Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Post Antivirus Soft Removal Freezes.


  • This topic is locked This topic is locked
5 replies to this topic

#1 Fizziii

Fizziii

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 04 March 2010 - 09:47 AM

This turned a little long winded, so I'm putting a summary here:

1) Programs quit responding. Can sometimes open new windows.
2) Existing windows quit updating. System clock quits updating.
3) Hard drive activity ceases.
4) Tried system restore, running Anti-Virus
5) MalwareBytes and AVG command line show clean.
6) One things freeze, the mouse usually still works and can still click on the start menu, and right click on things for options... they just don't do anything.
7) Freezes can occur between 7minutes and 2 hours into working on the system.

I run a Dell Precision M4300 as my work computer. It has Windows XP x32 SP2 on it.

On Tuesday I ran into the Ransomware "AntiVirus Soft". I printed out and followed the instructions from here, and that worked great. It was late when I finished, so I shut my computer down and was working with it yesterday at the office. It kept freezing up on me. The freezes were weird.

For instance, I would be multi-tasking (I do tech support for a program called SolidWorks, yet that doesn't always help with general computer support), so I would have SolidWorks open along with my e-mail, and internet browser (with multiple tabs for various work related pages). What would happen is I would try switching tabs in Firefox and it would hang up... the mouse would keep moving. I could select and alt-tab between windows, and they would quit responding. I could right click on the taskbar and choose "Task Manager" and it wouldn't come up. I could also Ctrl-Alt-Del and choose task manager and then I'd be stuck looking at my desktop and nothing else. Eventually I have to hard kill the power (i.e. hold the power button for 5-10 seconds).

Sometimes, when it starts behaving like this, dragging a window will cause the mouse to lock up and then I can't see/do anything on the system at all.
I re-ran MalwareBytes and it found nothing. I tried running my Anti-Virus in SafeMode, yet it can't run in safe mode (Trend Micro). I downloaded AVG and it could run in command prompt mode in Safe mode and that found nothing. Everytime I try logging into the computer normally and run AVG it has locked up at somepoint during the run. The system clock stops updating, the AVG window stops updating, but the mouse still moves.

I tried running 2 system restores yesterday. 1 from Monday and 1 from Friday, and both failed because nothing had changed. I booted the computer up at 10:13 last night and brought up the system clock. When I came downstairs today, the clock was frozen at 10:20:17. My AIM had new mail notifications on the screen (that usually disappear after 5 seconds or so). I could still click on the link to pull up my e-mail, but the pages would not load other than the window outline, nor would they go away if I tried closing them.

Also, a few times when I had the Task Manager open when it froze, it would let me still sort the processes. When I sorted it by CPU usage both A-Z and Z-A sorting, all the usages showed 0. When I sorted it Alphabetically, things that should've been on there, weren't. (i.e. System Idle time). Because of this, I'm thinking anything that had CPU usage disappeared from the list.

Current AVG just stopped, hard drive sound died, mouse still moves. Went to Start, Right clicked on my Computer, and selected "Manage". It had some hard drive sound, but the Manage window never showed up, and the corner of the Start Menu is still being shown on the AVG window. This was the first time I tried logging into the computer itself (which as a different profile than the one I use to sign into my work domain).

Could this be hardware related?

Could this be tied into the Antivirus Soft issue?

Edit: Does this belong in the anti-virus section?

Edited by Pandy, 04 March 2010 - 10:13 AM.
Moved from Windows XP Home and Pro to a more appropriate forum ~Pandy


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:44 PM

Posted 04 March 2010 - 09:57 AM

Yes, it appears to belong in one of our malware forums.

I will suggest internally that your post be moved to the appropriate forum, where someone will contact you with further instructions.

Thanks :thumbsup:.

Louis

#3 Fizziii

Fizziii
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 04 March 2010 - 10:05 AM

1 more update. I checked the Event logs. Between 10:16 last night at 6:30 this morning (when it was frozen), there were no updates. (Informational, warning, or error). Errors that I am seeing (from before and after that range) are:

"Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Gropu Policy processing aborted." -- I'm not connecting to my network currently though.
"Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed." -- I've seen this pop up pretty regularly.
"wlcomm (4472) A bad page link (error -338) has been detected in a B-Tree (ObjectId: 88, PgnoRoot: 214) of database C:\Documents and Settings\fred\Local Settings\Application Data\Microsoft\Windows Live Contacts\{f6bdcf12-79a8-4363-a8a2-52b80b8ddb0d}\DBStore\contacts.edb (214 => 290, 292)" -- This error I've never seen before. This popped up twice in a row and is the last thing recorded before it froze last night. It did not reappear this morning before it froze though.

Also, a couple of things I'm not entirely sure of in msconfig. In the Services tab there's a NTRU TSS v1.2.1.12 TCS and I'm not sure what this is. In the startup tab, there's an item that has no name, and no command, yet it's located in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

Edited by Fizziii, 04 March 2010 - 10:49 AM.


#4 Fizziii

Fizziii
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 04 March 2010 - 12:12 PM

<snip>
Also, a couple of things I'm not entirely sure of in msconfig. In the Services tab there's a NTRU TSS v1.2.1.12 TCS and I'm not sure what this is. In the startup tab, there's an item that has no name, and no command, yet it's located in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.


I disabled the no-name, no-command item and restarted, and ran my AVG and it completed. It found 21 tracking cookies. Just now the computer BSOD'd on me.

"A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to be sure you have adequate disk space. If a driver is indentified in the stop message, disable the driver or check wit hteh manufacturer for driver updates. Try changing video adapters.

Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. IF you need to use safe mode to remove or disable components, restart your computer, press F8 to select advanced startup options, and then select safe mode.

Technical information:
***STOP: 0x0000008E (0xc0000005, 0xB7CCEC89, 0xB1A3368C, 0x00000000)

*** dxec01.sys - Address B7CCEC89 base at B7CBD000, DateStampe 454a39b3

Beginning dump of physical memory
Physical memory dump complete
Contact your system administrator or technical support group for further assistance"

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:44 PM

Posted 04 March 2010 - 03:36 PM

Hello fizzilli..
You will need to Download and Run DDS which will create a Pseudo HJT Report as part of its log..
If for some reason you cannot perform a step, move on to the next.
Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help . Then go here Virus, Trojan, Spyware, and Malware Removal Logs ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:44 PM

Posted 04 March 2010 - 08:53 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/300327/antivirus-soft-leftovers/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users