Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is It A Virus, Hardware Or What?


  • Please log in to reply
16 replies to this topic

#1 applefiend

applefiend

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 02 October 2008 - 07:24 PM

So a couple of weeks ago my computer has started acting a little strangely and I'm not totally sure what the problem is. The most significant problem is that every now and then my computer screen gets scrambled and then my computer freezes (sometimes holding the scrambled screen and sometimes just going black). I'm pretty much a novice when it comes to computers but I thought that it seemed hardware related. On the other hand, I've found that my antivirus (AVG) often times won't update. After I try a couple times though it eventually updates. The other thing is that my wireless constantly disconnects itself and the correct password is never saved. Those are the symptoms and they're really not all that major (except for the freezing bit).

I've tried several things to troubleshoot this problem. First I made sure I updated AVG and then ran that (I've done this several times). I also tried Trendmicro online scan as well as Windows malicious software removal tool, Sophos, and a bunch of other free virus scans I found online but I can't remember which ones of the top of my head. Nothing major came up in any of the scans though.

I've also tried troubleshooting it by using the help and support on my computer. I did a system check and updated all the drivers and whatnot. It also told me that there is a potentially critical issue saying I needed to update my BIOS to F3.9. The symptoms of this problem, if they do occur, were "The notebook does not detect wireless networks and the wireless adapter is not detected in the Device Manager. and There is no video on the computer LCD panel or external monitor" It almost describes my problems but my computer does recognize the wireless (it just disconnects often) and the video only goes out sometimes. Unfortunately, my computer is over 2 yrs old and not under warranty so I haven't pursued that end (especially because I don't want to sit on hold with a tech who probably wouldn't be able to help me all that much). Other than that, none of my hardware seemed to show any problems. I updated my BIOS and everything else but my computer still shows all of the same symptoms.

So I was definitely leaning towards this BIOS problem as the cause until yesterday AVG found a trojan horse constructor. I assume that it fixed it but then soon after my computer crashed again. I looked up removing trojans online and found out about autorun. I got that and checked things out and found secdrv.sys on my computer (c:\windows\system32\drivers\secdrv.sys) and when I checked it on BleepingComputers it said that it was very possibly a trojan. I proceeded to try to go into safe mode like the instructions said to remove it and I found that everytime I went into safe mode my computer automatically shut down before I could do anything.

So now I'm not so sure about what this problem is. Can someone help me?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:21 PM

Posted 02 October 2008 - 07:45 PM

Hello and welcome to BC. Let's see if you can run this scan from normal mode.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 applefiend

applefiend
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 02 October 2008 - 09:37 PM

Here's the report . . . Thanks for your help!

Malwarebytes' Anti-Malware 1.28
Database version: 1226
Windows 5.1.2600 Service Pack 3

10/2/2008 10:27:39 PM
mbam-log-2008-10-02 (22-27-39).txt

Scan type: Quick Scan
Objects scanned: 54270
Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:21 PM

Posted 02 October 2008 - 10:01 PM

Ok good,now run an SAS scan,this will take a liitle longer. Any improvement n the other issues?
If you still cannot do Safe mode then run from normal.

Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opers browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please ask any needed questions,post log and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 applefiend

applefiend
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 02 October 2008 - 10:51 PM

Unfortunately my computer still shuts down the second that safe mode starts up so I'm hitting a dead end. Any suggestions?

#6 applefiend

applefiend
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 03 October 2008 - 07:31 AM

Update: I tried several times to get into safe mode last night only to have it shut down right when it started. This morning, however, I managed to get in, run the ATF part and then start the super scan but a minute or so into the scan my computer shut down again. I did this a couple times and got the same result. I doubt that it makes much difference but I thought I'd tell you that I was able to at least run the ATF.

#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:21 PM

Posted 03 October 2008 - 07:52 AM

what's the make and exact model number of your computer

Was avg installed and running when you applied sp3?

What other security programs do you have installed?
Chewy

No. Try not. Do... or do not. There is no try.

#8 applefiend

applefiend
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 03 October 2008 - 08:12 AM

I've got an HP Pavillion dv2000z. I did have AVG when I installed sp3. As for security programs I have AVG, Sophos (free trial), Malwarebytes, Super Antispyware, Uniblue Registry Booster, Ad-Aware, Spybot, and ATF Cleaner.

