Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Pc Continually Reboots Itself After Starting


  • Please log in to reply
7 replies to this topic

#1 Baldric

Baldric

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 03 January 2007 - 02:15 PM

I caught something at an unsavory site :thumbsup: but I don't know what. Now my computer starts up, but 30 to 90 seconds after Windows is up, I get the blue screen of death, and it reboots itself. It does this in a continual loop whether I'm in normal mode or safe mode. The one minute that it's up is enough time for me to find out the following:

- My C:\ drive seems to still have all the crucial operating system files and all my data.

- The CPU is at 100% the whole time.

- In task manager I can see that csrss.exe is using most of the CPU, but the rest is being used by several devldr32.exe processes that keep appearing and disappearing (one second there are 4 of them, then 2, then 8, then 6, etc...)

- I managed to run HijackThis and get a log. Comparing it to my saved baseline log, the only new items are:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab


I'm stumped as to how to proceed. I tried using a startup disk, but I didn't have access to enough diagnostic tools with it. Any ideas?

BC AdBot (Login to Remove)

 


#2 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:09:44 PM

Posted 03 January 2007 - 03:17 PM

In the Windows Task Manager, under Processes, what entry is reporting the most usage? You may also want to look in the Event Viewer under the Administrative Tools.
"2007 & 2008 Windows Shell/User Award"

#3 resp

resp

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 03 January 2007 - 04:06 PM

I would say Im completely baffled as to what to do, but I have a couple of ideas

firstly both processes that are taking up the memory are legit, AS to why they're taking up that much, that's odd

Since you have enough time to checka couple of things, Do this

Disconnect yourself from the internet

When windows starts up, Crash the programs using task manager, that are taking up the memory

namely crash devldr32.exe as tha'ts associated with Creative and doesnt' need to be up

since csrss.exe is a windows process it shouldnt' be touched, However, by disabling your internet, Yout ake out the risk of possibly a trojan sending out signals

if it'll allow you do a complete system scan, I am not too too sure if this will help in disabling the problem temporarily long enough to do scans, but its worth a shot

My main concern would be with the system32 folder of windows, Or any applicable folders thereof, So if you can stay on enough to do a scan of that folder/subfolder, it might find some things you got from naughty sites.. That's just what Im guessing, Since most programs are actually found in the windows folder

if all else fails, you will be looking at a full format and reinstall, Which will probably makey ou bash your head on the desk for a few hours, But, if its needed, its needed

#4 Baldric

Baldric
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 03 January 2007 - 04:30 PM

acklan,

The only processes being used once I can get Task Manager up are csrss.exe and several instances of devldr32.exe. When I get home tonight, I'll check if anything else has any CPU time accumulated from before I could open Task Manager, but I can't post the answer until I'm back here at work tomorrow.


resp,

I can't crash anything. The devldr32.exe's start and finish in just a few seconds each. Even when I catch one and try an "end process" on it, I get a "not authorized" error.
As for the scans, I don't have time. Since the CPU is at 100%, it takes about a full minute to open any program (Ewido, Spybot, HijackThis, etc...).

Did I mention that it's very probably not a virus, but adware or spyware that accidentally crashes me into a blue screen of death? The sites I got it at don't want to hurt me, but they do want to force advertisments on me and track me. The worst case scenario is me taking out my hard drive and bringing it to a friend's house. From there we could attach it as a slave to his woking drive and scan it. There's no risk that I know of if we do that, but I'd have to convince him of that.

#5 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:09:44 PM

Posted 03 January 2007 - 05:28 PM

that has been identified as a possible infection masking it's self as a Creative Labs file.

devldr32.exe

With this information I am moving this topic to the "I am infected Forum"

Edited by acklan, 03 January 2007 - 05:29 PM.

"2007 & 2008 Windows Shell/User Award"

#6 resp

resp

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 03 January 2007 - 07:00 PM

Say what? I even did a search on that file and it came back negative for being a possible virus *shrug* guess I didn't check the right areas, Oh well :thumbsup:

yea get your friend to scan it for you he'll probably find a virus or 3,

Adaware/spyare however bad I have never found to cause crashes like you are speaking of, They're just not malicious enough, However, ive only really gotten tracking cookies in my life, well..in the last like year, So that might be why I haven't seen it happen :flowers:

#7 jdukze

jdukze

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 PM

Posted 03 January 2007 - 08:51 PM

Reboot with the XP CD (if you are using Windows XP) or the operating system CD of your PC, and go in to the recovery console, in the command prompt type chkdsk /r and hit enter,
this should check the hard disk for any errors in it which may be the cause of it restarting. Another option is to open up the PC and clean out any dust that could be in it especially in the RAM slots, or perhaps check the capacitors on your Mainboard they could be leaking already, and need replacement, if that is so, its best you get a new mainboard.
If it is not a virus problem I'm quite sure these these tips could help. :thumbsup:

Edited by jdukze, 03 January 2007 - 08:54 PM.

JDUKZE

The only man who never makes mistakes is the man who never does
anything.

Theodore Roosevelt

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:44 PM

Posted 04 January 2007 - 11:43 AM

Determining whether csrss.exe is malware or a legitimate Windows process depends on the location (path) it is running from. The legit csrss.exe file is located in the C:\Windows\System32 folder. If found running from a different location it is malware.

You can download and use Process Explorer to investigate it and other suspicious running processes. This tool will show the process CPU useage, a description and its path.

Anytime you come across a suspicious file for which you cannot find any information about, you can submit it to jotti's virusscan or virustotal.com.
In the "File to upload & scan" box, browse to the location of the suspicious file and submit [upload] it for scanning/analysis.
Then post back with the results of the file analysis.

BTW, the Rustock.b-infection (rootkit) as of late is reported to be accompanied by BSOD's so you may be dealing with something more serious here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users