Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SDFix from a CD?


  • This topic is locked This topic is locked
6 replies to this topic

#1 JaPaJoJa

JaPaJoJa

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 10 January 2009 - 06:35 PM

I think my daughter's computer has a virus of some sort that is causing it to shut down. The computer is running WinXP SP3. If we boot normally the computer will shut down after about 15-20 min. If we boot to safe mode, it will stay on for hours. However, when we try to go to a site that offers SDFix or some other virus removal software (e.g. McAfee), even in safe mode the computer will shut down. When it shuts down the only way to get it to start up again is to unplug it for 30 seconds or so, then plug it back in. If you don't unplug it, pressing the start button on the CPU does nothing.
Also, there is an 'Administrator' ID set up on the computer that neither my daughter, nor I recall setting up. To go to that ID on Windows boot up it asks for a password. We don't recall setting this up, and we have tried all of our usual passwords as well as trying to leave it blank and we can't get into that 'Administrator' account.
My daughters name has administrator rights, but as I said before the computer doesn't stay on long enough to run a full McAfee scan.
I wanted to run SDFix to see if it would remove whatever is on there. Can I download it to this computer (not affected) and copy it to a USB flash drive then copy it to the infected computer in Safe Mode and run it?

BC AdBot (Login to Remove)

 


#2 ePost

ePost

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 10 January 2009 - 07:19 PM

Yes, but running SDFix without knowing what Malware exactly we're dealing with is not a good idea. Running these 2 programs is. Download them to your USB. Then reboot to Safe Mode with out Network. As a matter of fact I think you should pull the internet plug while scanning. But update the programs first on your PC (USB) so that they are ready for use on your dauhters.

Then run a full scan. If it wants to reboot - let it. Link: http://www.superantispyware.com/

An other just as fine program is Malwarebyte's Anti-Malware. Run that also: http://www.malwarebytes.org/

Delete that account that you don't know what is.

And important: This PC was probably HACKED. I'll try to get BleepingComputer's malware experts to move this thread to a better forum in here. You may prefer to wait for expert advice before doing anything at all...

Edited by ePost, 10 January 2009 - 08:05 PM.


#3 ePost

ePost

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 10 January 2009 - 07:38 PM

I should tell you that some legit programs sometimes creates a temporary user accounts in order to run which is OK but I don't like the ring of this. It does not sound right. I hope that BleepingComputer's malware experts will arrive in this thread soon and move the thread to their own turf. Then you will get help.

#4 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:07:55 PM

Posted 10 January 2009 - 08:00 PM

Hello, there's little we can see without a diagnostic tool being run. Though it does sound like your computer is heavily infected.

Running SDFix without knowing what we are dealing with isn't such a good idea, as ePost said.

Best thing to do is to make a thread in the HJT Logs & Analysis Forum, to let a malware removal expert take a good look at your pc.

Please read the Preparation Guide before posting a log thread.

Help will be with you as soon as possible :thumbsup:

Edited by Jat90, 10 January 2009 - 08:00 PM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#5 ePost

ePost

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 10 January 2009 - 08:02 PM

Thank you, Jat90. A new thread is a good idea. I hope this will help you, JaPaJoJa. :thumbsup: I hope your daughters PC did not have uninvited guests after all.

Edited by ePost, 10 January 2009 - 08:54 PM.


#6 JaPaJoJa

JaPaJoJa
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 13 January 2009 - 12:50 PM

OK, thanks. I'll try to get the DDS downloaded to the desktop of that malfunctioning computer tonight.

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,807 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:55 PM

Posted 14 January 2009 - 03:45 PM

Hello JaPaJoJa,

Now that you have a log posted here: http://www.bleepingcomputer.com/forums/t/195067/winxp-shutsdown-cant-be-restarted-wo-unplug/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users