Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A pretty bad bug


  • Please log in to reply
12 replies to this topic

#1 BobbyLee

BobbyLee

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 21 November 2009 - 01:40 PM

My PC is infected with something - the symptoms are very similar to the post below from boat290. Here are some details.

PC is a JVC MP-XP741 (ASUS S2Ne), Centrino subnotebook running WinXP Pro SP2
Browser is Firefox
AV was AVGFree, then McAfee, then Avira; see history for why
Firewall is the WinXP one, behind a Linksys WRT54G router
I typically run Spybot and Ad Aware every couple of weeks and they turn up some issues, but not like this one.

The story is, I decided that AVGFree was sucking up too many system resources, and uninstalled it. For some reason, the uninstall wouldn't run, and I had to start a new install, then chose uninstall. Then I downloaded McAfee from Comcast's (my ISP) site for free. Soon after the download, like 1 or 2 minutes, a large, colorful, convincing window that purported to be security software popped up, along with a smaller dialog box warning of an infection and asking me to clean it. Like an idiot, I clicked it.

As I said, the symptoms are very similar to boat290's. The PC will not start in safe mode, nor will it hibernate. It will start in MSCONFIG's Diagnostic mode. When I use the web, I am redirected to not-selected web sites. When this happens, the Firefox tab showing the web site name will have a stylistic #2 at it's left margin. Occasionally, a pop-up warning of a system infection will show up, and I'll have to open Task Manager to close Firefox - it won't let me exit normally.

In event viewer, a repeating Error 45 and 49 occur with the notation ftdisk whenever I try to hibernate the PC. Both hiberfil.sys and pagefile.sys are present in the root directory.

I've run Spybot, Ad Aware, SmitFraudFix, MalwareBytes, the Windows malware utility, and probably others. (I have a recent Hijackthis log file if it's of interest.) I've run MSCONFIG in Diagnostic mode and hibernation still fails. I've inspected the root directory and start-up files for suspect files. Just before typing this, I ran MalwareBytes and it reported no infected objects, then my web navigating was hijacked on the way to this site.

I'm prepared to do a clean XP install if I have to. Ugh. Thanks for any help.

BC AdBot (Login to Remove)

 


#2 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:01:07 AM

Posted 21 November 2009 - 02:52 PM

In addition to MBAM I usually run SUPERAntiSpyware with these types of infections. MBAM cleans a lot but not all of it in most cases.

Download SUPERAntiSpyware
DJ Digital Gem

I gave up on computers and now I just DJ!

#3 BobbyLee

BobbyLee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 21 November 2009 - 03:58 PM

Thanks, I DL'ed and ran SAS. It found a bunch of adware and one trojan and dealt with them. Still can't hibernate the machine, though :-(

And my browsing just got hijacked. This time, it opened a whole new tab in Firefox. Grrr

#4 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 AM

Posted 21 November 2009 - 04:47 PM

Hello and welcome to Bleeping Computer. My name is Computer Pro and I will be assisting you in the disinfection of your machine.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.



Please post your SAS log for me by doing the following:

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.
Computer Pro

#5 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:01:07 AM

Posted 21 November 2009 - 04:55 PM

I am at work so I don't have the ability to test this but I found what appears to be a free proces scanner that will show you what processes are running on your computer.

process scan

I also found this...
Process Explorer

Try those and see if you can get us a list of the processes running on your computer.
DJ Digital Gem

I gave up on computers and now I just DJ!

#6 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 AM

Posted 21 November 2009 - 04:58 PM

Before you run Process Explorer, please post your SAS log
Computer Pro

#7 BobbyLee

BobbyLee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 21 November 2009 - 05:40 PM

Here's the SAS log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/21/2009 at 01:46 PM

Application Version : 4.30.1004

Core Rules Database Version : 4260
Trace Rules Database Version: 2170

Scan type : Complete Scan
Total Scan Time : 00:38:44

Memory items scanned : 430
Memory threats detected : 0
Registry items scanned : 4188
Registry threats detected : 0
File items scanned : 20419
File threats detected : 142

