Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP desktop freezes sporadically


  • Please log in to reply
6 replies to this topic

#1 6StringGuy

6StringGuy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 12 November 2010 - 04:55 PM

Hi there,

A friend of mine recommended I seek help from you guys for a possible malware/virus problem. I am running Windows XP Pro, version 2002, Svp 3. My pc is a ThinkPad Laptop ( circa 2006 ) running thru a docking station to an LG L226WTQ Flatron monitor.

My problem is that the desktop will freeze sporadically ( at least I cannot find a pattern so far ) and I'll have to reboot. Some times it's a total freeze in which the keyboard and mouse are frozen too. Some times I can use the mouse and keyboard but nothing of substance will happen. I can click on the start button, for example, and see the list of items but cannot get any of those to run. I can enter CTRL-ALT-DEL, click on the task mgr button but the task mgr will not display. I was able to do this with freecell earlier today after I had opened the task mgr immediately upon reboot. I clicked the start button, then freecell ( purely for 'research' purposes, of course ). Freecell did not come up on the display, but I did see freecell listed in the processes tab of task mgr. Makes me think that some times the apps are starting but not able to communicate with windows.

I have attached here the hijackThis log I generated a few minutes ago.

Thanks for your help!

BC AdBot (Login to Remove)

 


#2 micksim

micksim

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, UK
  • Local time:02:48 PM

Posted 12 November 2010 - 05:31 PM

You've explained it pretty well, we have lots of info to work with already.

Now, was there anything installed on the machine just before this issue started?
Were there any downloads you can remember to have happened prior to this occurrence?
Did the machine become unresponsive while online or not?

Are you able to connect to the internet?
Have you tried any Windows repair procedures, such as chkdsk, sfc /scannow, system restore?
Have you attempted safe mode yet?


I won't bore you with any more questions for now, it's just that I need a bit more info to plan my approach to the issue.

Regards
| A+ | Net+ | MCDST | MCITP |

"...if ever I have made any valuable discoveries, it has been owing more to patient attention than any other talent..." (1642-1727, Isaac Newton)

#3 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:48 PM

Posted 13 November 2010 - 04:24 PM

Please perform a memory test:

How to Test your RAM



Guide Overview

The purpose of this guide is to teach you how to check whether your system's RAM (Ramdom Access Memory) is working properly. Bad RAM can lead to a whole host of problems, often which do not appear to have a single cause -- appearing as systemwide glitches, blue screens, and other system trouble. MemTest86+ provides a very good detection mechanism for failed RAM, and is about as good a test you get short of actually replacing the module itself.

Tools Needed
Please perform these steps from a separate, working, machine.Perform these steps on the problem machine.
  • Put your CD in the drive and configure your machine to boot to the CD. This is different on all machines, but it's usually by pressing F12 or F10 as your system boots, and selecting either "CDROM" or your cdrom drive. If you are unable to force a CDRom boot, reply with the make and model of your machine and I should be able to get you exact instructions.
  • If you've done it correctly, MemTest86+ will start to run automaticly, as shown below:
    Posted Image
  • If you want to be reasonably your RAM is OK, then allow MemTest to run until you see this message:
    Posted Image

    On the other hand, if you want to be completely sure your RAM is OK, allow MemTest to run overnight. Memtest will run forever until power is pulled on the machine.
  • Check the MemTest screen for any reported errors. Errors will appear as RED warnings at the bottom of the screen, similar to the following screenshot:
    Posted Image
  • Hard-Reset the machine, removing the MemTest disk in the process.
If you didn't get an error screen, Congratulations! :)

Compliments of Billy O'Neal.

#4 6StringGuy

6StringGuy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 15 November 2010 - 10:04 AM

thanks for responding ! micksim - the most recent thing I installed ( on purpose, anyway ) is dexpot. Been running that for 2-3 months now and had no issues with the pc until last week. I was online when I noticed the erratic behaviour. The IE browser starting operating on it's own and in a matter of minutes I had two new icons on my desktop for "Whitesmoke Translater". AFter that, I started getting "Security Tool" popping up telling me my pc was infected and to give them money.

I used comboFix to be able to get rid of the Whitesmoke stuff, then had to use malwarebytes to get rid of Security Tool ( as far as I know ). I can connect to the internet, and I I had to use safe mode with networking to get comboFix and malwarebytes to function.

CryptoDan - I will try the memtest86+ and report back.

Thanks again for the help.

#5 6StringGuy

6StringGuy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 15 November 2010 - 11:18 AM

Just ran memTest86+. Got "Pass complete, no errors".

#6 micksim

micksim

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, UK
  • Local time:02:48 PM

Posted 15 November 2010 - 11:19 AM

thanks for responding ! micksim - the most recent thing I installed ( on purpose, anyway ) is dexpot. Been running that for 2-3 months now and had no issues with the pc until last week. I was online when I noticed the erratic behaviour. The IE browser starting operating on it's own and in a matter of minutes I had two new icons on my desktop for "Whitesmoke Translater". AFter that, I started getting "Security Tool" popping up telling me my pc was infected and to give them money.

I used comboFix to be able to get rid of the Whitesmoke stuff, then had to use malwarebytes to get rid of Security Tool ( as far as I know ). I can connect to the internet, and I I had to use safe mode with networking to get comboFix and malwarebytes to function.

CryptoDan - I will try the memtest86+ and report back.

Thanks again for the help.


6StringGuy there are several possibilities here. So many in-fact that it could be related to hardware, and in this particular case as cryptodan has pointed out, it could be the RAM.

However, I am of the opinion that:

  • System was left corrupted upon disinfection.
  • You're still infected to a certain extent.

How to approach this:

  • It would be a good idea to run CHKDSK, either via CMD (chkdsk /f /r) or using the properties dialogue box. Another one to run is SFC /SCANNOW.
  • Ideally, disinfecting any further would be done by different tools. So do consider using a good rootkit remover, a different type of anti-virus, anti-spyware etc, that you haven't used yet. In my experience I have found that even though you shouldn't have more than the strictly necessary security software on a daily basis, this proves different when trying to tackle an infection. You'll need all the different ways different software approach different infections, and more often than not they all pick up on different things, even though they're all as good as each-other. This little article gives you a good idea of who's doing what and it has saved me many headaches many many times (read through the comments as well).

Whatever you do though 6StringGuy, always remember rules number 1, 2 and 3

  • Backup
  • Backup
  • Backup

Let us know how it went, good luck!

Edited by micksim, 15 November 2010 - 01:07 PM.

| A+ | Net+ | MCDST | MCITP |

"...if ever I have made any valuable discoveries, it has been owing more to patient attention than any other talent..." (1642-1727, Isaac Newton)

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:48 PM

Posted 15 November 2010 - 12:14 PM

Please perform the following, so that we can get the exact specs of your computer. This will better assist us in helping you more.

Publish a Snapshot using Speccy

The below is for those who cannot get online

Please take caution when attaching a text file to your post if you cannot copy/paste the link to your post, you will need to edit it to make sure that your Windows Key is not present.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users