Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keeps Rebooting


  • Please log in to reply
9 replies to this topic

#1 Steve.T

Steve.T

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 09 September 2006 - 04:44 AM

I switched on my computer and before my XP account had finished loading in, it gave an error message "this system has recoverd from a fatal error"
Kasperky anti virus was using 100% cpu for about 3 minutes then the computer rebooted by itself. When the accounts page came up I clicked on my account, it started to load but then the computer just reboots before I can do anything. It dose this on both XP accounts. I'm using XP Home.
I am now unbale to start in safe mode or boot from cdrom.I've bought another HDD and disconnected the old one.
I want to be able to use the old HDD but i'm worried if it's a virus that it will infect my new HDD. Though it may not be a virus, i just dont know.

Any idears?

Thanks

Steve

BC AdBot (Login to Remove)

 


m

#2 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:07:03 PM

Posted 09 September 2006 - 09:45 AM

Why did you buy a new hard drive?
Did you determine your hard drive was malfunctioning?

Have you reinstalled Windows on the new hard drive as yet?

#3 Steve.T

Steve.T
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 09 September 2006 - 01:51 PM

I was going to buy a 2nd Hdd anyway as the 1st only has 7 gig of space left on it.
I'm using the old Hdd as a slave now and i'm able to access the files on it.
The truth is I dont realy know what i'm doing with computers.
Yes I have reinstalled XP onto the new HDD and can now back up the files I need. Then i'm going to format it.
Sorry about my panic :thumbsup:
Thanks for replying.

Steve

#4 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:07:03 PM

Posted 09 September 2006 - 02:22 PM

OK.

To be sure there is no malware on the old drive, run your AV scan on it before you begin to transfer data to the new one.

Here are some on-line scans you might use as well (Use Internet Explorer as these requre Active X)

Web based online Antivirus and anti-malware scans: (these can be run regardless of whatever else you are using. You must use Internet Explorer to run these as they require ActiveX to function.)

Windows Live Onecare Free Scan
http://safety.live.com/site/en-us/default.htm
Kaspersky Anti-Virus Web Scanner
http://www.kaspersky.com/service?chapter=161739400#betatest
and
File scanner and virus scanner
http://www.kaspersky.com/scanforvirus


Panda Activescan
http://www.pandasoftware.com/activescan/co...n_principal.htm
http://www.pandasoftware.com/products/activescan.htm

Trend Micro antivirus and malware scan:
http://housecall-beta.trendmicro.com/en/st...orp.asp?id=scan

Etrust Anti-virus web scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx.

Avast Online scan
http://onlinescan.avast.com/

F Secure online scan
http://support.f-secure.com/ols/start.html

Ewido Online scan
http://www.ewido.net/en/onlinescan/


Trojan scans
Sygate Trojanscan
http://scan.sygatetech.com/pretrojanscan.html

Windows Security Trojanscan
http://windowsecurity.com/trojanscan
See instructions for it here:
http://www.windowsecurity.com/trojanscan/trojanscan.asp

Parasite scan from Aumha:
http://www.aumha.org/a/noads.php
or here:
http://www.aumha.org/win5/a/noads2.htm

#5 Steve.T

Steve.T
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 09 September 2006 - 02:31 PM

Ok i'll do that and thanks again for your help and advice.

Steve

#6 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:07:03 PM

Posted 09 September 2006 - 02:37 PM

Well, you are very welcome and you did well being that you got the reinstall done on the new drive successfully :thumbsup:

Hang around here and you may become more expert at computerese - we may even be able to turn you into a geek!

#7 Steve.T

Steve.T
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 10 September 2006 - 01:13 PM

Well i'm not totaly thick when it comes to computers, in that I can do some....er well, a few of the very basics. OK, I can follow the on screen intructions (mostly)....lol. It's just when people talk about files and stuff I kinda get :thumbsup: and loose the plot a bit. My eyes glaze over and my brain go's into Homer Simpson mode. But i'm willing to have a go and hopefully i'll learn a few things looking around the forum at other peoples problems.
Oh I did a scan at Windows Live Onecare Free Scan last night, it took 2 hours and it found a few things.
I'm just off to do some more scanning now. I'm working my way down the list just to be sure.

Steve

ps: If geeks drink lots of beer then i'm in :flowers: cheers mate.

#8 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:07:03 PM

Posted 10 September 2006 - 01:36 PM

Some certainly do!

Cheers:)

#9 Steve.T

Steve.T
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 18 September 2006 - 06:11 AM

Ok i've ran several scans and removed mainly unwanted files and some cookies. I am still unalbe to start XP in safe mode (F8). Also I created another xp account that looks more like an old version of windows than xp. Though it is xp it has different colours from the standard account.
I have formatted my old HDD. I was wondering if a virus/trojon could have been placed into my bios?
I have had viuses in the past and have had to format my HDD and start from scratch before, but I was always able to get my computer back up and running normaly. Although it's hard to put my finger on whats wrong now, I just know that something is not right.

I should be able to start in safe mode.
The different xp accounts should look the same at thier creation.
My system seems to be "slugish" at times.(not all the time)

I thought this may help:

Logfile of HijackThis v1.99.1
Scan saved at 12:35:21, on 18/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Steve\LOCALS~1\Temp\Rar$EX04.047\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/index.jsp
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157717852712
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


Steve

Edited by Steve.T, 18 September 2006 - 06:42 AM.


#10 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:03 PM

Posted 18 September 2006 - 08:28 AM

It's very unlikely that a virus has been planted in your BIOS. A more likely scenario (and this is still unlikely) is that a virus has been planted in the boot sector of your hard drive.

A boot sector virus isn't affected by a normal format since it leaves the boot sector intact. In order to "scrub" your boot sector you'll have to download a "low-level" format tool from the hard drive manufacturer's website. After the low-level format, partitioning and regular formatting is still required.

I've experienced the "hard to find errors" in the past - and it usually came because I hadn't installed the various drivers that the system requires to operate effectively. The primary cause of this is motherboard/chipset drivers which are available at the manufacturer's website.

The sequence of your formatting and creating new accounts is important - please let us know in what order you've performed the tasks that you described above.

The "unable to start in Safe Mode" has become a recent issue with many people - and it seems to be traceable to an infection IMO. I'd suggest that you post a HiJackThis log file according to the directions on this forum: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users