jtumlinson said:
Running XP Home on a Dell Inspirion 8600. Runs normal, if perhaps a
bit slow except for two problems:
1) 50% of the time when it wakes up from standby I get the
Blue-Screen-Of-Death with one of the following two Error messages:
BAD_POOL_CALLER or IRQL_NOT_LESS_THAN_OR_EQUAL_TO
2) I can't Live update my Norton antivirus or hit the symantic,
mcafee, or bulldog sites with my browsers (explorer or opera), but all
the non-antivirus sites seem fine which seems too odd to be
coincidental...
You should start by cleaning up your machine. The blue screen may or may
not be connected with malware. Although it usually means you have a bad
driver installed, you will need to start with a clean machine as a
baseline.
You may have a virus that breaks antivirus programs, your NAV could be
an older version without updated definitions. I'm quite sure you have
other malware on the box and that your hosts file is compromised. Here
are cleanup steps. Do all the cleanup steps in Safe Mode. The process
is lengthy, and you will need access to another machine - unconnected
to the sick machine - that has fast Internet access and a cd burner. If
you don't have this or the following sounds like too much trouble, take
your computer to a good local repair shop (not a BestBuy or CompUSA
type of store) and have them fix it for you.
Start by running TrendMicro's Sysclean, which is an extensive antivirus
tool with the advantage of not needing to be installed. It requires two
parts - the scanning engine and the virus pattern files.
1. Create a new folder on your Desktop or the C: drive named something
useful like "Sysclean".
2. Go here and download the two parts of the program to that folder:
http://www.trendmicro.com/download/dcs.asp - Sysclean
http://www.trendmicro.com/download/pattern.asp - virus pattern files
The pattern files will be zipped - extract them with your unzipper (like
WinZip) or if you have XP, you can just open the folder. You need to
put the extracted files in the Sysclean folder you made.
3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
tapping the F8 key as the computer is starting up to get to the proper
menu.
4. Go to the Sysclean folder you made and double-click on sysclean.com.
Start the scan. After the scan is finished, look at the log. You may
need to make a note of where any viruses were found if they were not
able to be removed so you can manually delete them.
Now do these steps:
1) Scan in Safe Mode with a full-featured current version (not earlier
than 2003) antivirus using updated definitions;
2) remove spyware with Spybot Search & Destroy
(
www.safer-networking.org) and Ad-aware (
www.lavasoftusa.com). These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from
http://www.intermute.com/spysubtract/cwshredder_download.html. I would
not install the other Intermute programs, however. Alternately, there
are CoolWebSearch malware removal steps at
http://www.silentrunners.org/sr_cwsremoval.html. A combination of
HijackThis and About:Buster (
http://www.majorgeeks.com) works well in
removing homepage hijackers. Always read the instructions before
running a spyware removal tool. Be sure to update these programs before
running, and it is a good idea to do virus/spyware scans in Safe Mode.
Make sure you are able to see all hidden files and extensions (View tab
in Folder Options);
3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Run>cleanmgr).
4) make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update;
5) run a firewall.
You will also need to check your hosts file:
1. In XP's Search preferences, set the files and folders handling to
Advanced, and then check the box that will make Search look in hidden
files/folders.
2. Now enter the search term "hosts" without the quotes.
3. You will get several hosts and lmhosts files. Double-click each one
to open it. When you do this, you'll get a Windows dialog box saying
that Windows cannot open this file, do you want to use the web or
select from a list to find the proper program. Choose "select from a
list" and highlight Notepad. Make sure the box to always use this
program to open this type of file is not checked.
4. Now carefully examine the file. Lines that begin with a # are
comments and don't count. Leave them alone. Unless you know you use a
proxy server to get to the Internet or you added entries yourself, the
only uncommented entry that should be there is:
127.0.0.1 localhost
If you see any other entries, delete them and Save the file. Make sure
you scroll all the way down to the bottom of the window if there is a
scrollbar. Do this for each file you found. Now you should be able to
get to antivirus and spyware-fighting websites.
Malke
