to connect it back to the net, do the HijackThis log & post to that other forum... PHEW! What a job!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users