Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Shuts Down During AV Scans


  • Please log in to reply
10 replies to this topic

#1 1adam12

1adam12

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 AM

Posted 28 February 2013 - 07:49 PM

Hello,

 

I have a laptop that keeps shutting down unexpectedly during AVG (Free 2013), Malwarebytes (Pro) and Spybot scans. The scans will start and then without warning (and no bsod) the computer just shuts down (at about 26 - 28% through the scan according to AVG) . The computer seems to run fine otherwise. However, there have been a coupIe of times when it shut off and not during a scan. I am running XP Pro and also have Zone Alarm (free) installed.

 

I have replaced the fan less than a month ago and even more recently blown it out with compressed air.


I have run AVG and Dr.Web CureIt! in safe mode and get clean results, but when I return to normal mode and try to run them, the computer shuts down once again shortly into the scan.


I'm at a loss...maybe it's not a virus, trojan or malware (maybe some type of hardware issue?) but I don't always have the best of luck and I just figured it was some type of infection!! 

 

Any assistance and/or advice would be highly appreciated.

Thanks


Edited by hamluis, 04 March 2013 - 11:03 AM.
Unlocked topic - Hamluis.


BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:36 AM

Posted 02 March 2013 - 07:58 PM

Hello again!

Sometimes failed scans are due to an inconsistent disk structure or bad sectors on the disk. So I'd first recommend a diskcheck:

Use the Windows Error Checking utility (Check Disk), with the options to scan the disk surface for errors, and attempt recovery of data and repair the disk.
  • Open "My Computer"
  • Right-click on the drive that you wish to check > Properties > Tools > and in the "Error checking" section, click on "Check now".
  • Place a tick in both boxes > Start.
  • If the disk you have chosen is the system disk:
  • A message will notify you that a restart is necessary: Click OK, and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
    This test will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.
A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.

To open Event Viewer and view the log:
  • Go to Start > Run > and type eventvwr and press the <ENTER> key.
    The Event Viewer window will open.
  • In the left pane, click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Winlogon", with an entry corresponding to the date and time of the disk check.
  • Double-click on that entry to view the log.
  • Click on the copybutton.jpg button to copy the log text to the clipboard.
  • Please paste the log text into your next reply.
bloopie

#3 1adam12

1adam12
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 AM

Posted 02 March 2013 - 11:00 PM

Hi,
Thank you for the reply. I ran the "Check Disk" as you described. Thanks for the step-by-step instructions! Here are the results (which I'm guessing will mean more to you than it does to me!!!) :>)

Thanks for any interpertation:

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 3/2/2013
Time: 9:43:56 PM
User: N/A
Computer: IBM-59F0606AFCF
Description:
Checking file system on C:
The type of the file system is NTFS.
Volume label is IBM_PRELOAD.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 1652 unused index entries from index $SII of file 0x9.
Cleaning up 1652 unused index entries from index $SDH of file 0x9.
Cleaning up 1652 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc000009c at offset 0x125d12000 for 0xb000 bytes.
Read failure with status 0xc000009c at offset 0x125d1b000 for 0x1000 bytes.
Windows replaced bad clusters in file 17200
of name \SYSTEM~1\_RESTO~1\RP289\A0066390.dll.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

51158488 KB total disk space.
25932044 KB in 96942 files.
37468 KB in 9374 indexes.
4 KB in bad sectors.
239168 KB in use by the system.
65536 KB occupied by the log file.
24949804 KB available on disk.

4096 bytes in each allocation unit.
12789622 total allocation units on disk.
6237451 allocation units available on disk.

Internal Info:
e0 04 02 00 58 9f 01 00 28 50 02 00 00 00 00 00 ....X...(P......
28 28 00 00 01 00 00 00 9a 0f 00 00 00 00 00 00 ((..............
20 83 e9 06 00 00 00 00 70 87 d1 4d 00 00 00 00 .......p..M....
a0 fc 4b 19 00 00 00 00 60 32 e4 8f 03 00 00 00 ..K.....`2......
70 a0 c0 24 02 00 00 00 a0 01 8c 2d 06 00 00 00 p..$.......-....
99 9e 36 00 00 00 00 00 b0 38 07 00 ae 7a 01 00 ..6......8...z..
00 00 00 00 00 30 c4 2e 06 00 00 00 9e 24 00 00 .....0.......$..

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:36 AM

Posted 02 March 2013 - 11:06 PM

Hi again,

That cleared a few things up. Try again a scan with MBAM in full scan mode, then post me the results if possible.

bloopie

#5 1adam12

1adam12
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 AM

Posted 03 March 2013 - 10:15 AM

Hi again!

