strick9
asked on
Windows XP boot problem, virus?
Hi,
I have a Windows 2003 Network. 2 Servers, one is SBS Win 2003 and other is a file server / terminal server Win 2003. I have about 15 workstations, a mix of Win XP and Win 2000.
One of my Win XP machines is giving me problems this morning, I'm scratching my head a bit and don't know how I should attack the problem. This is where I'm at........
User comes in this morning and boots up her computer. From what I understand everything at first boot up went fine.......except when boot up was finished she had an error telling her that "Norton Antivirus has errors and needed to but shut down......do you want to send this info Microsoft". From this point I'm involved. I see this error sometimes.......usually not a big deal, so first thing I tried was a reboot. Upon reboot the computer hangs at "Applying Computer Settings". Interesting......So, I did a little research and found that people get around this by unplugging the network cable. So I did that, and reboot again.......this time I get past "Applying Computer Settings" and now I get the chance to enter my login information. So I enter login info (administrator) and now I'm hanging at "Loading Your Personal Settings". So I tried booting in Safe Mode........and it worked......I was able to get to the desktop.......So I tried to run Norton Virus Scan. I open Norton, and I go to the scan section, I hit the scan button, and nothing happens........Norton just hangs.
So this is where I'm at.......I suspect this to be a virus, but I can't get a scan to run to find out. I should tell you that I had this computer taken apart last week for a cleaning, and I pulled the heatsink off and reattached with some Artic Silver. The computer ran good for 3 days (better than it was before I took it apart). And I ran a load on the processor when I was in safe mode and it seemed to be running fine. So I don't think this is the problem, but I've been wrong before. :-)
Anyone have any ideas?
Thanx,
Bryce
I have a Windows 2003 Network. 2 Servers, one is SBS Win 2003 and other is a file server / terminal server Win 2003. I have about 15 workstations, a mix of Win XP and Win 2000.
One of my Win XP machines is giving me problems this morning, I'm scratching my head a bit and don't know how I should attack the problem. This is where I'm at........
User comes in this morning and boots up her computer. From what I understand everything at first boot up went fine.......except when boot up was finished she had an error telling her that "Norton Antivirus has errors and needed to but shut down......do you want to send this info Microsoft". From this point I'm involved. I see this error sometimes.......usually not a big deal, so first thing I tried was a reboot. Upon reboot the computer hangs at "Applying Computer Settings". Interesting......So, I did a little research and found that people get around this by unplugging the network cable. So I did that, and reboot again.......this time I get past "Applying Computer Settings" and now I get the chance to enter my login information. So I enter login info (administrator) and now I'm hanging at "Loading Your Personal Settings". So I tried booting in Safe Mode........and it worked......I was able to get to the desktop.......So I tried to run Norton Virus Scan. I open Norton, and I go to the scan section, I hit the scan button, and nothing happens........Norton just hangs.
So this is where I'm at.......I suspect this to be a virus, but I can't get a scan to run to find out. I should tell you that I had this computer taken apart last week for a cleaning, and I pulled the heatsink off and reattached with some Artic Silver. The computer ran good for 3 days (better than it was before I took it apart). And I ran a load on the processor when I was in safe mode and it seemed to be running fine. So I don't think this is the problem, but I've been wrong before. :-)
Anyone have any ideas?
Thanx,
Bryce
ASKER
Vic,
Thanx for the reply.......that does make sense......I just wish there was something easier I could try first. I'll have to wait until tomorrow morning to try this. I have another computer that was ordered from Dell at the same time and is the exact same model / setup. So, I will try it there.
Thanx for the reply.......that does make sense......I just wish there was something easier I could try first. I'll have to wait until tomorrow morning to try this. I have another computer that was ordered from Dell at the same time and is the exact same model / setup. So, I will try it there.
ASKER
Vic,
I decided to go ahead and take this thing apart now.......maybe you can help me further. These computers have SATA ATA drives......and I'm used to the old ribbon cable setup. There is only one spot to plug in a SATA cable on the motherboard. Do they make a cable with 3 connectors on it? Like you use to see with the old ribbon cable setup? How would I connect 2 hard drives to this one motherboard.
I think I need to get a new A+ cert. :-)
Thanx.
I decided to go ahead and take this thing apart now.......maybe you can help me further. These computers have SATA ATA drives......and I'm used to the old ribbon cable setup. There is only one spot to plug in a SATA cable on the motherboard. Do they make a cable with 3 connectors on it? Like you use to see with the old ribbon cable setup? How would I connect 2 hard drives to this one motherboard.
I think I need to get a new A+ cert. :-)
Thanx.
Sorry about the delay - I had to make a service call.
If you tell me the exact model of the 'good' computer, I can probably find a diagram of the second SATA connection on the motherboard. You should be able to plug the bad SATA HDD right into a turned off good computer, then boot up.
Also - I now have three of these (http://www.buyextras.com/sausb20toide.html) to carry with me on all Service Calls.
They let you connect SATA and IDE (3.5 or 2.5 inch) HDD's via USB cable to a functioning computer.
