Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/worm keeps forcing my computer to reboot


  • This topic is locked This topic is locked
4 replies to this topic

#1 Falneth

Falneth

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:01:11 PM

Posted 27 October 2011 - 07:53 AM

I run XP. I was originally using XP Home edition. When I reinstalled to get rid of this problem, I upgraded to XP Pro. I have 3 external hard drives that I use with my PC. I have used BART PE Windows emulator from a CD to move my files from one hard drive to another and format it. So far, every drive except my Terabyte drive has been wiped. I completed a FRESH install (no external drives were connected until installation was completely finished). I plugged the terabyte drive in so I could get the drivers for my computer and install MalwareBytes. My computer soon brought up a screen that said that the system was being restarted and it counted down from 60 seconds. It said that the restart was initiated by NT Authority/System and came from the services.exe file.

I have ran symantec's Blaster.Worm removal tool while in the BART PE emulator and it found nothing on ANY of my drives. I cannot do a scan with MBAM in safe mode because the program crashes and then my computer reboots without any warning. Since I formatted my two 320 GB hard drives, I'm positive that the infection MUST be on my Terabyte drive. But I can't scan it without it rebooting without warning or crashing the program and not allowing me to restart the program.

Any ideas would be MORE than welcome.

Btw, I have reinstalled windows XP 3 times since it started acting up and same result each time.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:11 PM

Posted 28 October 2011 - 08:11 PM

Only back up your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, and .html) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. After reformatting, scan the backed up data with your anti-virus prior to to copying it back to your hard drive.


One option is if you can connect it to another PC and scan it.


When you get a message that the system is shutting down, follow these steps to stop the cycle:
  • Press the Windows Key + R keys on your keyboard or go to Posted Image > Run..., and in the Open dialog box, type: cmd
  • Click Ok or press Enter.
  • At the command prompt C:\>, type: shutdown -a
  • Press Enter.
-- Vista users can refer to these instructions: How to Enable Run Command in Vista - How to Run a command prompt as an Administrator

That should give you enough time to run Rkill and rescan immediately afterwards with Malwarebytes. Rkill terminates malware processes which target your security tools and keeps them from running or completing a scan.



RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Run MBAM
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Falneth

Falneth
  • Topic Starter

  • Members
  • 132 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri, USA
  • Local time:01:11 PM

Posted 29 October 2011 - 12:31 PM

I formatted the Terabyte drive after moving all my videos from it to other drives. I couldn't put them on a DVD at all since I didn't have access to burning software while using a Windows Emulator boot disk.

I ran RKILL, followed by a full system scan of all hard drives with MBAM (updated today). I ran them in Windows Normal Mode and found nothing. So I booted into Safe Mode to run them again, but when I got into safe mode, I didn't even have time to run RKILL before my computer rebooted. NO window popped up saying the computer was being restarted. The computer just rebooted without warning again.

I tried again to boot into safe mode and run RKILL. It ran successfully this time. I proceeded to start a full scan with MBAM but the program crashed in the middle of the scan and then my computer rebooted without any warning at all.

What's next?

Edited by Falneth, 29 October 2011 - 02:08 PM.

A.A.S in Computer and Network Support from Crowder College


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:11 PM

Posted 29 October 2011 - 08:50 PM

Can you run DDS and make a new topic?I think we need to see way inside.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:11 PM

Posted 30 October 2011 - 11:23 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic425670.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users