You are my HERO!!!! I ran both a MBAM and AVG scan. Both ran completely and I don't think either one found anything! I have posted the results from MBAM below and the AVG scan said "No threats were found"! Previously, neither scan would run more than 5 - 10 minutes.

Now my questions are:

What does all this mean was wrong & Do I need to be worried about a bad HD/Disk?
Should I run a Disk Defrag now?
Should I do anything else for that matter?

Thanks again! Here's the MBAM log:

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.03.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Van Antwerp :: IBM-59F0606AFCF [administrator]

Protection: Enabled

3/3/2013 7:39:55 AM
mbam-log-2013-03-03 (07-39-55).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 315246
Time elapsed: 1 hour(s), 18 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:36 AM

Posted 03 March 2013 - 11:40 AM

Hello again,

 

Glad I could help! :thumbup2:

 

I didn't think this was malware related to begin with, but I was ready to go that avenue nonetheless. I'm going to move this topic to the Internal Hardware forum where it belongs.

 

==========

 

A disk defragment wouldn't be a bad idea, but I'd first like to see a cleaner disk check log. I don't think the disk is failing, it only had some filesystem issues which should be cleared up now.

 

Please run another disk check and post the new log as previously instructed.

 

bloopie



#7 1adam12

1adam12
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 AM

Posted 03 March 2013 - 03:38 PM

Good afternoon,

 

Thanks for sticking with me...I'll try to be more patient with all my questions!!!  Sorry for the delay, it's been snowing here and in Georgia...that's time for celebrating with the kids!  :bananas:

 

I apprecicate you moving this threasd to the right place. I would never have guessed that it could have been a hardware issue. I guess that's why you guys are the experts and why I am not in the IT line of work! :)

 

Here is my latest disk check log:

 

Event Type:    Information
Event Source:    Winlogon
Event Category:    None
Event ID:    1001
Date:        3/3/2013
Time:        2:45:41 PM
User:        N/A
Computer:    IBM-59F0606AFCF
Description:
Checking file system on C:
The type of the file system is NTFS.
Volume label is IBM_PRELOAD.

A disk check has been scheduled.
Windows will now check the disk.                         
Cleaning up minor inconsistencies on the drive.
Cleaning up 13 unused index entries from index $SII of file 0x9.
Cleaning up 13 unused index entries from index $SDH of file 0x9.
Cleaning up 13 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

  51158488 KB total disk space.
  25785464 KB in 91471 files.
     35872 KB in 8510 indexes.
         4 KB in bad sectors.
    238192 KB in use by the system.
     65536 KB occupied by the log file.
  25098956 KB available on disk.

      4096 bytes in each allocation unit.
  12789622 total allocation units on disk.
   6274739 allocation units available on disk.

Internal Info:
e0 04 02 00 99 86 01 00 18 27 02 00 00 00 00 00  .........'......
ec 25 00 00 01 00 00 00 30 09 00 00 00 00 00 00  .%......0.......
90 64 14 05 00 00 00 00 c0 1c 5f 49 00 00 00 00  .d........_I....
c0 fc 4d 0f 00 00 00 00 b0 4c b8 76 03 00 00 00  ..M......L.v....
80 2e 85 31 02 00 00 00 10 c2 af 10 06 00 00 00  ...1............
99 9e 36 00 00 00 00 00 b0 38 07 00 4f 65 01 00  ..6......8..Oe..
00 00 00 00 00 e0 d1 25 06 00 00 00 3e 21 00 00  .......%....>!..

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 

 

 

 



#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:36 AM

Posted 03 March 2013 - 03:55 PM

Hello again,

That's looking much better! Enjoy your celebration with the kids!

Now you may proceed with the disk defragment if you wish. This may take some time to complete, just FYI.

bloopie

#9 1adam12

1adam12
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 AM

Posted 03 March 2013 - 05:01 PM

Thank you! Thank you! Thank you!  :bowdown:

 

Just like the website name..."From a bleeping computer to a working computer"!!!! And now I have learned something new as well. Again, I just knew I was infected...what great news this was.

 

And such a fantastic website (Although I do hope I won't have to use it again anytime soon!!!). Do you know if the website accepts donations or anything?

 

Best regards and I guess we can consider this closed?

 

Have a great rest of your weekende and Thanks Again!

 

1adam12

 

 

 

 

 

 

 



#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:11:36 AM

Posted 03 March 2013 - 06:27 PM

And now I have learned something new as well. Again, I just knew I was infected...what great news this was

You weren't infected, just needed a little TLC, that's all.

If you have any problems in the future, please let us know!

I will consider this topic closed. Everyone else, please begin a new thread!

bloopie

#11 1adam12

1adam12
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 AM

Posted 13 April 2013 - 09:43 AM

Good morning,

I am experiencing the same problem again. I wasn't sure if I should post here or start a new thread.

Thanks!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users