Malware shutting down computer
Ok here is the scoop. I have a client (Windows 7, 4 gig ram) who got a pop-up going to CNN. It looked like a scary Windows warning and they clicked on it before they had time to think. It started "Scanning" and they realized what they had done. They immediately did a hard shutdown of their computer hoping to stop the problem. Well it didn't. The computer started randomly shutting down about every 3 to 4 hours and not yet when they have been around.
I did a clean of the computer with Combofix and the ESET online scanner. They seemed to get everything but Combofix took about 20 minutes longer than usual. On reboot just about every key was "Marked for deletion" so I could not get to the internet or anything. I did another reboot and the computer seemed to work fine but it is still rebooting about every 3 or 4 hours and this user still has not seen it happen.
What would you recommend besides a full re-install to fix the problem? I will be taking the computer home for a few days repair come Wednesday and would like to know if it is hopeless to find the issue (saw nothing in windows logs).
Thank you
I did a clean of the computer with Combofix and the ESET online scanner. They seemed to get everything but Combofix took about 20 minutes longer than usual. On reboot just about every key was "Marked for deletion" so I could not get to the internet or anything. I did another reboot and the computer seemed to work fine but it is still rebooting about every 3 or 4 hours and this user still has not seen it happen.
What would you recommend besides a full re-install to fix the problem? I will be taking the computer home for a few days repair come Wednesday and would like to know if it is hopeless to find the issue (saw nothing in windows logs).
Thank you
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Does the Windows shutdown happen gracefully or is it like someone pulled the plug?
Any error messages before the shutdown?
I would check that all the fans, CPU, power supply, case, are working and the vents aren't clogged. Maybe the system is overheating and shutting itself down.
Any error messages before the shutdown?
I would check that all the fans, CPU, power supply, case, are working and the vents aren't clogged. Maybe the system is overheating and shutting itself down.
I would check that all the fans, CPU, power supply, case, are working and the vents aren't clogged. Maybe the system is overheating and shutting itself down.
Good suggestion!
Again, sorry alanhardisty. New to answering questions and jumped the gun. RootsMan has a good idea with cleaning the inside of the computer. One more thing I would recommend is CoreTemp. This is a program that can monitor the temperature of the computer to see if the system is overheating as RootsMan is wondering.
ASKER
Going to be a bit before I can close this out. User does not want me to grab the computer for any thing not at their home yet.
It was not the power settings. Computer is 4 months old and the home is very clean. Should be no problems with the inside of the computer. The problem did not start happening until the user encountered the malware.
It was not the power settings. Computer is 4 months old and the home is very clean. Should be no problems with the inside of the computer. The problem did not start happening until the user encountered the malware.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
User finally giving me access to the computer this Friday. I will be running the tests over the weekend. Thank you for all the recommendations.
ASKER
Ok I have run all the programs and also some on links within the links and we still have a problem.
Combofix looks to fix the problem but after a few reboots/length of time my homepage (Google) is still broken. It does not redirect anywhere but it does go to a blank page and says it cannot be found.
HRM.... after running GMER (which said it found nothing) it is running correctly. I had also let it sit overnight. Going to reboot a few more times and see what happens.
Combofix looks to fix the problem but after a few reboots/length of time my homepage (Google) is still broken. It does not redirect anywhere but it does go to a blank page and says it cannot be found.
HRM.... after running GMER (which said it found nothing) it is running correctly. I had also let it sit overnight. Going to reboot a few more times and see what happens.
ASKER
Ok let me give a detailed post as to what has been done and what is happening.
First off the original issue looks to be a non-issue. I believe the monitor going into powersaving mode is making the user believe that the computer is "turning off". However there is an issue with their homepage - www.google.com When I try to go to their homepage it says it can not reach the page. When I input other addresses... msn.com,yahoo.com,experts-
I have checked and replaced the hosts file and checked for proxy settings but they are ok.
I have run every scan in the links provided with the following results -
Windows Offline Defender -
Found 1 file in a temporary interent location. It cleaned the file.
CCleaner -
Since there was a file in a temp location I used ccleaner to clean all of them out.
RougeKiller -
Found 3 registry entries dealing with hiding files. Let it clean the files.
Rkill-
Found nothing
MalwareBytes -
Clean bill of health
ComboFix -
Found nothing but upon rebooting there was no problem going to www.google.com as their homepage.
A few more reboots and time saw the problem happening again. Then I let it sit for a few hours and when I checked again it was not having the problem. I did nothing in between not working and working.
I have checked dns information and it is all pointing to valid addresses.
Other computers on the network have no issues resolving www.google.com
First off the original issue looks to be a non-issue. I believe the monitor going into powersaving mode is making the user believe that the computer is "turning off". However there is an issue with their homepage - www.google.com When I try to go to their homepage it says it can not reach the page. When I input other addresses... msn.com,yahoo.com,experts-
I have checked and replaced the hosts file and checked for proxy settings but they are ok.
I have run every scan in the links provided with the following results -
Windows Offline Defender -
Found 1 file in a temporary interent location. It cleaned the file.
CCleaner -
Since there was a file in a temp location I used ccleaner to clean all of them out.
RougeKiller -
Found 3 registry entries dealing with hiding files. Let it clean the files.
Rkill-
Found nothing
MalwareBytes -
Clean bill of health
ComboFix -
Found nothing but upon rebooting there was no problem going to www.google.com as their homepage.
A few more reboots and time saw the problem happening again. Then I let it sit for a few hours and when I checked again it was not having the problem. I did nothing in between not working and working.
I have checked dns information and it is all pointing to valid addresses.
Other computers on the network have no issues resolving www.google.com
ASKER
And further data ... rebooted and has the issue of not finding google again.
Before I opened internet browsers I opened a command prompt and did a ping www.google.com and received an instant four replies.
I then open the interent browser and I get an HTTP 400 Bad Request. Other sites work fine.
Flushdns does not help either...
mail.google.com and maps.google.com work.
30 minutes after boot it now works. I did nothing.
Before I opened internet browsers I opened a command prompt and did a ping www.google.com and received an instant four replies.
I then open the interent browser and I get an HTTP 400 Bad Request. Other sites work fine.
Flushdns does not help either...
mail.google.com and maps.google.com work.
30 minutes after boot it now works. I did nothing.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Doing all teh scans and many reboots cleared the pc.
tx for feedback
Online scanning of an infected computer has never been a great idea. You should download some offline scanner, maybe this one http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
Afterwards, you should consider what "security" means to you. Are you secure/clean if some (any) scanner says you are? No, of course not, but you might be. decide for yourself if you will keep that infected pc running. To be secure, I would use a backup.