	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

10/02/2008 at 01:35PM PDT, ID: 23783156

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

8.5

System reboot every few hours. Probably malware but nothing found.

Asked by PaulCaswell in Anti-Spyware, McAfee Anti-Virus Software, Anti-Virus Applications

Hi All,

I have a problem with my Laptop where it reboots every few hours with the message that the system is rebooting because the RPC service has stopped.

Please read the thread where I originally asked for expert help:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Q_23767371.html#a22627180

As you can see I have collected a FileMon of the activity around the time it happened and it looks malicious to me. It is creating a program called dts12.exe which seems to collect some information, create a dll called mspush.dll and call it.

It does all this under the watchfull eye of MacAfee (Corporate).

I have scanned my laptop with SuperAntiSpyware, MalwareBytes, Spyware S&D and I am now trying an online scan with Kaspersky. None of them have found anything malicious.

Someone else seems to have the same problem:

http://www.bwhacks.com/forums/hardware-software/35630-computer-forces-restard-every-hour.html

Please only focus on the 'System Shutdown' dialog in the screenshot and the narrative below. Refrain, for your own sanity, from studying the rest of the screenshot and from following the discussion.

I've attached the FileMon log as an xls. I believe you can see signs of Winlogon recognising that the RPC has stopped in record 5245 just after what looks like an invocation of mspush.dll by dts12.exe.

Notice that dts12.exe is created on the fly by a svchost.exe a little further up the log and dts12 creates mspush.dll on the fly too. This looks distinctly fishy to me.

Has anyone got any ideas what this is and how I can get rid of it?

Paul

View the Solution FREE for 30 Days

Attachments:

FileMon.xls (1.1 MB) (File Type Details)

Filemon log of events.

Keywords: System reboot every few hours. Pro…

	Title
1	Keep getting "The application has faile…
2	Outlook 2007 closes with no warni…

Loading Advertisement...

20091028-EE-VQP-87 - Hierarchy / EE_QW_2_20070628

1. rpggamer... 307,020
2. David-Ho... 168,884
3. warturtle 107,221
4. Admin3k 68,168
5. xmachine 44,923
6. greyknigh... 39,014
7. IndiGenus 33,922
8. johnb6767 33,684
9. optoma 27,984
10. JeremySB... 22,948
11. younghv 22,520
12. Jonvee 14,386
13. moh10ly 14,223
14. pankusar... 13,178
15. alanhardisty 12,980
16. jhyiesla 12,610
17. dstewartjr 12,330
18. NaturaTek 9,943
19. Mestha 9,820
20. aleinss 9,684
21. PriceD 9,375
22. Computer... 9,200
23. Michael-... 9,185
24. skywalker39 9,089
25. TK-77 8,700

1. rpggamer... 650,609
2. David-Ho... 258,112
3. IndiGenus 231,172
4. Admin3k 110,248
5. warturtle 107,221
6. phototropic 58,980
7. johnb6767 47,909
8. war1 46,930
9. younghv 45,344
10. xmachine 45,323
11. greyknigh... 41,009
12. optoma 27,984
13. Jonvee 24,716
14. JeremySB... 22,948
15. Sheharya... 21,853
16. orangutang 21,658
17. moh10ly 20,834
18. willcomp 20,580
19. rindi 18,332
20. jhyiesla 16,010
21. r-k 15,899
22. dstewartjr 15,228
23. jcimarron 14,776
24. pankusar... 13,178
25. alanhardisty 12,980

System reboot every few hours. Probably malware but nothing found.

Asked by PaulCaswell in Anti-Spyware, McAfee Anti-Virus Software, Anti-Virus Applications

About this solution