Windows XP Virus
in [Windows XP]
|
Prev: repair windows xp from a secondary instance of windows?
Next: Prevent users from saving music and pictures to their hard drives without folder redirection?
From: Jose on 10 Mar 2010 20:31 On Mar 10, 10:05 am, Eric <E...(a)discussions.microsoft.com> wrote: > We've encountered a virus on one of our windows xp professional machines. It > locks the computer up at random intervals. We've cleaned the computer using > multiple different anti-viruses which fixes the problem for a time, however > the virus always comes back within a day. We've used anti-rootkits and found > nothing as well. > > It also seems to only lock the computer up if it is connected with the > ethernet cable. > > Any suggestions would be greatly appreciated. You did not say what scanners you re using or what seems to be found with what you are using. A lockup may not be caused by malicious software. Malicious software would rather just be annoying in different ways. If you still have the problem after running these scans, keep reading and you will be able to figure it out. Perform some scans for malicious software, then fix any remaining issues: Download, install, update and do a full scan with these free malware detection programs: Malwarebytes (MBAM): http://malwarebytes.org/ SUPERAntiSpyware: (SAS): http://www.superantispyware.com/ They can be uninstalled later if desired. To eliminate questions and guessing, please provide additional information about your system. Click Start, Run and in the box enter: msinfo32 Click OK, and when the System Summary info appears, click Edit, Select All, Copy and then paste the information back here. There will be some personal information (like System Name and User Name), and whatever appears to be private information to you, just delete it from the pasted information. Generate a crash dump on a system that is hanging (when it is broken), then analyze the crash dump If your system stops responding, hangs or freezes and you can't figure out why, you can force a BSOD which will create a crash dump file that you can analyze and see what is running at the point of the freeze and get some ideas that do not involve guesswork. While it may seem odd to think about purposefully causing a Blue Screen Of Death (BSOD), Microsoft includes such a provision in Windows XP. The feature is built in to XP specifically to diagnose the problem when a system stops responding and there is no trail in any of the Event Logs, etc. about what might have happened. Here's how to force your system to create a BSOD: Before making registry changes, backup your registry with this popular free and easy to use tool: http://www.larshederer.homepage.t-online.de/erunt/ For PS/2 keyboards, launch the Registry Editor (Regedit.exe) and navigate to: HKLM\System\CurrentControlSet\Services\i8042prt\Parameters For USB keyboards (this USB requirement is a rumor to me so far): HKLM\System\CurrentControlSet\Services\kbdhid\Parameters Click Edit, select New DWORD Value and name the new value CrashOnCtrlScroll. Double-click the CrashOnCtrlScroll DWORD Value, type 1 in the Value Data text box, and click OK. Close the Registry Editor and restart Windows XP. When you want to cause a BSOD (when your system has stopped responding), press and hold down the [Ctrl] key on the right side of your keyboard, and then tap the [ScrollLock] key twice. Now you should see the BSOD and you will have a crash dump file to analyze. If your system reboots instead of displaying the BSOD, you'll have to disable the Automatically Restart setting in the System Properties dialog box. To do so, follow these steps: Press [Windows]-Break. Select the Advanced tab. Click the Settings button in the Startup And Recovery panel. Clear the Automatically Restart check box in the System Failure panel. Click OK twice. You can read about the feature here: http://msdn.microsoft.com/en-us/library/cc266483.aspx Now when your system locks up, force a BSOD and analyze the crash dump for clues. You can usually narrow it down with certainty in literally just a few minutes once you are set up to analyze the dump files. It takes longer to get setup to analyze than it does to analyze!. If you don't want to learn how to do that, some helpful person will be happy to analyze your crash dump for you. There is no harm in leaving the feature enabled - you can leave it enabled all the time with no performance hit, but if you are compelled to remove it: Launch the Registry Editor (Regedit.exe) and navigate to: HKLM\System\CurrentControlSet\Services\i8042prt\Parameters Select the CrashOnCtrlScroll value, click the Edit menu, and select the Delete command. Close the Registry Editor and restart Windows XP.
From: yb22okj on 10 Mar 2010 20:41 "Jose" <jose_ease(a)yahoo.com> wrote in message news:d9c5fcd7-65d7-4805-a545-b05938fc91ca(a)t20g2000yqe.googlegroups.com... On Mar 10, 4:53 pm, EN59CVH <EN59...(a)discussions.microsoft.com> wrote: My systems do not act funny and if I ever see one that is acting funny, it won't be for long. Well in that case you don't need to do anything except to sit tight and continue browsing the web. hth
From: yb22okj on 10 Mar 2010 20:48 "MowGreen" <mowgreen(a)nowandzen.com> wrote in message news:e6FDcNKwKHA.5956(a)TK2MSFTNGP05.phx.gbl... > *** Malware in System Restore can *NOT* infect a clean OS and is *not* > active unless a restore point that includes it is used *** > Period !!! > And with your small brain and correlated small penis, how do you know which restore point includes the malware so the OP doesn't use? You really need to brush up on what a restore point holds and what it does when it is restored. What it doesn't do is to destroy any malwares, spywares or a viruses; These files are left intact on the system.
From: glee on 10 Mar 2010 23:48 "yb22okj" <ybS2okj(a)discussions.microsoft.com> wrote in message news:OXPzj0LwKHA.5036(a)TK2MSFTNGP02.phx.gbl... > > "MowGreen" <mowgreen(a)nowandzen.com> wrote in message > news:e6FDcNKwKHA.5956(a)TK2MSFTNGP05.phx.gbl... > >> *** Malware in System Restore can *NOT* infect a clean OS and is >> *not* active unless a restore point that includes it is used *** >> Period !!! >> > > And with your small brain and correlated small penis, how do you know > which restore point includes the malware so the OP doesn't use? > > You really need to brush up on what a restore point holds and what it > does when it is restored. What it doesn't do is to destroy any > malwares, spywares or a viruses; These files are left intact on the > system. My goodness, with a brain so big you can't zip your trousers, one would think you could muster up a little reading comprehension! Try your best to re-read what Mow wrote...I'm sure you will get it eventually! If malware is found in a restore point, it cannot become active on the system UNLESS a restore point containing the malware is used to restore the system. Got it so far? If Malware is found in a restore point and you want to prevent those points from being used, you can delete the restore points. You can remove all restore points by turning off SR and then turning it on again. You can alternately make a manual restore point when you know the system is clean, and then use Disk Cleanup to remove all but the most recent (clean) restore point. -- Glen Ventura, MS MVP Oct. 2002 - Sept. 2009 A+ http://dts-l.net/
From: C on 11 Mar 2010 07:37
Ronin wrote: > You have diagnosed an infection that absolutely, positively came from a > SR restore point? You're absolutely certain that it didn't come from > elsewhere? Do you mind sharing the information necessary to repeat the > issue? I am perfectly able and eager to do so, and I have all the > necessary equipment (i.e., a spare machine that I use for > experimentation and a fair amount of experience analyzing system > behavior.) Perhaps you can at least identify the virus? The more > specific the better. > > Seriously, I can't imagine any way for something to execute itself from > inside a SR restore point, but if it can be done I want to know all > about it. > It was a long time ago and my recollection is that I zapped a virus with Avast and it kept coming back until I nuked all the restore points. I'm sorry I can't be more specific. Had I known you would have asked, I would have taken notes ;-) -- C |