Catastrophic breakdown

[Furry Fred]

A friend of mine has had a sudden catastrophic failure of windows XP Pro.
The system has been working unbelievably slow for some time (20 minutes
to boot up with 512Mb RAM) and he then has totally lost Internet
Explorer. The icon does not work and the explorer.exe has disappeared!!!

It has since got worse (if it can get worse)as when it now boots up it
gets to the Windows XP splash screen and then forces a reboot!

He has been using AVG (free version) as his anti virus programme.

It sounds like this is a possible virus problem. Do you agree?

My own thoughts are the he will have to totally scrub his hard drive and
start all over again - unless someone else has any better ideas - as
well as get a reliable anti virus programme running

 

[jmatt]

A friend of mine has had a sudden catastrophic failure of windows XP Pro.
The system has been working unbelievably slow for some time (20 minutes
to boot up with 512Mb RAM)

First job to do, go here.
ActiveX Spyware & Adware Scanning
http://www.spywareinfo.com/xscan.php
This scanner is an ActiveX applet. After a short delay in which your
browser downloads the control file, you will receive a "Warning
Dialogue" requesting permission for the scanner to run. Click "Yes" and
the applet will pop up and scan. You will be alerted if any spyware is
found. When a spyware or malware is found, you will be alerted and
asked if you want to remove it. If no spyware is found, the scanner
will disappear on its own.
If nothing happens, or if you are using a browser other than Internet
Explorer, click here and choose either "Open" or "Run this program from
its current location". Do not choose "Download".
http://www.xblock.com/download/xclean_micro.exe

Or,
http://www.pandasoftware.com/produc...E0-4160-81ED-7F8C6F9C77ED}&NRCACHEHINT=Guest/
SpyXposer is the new free tool for detecting spyware and other threats
hidden in your PC.
Not only will you find out if your PC is infected with spyware, but
you'll also see if other types malware are installed:
Dialers
Hacking tools
Jokes
Security risks.
Hoaxes
This application is updated at least once a day, so it can always root
out even the very latest spyware.
And you don't even need to install any program, all you need is to be
connected to the Internet.

Securing Your Computer: Temporarily Disable Real Time Monitoring
Programs.
http://wiki.castlecops.com/Securing_Your_Computer:_Temporarily_Disable_Real_Time_Monitoring_Programs
Malware Removal and Prevention: Introduction
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
Malware Removal and Prevention: Overview
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview
Malware Prevention: Prevent Re-infection
http://wiki.castlecops.com/Malware_Prevention:_Prevent_Re-infection
If Your PC is Infested w/ Spyware & Adware...
http://spywarewarrior.com/sww-help.htm
http://spywarewarrior.com/viewtopic.php?t=6914
http://spywarewarrior.com/viewtopic.php?t=10
http://spywarewarrior.com/viewforum.php?f=30
http://www3.telus.net/dandemar/slowcom.htm

Important: Create a specific folder on your hard drive called
HijackThis to keep its backups.
You can do this by going to My Computer (Windows key+e) then double
click on C: then right click and select New then Folder and name it
HijackThis. Download and unzip HijackThis.exe into this folder.
http://www.merijn.org/downloads.html Or, http://tomcoyote.com/hjt/
If possible run HJT in Normal mode ( not Safe ) with all your normal
startup's working.
HijackThis Tutorial - How to Analyse your own log
http://spywarewarrior.com/viewtopic.php?t=3624
http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm
http://www.bleepingcomputer.com/tutorials/tutorial42.html
HijackThis log file analysis ( online )
http://hijackthis.de/index.php?langselect=english
Or,
http://startup.networktechs.com/page-68.html
http://hjt.iamnotageek.com

 

[Jane Colman]

I would suspect a hardware failure as a possibility.

AVG antivirus is extremely reliable.

 

[Frank Saunders, MS-MVP OE]

Most likely a buildup of spyware over time.

So How Did I Get Infected Anyway?
http://www.wilderssecurity.com/showthread.php?t=27971

Help with Hijackware
All MS - MVP Sites.
http://aumha.org/a/parasite.htm
(http://aumha.org/a/quickfix.htm)
http://www.elephantboycomputers.com/page2.html#Removing_Malware
(http://mvps.org/winhelp2002/unwanted.htm)
(http://inetexplorer.mvps.org/darnit.html)
(http://www.mvps.org/sramesh2k/Malware_Defence.htm)

Unexplained computer behavior may be caused by deceptive software.
http://support.microsoft.com/kb/827315

 

[Leythos]

A friend of mine has had a sudden catastrophic failure of windows XP Pro.
The system has been working unbelievably slow for some time (20 minutes
to boot up with 512Mb RAM) and he then has totally lost Internet
Explorer. The icon does not work and the explorer.exe has disappeared!!!

It has since got worse (if it can get worse)as when it now boots up it
gets to the Windows XP splash screen and then forces a reboot!

He has been using AVG (free version) as his anti virus programme.

It sounds like this is a possible virus problem. Do you agree?

My own thoughts are the he will have to totally scrub his hard drive and
start all over again - unless someone else has any better ideas - as
well as get a reliable anti virus programme running

AVG is only marginal protection, I've seen dozens of computers used by
Students compromised while having a fully updated AVG installation.

Do the following:

Always remember - only download files from Trusted Sites.

The following links will take you to vendors sites for Spy Ware / Ad
ware removal tools and also for Antivirus tools. After you install any
of these applications and update them, run them in SAFE MODE to allow
them to properly clean your system.

First, make sure that your Java is updated to the latest version:
http://www.java.com/en/download/index.jsp

These sites are for downloading Anti-Malware and Anti-Spyware tools, in
order that I would use them myself:

Dave Lipman's tools:
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Secured2K's AntiPauper (download link/info at)
http://forums.mcafeehelp.com/viewtopic.php?t=65072

AdAwareSE can be found here:
http://www.lavasoft.de/support/download/

SpyBot Search and Destroy can be found here:
http://www.safer-networking.org/en/download/index.html

You can also download Symantec Trial version of their Antivirus software
from here:
http://www.symantec.com/downloads/

These are the actual vendors sites, not some unknown or authorized no-
name site.

 

[Mike Hall - MS MVP Windows Shell/User]

Fred

A complete start over would be the best bet at this point.. re-format and
re-install Windows.. set the XP firewall to 'enabled'.. connect to the
internet, and download all critical updates.. ensure also that SP2 is
applied if not part of the original installation

Next, go to http://www.grisoft.com.. download AVG, run and update it.. the
program is way better than some give credit..

OK.. for spyware solutions, go to
http://www.lavasoftusa.com/software/adaware/ for Adaware,
http://www.safer-networking.org/ for SpyBot, and
http://www.javacoolsoftware.com/spywareblaster.html for SpywareBlaster..
download, start, update, and run all of them..


Ewido Suite, http://www.ewido.net/en/ is a great solution fo something a
little more intransigent has gotten into the system.. keep the link for that
instance..



Housekeeping should be a weekly task thereafter..

 

[MAP]

AVG is only marginal protection, I've seen dozens of computers used by
Students compromised while having a fully updated AVG installation.

OMG! something that I agree with you on.
LOL

 

[Guest]

Are you able to access the system in safe mode? If so the problem may be
software related. You can run a virus/spyware scan with "quality"
antivirus/antispyware software while in safe mode.

If you are able to get into safe mode you might be able to do a system
restore and roll the system back to the point you were before the problem
started.

Good Luck!