Windows XP Virus

[Eric]

We've encountered a virus on one of our windows xp professional machines. It
locks the computer up at random intervals. We've cleaned the computer using
multiple different anti-viruses which fixes the problem for a time, however
the virus always comes back within a day. We've used anti-rootkits and found
nothing as well.

It also seems to only lock the computer up if it is connected with the
ethernet cable.

Any suggestions would be greatly appreciated.

 

[C]

We've encountered a virus on one of our windows xp professional machines. It
locks the computer up at random intervals. We've cleaned the computer using
multiple different anti-viruses which fixes the problem for a time, however
the virus always comes back within a day. We've used anti-rootkits and found
nothing as well.

It also seems to only lock the computer up if it is connected with the
ethernet cable.

Any suggestions would be greatly appreciated.

Try removing all the system restore points after doing another malware
clean up as malware can hang out in there.

 

[Daave]

We've encountered a virus on one of our windows xp professional
machines. It locks the computer up at random intervals. We've
cleaned the computer using multiple different anti-viruses which
fixes the problem for a time, however the virus always comes back
within a day. We've used anti-rootkits and found nothing as well.

It also seems to only lock the computer up if it is connected with the
ethernet cable.

Any suggestions would be greatly appreciated.

What is the name of the virus?

 

[duke]

We've encountered a virus on one of our windows xp professional machines. It
locks the computer up at random intervals.  We've cleaned the computer using
multiple different anti-viruses which fixes the problem for a time, however
the virus always comes back within a day.  We've used anti-rootkits andfound
nothing as well.  

It also seems to only lock the computer up if it is connected with the
ethernet cable.  

Any suggestions would be greatly appreciated.  

When you say "connected with the etherrnet cable", I assume you are
referring to being connected to a LAN.
Is it possible that the virus is out there somewhere on you network?

Your best bet is to install a active resident virus scanner which
should stop the virus before it infects the computer.
If you already have one installed, are the pattern files updated ?

Duke

 

[Unknown]

Are you sure it is not a heat problem?

 

[C]

Are you sure it is not a heat problem?

I doubt that connecting to an ether net would create much heat.

 

[Unknown]

Could be mere coincidence.

I doubt that connecting to an ether net would create much heat.

 

[C]

Could be mere coincidence.

Once, yes. Every time, no.

 

[Greg Russell]

[Context restored; please don't top-post]

Once, yes. Every time, no.

.... unless the network card activity was the source of the heat. Not likely
for sure, but not worth dismissing outright either.

 

[PA Bear [MS MVP]]

NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!

Microsoft PCSafety provides home users (only) with no-charge support in
dealing with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

Also available via the Consumer Security Support home page:
https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead:
http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Now run a thorough check for hijackware, including posting requested logs
in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

Checking for/Help with Hijackware:
• http://mvps.org/winhelp2002/unwanted.htm
• http://inetexplorer.mvps.org/tshoot.html
• http://www.mvps.org/sramesh2k/Malware_Defence.htm
• http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

 

[Unknown]

It 'SEEMS' to only lock up if connected to the Ethernet cable.
Why do you assume 'always'?

 

[Elmo]

We've encountered a virus on one of our Windows XP Professional machines. It
locks the computer up at random intervals. We've cleaned the computer using
multiple different anti-viruses which fixes the problem for a time, however
the virus always comes back within a day. We've used anti-rootkits and found
nothing as well.

It also seems to only lock the computer up if it is connected with the
ethernet cable.

Any suggestions would be greatly appreciated.

Suggestion:

As a test, try another method of connecting, like another NIC, or
wireless dongle. Or try removing the sound card, as a test. Basically,
I suspect the current ethernet card is conflicting with another peripheral.

 

[EN59CVH]

Perhaps it is not the virus at all. Windows XP system does act funny
from time to time for no apparent reasons. The only way to clear this
anomaly is to reformat the HD, re-install XP and all applications and
you are done. Please backup any user data before formatting your HD
because you are not likely to get them back after the format process.

hth

 

[EN59CVH]

I doubt that connecting to an ether net would create much heat.

Ah but you are dealing with Unknown! He seems to do other things as
well apart from connecting to an ether. I can't say what he does just
in case children are still looking for advice from Pig-Bear!

hth

 

[EN59CVH]

As a test, try another method of connecting, like another NIC, or
wireless dongle. Or try removing the sound card, as a test. Basically,
I suspect the current ethernet card is conflicting with another peripheral.

Possibly, and this should clear up if the OP reformats the HD!

hth

 

[MowGreen]

Try removing all the system restore points after doing another malware
clean up as malware can hang out in there.

Let's end this misconception, misunderstanding, or miscomprehension -

*** Malware in System Restore can *NOT* infect a clean OS and is *not*
active unless a restore point that includes it is used ***
Period !!!

MowGreen
================
*-343-* FDNY
Never Forgotten
================

banthecheck.com
"Security updates should *never* have *non-security content* prechecked

 

[C]

Let's end this misconception, misunderstanding, or miscomprehension -

*** Malware in System Restore can *NOT* infect a clean OS and is *not*
active unless a restore point that includes it is used ***
Period !!!

MowGreen

That hasn't been my experience.

 

[Ken Blake, MVP]

That hasn't been my experience.

There is no question about it. What MowGreen says is absolutely
correct. You are mistaken about your experience.

 

[Ronin]

You have diagnosed an infection that absolutely, positively came from a SR
restore point? You're absolutely certain that it didn't come from elsewhere?
Do you mind sharing the information necessary to repeat the issue? I am
perfectly able and eager to do so, and I have all the necessary equipment
(i.e., a spare machine that I use for experimentation and a fair amount of
experience analyzing system behavior.) Perhaps you can at least identify
the virus? The more specific the better.

Seriously, I can't imagine any way for something to execute itself from
inside a SR restore point, but if it can be done I want to know all about
it.

 

[Jose]

Perhaps it is not the virus at all.  Windows XP system does act funny
from time to time for no apparent reasons.  The only way to clear this
anomaly is to reformat the HD, re-install XP and all applications and
you are done.  Please backup any user data before formatting your HD
because you are not likely to get them back after the format process.

hth

My systems do not act funny and if I ever see one that is acting
funny, it won't be for long.