Monitor blinks after virus removal


D

Dave C.

Several weeks ago I got a virus call MaCatte, which imitates a McAfee
page. I probably picked it up in a program called crack.exe.
Since eliminating it (with a combination of things I can't remember),
I have an unusual problem with occasional monitor blinking.

It's highly predictable with the Windows game called Spider Solitaire.
About five seconds after starting a new game, the screen will "blink"
for a fraction of a second, as though it's refreshing. It will do this
once or twice during the first 10 seconds, then be okay for the
remainder of the game. Once I start a new game, or replay the existing
one, the blinking will predictably occur again.

Other programs do not seem to have this problem. But sometimes I set
my CoolEdit Pro program to record something in the timed mode, with a
start time several hours later. When I get back home, the recording
hasn't started. I believe this is because this mysterious "blink" or
refresh has occurred during that several hour period and messed up
the timed mode.

Otherwise, everything is okay, but startup time since the virus is
long: 1:46 to the desktop, with about 65 seconds at the blue "Windows
is starting up" screen.

XP, SP3; Envision LCD monitor. The display adapter is an integrated
ATI Radeon 3000, part of the Asus M3A76-CM mobo and AMD 760G chipset.
Screen refresh rate: 60 Hz (70, 72 and 75 Hz are the other options).

Thanks,

Ray

You've still got a virus somewhere. Probably dozens of them. One of
them has most likely infected your spider solitaire game. The dead
giveaway on this one is the integrated video. The reason the screen is
blinking is that some virus (or several) have filled up the main system
RAM, leaving no room for processing video information. If you had a
dedicated video card, this wouldn't happen, as the virus wouldn't be
using the same RAM that is processing video to send to your monitor.

That would be both good and bad. You'd have a more reliable display,
but then you might not have a symptom to show you that you still have
an infected computer.

Start by uninstalling norton and mcafee and any other useless bloatware
that claims to be security software while totally ignoring most virus
infections. Then install something useful (and free) like avast! or
similar. -Dave
 
Ad

Advertisements

R

Ray K

Several weeks ago I got a virus call MaCatte, which imitates a McAfee
page. I probably picked it up in a program called crack.exe.
Since eliminating it (with a combination of things I can't remember), I
have an unusual problem with occasional monitor blinking.

It's highly predictable with the Windows game called Spider Solitaire.
About five seconds after starting a new game, the screen will "blink"
for a fraction of a second, as though it's refreshing. It will do this
once or twice during the first 10 seconds, then be okay for the
remainder of the game. Once I start a new game, or replay the existing
one, the blinking will predictably occur again.

Other programs do not seem to have this problem. But sometimes I set my
CoolEdit Pro program to record something in the timed mode, with a
start time several hours later. When I get back home, the recording
hasn't started. I believe this is because this mysterious "blink" or
refresh has occurred during that several hour period and messed up the
timed mode.

Otherwise, everything is okay, but startup time since the virus is long:
1:46 to the desktop, with about 65 seconds at the blue "Windows is
starting up" screen.

XP, SP3; Envision LCD monitor. The display adapter is an integrated ATI
Radeon 3000, part of the Asus M3A76-CM mobo and AMD 760G chipset. Screen
refresh rate: 60 Hz (70, 72 and 75 Hz are the other options).

Thanks,

Ray
 
J

John Doe

Ray K said:
...the screen will "blink" for a fraction of a second, as though
it's refreshing.

Probably not the solution, but the only example of that behavior I
know of in Windows XP is corrected like this.

.... open the Windows registry editor

.... search for "PlayOnMyTV"

.... append "-disable" to the Default entrys (about 3/6 times), to
make each PlayOnMyTV Default entry look like this: {...-Disable}

.... close Regedit and restart your computer

That screen blinking happens when opening certain files.
Conceivably, it could happen programmatically.

Good luck and have fun.
 
R

Ray K

Dave said:
You've still got a virus somewhere. Probably dozens of them. One of
them has most likely infected your spider solitaire game. The dead
giveaway on this one is the integrated video. The reason the screen is
blinking is that some virus (or several) have filled up the main system
RAM, leaving no room for processing video information. If you had a
dedicated video card, this wouldn't happen, as the virus wouldn't be
using the same RAM that is processing video to send to your monitor.

That would be both good and bad. You'd have a more reliable display,
but then you might not have a symptom to show you that you still have
an infected computer.

Start by uninstalling norton and mcafee and any other useless bloatware
that claims to be security software while totally ignoring most virus
infections. Then install something useful (and free) like avast! or
similar. -Dave

Dave,

Thanks for the comments.

AdAware, Spybot, AVG and Avast all give my system a clean bill of health.

I have never used Norton or McAfee. I've been using AVG as my virus
program since my problem with the MaCatte virus.

FWIW, I recovered from the MaCatte virus without having to format c: or
even do a reinstall or repair of XP.

