I was given a gateway 610 WinXP Media Center PC to clean last week. It had a few Trojans
and Adaware indentified some 2800 objects from files, registry entries to cookies to be
removed.
The interesting thing was that when I ran Adaware on the PC, it caused a RPC ShutDown in 60
secs. type of message. Different from the Blaster/Lovsan message. I have to assume that
one of the parasites or infectors on the platform had a "self preservation" protection
scheme. That is it detected Adaware running and it generated a system ShutDown to protect
itself from being removed.
Executing "shutdown -a" resolved that problem and multiple passes of Adaware in Safe Mode
and a pass of the McAfee Command Line Scanner in Safe Mode completely cleaned the PC.
Dave
|
|
| "lorne" wrote:
|
| > Greetings all,
| >
| > I seem to have contracted the evil shut down in 60 sec. virus. I
| > reformatted my hard drive installed win xp pro and as soon as i plugged in
| > my internet to get my updates, i got the dreaded shutting down in 60 sec
| > warning. I unplugged my internet, ran stinger (found and corrected 2
| > infections). Restarted the computer, ran AVG (didn't find anything), ran
| > stinger again (didnt find anything), plugged in the internet to do the
| > updates.... bang... 60 sec warning!! disconnected the internet, tried to
| > run avg (won't run) went into safe mode, ran stinger (didnt find anything).
| > checked the registry (run, run once, run service etc). everything looked
| > good. rebooted, plugged in the internet and bang.... 60 second warning.
| >
| > What should i do now??
| >
| > thank you all for suggestions.
| >
| >
| >
| >
| >
|
| As long as you keep connecting to the internet without enabling the XP
| firewall this will keep happing!
|
|
| Sometimes,when you remove malware it will stop your TCP/IP
| stack from working (Internet connection).
| Winsock or LSP-fix will correct the problem,Download first.
| Note to anyone using NOD32 Anti-Virus software,Do Not delete the
| "imon.dll" this fix reports,That is your e/mail scanning engine.
|
| YES-You need more than 1 malware program,I use all of these.
| LSP-fix-
http://www.cexx.org/lspfix.htm
| Spybot S&D -
http://www.safer-networking.org/en/index.html
| CWS Smart Killer-
http://www.safer-networking.org/minifiles.html
|
| About Buster-
http://www.spychecker.com/program/aboutbuster.html
| Ad-Aware SE -
http://www.lavasoftusa.com/software/adaware/
| CWShredder -
http://www.majorgeeks.com/download4086.html
| Hijack this -
http://www.majorgeeks.com/download3155.html\
| Hijacjthis tutorial -http://forums.maddoktor2.com/index.php?showtopic=165
| SpywareBlaster -
http://www.javacoolsoftware.com/spywareblaster.html
| SpywareGuard -
http://www.javacoolsoftware.com/spywareguard.html
| WinPatrol -
http://winpatrol.com
| BHODemon -
http://pcworld.com/downloads/file_download.asp?fid=23611&fileidx=1
| Bazooka -http://
www.kephyr.com/spywarescanner/index.html
| asquared2 "Trojan Remover" -
http://www.emsisoft.com/en/
| Socklock-
http://nsclean.com/socklock.html
|
| NOD32Anti-Virus Free 30 day trial
|
http://nod32.com/download/trial.htm
|
| A link for free online virus and trojan scanners.
|
http://virusall.com/downscan.html
|
| A listing of BHO's
|
http://www.spywaredata.com/bho.php?current_page=0
|
| To see if that freeware program you are about to inststall
| is infested with spyware check it out first at this link.
|
http://www.spychecker.com/
|
|
| To help stop unauthorized downloads via your activex controls change your
| default settings.
| These settings are good for XP. The wording should be close for other systems
| as well.
| Go to control panel and open "internet options.
| Click on the security tab then custom level.
| make sure these settings are as follows.
|
| Download signed active x controls>set to prompt
| Download unsigned active x controls>set to disable
| Initialize and script active x controls not marked as safe>set to disable
| Run active x controls and pluggins>set to enable
| Script active x controls marked safe for scripting>set to enable
| Java permissions>set to high
| Launching programs and files in a IFRAME" > Prompt
| Installation of Desktop items"> Prompt
| Navigate sub-frames across different domains>prompt
|
| Free Firewalls
| ZoneAlarm (Free and up)
|
http://snipurl.com/6ohg
|
| Kerio Personal Firewall (KPF) (Free and up)
|
http://www.kerio.com/kpf_download.html
|
| Outpost Firewall from Agnitum (Free and up)
|
http://www.agnitum.com/download/
|
| Sygate Personal Firewall (Free and up)
|
http://smb.sygate.com/buy/download_buy.htm
|
| NTbackup link
|
http://www.onecomputerguy.com/software/ntbackup.msi
| Erunt-
http://home.t-online.de/home/lars.hederer/erunt/index.htm