Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Locks Up After About 30 Seconds


  • Please log in to reply
No replies to this topic

#1 jakea333

jakea333

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:50 AM

Posted 03 November 2009 - 09:49 PM

My roommate asked me to look at his computer. If started in normal mode, the computer would start fine, then after about 30 seconds would lock up. After watching this a few times I realized it would happen around the time Windows Update tried to autorun. These issued did not persist in Normal Safe Mode, however, it did still lock up in Safe Mode with Networking.

I went to msconfig and disabled Windows Update, this allowed me to run MBAM.

Malwarebytes' Anti-Malware 1.41
Database version: 3097
Windows 6.0.6001 Service Pack 1

11/3/2009 6:44:54 PM
mbam-log-2009-11-03 (18-44-54).txt

Scan type: Quick Scan
Objects scanned: 101203
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gubiretape (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiSpyware Service (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protection system (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows System Recover! (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\wbem\Performance\WmiApRpl_new.ini (Trojan.Agent) -> Quarantined and deleted successfully.


It asked for a restart, which I performed. I then ran a second MBAM and found a file came back.

Malwarebytes' Anti-Malware 1.41
Database version: 3097
Windows 6.0.6001 Service Pack 1

11/3/2009 7:06:52 PM
mbam-log-2009-11-03 (19-06-52).txt

Scan type: Quick Scan
Objects scanned: 101586
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\wbem\Performance\WmiApRpl_new.ini (Trojan.Agent) -> Quarantined and deleted successfully.


After this scan and reboot, the computer autoran a chkdsk and appeared to restore the file that keeps coming back. Also, it warns me upon booting that it blocked some startup programs.

I reran MBAM and it found the same file again, I did not have it remove it the most recent time and instead turned here for assitance.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users