Ray
 
R

Ray K

John said:
Probably not the solution, but the only example of that behavior I
know of in Windows XP is corrected like this.

... open the Windows registry editor

... search for "PlayOnMyTV"

... append "-disable" to the Default entrys (about 3/6 times), to
make each PlayOnMyTV Default entry look like this: {...-Disable}

... close Regedit and restart your computer

That screen blinking happens when opening certain files.
Conceivably, it could happen programmatically.

Good luck and have fun.

John,

The search didn't find any occurrences of PlayOnMyTV.

Thanks, anyway, for the lead.

Ray
 
Ad

Advertisements

J

John Doe

....
FWIW, I recovered from the MaCatte virus without having to
format c: or even do a reinstall or repair of XP.

For what it's worth... I can recover from any virus without having to
format or repair, by keeping a hidden copy of the Windows partition on
the hard drive (some keep it on another hard drive). Once you learn
that trick, personal computing is a whole new world. Knowing where
personal/important files are and keeping a backup copy of those files
to removable media is part of that process. ALWAYS KEEP A COPY OF ANY
IMPORTANT FILES TO REMOVABLE MEDIA.
 
R

Ray K

Fishface said:

I just finished scanning with it. Upon completion, it also gave a clean
bill of health.

However, while it was scanning, AVG interrupted the scan three times.
The first time the message said WIN32: Patched LF [Trj]. Once I deleted
it, the malwarebytes scan resumed by itself until it next halted at
WIN32: Malware-gen. I deleted it and the scan resumed, halting a final
time at WIN32: Patched LF [Trj](yes, same message as the first time).

It's almost like AVG was detecting problems in malwarebytes program.

Ray
 
R

Ray K

John said:
...


For what it's worth... I can recover from any virus without having to
format or repair, by keeping a hidden copy of the Windows partition on
the hard drive (some keep it on another hard drive). Once you learn
that trick, personal computing is a whole new world. Knowing where
personal/important files are and keeping a backup copy of those files
to removable media is part of that process. ALWAYS KEEP A COPY OF ANY
IMPORTANT FILES TO REMOVABLE MEDIA.

Sounds like a terrific idea. Some questions:

1. For XP, is the Windows partition simply c:\windows and all the
folders below it?

2. I have two physical drives. The Primary/Master is partitioned as c,
e, f, h, and i. The Primary/Slave is partitioned as d and g. Any
suggestions for where to put the hidden copy of the Windows partition?

I have my application programs in c:\Program Files, the usual default
installation location, but the data I create from Microsoft Office is in
f, and my extensive collection of music, photos, and videos is in g.

3. Do you put your application programs in c? If you don't, how do you
deal with the various Document and Settings values, especially for the
various users?

4. How do you go about using the hidden copy of Windows to recover from
a virus?

Thanks,

Ray
 
J

John Doe

Ray K said:
Sounds like a terrific idea. Some questions:

1. For XP, is the Windows partition simply c:\windows and all
the folders below it?

No, the "Windows partition" is drive C. It does not have to be the
only partition on the physical hard drive.
2. I have two physical drives. The Primary/Master is partitioned
as c, e, f, h, and i. The Primary/Slave is partitioned as d and
g. Any suggestions for where to put the hidden copy of the
Windows partition?

First, you have to decide on a disk manager. Acronis Disk Director
will probably work well for Windows XP unless you use a Solid
State Disk SDD drive. Seems to me that disk management utilities
have not quite figured out how to work well with SSD drives.

The hidden copy of Windows will be put on hard drive free space.
It will not show up as a drive letter after you copy and then hide
it. You will need to use your disk manager to first
delete/move/resize partitions in order to free up space on the
hard drive.
I have my application programs in c:\Program Files, the usual
default installation location, but the data I create from
Microsoft Office is in f, and my extensive collection of music,
photos, and videos is in g.

And of course you have a copy of any important files from your
hard drive to removable media. Being able to keep track of and
backup personal data is fundamental to making incremental copies
of Windows.

I do not bother keeping data separate from the Windows partition,
because I know where that data is and regularly copy that to my
secondary hard drive. An extensive collection of multimedia might
be an exception (even though you must still keep a backup copy to
removable media if it is important to you). For that, you would
just adjust the pointer(s) if/when necessary, and see how it goes.
Since multimedia is simply a file type, shortcuts are the only
link between it and your concerned program(s). If you keep a huge
collection of data like multimedia separate from the Windows
partition/drive, you will want to put much thought into the folder
structure where it goes on your secondary drive, because you want
to avoid having to adjust pointers to that location.
3. Do you put your application programs in c?

I have tried that, it just got in the way. Nowadays, hard drive
space is more than abundant (with obvious exceptions). I have a
fast 32 GB main drive and a reasonably fast 150 GB secondary
drive. Three copies of the main drive are kept on the secondary
drive and there is still room for personal data apart from that.

I would not try to separate programs from the Windows partition. A
large database might be an exception.
If you don't, how do you deal with the various Document and
Settings values, especially for the various users?

