Solved

Remove virus that shuts down the machine when any scan is performed

Posted on 2006-06-15
20
660 Views
Last Modified: 2010-04-11
I have a XP home Laptop with updates and it has become unstable because it will shut down randomly, but always when I perform a scan with Norton, Stringer, or Spybot.
I tried going back to a restore point before the virus symptoms were evident and that effectively made it so the machine would stay on longer than 30 seconds or at least boot without powering off during boot.

What steps would I follow to remove this backdoor/sasser like virus?  Without reformatting ;)

Thanks,
Ongbak
0
Comment
Question by:ongbak
  • 8
  • 7
  • 2
  • +3
20 Comments
 
LVL 42

Expert Comment

by:zephyr_hex
ID: 16914832
you need to 1) update norton with the latest definitions and 2) perform your full system scan in safe mode.
0
 

Author Comment

by:ongbak
ID: 16914971
I know I have tried that in the past but I am willing to try it again.  Also, I uninstalled Norton just now, however I can quickly reinstall and try again as you suggest.
0
 
LVL 42

Expert Comment

by:zephyr_hex
ID: 16915166
be careful installing an antivirus program if you have a virus running actively on your computer...
are you sure the shudown issue is a virus?  scanning is taxing on the computer .. are you sure it's not overheating?

another suggestion is to run hijackthis and put the log it creates into the analyzer here:  http://www.hijackthis.de .  that analyzer will give you an option to save the report it produces.  save it, and post a link to the saved report back here.  perhaps we will see something malicious that needs to be removed.

if your antivirus is updating and running ok, then it's weird that a scan would cause a virus to reboot the computer.  usually, viruses will attack the antivirus and corrupt it so it doesnt run at all, or is impossible to update.  this is why i asked if you're sure it's a virus.
0
 

Author Comment

by:ongbak
ID: 16915231
After installing Norton and downloading the updates, the machine shuts down before it boots in safe mode or if I can get to the login screen it shuts down after I click the arrow to submit my password.
Please advise now...
0
 
LVL 42

Expert Comment

by:zephyr_hex
ID: 16915541
either the issue isnt a virus, or the virus has attacked your antivirus and corrupted it so it doesnt operate normally.

let's see your hijackthis log.   download it here: http://www.majorgeeks.com/download3155.html
then put the log it produces through the analyzer at the link i posted in my previous post
0
 
LVL 4

Expert Comment

by:Phreonx
ID: 16915624
Hello,
Could you please reboot and Enable Boot Logging? The logs are created under the %SystemRoot% folder in a file called Ntbtlog.txt. Check the logs and paste here. Additionally, in order to abort a forced shutdown open a Dos shell and type shutdown -a or if you want to be really fast, create a shortcut on your desktop that points to a .bat file that contains the shutdown -a command.

Have you commited any hardware upgrades recently? I'm suspecting that your problem might be hardware related and has probably got to do with one of your fans not working and this causes overheating -> shutdown. It might also be a psu problem. Try disconnecting all the unnecessary hardware modules like, additional HD, soundcard, ethernet card and so on and power on.

Keep us informed.
I hope I helped ;)
0
 
LVL 13

Expert Comment

by:prashsax
ID: 16915654
This could be the issue with hardware as well.

As, soon as you put load on hard disk, machine shuts down.

Generally happens either when battery is weak.(You must be running on Power adapter).

Or, when the temperature of the laptop is very high and is overheating.

If, you suspect a virus, boot your machine with a bootable floppy and leave it running for sometime.
If it does not shutdown itself, then it could be a virus.

But with the symptoms you are mentioning, its hardware.

0
 
LVL 4

Expert Comment

by:Phreonx
ID: 16915675
Terribly sorry. I seem to have missed the fact that ongbak owns a laptop. Ooops
0
 

Author Comment

by:ongbak
ID: 16915711
0
 
LVL 42

Expert Comment

by:zephyr_hex
ID: 16915879
i would remove the R1 entry for proxy, unless you specifically did that proxy entry yourself.  but that isnt causing your reboot issues.  i dont see any kind of malware in your hijackthis log.

once again, i think you should consider that this is not a virus, but some kind of overheating issue.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:ongbak
ID: 16915925
What does R1 mean?
0
 
LVL 42

Expert Comment

by:zephyr_hex
ID: 16915967
in hijackthis log, each entry it categorized.  one type of category is R1.
       R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

if you did not set IE to have a proxy, you should remove that entry.

back to your shutdown issue... it could also be a memory issue.  you could test memory using http://www.memtest.org .  you will burn a cd using the image file they supply, and then boot up on that cd to run the test.
0
 

Author Comment

by:ongbak
ID: 16915979
Would it be more likely to overheat when you load in safe mode?
I am leaving my laptop on in bios mode to see if it shuts off by it self.
0
 

Author Comment

by:ongbak
ID: 16916125
I finally was able to get in safe mode and when I clicked on the button to scan the machine shut off instantly.
By the way it didn't shut off in bios mode after 20 minutes, I will try it over night if anyone thinks it would narrow things down.
Thanks for your patience with me the newbie.
0
 
LVL 42

Accepted Solution

by:
zephyr_hex earned 500 total points
ID: 16916314
bios uses very little machine resources.  a scan uses a lot of your system resources.  a computer could be overheating when scanning and not overheating while it's just sitting idle (such as being in BIOS).

try another resource intensive application and see if it causes it to reboot ... for example, if you have a DVD drive, try to watch a movie.

this really sounds like an overheat issue, although it could be bad memory too.
0
 
LVL 2

Expert Comment

by:Mrkaras
ID: 16919597
Sounds like a hardware problem (maby motherboard?) but you should check that you have BSODs enabled, the default behavior of windows XP is an automatic reboot. If you need to enable these error messages go to:

controll pannel
system (in performance and mantainice if your in catagoy view)
advance tab
settings button in the startup and recovery section
uncheck automaticly restart
click OK and OK

you may now get blue screens of death rather than jut reboots, ant that may help diagnose the problem (assumiung it is infact not a virus).
0
 
LVL 1

Expert Comment

by:lizardqueen007
ID: 16920193
It could be overheating.
Make sure the vents on the laptop are clean.  Several models have the intake on the bottom which is a very bad idea.  It's very easy to blow the dust out with some compressed air.  Also is the fan turning on?
I have found this to be an extreamly comon problem that lint, animal hair ect. gets in the way of the air flow.  Laptops create a lot of heat in a very small area so overheating is common.
0
 

Author Comment

by:ongbak
ID: 16922180
I put a 16 inch fan under my laptop while I did the scans and it completes the scans.
It must have been overheating as many of you have suspected.
I appreciate your help, I will try to split up the points in a fair manner.

Ongbak
0
 

Author Comment

by:ongbak
ID: 16922211
Oops I accidently gave all the points to one person. sorry.
0
 
LVL 42

Expert Comment

by:zephyr_hex
ID: 16923608
if you post in the Support forum that you wanted to split the points, they will make it so you can.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now