Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Pro SP2 hit by virus /rootkit Booting up problems and shutting down issues


  • Please log in to reply
12 replies to this topic

#1 lost2pc

lost2pc

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 20 May 2010 - 07:47 PM

Hi!

mOle from virus forum was helping me with virus related problems, and he asked me to post here today.

On May 4th a MBAM scan found and removed from my ThinkPad XP Pro SP2 Firefox3.5 and IE8:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.


Problem #1
On May 12th encountered strange errors e.g.

- When shutting down, I'll click Start and then click Turn Off computer. The hour glass comes and stay there for about 6 minutes, then the dialog box with turn off restart etc appears. I'll click Turn Off and the system takes another 6minutes to turn off.


Problem #2
May 20th, my machine would not boot up properly this morning. It Actually took 3-Hard Reboots and 4-Restarts for me to be able to access the internet i.e. = 72-minutes to get to this point.


- 'Taskbar and Startup Menu toolbar' should have 10 icons in it. Each time it would startup/restart it would have only 2 or 3

Here is what I noted - the program that needed to "end now" before restart was:

- ACWLIcon.exe - User 'SYSTEM'

- ACTray. exe - I think the User was 'SYSTEM'

- explorer.exe - User I think was 'SYSTEM'

- TpShocks.exe - was missing earlier - is now present

Since I've finally been able to log on I have been taking a look at the 'Windows Task Manager Processes' and now all the above have User 'Michelle'

Problem #3
When I hit 'Start', 'All Programs' - all icons are changed to white boxes e.g. 'Unlocker' is just a white box, 'SKYPE' is a white box, 'AVAST' a white box etc. These are recently downloaded programs, with the exception of Skype.

This is driving me :thumbsup: bonkers mOle. Can you please help me resolve this - Please!

Edited by lost2pc, 20 May 2010 - 07:53 PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:31 AM

Posted 21 May 2010 - 02:24 AM

From reading your thread where Mole assisted you, he indicated that hardware is the problem.

System manufacturer and model?

How much RAM installed?

Can you post a screenshot from Disk Management, reflecting all existing partitions?

Have you tried doing a clean install of XP?

Louis

#3 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 21 May 2010 - 12:13 PM

Hi Hamluis,

Sorry I'm a bit technology-challenged - I'm not sure how to post a screen-shot - so I did it as a Word file. I do not have XP disks so I haven't tried doing a clean install.

Thanks!

OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer Microsoft Corporation
System Name LENOVO-C2C1C07B
System Manufacturer LENOVO
System Model 76508DU
System Type X86-based PC

Hardware Abstraction Layer Version = "5.1.2600.2765 (xpsp.050928-1517)"

Total Physical Memory 1,024.00 MB
Available Physical Memory 287.14 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 2.38 GB
Page File C:\pagefile.sys

Attached Files



#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:31 AM

Posted 21 May 2010 - 01:47 PM

That worked fine :thumbsup:.

FWIW: How to take and share a screen shot in Windows - http://www.bleepingcomputer.com/tutorials/how-to-take-and-share-a-screen-shot-in-windows/

Just wanted to confirm location/size of partitions on your hard drive.

You have a laptop, which further complicates things (IMO)...Lenovo Thinkpad R61i 7650.

I don't know very much about laptops, but I think I would contact Lenovo about getting recovery/restore disks...and then wipe it. Doing that will at least allow the problem to be defined as hardware, rather than O/S.

Product Recovery CD/DVD.

One of the few tests that you can actually do on a laptop easily...would be to check the hard drive. Doing so would entail downloading the appropriate .iso file from the correct respective hard drive manufacturer's website...then burning that .iso file to CD. Actual test is conducted using burned CD, in bootable state.

Hard Drive Installation and Diagnostic Tools - http://www.bleepingcomputer.com/forums/t/28744/hard-drive-installation-and-diagnostic-tools/

Bootable Hard Drive Diagnostics - Vox - http://usasma.vox.com/library/post/bootabl...iagnostics.html

How to write a CD-DVD image or ISO - http://www.bleepingcomputer.com/tutorials/write-a-cd-dvd-image-or-iso/

I would start with testing the hard drive. On the surface, it appears (to me) likely that either your hard drive or the file system is messed up...either one may require that recovery capability provided by the Lenovo disks.

Louis

#5 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 22 May 2010 - 09:38 AM

Thanks Louis!

I'm still here. I'm so embarrassed to say I have never burned a CD before in my entire life [yes I know - I'm seriously technically challenged]. I need to buy some writeable CDs. I'll let you how what happens after testing.

Many THANKS!

#6 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 23 May 2010 - 12:53 PM

Hi Hamluis,

Just a quick update. I have a Western Digital Hard Drive. I've completed and passed the Quick test so I'm moving forward with the other tests. I'll report back once everything is complete.

Thanks!

#7 hamluis

hamluis

    Moderator


  • Moderator
  • 55,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:31 AM

Posted 23 May 2010 - 02:58 PM

The long test...is more reliable than the quick test...when testing functionality of hard drives. I suggest that you run that, ignoring the results of the quick test.

Louis

#8 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 24 May 2010 - 10:36 AM

Hi Louis,

I ran the Quick and Extended yesterday but lost power mid-way. I re-tested this morning and here are the results. BTW it would not 'Write Zeros Test" because it was the only drive that had Windows.

Many Thanks!

Test Option: QUICK TEST
Model Number: WDC WD800BEVS-08RST2
Unit Serial Number: WD-WXE907772321
Firmware Number: 08.01G08
Capacity: 80.03 GB
SMART Status: PASS
Test Result: PASS
Test Time: 08:43:36, May 24, 2010

Test Option: EXTENDED TEST
Model Number: WDC WD800BEVS-08RST2
Unit Serial Number: WD-WXE907772321
Firmware Number: 08.01G08
Capacity: 80.03 GB
SMART Status: PASS
Test Result: PASS
Test Time: 11:21:29, May 24, 2010

#9 hamluis

hamluis

    Moderator


  • Moderator
  • 55,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:31 AM

Posted 24 May 2010 - 11:08 AM

The "write zeros test" would have deleted all your data...I believe that the diagnostic indicates that this is not a test, but a procedure for reformatting the hard drive.

Well, your hard drive seems to be in fine condition...let's try the RAM now :thumbsup:.

Memtest86+ - Advanced Memory Diagnostic Tool - http://www.memtest.org/#downiso

Download the .iso file...burn it to CD, just as did the hard drive diagnostic. Insert disk, change boot options to boot from optical drive...reboot.

Any error...any error reflected during the Memtest86+ run...is an item of concern. Projected time for a full test is about 2.5 hours on my systems.

If the hardware items clear...that means it's clean install time, in my world.

If this were my system, I'd just do a clean install after the hard drive received a clean bill of health.

Louis

#10 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 25 May 2010 - 08:28 AM

Hi Louis,

After struggling to get this test to run. I've decided to go ahead and do a clean install.


Thanks so much for all your help :thumbsup:

#11 hamluis

hamluis

    Moderator


  • Moderator
  • 55,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:31 AM

Posted 25 May 2010 - 10:35 AM

Let us know if this solves it :thumbsup:.

I would also suggest installing SP3 and all subsequent critical updates (at least 70 of them) after you do the clean install.

Louis

#12 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 28 May 2010 - 08:05 PM

Hi Louis,

I'm still working on this - going in a bit of a circle with Lenovo. Hopefully I'll get to the correct support unit and be able to buy the disks.

Many thanks!

#13 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 01 June 2010 - 10:53 PM

Update: Should have disk by Friday the latest. Will let you know how it goes.

Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users