Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mblaster Like Virus On Win Xp Sp3


  • This topic is locked This topic is locked
7 replies to this topic

#1 traolach

traolach

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 PM

Posted 29 September 2008 - 11:56 PM

Hi I'm new to this but would really welcome some help. Hope this is the right place to start. I'm running win xp SP3 with AVG anti-virus, Spybot Search and destroy, Spyware blaster and Malawarebytes. After running these system appears to come up clean, but the NT AUTHORITY\SYSTEM message keeps appearing intermittently and shuts down PC
In desperation I've I uninstalled AVG and am currently trying Threatfire. Despite having automatic updates on I cant get any patches from microsoft. SP3 seems to be the problem there. None of the many scans I've done has identified msblaster or any of the variants I've read about. Has anyone else had this problem?
I can post a hijackthis log but will wait for advice first. Thanks

BC AdBot (Login to Remove)

 


m

#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:01 PM

Posted 30 September 2008 - 01:06 AM

Hello traolach

welcome to Bleepin

AVG anti-virus, Spybot Search and destroy, Spyware blaster

were any of these running when sp3 was loaded?

that's enough to cause your problems right there
Chewy

No. Try not. Do... or do not. There is no try.

#3 traolach

traolach
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 PM

Posted 30 September 2008 - 02:15 AM

DaChew! Thanks for reply. I really appreciate it. Windows prompted me to install sp3 about a month back I think (I can check the update history). AVG, Spybot were installed. This problem appeared in the last week.
Should all of these been disabled when installing SP3? Indeed should I have installed SP3 at all? Everything was grand up to then. Look forward to hearing from you
Traolach

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:01 PM

Posted 30 September 2008 - 04:53 AM

Disconnect from the internet, disable your antivirus, I would try to unload teatimer from the system tray and uninstall spybot

Disable spywareblaster

Uninstall SP3

I suspect a conflict between spywareblaster and teatimer

See if the NT AUTHORITY\SYSTEM problem disappears

If windows seems well after that

http://www.bleepingcomputer.com/forums/t/146857/windows-xp-service-pack-3-sp3-information/

I would rather use the admin install where I could have my security programs disabled

http://www.microsoft.com/downloads/details...;displaylang=en

If there isn't enough to worry about already the new AVG has been very buggy

Edited by DaChew, 30 September 2008 - 04:55 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#5 traolach

traolach
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 PM

Posted 30 September 2008 - 06:20 AM

Ok. Will follow these steps and let you know the outcome

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:01 PM

Posted 30 September 2008 - 07:58 AM

The NT AUTHORITY\SYSTEM message keeps appearing

What is the full error message? This type of error usually incluces a specific file was terminated unexpectedly with status code...

If your computer keeps shutting down on its own after following DaChew's advice, follow these steps to stop the cycle:
  • Click on Start > Run and type: cmd
  • Press Enter.
  • At the Command Prompt type: shutdown -a
  • Press Enter.
Shutdowns and random reboots could be malware related or they could be due to hardware or overheating problems caused by a failed processor fan, bad memory (RAM), failing or underpowered power supply, CPU overheating, motherboard, video card, faulty drivers, CMOS battery going bad, BIOS and firmware problems, dirty hardware components, etc. If the computer is overheating, it usually begins to restart on a more regular basis.

When doing a search on the net for Shutdown initiated by NT Authority\system, you will find thousands of complaints with various causes and possible solutions. What works for one person may not work for another.

Some rootkits have been found to be accompanied by BSOD's and various stop error/shutdown messages so a rootkit check should be performed. I recommend performing a scan with Sophos Anti-rootkit, Panda AntiRootkit or AVG Anti-Rootkit.

Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
Note: Not all hidden components detected by ARKs are malicious. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. You should not be alarmed if you see any hidden entries created by these software programs after performing a scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:01 PM

Posted 30 September 2008 - 08:28 PM

I see you have a HJT log posted in another forum and are being helped by LDTate, please stay with that thread

Experts like him and QM7 are few and far between

Edited by DaChew, 30 September 2008 - 08:28 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:01 PM

Posted 01 October 2008 - 07:58 AM

Please refrain from asking for help from others while you are being instructed by someone helping you with a hijackthis log elsewhere. Any modifications you make can result in system changes which may not show it the log you already posted. Further, following advice outside of that post may cause confusion for the Helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer. If you had posted your log here, similar rules would apply. We would ask that you refrain from asking for help elsewhere.

If you followed any other advice already, please ensure you inform the HJT Helper when they respond to assist you with your log. This will help them know what has been done and they probably will ask for an updated log.

To avoid confusion, I am closing this topic. If you still need assistance after your log has been reviewed and you have been cleared, please start a new topic. If you have any questions, please PM me or another moderator.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users