[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2961
  • Last Modified:

Spyware Scan or Antivirus Scan Causes Computer to Shut Down

I'm cleaning up a laptop with multiple viruses and spyware, but whenever I start a scan to remove either, the computer shuts down either immediately or within a few minutes.  This is not a problem the owner of the computer said he was having, and I believe him because it doesn't happen during normal use of the laptop.  In fact, I've now had it running for two days without it shutting down, but if I do a scan right now, it will shut down within a few minutes.

The computer does not shut down and restart, it simply clicks off and stays off until I press the power switch to turn it back on.  I've set it to not restart on system errors, but that had no effect.  Nothing shows up in event viewer that would give a clue as to what is causing it, in fact it does not even seem to notice the shut down.  I've tried a new memory stick but it did not solve the problem.  The shutdown occurs when scanning in safe mode also.  I originally thought it was shutting down when scanning a particular file or folder, but that turned out not to be the case.  Right now, the computer is about 90% rid of spyware and viruses, and is fairly useable, but I'd still like to know why a scan causes it to quit.  I used the utility to turn off DCOM, but that didn't help.  So far the different programs that cause it to shut down are: Housecall online antivirus scan, Norton Antivirus 2005, Spybot, Adaware, and Counter Spy.  CWShredder says CoolWWSearch is not on the machine.

It is a Toshiba Satellite running Windows XP Home and has 256 MB RAM.

I would appreciate any advice or suggestions as to what may be causing this.

Thanks.
0
CTSLA
Asked:
CTSLA
3 Solutions
 
davidis99Commented:
It sounds as though at least one item (virus, spyware) has enough control over Windows to force Windows to shut down if an attempt is made to remove it.   There at least three options you can try to work around this.

1) start the laptop in safe mode (which hopefully will disable the malware that's hooked itself into Windows), then run virus and spyware scans while in safe mode.
2) start the laptop in safe mode with network support, share the hard drive with full access on your local network, then connect to it from a PC that's properly protected and not infected, and scan the hard drive from the clean PC.
3) remove the hard drive from the laptop, connect it to a protected, uninfected PC either internally with a 2.5" to 3.5" adapter as a slave drive OR externally in a 2.5" USB drive enclosure, and again have the second PC scan the hard drive of the laptop for viruses and spyware.  

Options 2 and 3 are more likely to be successful because the active copy of Windows on the laptop will not be performing the scan, with 3 providing the added benefit of not booting from the infected hard drive.
0
 
MereteCommented:
try this as well CTSLA, delete the system restore folder by disabling it.
This Laptop may have a varient of the Qhost virus as there is now ovber 200 it comes with many different names. As you stated that you cannot access online scans seems to point to this fact>>
go to c windows system32>drivers>etc> hosts.. to open the host file rightclick and choose open with notepad, make sure its not ticked to always do this..
then scroll down below the hosts information to the list of web links>> and delete the web links there all of them.
or  
Click Start > Search.
Click All files and folders.
In the "All or part of the file name" box, type:
hosts
Verify that "Look in" is set to "Local Hard Drives" or to (C:).
Click More advanced options.
Check Search system folders.
Check Search subfolders.
Click Find Now or Search Now.
For each Hosts file that you find, right-click the file, and then click Open With.
Deselect the "Always use this program to open this program" check box.
Scroll through the list of programs and double-click Notepad.
When the file opens, delete all the entries in the Hosts file except for the following line:
127.0.0.1     localhost
Close Notepad and save your changes when prompted.

Now see if you can access online virus scans
here is a link for quite a lot of stand alone virus scan tools. As this website is not highly known so you may like to try their online scanner as well.
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
stand alone virus removers..
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?CID=40387

Qhosts tech specs>>
http://www.sarc.com/avcenter/venc/data/trojan.qhosts.html

informations about the worm "W32/Sasser":
http://vil.nai.com/vil/content/v_125007.htm

0
 
Harisha M GCommented:
Hi @Poster,

Try HijackThis

http://tools.radiosplace.com/HijackThis.exe
And submit logfile to http://www.hijackthis.de

It will allow you to remove them manually..

Bye
---
Harish
0
 
nobusCommented:
Maybe it is time for a complete install of windows; then be sure to do a complete partititoning and formatting of the drive !
Backup everything first !
0
 
CTSLAAuthor Commented:
Sorry it's taken so long to get back to this.  I did manage to get the spyware and viruses cleaned off the machine, but the shut-down  while scanning problem still exists.  Since the client never scans for anything, and she didn't feel that was a problem, she elected to take the computer as-is.  I'll go along with LeeTutor's suggestion on splitting the points.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now