ongbak
asked on
Remove virus that shuts down the machine when any scan is performed
I have a XP home Laptop with updates and it has become unstable because it will shut down randomly, but always when I perform a scan with Norton, Stringer, or Spybot.
I tried going back to a restore point before the virus symptoms were evident and that effectively made it so the machine would stay on longer than 30 seconds or at least boot without powering off during boot.
What steps would I follow to remove this backdoor/sasser like virus? Without reformatting ;)
Thanks,
Ongbak
I tried going back to a restore point before the virus symptoms were evident and that effectively made it so the machine would stay on longer than 30 seconds or at least boot without powering off during boot.
What steps would I follow to remove this backdoor/sasser like virus? Without reformatting ;)
Thanks,
Ongbak
zephyr_hex (Megan)
you need to 1) update norton with the latest definitions and 2) perform your full system scan in safe mode.
ASKER
I know I have tried that in the past but I am willing to try it again. Also, I uninstalled Norton just now, however I can quickly reinstall and try again as you suggest.
be careful installing an antivirus program if you have a virus running actively on your computer...
are you sure the shudown issue is a virus? scanning is taxing on the computer .. are you sure it's not overheating?
another suggestion is to run hijackthis and put the log it creates into the analyzer here: http://www.hijackthis.de . that analyzer will give you an option to save the report it produces. save it, and post a link to the saved report back here. perhaps we will see something malicious that needs to be removed.
if your antivirus is updating and running ok, then it's weird that a scan would cause a virus to reboot the computer. usually, viruses will attack the antivirus and corrupt it so it doesnt run at all, or is impossible to update. this is why i asked if you're sure it's a virus.
are you sure the shudown issue is a virus? scanning is taxing on the computer .. are you sure it's not overheating?
another suggestion is to run hijackthis and put the log it creates into the analyzer here: http://www.hijackthis.de . that analyzer will give you an option to save the report it produces. save it, and post a link to the saved report back here. perhaps we will see something malicious that needs to be removed.
if your antivirus is updating and running ok, then it's weird that a scan would cause a virus to reboot the computer. usually, viruses will attack the antivirus and corrupt it so it doesnt run at all, or is impossible to update. this is why i asked if you're sure it's a virus.
ASKER
After installing Norton and downloading the updates, the machine shuts down before it boots in safe mode or if I can get to the login screen it shuts down after I click the arrow to submit my password.
Please advise now...
Please advise now...
either the issue isnt a virus, or the virus has attacked your antivirus and corrupted it so it doesnt operate normally.
let's see your hijackthis log. download it here: http://www.majorgeeks.com/download3155.html
then put the log it produces through the analyzer at the link i posted in my previous post
let's see your hijackthis log. download it here: http://www.majorgeeks.com/download3155.html
then put the log it produces through the analyzer at the link i posted in my previous post
Hello,
Could you please reboot and Enable Boot Logging? The logs are created under the %SystemRoot% folder in a file called Ntbtlog.txt. Check the logs and paste here. Additionally, in order to abort a forced shutdown open a Dos shell and type shutdown -a or if you want to be really fast, create a shortcut on your desktop that points to a .bat file that contains the shutdown -a command.
Have you commited any hardware upgrades recently? I'm suspecting that your problem might be hardware related and has probably got to do with one of your fans not working and this causes overheating -> shutdown. It might also be a psu problem. Try disconnecting all the unnecessary hardware modules like, additional HD, soundcard, ethernet card and so on and power on.
Keep us informed.
I hope I helped ;)
Could you please reboot and Enable Boot Logging? The logs are created under the %SystemRoot% folder in a file called Ntbtlog.txt. Check the logs and paste here. Additionally, in order to abort a forced shutdown open a Dos shell and type shutdown -a or if you want to be really fast, create a shortcut on your desktop that points to a .bat file that contains the shutdown -a command.
Have you commited any hardware upgrades recently? I'm suspecting that your problem might be hardware related and has probably got to do with one of your fans not working and this causes overheating -> shutdown. It might also be a psu problem. Try disconnecting all the unnecessary hardware modules like, additional HD, soundcard, ethernet card and so on and power on.
Keep us informed.
I hope I helped ;)
This could be the issue with hardware as well.