You can learn by experience. You learn where important data is
kept, and regularly copy that to your secondary hard drive.
Windows is hardly modular, but you can figure out where personal
data is kept.

Settings is a very good reason for keeping a backup copy of
Windows. After you make a bunch of settings adjustments is the
time to make a fresh copy. And the best time to make settings
adjustments is immediately after restoring a copy of Windows. So
you restore the copy of Windows, take the opportunity to very
carefully improve the installation, and then you make a backup
copy to preserve those improvements. Your experience from that
point onwards tells you what sort of shape your most recent backup
copy is in.
4. How do you go about using the hidden copy of Windows to
recover from a virus?

When a virus strikes, (after removing Internet connectivity) the
first thing you do is think "backup". Any time the thought of
restoring Windows crosses your mind, you immediately make fresh
copies of personal data from your Windows partition/drive.

To restore Windows, you delete the current Windows partition and
restore a backup copy into its place. Using Disk Director, after
the deletion and copy, you have to unhide and make active the
primary partition.

After the copy back to its place, make sure that primary partition
is visible and active. When doing a backup copy, you need to hide
the backup copy.

My peers may feel free to correct me if I am wrong here, but the
process I am talking about is for advanced users. The first thing
you must be familiar with is always keeping a backup copy of
important data from your hard drive to removable media. And you
need to be able to recover from a boot CD, or (if you cannot do
that) settle for reinstalling Windows from scratch.

I will try to answer more detailed questions (at least about my
current disk manager) if they ever come up.
 
Ad

Advertisements

F

Fishface

Ray said:
However, while it was scanning, AVG interrupted the scan three times.
The first time the message said WIN32: Patched LF [Trj]. Once I deleted
it, the malwarebytes scan resumed by itself until it next halted at
WIN32: Malware-gen. I deleted it and the scan resumed, halting a final
time at WIN32: Patched LF [Trj](yes, same message as the first time).

It's almost like AVG was detecting problems in malwarebytes program.

No, I don't think so.

By default, AVG checks files when they are opened. They were likely files
of which type AVG doesn't scan by default, and you likely chose the Full-
Scan option of the anti-malware program. When the Malwarebytes
program opened the files to read, AVG detected the problem first. That's
my theory, anyway...
 
J

John Doe

Fishface said:
Here's another option:
http://www.macrium.com/reflectfree.asp

You just keep a backup copy of your system drive on another
drive. It will even write it out to DVDs.

Have you used it? Does it automatically hide the copy so that any
operational partitions on the target drive remain the same letter?
Does it make a recovery boot CD? Does it work with SSD drives?

I will try it and post the answers to those questions and more...
 
J

John Doe

I made a copy, using all default settings. Strangely/surprisingly,
it did not have to jump out of windows during the process. Now I
will format drive C and use the boot CD to recover. Be back in a
minute (hopefully not from the abyss).
 
F

Fishface

John said:
Have you used it?

Yes! I got my extended family and friends using it, and I made
my employer buy it.
Does it automatically hide the copy so that any operational
partitions on the target drive remain the same letter?

Uh, what? It creates a file, not a hidden partition. The file can
be on another drive, or a network drive, or a DVD set, or, cough,
a CD set. I guess you could have a hidden partition. TweakUI
would hide a drive letter, as I recall.
Does it make a recovery boot CD?

Yes. You can make a bootable pen drive, too.
Does it work with SSD drives?

I don't see why not.
 
Ad

Advertisements

J

John Doe

I am going to reply by starting a new thread. Whenever the
importance of this particular dialogue is, the subject is of great
value (to me).
 
Ad

Advertisements

S

Steven J.


I just finished scanning with it. Upon completion, it also gave a clean
bill of health.

However, while it was scanning, AVG interrupted the scan three times.
The first time the message said WIN32: Patched LF [Trj]. Once I deleted
it, the malwarebytes scan resumed by itself until it next halted at
WIN32: Malware-gen. I deleted it and the scan resumed, halting a final
time at WIN32: Patched LF [Trj](yes, same message as the first time).

It's almost like AVG was detecting problems in malwarebytes program.

Ray

What was happening with that was when MalwareBytes was accessing the
infected file, AVG detected it detecting the file and put up a
notification before MalwareBytes reported the infection.
If you have what I think you have, the file that is affected with this
particular virus is atapi.sys which is a required system file and why
MalwareBytes and AVG wouldn't delete it. You need to replace the
atapi.sys file on the infected installation with one from a Windows CD
or from a known clean system - replace the one in C:\Windows
\system32\drivers folder and in C:\Windows\ServicePackFiles\i386. I
recommend pulling the drive and slaving the drive to a known clean
computer and going from there. Cleanest tip is to reinstall the OS.

Another tip: Don't have 2 actual anti-virus programs installed on your
computer at the same time (re: AVG and Avast)
Remove 1 - my suggestion is to choose Avast over AVG.

Take care,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top