I am an IT Professional, and have been since the 80s. The computer I'm having the problem with is mine, it has always had up-to-date AV, and has Automatic Updates on. I check it every so often with SpyBotS&d or MalwareBytes, and it has NEVER had anything besides tracking cookies. It has been on a secured wireless network (out in the middle of nowhere, doubt anyone would hack it), with both a hardware firewall at the DSL entry point and Windows Firewall on. It has never had a Memory Stick in its slot before now. The only removable media I've ever used with it is a big USB disk for backups, which unfortunately has not been done in about 6 months. I've never had Limewire or any other risky stuff installed on this computer. I don't use FaceBook, or any of the social networking, I don't surf any type of risky sites, and I don't download anything onto this computer. Its the safest computer on the planet.
The computer is a Sony Vaio K-series laptop, probably 4-5 years old, running XP Home SP3 and IE8. Here's the sequence of events as best I recall them.
6/10/2009 - everything is fine, I'm looking up something boring like outboard motor parts. Its supposed to storm tomorrow, so I am going to unplug it. Automatic Updates are downloaded and ready to install, so I choose "Install Updates and Shutdown". It does its thing, in a normal amount of time, no indication of problems, and shuts down. I unplug the charger and put it away.
6/19/2009 - I get the computer out, plug it up, push the power button. It gets to the WinXP logo with the progress bar underneath. The bar rotates around a couple times, then sticks. I wait, probably 10 minutes, and nothing ever happens. I notice the orange light is on beside the "Memory Stick" slot.
I boot it up in Safe Mode. (That works.) I check the logs for the Windows Updates, everything appears to have went fine. Check Event Viewer for some clue as to what happened, nothing. Check Device Manager, no splats. Everything looks fine.
Hmmm, maybe a fluke, try a normal reboot again. Exact same result, hangs at same place, with orange light on beside "Memory Stick" slot.
So I boot into Safe Mode, and uninstall all of the Windows Updates that have the 6/10 date on them. I made sure I did them in the correct order, so all dependencies were resolved.
Tried another normal boot. Nope, hangs at same place, with orange light on beside "Memory Stick" slot.
OK, now I'm scared. So I go to my other PC, the desktop and do some Googling of the symptoms. I find one in particular, a malware-infested Sony VAIO locking up with Memory Stick light on. So its probably malware.
Since I already have the latest version of Norton AV, I run a full scan on the Vaio with that. Comes up clean. Then MalwareBytes, latest version, comes up clean. (Then I reboot into Safe mode with Networking.) Then run Housecall online with Trend Micro, comes up clean. Just for S's&G's I even try their New Beta scan, 100% clean. Then Kaspersky's online scanner, also comes up clean. Then BitDefender, again clean. Then as a last resort, I disable NOrton's real-time protection and run Combofix. Combofix did not find anything. (I looked through its logs, but have to admit I'm not that good at fixing something manually.)
I don't know how to interpret Hijack This logs, I always give up before then and reformat. But I have a bunch of old software that I don't know the registration keys for, so I do not want to reformat!
At this point I kinda panicked and tried Restoring Windows to a Restore Point on 6/9/2009. That hosed my IE8. Windows was unable to restore back to the Restore Point that Combofix had just created. :-( So I dinked around with it, reinstalling IE8 and Java. Finally got that working again.
I had read in the post about the malware-laden Vaio, that his booted normally if he put a Memory Stick in the slot. So I was curious about that. I didn't have a Memory Stick, and had never used that feature on the laptop. So I rummaged around and found one, stole it out of hubby's antique Sony Clie'. Powered down the computer, put the Memory Stick in, powered up, and yep it booted normally. :-/ Weird thing is though, when you remove the Memory Stick, it locks up solid. So solid the mouse won't move. Pop it back in, things resume just like normal. ~:-( This is war *&^%#it!!
So I installed Sysinternals' Process Monitor. Started logging, auto-scroll, popped the Memory stick out, made a note of the last entry, then popped it back in, went to look at the entries immediately after re-insertion. Did that quite a few times, but nothing in particular was the very last or the very first thing to run. I disabled or uninstalled the things that popped up the most often, and that made absolutely no difference.
So now I'm waving the white flag, can somebody help? I think I need a ComboFix log interpreter or a Hijack This pro.
TIA (and thanks for reading!)
Edited by SunBoss, 22 June 2009 - 03:42 PM.