XP keeps rebooting, afd.sys doesn't load
in [Windows XP]
|
Prev: Limited or No Connectivity? I think DHCP or AFD is the root ofthe problem!
Next: Where to get Outlook 2003 help now that newsgroup is gone?
From: blackhead on 23 Jul 2010 20:27 On 22 July, 14:27, blackhead <larryhar...(a)softhome.net> wrote: > Hi there everyone. > > Last night I was logged into a site called typeracer.com where people > type against one another in a typing competition. In the past, I have > never had any problems doing this, but the computer suddenly reset > itself and sine then, I have been unable to get the computer to boot > up normally, where instead it keeps resetting itself. > > I have found the following: > > 1. I tried a system restore to the previous day, but that hasn't > worked > > 2. I can boot up in safe mode, but not in safe mode with network > support where it again resets itself > > 3. Booting up with a bootlogfile shows that quite a few drivers fail > to load, with afd.sys continually failing to load with perhaps over > 100 instrances of it trying to be loaded but failing. > > Thanks everyone! Thanks to everyone that replied. The stop code was a 0x7f. I ran the microsoft malicious software removal tool and it found afd.sys was infected with the alureon.h virus. So after partially removing it, I'm back on the web, and doing some more research into this virus. Regards, Larry
From: Paul on 23 Jul 2010 20:54
blackhead wrote: > On 22 July, 14:27, blackhead <larryhar...(a)softhome.net> wrote: >> Hi there everyone. >> >> Last night I was logged into a site called typeracer.com where people >> type against one another in a typing competition. In the past, I have >> never had any problems doing this, but the computer suddenly reset >> itself and sine then, I have been unable to get the computer to boot >> up normally, where instead it keeps resetting itself. >> >> I have found the following: >> >> 1. I tried a system restore to the previous day, but that hasn't >> worked >> >> 2. I can boot up in safe mode, but not in safe mode with network >> support where it again resets itself >> >> 3. Booting up with a bootlogfile shows that quite a few drivers fail >> to load, with afd.sys continually failing to load with perhaps over >> 100 instrances of it trying to be loaded but failing. >> >> Thanks everyone! > > Thanks to everyone that replied. > > The stop code was a 0x7f. > > I ran the microsoft malicious software removal tool and it found > afd.sys was infected with the alureon.h virus. > > So after partially removing it, I'm back on the web, and doing some > more research into this virus. > > Regards, > > Larry There've been a few of those reported. Alureon is a root kit, which has the ability to hide itself. It made itself famous, when a certain Microsoft update, conflicted with it's behind-the-scenes activities. It modifies system files, as part of hiding itself. It hides some of its files, up near the end of your disk drive. In such a way, that only it can see them. That is how it can reinfect, after some malware tools attempt to remove it. It also goes by the name TDSS. Good luck getting rid of it. http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Alureon "The top ten most commonly-targeted driver files are the following: atapi.sys iastor.sys iastorv.sys idechndr.sys nvata.sys nvatabus.sys nvgts.sys nvstor.sys nvstor32.sys sisraid.sys" As I understand it, it targets files like that, to help hide itself. Those are storage interface drivers. One purpose of the malware, is to redirect your computer to sites that generate advertising revenue for it. It doesn't really want to crash your computer, but wants to make you go to sites of its choosing. Paul |