Link to home
Start Free TrialLog in
Avatar of mpwineca
mpwineca

asked on

What can I do about an Apparent Virus Shutting Down Programs???

My computer appears to have one or more viruses. I have downloaded and run several of the Symatec virus killers including WormBlast. Yet I still get the NT Authority\System shutdown screen every session. I have learned how to deactivate that, thank goodness.

I have been attempting to run Norton Anti Virus 2004 for several days but the virus (I think) keeps closing the program after only 10-20 seconds. Same thing happens on other antivirus programs.

What can be done? I tried running NAV 2004 in Safe Mode but it wouldn't open.
SOLUTION
Avatar of CrazyOne
CrazyOne
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of ghana
ghana
Flag of Germany image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of mpwineca
mpwineca

ASKER

I have already installed the patch (039) once or twice and I am still getting the NT Shutdown screen. In my last attempt to run Norton, I was given an error message that the Norton installation was now CORRUPT and that I needed to uninstall and reinstall it.

Should I try the Housecall or Panda programs before uninstalling NAV?

Should I turn off System Restore before doing anything more?
Avatar of CrazyOne
CrazyOne
Flag of United States of America image
Click Start, and then click Control Panel.
In Control Panel, click Performance and Maintenance, and then click Power Options.
Click the APM tab.
Check to select the Enable Advanced Power Management Support check box, and then click OK.

WINDOWS XP
SHUTDOWN & RESTART
TROUBLESHOOTING
http://www.aumha.org/a/shtdwnxp.htm 

And this MS KB
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308029

"It is Now Safe to Turn Off Your Computer" Error Message When You Try to Shut Down Your Computer
http://support.microsoft.com/default.aspx?scid=kb;en-us;810903


Quoted from the http://www.aumha.org/a/shtdwnxp.htm link

POWERDOWN ISSUES
“Powerdown issues” are quite distinctive from “shutdown issues.” I define a shutdown problem as one wherein Windows doesn’t make it at least to the “OK to shut off your computer” screen. If Windows gets that far, or farther, then it has shut down correctly. However, the computer may not powerdown correctly after that. This is a different problem, and I encourage people reporting these issues to make a clear distinction in their labeling.

When Windows XP won’t powerdown automatically, the APM/NT Legacy Power Node may not be enabled. To enable this, right-click on the My Computer icon, click Properties | Hardware | Device Manager | View. Check the box labeled “Show Hidden Devices.” If it’s available on your computer, there will be a red X on the APM/NT Legacy Node. Try enabling it and see if this resolves the powerdown problem (Tip from Terri Stratton). Or, to check the other side of the APM/ACPI coin, open the Power Options applet in Control Panel. If there is an APM tab, make sure the “Enable Advanced Power Management Support” box is checked. (MSKB 313290)

This should resolve the powerdown issue in most cases. However, other factors can sometimes interfere with correct powerdown functioning. In that case, consider the following tips:
Avatar of mpwineca
mpwineca

ASKER

Thanks, CrazyOne. It is obvious that I am not being successful in defining the problem. I do not have a powerdown or shutdown issue as you define it. I just can't run my programs because they will open for only 10-20 seconds (NAV in particular but REGEDIT is another one that does the same thing, ) then close on their own.
Avatar of CrazyOne
CrazyOne
Flag of United States of America image
Then you have a very nasty virus that may require reformating.

try this

Ok Copy the following into notepad and save the file with the REG extension. Then go to where you saved it and double click on it.

REGEDIT4

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:d8,07,00,00

[HKEY_CLASSES_ROOT\exefile\shell]
@=""

[HKEY_CLASSES_ROOT\exefile\shell\open]
@=""
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shellex]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\{86F19A00-42A0-1069-A2E9-08002B30309D}]
@=""

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"
Avatar of CrazyOne
CrazyOne
Flag of United States of America image
DO this in Safe mode and see if you can run your virus scanner

Also try this

McAffee has utility that is aimed at removing the virus and fixing the registry

Stinger
BackDoor-AQJ, Bat/Mumu.worm, Exploit-DcomRpc, IPCScan, IRC/Flood.ap, IRC/Flood.bi, IRC/Flood.cd, NTServiceLoader, PWS-Sincom, W32/Bugbear@MM, W32/Deborm.worm.gen, W32/Dumaru@MM, W32/Elkern.cav, W32/Fizzer.gen@MM, W32/FunLove, W32/Klez, W32/Lirva, W32/Lovgate, W32/Lovsan.worm, W32/Mimail@MM, W32/MoFei.worm, W32/Mumu.b.worm, W32/Nachi.worm, W32/Nimda, W32/Sdbot.worm.gen, W32/SirCam@MM, W32/Sobig, W32/SQLSlammer.worm, W32/Yaha@MM
http://vil.nai.com/vil/stinger/
Avatar of mpwineca
mpwineca

ASKER

Thanks for all the comments. I ran both HouseCall and Stinger. Turns out I had the AGOBOT worm virus. Cleaned it out. Reinstalled the patches from Microsoft but the problem is still present. Still get the NT AUTHORITY/SYSTEM shutdown warning.

In addition, I am now unable to use my printer. When I hit the PRINT command I get an error message that states:

"RPC Server Unavailable. Cannot run iKernel.exe."

What next??