Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Automatically Restart


  • Please log in to reply
13 replies to this topic

#1 kecik

kecik

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:26 AM

Posted 18 January 2008 - 06:39 AM

My computer automatically shut down & restart. "Problem caused by Device Driver". It happened not so often, once or twice a day. I open the device management, there are nothing "strange".
Then I went to the log event file, I saw Event category (103) Event ID 1003, Error Code 100000d3, parameter1 bf800130, parameter2 00000002, parameter3 00000001, parameter4 806ff84a.
According to microsoft documents, this symptoms might came from spywares: Msupd5.exe and reloadmedude.exe.
I tried to follow the instructions but I could not find the files from the malwares in windir\system32\drivers.
And the restart still go on. Frustrated, I open the CPU and clean inside (it was really dirty). After one day, it happened again.
Please help me ....

Edited by kecik, 18 January 2008 - 06:40 AM.


BC AdBot (Login to Remove)

 


m

#2 hamluis

hamluis

    Moderator


  • Moderator
  • 54,847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:26 PM

Posted 18 January 2008 - 07:07 AM

What are the details for the Event ID 1003 error? What is the module?

Double-clicking on that line item in Event Viewer will show the details.

Can you post this info?

Louis

#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,074 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:26 PM

Posted 18 January 2008 - 07:32 AM

The STOP 0xD3 error (shorthand for all the info you posted) can be malware or driver related in most cases.

First try these free, online scans:
http://safety.live.com (requires Internet Explorer)
http://housecall.trendmicro.com

I'd also suggest posting your issue over in this forum to get some more expert help: http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 kecik

kecik
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:26 AM

Posted 19 January 2008 - 03:02 AM

hamluis, it this what you mean?

Event Type : Error
Event Source: System Error
Event Category: (102)
Event ID : 1003
Date 1/9/2008
Time : 3:03:10 PM
User : N/A
Computer: UTENTE
Description:
Error code 100000d3, parameter1 bf800130, parameter2 00000002, parameter3 00000001, parameter4 806ff84a.

For more information, see Help and support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45
0008: 72 72 6f 72 20 20 45 72
0010: 72 6f 72 20 63 6f 64 65
0018: 20 31 30 30 30 30 30 64
0020: 33 20 20 50 61 72 61 6d
0028: 65 74 65 72 73 20 62 66
0030: 38 30 30 31 33 30 2c 20
0038: 30 30 30 30 30 30 30 32
0040: 2c 20 30 30 30 30 30 30
0048: 30 31 2c 20 38 30 36 66
0050: 66 38 34 61

I have Symantec Endpoint 11, daily update and daily full scanner. I have not done any scanner with other scanner yet.
I will try usasma's suggestion.

tks.

#5 kecik

kecik
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:26 AM

Posted 21 January 2008 - 05:49 AM

As Usasma's suggestion, I did scan online with microtrend and I found / cleaned 3 malware:
ADWARE-BESTOFFERS; FREELOADER-ROINGS AND ADWARE-BHOT-IMYONBAR
Also as his suggestion, I post in topic of "I am infected".
Kindly follow up my problem through that topic and not to stop help me. :thumbsup:
Thank you

#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,074 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:26 PM

Posted 22 January 2008 - 07:01 AM

It's generally suggested that removing the malware takes priority over fixing other problems. The reason for this is that the malware complicates the repair process - so it's removal is needed before we can fix any other problems.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 kecik

kecik
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:26 AM

Posted 23 January 2008 - 06:30 AM

I found three malware by online scanning:
ADWARE-BESTOFFERS
FREELOADER-ROINGS
ADWARE-BHOT-IMYONBAR
Now I am still monitoring the computer behaviour. (still happenned once)
Hopefully it helps.
I will inform you after several days.

tks.

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 54,847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:26 PM

Posted 23 January 2008 - 09:08 AM

What I am wondering...is why you have to do online scans. You don't believe in installing programs designed to help protect your system?

No AV program installed and updated? No malware detection/removal programs installed and current?

Louis

#9 kecik

kecik
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:26 AM

Posted 23 January 2008 - 11:29 AM

I use Symantec Endpoint 11, daily updated and daily schedulled full scanned.
Frankly speaking, in the beginning I was hesitated to do that online scanning. (Sorry, usasma, but you were right)
I was also wondering when I found so many (three) spywares there. Is the Symantec so bad?
I use Symantec since 5 years ago, when still Version 8.0
Since I did the cleaning of that 3 spywares, seems the computer behaves well. Only once in the beginning and no more restart.
Thanks for your helps.