Adware.Tracking Cookie
C:\Documents and Settings\JVC MP-XP741\Cookies\jvc mp-xp741@msnportal.112.2o7[1].txt
C:\Documents and Settings\JVC MP-XP741\Cookies\jvc mp-xp741@atdmt[2].txt
.a.websponsors.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.adprofile.net [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.adprofile.net [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.adprofile.net [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.adprofile.net [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.adprofile.net [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.click2houston.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.clickaider.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.media.cardomain.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.media.cardomain.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.media.cardomain.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.media.cardomain.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.qnsr.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
.qnsr.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
affiliate1.ticketcity.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
e1.cdn.qnsr.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
eas.apm.emediate.eu [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
eas.apm.emediate.eu [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
eas.apm.emediate.eu [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
media303.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
primedia.us.intellitxt.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
sales.liveperson.net [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
stats.sphere.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
www.click2houston.com [ C:\Documents and Settings\JVC\Application Data\Mozilla\Firefox\Profiles\8cornf0b.default\cookies.txt ]
C:\Documents and Settings\JVC\Cookies\jvc@www.burstnet[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wjk4wkdjshp.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wjkycpd5efp.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wfkiqkczcgo.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@adserver[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@adbrite[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@www.clickmanage[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@revsci[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wgk4klcjkkq.stats.esomniture[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wjmyumdzwlp.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wamiqgdjibp.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wfkowkcpokq.stats.esomniture[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wgmyqidjsfq.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@ad.yieldmanager[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@adrevolver[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@adrevolver[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wfkygmazcco.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wjkosod5edq.stats.esomniture[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@ads.adbrite[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wfmyaiajsap.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wjnyqodjcgp.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wjkowpazifo.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@tribalfusion[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@advertising[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@www.burstbeacon[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@mediaplex[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wjnysjczkdo.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wgmyoocjieo.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wfk4ood5ifp.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wfk4ghc5alp.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6whkosgdjalo.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@ad.interclick[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wcloqpajafo.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wfkiapc5eap.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@adcache.collectorcartraderonline[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@serving-sys[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@ads.pointroll[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wjkocjczmcq.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wfmiwjcjohp.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wfkiggd5ifo.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@1-click[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@adopt.euroclick[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@2o7[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@a.findarticles[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@adlegend[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@ads.addynamix[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@ads.cnn[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@ads.traderonline[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@anad.tacoda[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@anat.tacoda[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@apmebf[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@atwola[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@bluestreak[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@bs.serving-sys[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@casalemedia[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@cnn.122.2o7[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@dsml.clickexperts[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@discounttire[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@ds.clickexperts[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wbkyomajoao.stats.esomniture[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wfmyemd5ibo.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wjny-1mcpgd.stats.esomniture[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wjkokhczeeo.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wjkyggdzobp.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wjkysndpmgo.stats.esomniture[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wjliopdpelp.stats.esomniture[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wjlounc5ebo.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wjny-1mcpmd.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wjnycjdpwgp.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@e-2dj6wjnyeiazefo.stats.esomniture[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@edge.ru4[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@ehg-foundation.hitbox[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@ehg-speakeasy.hitbox[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@ehg-traderelectronicmedia.hitbox[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@equifax.adbureau[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@fastclick[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@findarticles[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@gostats[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@hitbox[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@indigio.122.2o7[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@meetupcom.122.2o7[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@nextag[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@msnportal.112.2o7[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@qnsr[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@partner2profit[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@paypal.112.2o7[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@phg.hitbox[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@realmedia[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@questionmarket[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@server.iad.liveperson[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@specificclick[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@statcounter[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@tacoda[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@tracker.roitesting[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@virginmedia[2].txt
C:\Documents and Settings\JVC\Cookies\jvc@web4.realtracker[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@www.virginmedia[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@xiti[1].txt
C:\Documents and Settings\JVC\Cookies\jvc@zedo[2].txt

Trojan.Dropper/Gen
C:\DOCUMENTS AND SETTINGS\JVC MP-XP741\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\CD BURNING\JVC SETUP\PNPDRVRS\LAN\APPS\TOOLS\IDADAPT.EXE


I did run another SAS after this (I ran Rootkill between the two), it showed clean so I'm posting this one.

Thanks for your help!

#8 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 AM

Posted 21 November 2009 - 06:58 PM

Can you also post your latest Malwarebytes log? It can be found under the "Logs" tab of the program.
Computer Pro

#9 BobbyLee

BobbyLee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 21 November 2009 - 07:55 PM

It looks like I can't - the PC fails to boot into XP now, either normally or in safe mode. Guess I'm screwed.

Can't these malware writers be identified and prosecuted? This is just BS.

#10 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 AM

Posted 21 November 2009 - 08:26 PM

Unfortunately, they cant be identified because most of the time, they are from other countries. Do you want to try an anti-virus rescue disk, or do you just want to go ahead and reformat to just get it over with?
Computer Pro

#11 BobbyLee

BobbyLee
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 22 November 2009 - 03:50 PM

I think I'm going to start over. This XP install is original, from 2004, so it's kind of overdue. Would have preferred to do it on MY timetable, though...

Thanks for your attempted assistance.

#12 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:07 AM

Posted 22 November 2009 - 07:55 PM

Your very welcome. Good luck in the future.
Computer Pro

#13 seangriffin

seangriffin

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 07 February 2012 - 07:24 AM

To anyone else still tearing out their hair trying to solve this (as was I), here is the solution. The problem is most likely rootkit malware attack.

To check and remove rootkits, download and run Kaspersky's TDSSKiller:

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

I ran this. It found one infection, quaranteened the file, rebooted my computer, and hibernation now works.

After countless attempts to fix hibernation, this was the only solution that worked for me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users