Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.bots, trojans, spyware


  • This topic is locked This topic is locked
5 replies to this topic

#1 m1garand

m1garand

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 04 September 2010 - 01:09 PM

Ok i'm trying to disinfect my moms' ancient ibm thinkpad. Her computer is more sluggish than ever and 2-3 days ago i installed and updated malwarebytes anti-malware and it turned up with back door trojans and spyware. Alas, i'm afraid all the malicious software is still installed as i was unable to perform a custom windows update. The os is windows xp service pack 3 and it's like a pentium 3 processor. I know with backdoors your computer can never be truly safe again but i want to give it a try. The anti-virus is avg anti-virus free and there were a whole lot of sketchy programs in add/remove programs like driver detective which i believe to be the culprit and an ancient norton corporate edition (from like 1998 or something) that won't uninstall saying "fatal error during installation" when i attempt to do so.

I'm posting the malwarebytes log just in case:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4532

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/2/2010 9:10:59 PM
mbam-log-2010-09-02 (21-10-59).txt

Scan type: Quick scan
Objects scanned: 179054
Time elapsed: 49 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5_exception.nls (Trojan.Tibs) -> Quarantined and deleted successfully.

DDS LOG:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Idrees at 12:53:42.46 on Sat 09/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.181 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ltcm000c.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Idrees\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uSearch Page = hxxp://ca.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ca.search.yahoo.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ca.search.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ProxyWay] c:\program files\proxyway\proxyway.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe
mRun: [vptray] c:\program files\navnt\vptray.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [XircWinModem4] ltcm000c.exe 9
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187286783618
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-5 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-5 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-5 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2001-10-29 9296]
R2 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2001-10-29 466944]
R3 S3GSavageMX;S3GSavageMX;c:\windows\system32\drivers\s3gsavm.sys [2002-11-28 88576]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2008-3-4 22568]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-10-4 14336]

=============== Created Last 30 ================

2010-09-04 16:49:56 0 ----a-w- c:\documents and settings\idrees\defogger_reenable
2010-09-03 02:57:42 0 d-----w- c:\docume~1\idrees\applic~1\Windows Search
2010-09-03 02:45:09 0 d-----w- C:\3a3172316aeae9933615fc
2010-09-03 02:41:26 0 d-----w- c:\windows\system32\winrm
2010-09-03 02:41:12 0 dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-09-03 02:40:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_tp4track_01007.Wdf
2010-09-03 02:40:08 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-09-03 02:39:04 0 d-----w- c:\program files\Lenovo
2010-09-03 02:38:34 0 d-----w- c:\docume~1\idrees\applic~1\Windows Desktop Search
2010-09-03 02:37:28 0 d-----w- c:\windows\system32\GroupPolicy
2010-09-03 02:37:28 0 d-----w- c:\program files\Windows Desktop Search
2010-09-03 02:34:33 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-09-03 02:34:32 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-09-03 02:34:31 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-09-03 02:33:14 0 d-----w- c:\program files\ThinkPad
2010-09-03 02:23:47 0 d-----w- c:\windows\system32\URTTEMP
2010-09-03 02:04:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-03 02:04:45 423656 ----a-w- c:\windows\system32\REN1D1.tmp
2010-09-03 01:47:19 0 d-----w- c:\docume~1\alluse~1\applic~1\inSpeak
2010-09-03 01:47:09 0 d-----w- c:\docume~1\idrees\applic~1\inSpeak
2010-09-03 01:47:03 0 d-----w- c:\program files\inSpeak
2010-09-03 00:18:56 0 d-----w- c:\docume~1\idrees\applic~1\Malwarebytes
2010-09-03 00:18:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-03 00:18:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-03 00:18:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-03 00:18:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-10 19:19:32 0 d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2010-08-11 00:24:37 46 ----a-w- c:\documents and settings\idrees\jagex_runescape_preferences.dat
2010-07-15 17:36:03 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 17:35:37 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 17:13:58 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-14 20:54:15 99 ----a-w- c:\documents and settings\idrees\jagex_runescape_preferences2.dat
2010-07-14 16:35:37 0 ----a-w- c:\documents and settings\idrees\jagex__preferences3.dat
2010-07-13 23:11:04 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-10-16 09:51:40 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-10-08 21:13:23 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100820081009\index.dat
2009-06-17 06:56:01 1738272 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-17 06:56:02 26912 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-16 10:53:51 16384 -csha-w- c:\windows\temp\cookies\index.dat
2009-10-16 10:53:51 16384 -csha-w- c:\windows\temp\history\history.ie5\index.dat
2009-10-16 10:53:51 32768 -csha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 12:55:46.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:34 AM

Posted 13 September 2010 - 04:13 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 m1garand

m1garand
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 14 September 2010 - 10:58 PM

Unfortunately the laptop basically died, when i attempt to boot or update bios it says "Bad CRC1, stop POST task. The EEPROM checksum is not correct." I believe the computer ran low on virtual memory and would not boot back up again unless I got lucky.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:34 AM

Posted 15 September 2010 - 04:34 AM

Please read the following information. Source
QUOTE
In some rare cases there really is a problem with the system board and the CRC checksum routine is actually doing it's job. If this is the case, you will see erratic power behavior, random shutdowns / freezing / erratic power behavior on power up, before the CRC error surfaced. We cannot guarantee our CRC correction will last when power problems exist in the motherboard. Unfortunately, we cannot refund the CRC recovery cost. Our time is money and the programmers we hire to correct the CRC information cost money.

With that said...

Most of the time, CRC errors are generated from a password removal attempt or sudden (user created) "Shutdown" or "Restart" condition and these situations are repairable.
How can you tell if your ThinkPad is a good candidate for a CRC repair? We suggest you try the following tests:

1) Start the system and watch the status lights in the LCD hinge or near the power button. They should flash once (some models twice) before the system shows a display. If they flash 3 times or more, you have a power problem.

2) Start the system and allow it to reach the CRC “stop post task” error message. Let it sit at this error for several hours. The system should sit at this error for ever or until user intervention occurs.

3) Some things to watch for while the system is sitting at the CRC error and running for several hours would be: Screen going black, System rebooting, System powering off, ect.. ect.. ANY activity by the system is a warning that power problems exist in the system.

4) Try restarting the system several times consecutively, shut the system down by holding the power button for 5 seconds, then restart keeping an eye on the status lights for any additional flickers.

5) All the above tests should be done with AC power applied and battery installed. Also ALL drives installed.

If your system passes the above tests then it’s a good candidate for a CRC Recovery.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:34 AM

Posted 20 September 2010 - 05:43 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,208 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:34 AM

Posted 27 September 2010 - 05:46 AM

Due to lack of feedback, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users