Edited by kecik, 23 January 2008 - 11:31 AM.


#10 hamluis

hamluis

    Moderator


  • Moderator
  • 54,847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:26 PM

Posted 23 January 2008 - 11:52 AM

Well...there is malware and then there is malware :thumbsup:.

The three items that were found...I guess that I'm willing to bet that they are cookies (which fall into the area of "harmless, but irritating." Adware is in this category.

And...you invite such when you visit certain sites or you have your cookies settings reflecting the fact that you accept all cookies at any website. Myself, I accept no secondary cookies, adjusting my settings on the Privacy tab of IE (Advanced button, block all 3d-party cookies, accept session cookies).

Accepting all those unnecessary toolbars from sites is also one of the primary sources of adware and can lead to more malicious malware.

If those 3 items found online are malicious malware items, I'd be surprised greatly. I used Symantec products for about 4 years and found nothing wrong with their ability to do the job (I can say the same for every AV product I've ever used).

I guess that I feel that everyone who has ever been infected by anything...issued an open invitation to whatever the infecting agent was.

That certainly was the case with me when the Blaster Worm got through no more than 60 seconds after I had completed a clean install on a system and failed to employ the firewall. Aside from that, I've not had a malware situation of significance, using various AV programs and malware detection/removal programs.

Some info on those two files mentioned in your initial post...where did you obtain the Microsoft data mentioning these two, please?

http://support.microsoft.com/kb/894278

Louis

#11 kecik

kecik
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:26 AM

Posted 23 January 2008 - 01:43 PM

Another information, the online scan found also "vulnerabilities" : MS06-003; MS06-012; MS06-027; MS06-028; MS06-033; MS06-037; MS06-048-MS06-054;MS06-056; MS06-058; MS06-059; MS06-060; MS06-058 and MS07-047.
I have searched two of them in the microsoft support site, but I have not yet taken any action to "close" those holes.
My questions are :
1. How dangerous are they?
2. I wonder that there are so many, since the computer is "automatically update". Are the updates for that vulnerabilities not included in "automatically update"? Or something with the setting?
My other computer does not have any of those vulnerabilities.
Thanks.

Edited by kecik, 23 January 2008 - 01:44 PM.


#12 hamluis

hamluis

    Moderator


  • Moderator
  • 54,847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:26 PM

Posted 23 January 2008 - 01:52 PM

The simple answer to your updates question: Go to the WinUpdate site and review your history.

The fact that you claim to be unknowing of whether you are current or not...would make me nervous. Anyone using a system ought to be able to rapidly determine if the system is current with critical updates.

It just takes a trip to the WinUpdate site...

Louis

#13 kecik

kecik
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:26 AM

Posted 24 January 2008 - 02:43 AM

... and I become also nervous :thumbsup:
Thanks, I will do the trip.

#14 03humphrec

03humphrec

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:26 PM

Posted 24 January 2008 - 04:46 AM

I use Symantec Endpoint 11, daily updated and daily schedulled full scanned.
Frankly speaking, in the beginning I was hesitated to do that online scanning. (Sorry, usasma, but you were right)
I was also wondering when I found so many (three) spywares there. Is the Symantec so bad?
I use Symantec since 5 years ago, when still Version 8.0
Since I did the cleaning of that 3 spywares, seems the computer behaves well. Only once in the beginning and no more restart.
Thanks for your helps.



Google AVG FREE download the free anti - virus and run a scan and that will get rid.


Server 1- 2.8GHz Intel Celeron, 1GB Ram, 160GB HDD, DVD-RW, Windows Home Server
Server 2 - 1.9GHz Intel P4, 385 MB Ram, 40GB HDD, DVD-ROM, Windows Server 2003 Standard
Desktop - 2.0GHz AMD Athlon, 512MB Ram, 40GB HDD, DVD-RW, XP Pro
Advent 9117 - Intel Dual Core T2310 1.46GHz, 160GB HDD, DVD-RW, XP Pro, 17" Widescreen (http://www.w00tw00t.co.uk/support/viewtopic.php?f=1&t=4197)
Toshiba Satellite Pro L40 - 1.8GHz Intel Celeron, 2GB Ram, 80GB HDD, Wireless, DVD-RW, XP Pro, 15.4" Widescreen





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users