If you tell me the exact model of the 'good' computer, I can probably find a diagram of the second SATA connection on the motherboard. You should be able to plug the bad SATA HDD right into a turned off good computer, then boot up.
Also - I now have three of these (http://www.buyextras.com/sausb20toide.html) to carry with me on all Service Calls.
They let you connect SATA and IDE (3.5 or 2.5 inch) HDD's via USB cable to a functioning computer.
ASKER
Vic, the two computers are Dell Optiplex model GX520.
I did swap hard drives and the "bad" hard drive had the same problem in the "good" computer. Also the "good" hard drive worked in the "bad" computer.
I did swap hard drives and the "bad" hard drive had the same problem in the "good" computer. Also the "good" hard drive worked in the "bad" computer.
ASKER
After doing a little research, I'm pretty sure there is only one SATA port on this motherboard......in fact I have 4 of these machines and all of them are the same model. And they are the only ones that support SATA drives.......so I guess my only other option is to buy that nifty tool you posted earlier.
Is buyextras.com a reputable site? Can I buy from there?
Is buyextras.com a reputable site? Can I buy from there?
I bought two of those from buyextras and one from www.geeks.com
Both sites delivered quickly, about the same price, but slightly different devices.
The buyextras device is (imo) better and I read about them here on EE.
If you wanted to get something local - you could also try a "USB SATA Enclosure" from your neighborhood Giant Computer Store.
Vic
Both sites delivered quickly, about the same price, but slightly different devices.
The buyextras device is (imo) better and I read about them here on EE.
If you wanted to get something local - you could also try a "USB SATA Enclosure" from your neighborhood Giant Computer Store.
Vic
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
DEW,
Good questions.......lemme see.....
1)No. I've had bad experiences trying to install things in safe mode. If I can't get this hard drive in another computer in order to scan it for a Virus, I will try that.
2)more than 20 minutes
3)No. Duh! I will post that next.
4)No. I think I'm doing that now, not sure if it's working though, doesn't show me any progress.
Good questions.......lemme see.....
1)No. I've had bad experiences trying to install things in safe mode. If I can't get this hard drive in another computer in order to scan it for a Virus, I will try that.
2)more than 20 minutes
3)No. Duh! I will post that next.
4)No. I think I'm doing that now, not sure if it's working though, doesn't show me any progress.
ASKER
4 errors have shown up. They are as follows:
Windows cannot access the file C:\PROGRA~1\COMMON~1\SYMAN
Program: Symantec Eraser Engine
File: C:\PROGRA~1\COMMON~1\SYMAN
The error value is listed in the Additional Data section.
User Action
1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again.
2. If the file still cannot be accessed and
- It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance.
Additional Data
Error value: C000009C
Disk type: 3
For more information, see Help and Support Center at
**************************
Faulting application Rtvscan.exe, version 10.0.0.359, faulting module CCERASER.DLL, version 107.3.3.4, fault address 0x000a9f21.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
**************************
wuauclt (980) An attempt to open the file "C:\WINDOWS\SoftwareDistri
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
**************************
wuaueng.dll (980) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistrib
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Windows cannot access the file C:\PROGRA~1\COMMON~1\SYMAN
Program: Symantec Eraser Engine
File: C:\PROGRA~1\COMMON~1\SYMAN
The error value is listed in the Additional Data section.
User Action
1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again.
2. If the file still cannot be accessed and
- It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance.
Additional Data
Error value: C000009C
Disk type: 3
For more information, see Help and Support Center at
**************************
Faulting application Rtvscan.exe, version 10.0.0.359, faulting module CCERASER.DLL, version 107.3.3.4, fault address 0x000a9f21.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
**************************
wuauclt (980) An attempt to open the file "C:\WINDOWS\SoftwareDistri
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
**************************
wuaueng.dll (980) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistrib
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
ASKER
Good news!
The ScanDisk must of found something and fixed it. I didn't get to see it happen, but one minute it was running scandisk and the next minute it was booting up normally. Only one problem though.......after I enter my login information it took like 3 or 4 minutes for the desktop to load completely. This is much longer than normal.
Is it possible that some of these files are residing on faulty sectors? How could I make that determination?
The ScanDisk must of found something and fixed it. I didn't get to see it happen, but one minute it was running scandisk and the next minute it was booting up normally. Only one problem though.......after I enter my login information it took like 3 or 4 minutes for the desktop to load completely. This is much longer than normal.
Is it possible that some of these files are residing on faulty sectors? How could I make that determination?
ASKER
Nevermind.......second boot up went much smoother. I think we are back in business.
Vic, thank you so much for your help, but I must give DEW the points as it was his suggestion to run ScanDisk.
Thank you both.
Vic, thank you so much for your help, but I must give DEW the points as it was his suggestion to run ScanDisk.
Thank you both.
Sounds as though you had the same problem I did.
Which is why I mentioned "corrupted HDD." in my very first post.
Which is why I mentioned "corrupted HDD." in my very first post.
I had something similar start on a computer Friday morning, but mine ended up being a corrupted HDD.
Can you remove that HDD, slave it off another computer (with updated DAT files) and scan it from there?
Depending on the layout of your computers, that may be the simplest way to eliminate/confirm malware.
Vic