CPU Usage at 100%, hangs on boot into safe made

[kanson]

Hello,

I am trying to fix my friends eMachine laptop. Initially, I found that
the CPU was running at 100% in normal mode. I cannot start any
programs, or even open a windows explorer window. I couldn't get it to
boot into safe mode (would hang when trying to load atisgkaf.sys).
When I editted msconfig, and select "Safeboot" under the Boot.ini tab I
was able to get safe mode to boot. Other threads I have read suggest
loading safe with enable VGA, although I don't know if that would make
any difference.

In anycase, once I was finally able to boot safe mode, I ran multiple
anti-spyware programs and removed 1000+ traces, but have not been able
to install an anti-virus program as of yet. The CPU usage is no longer
at 100% constantly, but I still cannot start or install any programs
under a normal windows start up.

Next, I plan on uninstalling the video driver and in safe mode, and
then reinstalling later. Failing that, what should be my next step to
getting programs to start in normal mode? Any imput would be great.
Thanks,

KAnsonLane

 

[Martin]

Next, I plan on uninstalling the video driver and in safe mode, and
then reinstalling later. Failing that, what should be my next step to
getting programs to start in normal mode? Any imput would be great.
Thanks,

KAnsonLane

Make sure you turn off
f System Restore and then do another scan.
--
Best Wishes from Martin

So many questions, so few answers.

PGP Key ID, 0x581E4CE1

 

[Ron Martell]

Make sure you turn off
f System Restore and then do another scan.

No. Nay. Never.

Never repeat never disable System Restore on an infected system until
*after* the system has been cleaned up and is functioning normally.
Then and only then you should clean out the System Restore by either
disabling it, rebooting, and then immediately enabling it, or by using
Disk Cleanup's advanced option to remove all but the most recent
restore point.

An infested but working system is vastly preferable to one that is
unusable because of a botched virus/spyware cleanup.

Even if there are nasties included in the System Restore folder these
items are totally encapsulated and cannot repeat cannot repeat cannot
possibly spread from there unless the user choses to do a System
Restore.

Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

In memory of a dear friend Alex Nichol MVP
http://aumha.org/alex.htm

 

[Ron Martell]

Hello,

I am trying to fix my friends eMachine laptop. Initially, I found that
the CPU was running at 100% in normal mode. I cannot start any
programs, or even open a windows explorer window. I couldn't get it to
boot into safe mode (would hang when trying to load atisgkaf.sys).
When I editted msconfig, and select "Safeboot" under the Boot.ini tab I
was able to get safe mode to boot. Other threads I have read suggest
loading safe with enable VGA, although I don't know if that would make
any difference.

In anycase, once I was finally able to boot safe mode, I ran multiple
anti-spyware programs and removed 1000+ traces, but have not been able
to install an anti-virus program as of yet. The CPU usage is no longer
at 100% constantly, but I still cannot start or install any programs
under a normal windows start up.

Next, I plan on uninstalling the video driver and in safe mode, and
then reinstalling later. Failing that, what should be my next step to
getting programs to start in normal mode? Any imput would be great.
Thanks,

KAnsonLane

When the computer is running open Task Manager (ctrl+alt+delete) and
go to the Processes tab. Click twice on the CPU column header to sort
the data into descending order based on CPU usage. That should show
you the name(s) of the items that are using the most CPU time which
could be a good clue as to the underlying cause of the problem.

If you can boot into Safe Mode with Networking support then go online
to http://housecall.trendmicro.com and run their free online scanner
to double check the system.

Also you did not mention which specific antispyware products you used.
If you haven't already done so try the free Beta of Microsoft's
antispyware from http://download.microsoft.com

Another option would be to use HiJackThis and post the log file from
it to one of the specialized HiJackThis forums. See MVP Jim
Eshelman's web page at http://www.aumha.org/a/parasite.htm and click
on the HiJackThis link in the left side column.

Good luck

Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

In memory of a dear friend Alex Nichol MVP
http://aumha.org/alex.htm

 

[KAnsonLane]

OK.. So I was able to run Norton 2005 in a safeboot, it clear 5 virus,
but told me that the computer is still infected. I am still unable to
launch control panel, programs, windows explorer (etc) in Normal Boot.

I am now able to boot into safe mode with networking, and I can start
programs there, but I can't seem to get much farther than that. Any
other suggestions?

 

[Leythos]

OK.. So I was able to run Norton 2005 in a safeboot, it clear 5 virus,
but told me that the computer is still infected. I am still unable to
launch control panel, programs, windows explorer (etc) in Normal Boot.

I am now able to boot into safe mode with networking, and I can start
programs there, but I can't seem to get much farther than that. Any
other suggestions?

If you've run NAV in safe mode and it didn't fully fix your problem, and
you've deleted files and still have problems, assuming that you've
already run the spyware removal tools, and you are still having
problems, it's time to wipe/reinstall from scratch.

While you could do a repair/reinstall, you may not actually clear the
system of the infection, and while it may boot fine after the
repair/reinstall, it's likely that you're going to reinfect yourself
again.

Before others say that it's not necessary to wipe a system to clean
viruses, consider that you are trusting an application to tell you that
your system is clean, many times you're trusting a free application, and
if you had to bet your life on it being clean that you wouldn't.

If NAV 2005 in safe mode didn't clean it, it's time to wipe it.

 

[KAnsonLane]

If you've run NAV in safe mode and it didn't fully fix your problem, and
you've deleted files and still have problems, assuming that you've
already run the spyware removal tools, and you are still having
problems, it's time to wipe/reinstall from scratch.

While you could do a repair/reinstall, you may not actually clear the
system of the infection, and while it may boot fine after the
repair/reinstall, it's likely that you're going to reinfect yourself
again.

Before others say that it's not necessary to wipe a system to clean
viruses, consider that you are trusting an application to tell you that
your system is clean, many times you're trusting a free application, and
if you had to bet your life on it being clean that you wouldn't.

If NAV 2005 in safe mode didn't clean it, it's time to wipe it.

That's what I figured. Thanks for the help.