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:21 PM

Posted 03 October 2008 - 08:45 AM

http://www.sophos.com/products/enterprise/...nd-control/8.0/

sophos has several products

how long ago did you updates sp3?
Chewy

No. Try not. Do... or do not. There is no try.

#10 applefiend

applefiend
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 03 October 2008 - 08:59 AM

I've got sophos anti-rootkit as well as the free threat detection test. I updated to sp3 probably within the past month or so but I can't say for sure. Is there a way to check that?

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:21 PM

Posted 03 October 2008 - 09:18 AM

Are you getting any error messages? Crashing and shutdown problems can be symptomatic of a variety of things to include hardware/software issues, overheating caused by a failed processor fan, bad memory (RAM), failing or underpowered power supply, CPU overheating, motherboard, video card, faulty or unsigned device drivers, CMOS battery going bad, BIOS and firmware problems, dirty hardware components, programs hanging or unresponsive in the background, and even malware. If the computer is overheating, it usually begins to shutdown/restart on a more regular basis.

When Windows XP detects a problem from which it cannot recover, it displays Stop Error Messages which contain specific information that can help diagnose and resolve the problem detected by the Windows kernel. An error message can be related to a broad number of problems such as driver conflicts, hardware issues, read/write errors, and software malfunctions. In Windows XP, the default setting is for the computer to reboot automatically when a fatal error or crash occurs. You may not see the error code because the computer reboots too fast.

An easier alternative is to turn off the automatic reboot feature so you can actually see the error code/STOP Message when it happens - this is also known as the Blue Screen Of Death (BSOD).

To change the recovery settings and Disable Automatic Rebooting, go to Start > Run and type: sysdm.cpl
Click Ok or just press WINKEY + Pause/Break keys to bring up System Properties.
  • Go to the Advanced tab and under "Startup and Recovery", click on the "Settings" button and go to "System failure".
  • Make sure "Write an event to the system log" is checked and that "Automatically restart" is UNchecked.
  • Click "OK" and reboot for the changes to take effect.
Vista users can refer to these instructions: How To Disable the Automatic Restart on System Failure in Windows Vista.

Doing this won't cure your problem but instead of crashing and restarting you will get a blue diagnostic screen with an error code and other information that will allow you to better trace your problem. Write down the full error code and any files/drivers listed, then provide that information in your next reply so we can assist you with investigating the cause.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:21 PM

Posted 03 October 2008 - 09:22 AM

C:\WINDOWS\ServicePackFiles


My sp3 created this folder back in april
Chewy

No. Try not. Do... or do not. There is no try.

#13 applefiend

applefiend
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 03 October 2008 - 10:28 AM

Just as an update, I've noticed since yesterday my computer has been disconnecting from the internet much more often. It happens almost every time my computer goes into power save mode and sometimes it just happens randomly. My girlfriend's computer hasn't disconnected from the internet at all and she's on the same network so I doubt its a router or modem problem.

Now to answer your questions,

Quietman7: Unfortunately, the freezing and crashing only happens intermittently and it seems to happen every couple days or so. When it does crash, I get either scrambled colors or just a plain black screen, it doesn't actually shut down or reboot automatically in that case. When I try to start up in safe mode, however, my computer almost immediately turns off. There is no "windows shutting down" window or error message or anything. It just simply turns off. I did turn off the auto restart like you said and if my computer crashes again I'll let you know if there is an error message (like I said though this happens every so often but not several times a day). I tried to start in safe mode after this to see if it would give me a message rather than shutting down but nothing changed. My computer just turned off without a word like it has been doing.

Dachew: my computer says it created that same file in August but I can definitely remember downloading sp3 recently. I guess maybe it could have been an update or something though. I wasn't paying close enough attention.

#14 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:21 PM

Posted 03 October 2008 - 10:52 AM

There may be a hardware or a malware issue here, but more likely I suspect SP3 update was corrupted by resident security processes and malware, there are just too many unknowns. Bios and driver updates after the fact probably made the problem worse not better.

Clean install

Apply drivers

Apply service packs

Load security programs on a clean computer that's properly updated

Resident security programs and malware are both capable of instant BSOD's after applying a service pack

So is not having updated bios and drivers
Chewy

No. Try not. Do... or do not. There is no try.

#15 applefiend

applefiend
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 03 October 2008 - 11:05 AM

Since all of those service packs, BIOS, drivers, updates, etc. are already installed on my computer how should I go about cleaning it all out and starting new? Sorry, I'm not all that great with computers when it comes down to it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users