As, soon as you put load on hard disk, machine shuts down.
Generally happens either when battery is weak.(You must be running on Power adapter).
Or, when the temperature of the laptop is very high and is overheating.
If, you suspect a virus, boot your machine with a bootable floppy and leave it running for sometime.
If it does not shutdown itself, then it could be a virus.
But with the symptoms you are mentioning, its hardware.
As, soon as you put load on hard disk, machine shuts down.
Generally happens either when battery is weak.(You must be running on Power adapter).
Or, when the temperature of the laptop is very high and is overheating.
If, you suspect a virus, boot your machine with a bootable floppy and leave it running for sometime.
If it does not shutdown itself, then it could be a virus.
But with the symptoms you are mentioning, its hardware.
Terribly sorry. I seem to have missed the fact that ongbak owns a laptop. Ooops
ASKER
i would remove the R1 entry for proxy, unless you specifically did that proxy entry yourself. but that isnt causing your reboot issues. i dont see any kind of malware in your hijackthis log.
once again, i think you should consider that this is not a virus, but some kind of overheating issue.
once again, i think you should consider that this is not a virus, but some kind of overheating issue.
ASKER
What does R1 mean?
in hijackthis log, each entry it categorized. one type of category is R1.
R1 - HKCU\Software\Microsoft\Wi
if you did not set IE to have a proxy, you should remove that entry.
back to your shutdown issue... it could also be a memory issue. you could test memory using http://www.memtest.org . you will burn a cd using the image file they supply, and then boot up on that cd to run the test.
R1 - HKCU\Software\Microsoft\Wi
if you did not set IE to have a proxy, you should remove that entry.
back to your shutdown issue... it could also be a memory issue. you could test memory using http://www.memtest.org . you will burn a cd using the image file they supply, and then boot up on that cd to run the test.
ASKER
Would it be more likely to overheat when you load in safe mode?
I am leaving my laptop on in bios mode to see if it shuts off by it self.
I am leaving my laptop on in bios mode to see if it shuts off by it self.
ASKER
I finally was able to get in safe mode and when I clicked on the button to scan the machine shut off instantly.
By the way it didn't shut off in bios mode after 20 minutes, I will try it over night if anyone thinks it would narrow things down.
Thanks for your patience with me the newbie.
By the way it didn't shut off in bios mode after 20 minutes, I will try it over night if anyone thinks it would narrow things down.
Thanks for your patience with me the newbie.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sounds like a hardware problem (maby motherboard?) but you should check that you have BSODs enabled, the default behavior of windows XP is an automatic reboot. If you need to enable these error messages go to:
controll pannel
system (in performance and mantainice if your in catagoy view)
advance tab
settings button in the startup and recovery section
uncheck automaticly restart
click OK and OK
you may now get blue screens of death rather than jut reboots, ant that may help diagnose the problem (assumiung it is infact not a virus).
controll pannel
system (in performance and mantainice if your in catagoy view)
advance tab
settings button in the startup and recovery section
uncheck automaticly restart
click OK and OK
you may now get blue screens of death rather than jut reboots, ant that may help diagnose the problem (assumiung it is infact not a virus).
It could be overheating.
Make sure the vents on the laptop are clean. Several models have the intake on the bottom which is a very bad idea. It's very easy to blow the dust out with some compressed air. Also is the fan turning on?
I have found this to be an extreamly comon problem that lint, animal hair ect. gets in the way of the air flow. Laptops create a lot of heat in a very small area so overheating is common.
Make sure the vents on the laptop are clean. Several models have the intake on the bottom which is a very bad idea. It's very easy to blow the dust out with some compressed air. Also is the fan turning on?
I have found this to be an extreamly comon problem that lint, animal hair ect. gets in the way of the air flow. Laptops create a lot of heat in a very small area so overheating is common.
ASKER
I put a 16 inch fan under my laptop while I did the scans and it completes the scans.
It must have been overheating as many of you have suspected.
I appreciate your help, I will try to split up the points in a fair manner.
Ongbak
It must have been overheating as many of you have suspected.
I appreciate your help, I will try to split up the points in a fair manner.
Ongbak
ASKER
Oops I accidently gave all the points to one person. sorry.
if you post in the Support forum that you wanted to split the points, they will make it so you can.