Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Paranoid about system security


  • Please log in to reply

#1
tonyneves

tonyneves

    Member

  • Member
  • PipPip
  • 30 posts
Firs of all, I would personally like to thank all of the Geeks out there for an amazing source of information and collaboration, greatly appreciated.


I recently had some issues with malware/spyware/virus that I hope have been fixed, however my computer keeps crashing, sometimes just forcing a hard restart and sometimes with a BSOD.



I am wondering if anyone can help me find out if my system is safe, and help make it safer.


Running Windows Xp Pro with spywareguard, AVG free, spywareblaster, windows firewall, malwarebytes, and the noscript add on feature for firefox.

Lately I have been discovering that under my system settings, remote desktop keeps turning itself on, which is quite alarming to me. I have heard that windows firewall is garbage and am wondering if it has been allowing other people to access my files. Is there any way to tell?


Please help, I need a safe and secure machine for my personal business and also work.


Thank you
  • 0

Advertisements


#2
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP

I recently had some issues with malware/spyware/virus that I hope have been fixed,

you HOPE it's been fixed? did you go through our malware forum here?

if not

Please read the Malware/Spyware cleaning guide here follow the instructions at the top....

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty (and you may not be) then post an OTL log in THE MALWARE FORUM forum.
(Posting OTL logs or ANY other logs requested in the malware/spyware cleaning guide in any other forum other than the malware forum is forbidden. If you post any of these logs in any other forum, it will be removed and it will take you longer to get help, so please make sure you only post logs in the malware forum)

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread..
  • 0

#3
tonyneves

tonyneves

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
yes, I had wonderful assistance here from a resident geek, and followed all instructions. I just do not feel confident my system is running its best, or at is safest.


Thank you for the quick response



I am fairly technical and can follow directions quite well, so just let me know what I can do.


Thanks again


Tony
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Tony I re-opened your topic here

http://www.geekstogo...i...15&start=15


I just want to run one more scan, wont take long
  • 0

#5
tonyneves

tonyneves

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Thanks rorschach..



are there ways to test if my systems firewall is safe? or if there have been any security breeches?


I think the remote desktop and remote assistance settings were on allowing others to view my files. I think I have finally disabled this, but is there a way to tell if there were any intruders getting into my system?


Or anyway to tell if I should take action renewing my passwords, and alartimg my banks and such?


Thanks again



Tony
  • 0

#6
tonyneves

tonyneves

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hello, so according to Rorschach112, my computer is 100% clean from malware/spyware/viruses. However, my PC keeps crashing.


More alarming and worrisome however, is the fact that Remote Desktop keeps re enabling itself.

I have disabled it through the system folder, the run command gpedit.msc, and also through windows firewall.

After everything it keeps turning itself on, and the folder "HelpAssistant" inside my documents and settings folder keeps reappearing even after I delete it and disable Remote Desktop and Remote Assistance.


The strange thing is that I have never allowed these processes, or anyone to access my system.


Please Help, Thank you
  • 0

#7
The Skeptic

The Skeptic

    Trusted Tech

  • Technician
  • 4,075 posts
If you worry about intrusion to your data try another firewall which block unauthorized traffic both into and out of your system. Among the free products you can find Comodo and ZoneAlarm which are considered to be good. Be aware that your computer will slow down somewhat. Also, enable the firewall in you router (if you have one).

Regarding the crash: Download WhoCrashed from the links in my signatute, run it and paste the results in your next post.
  • 0

#8
tonyneves

tonyneves

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hello Skeptic, thanks for helping!

How do you feel about sunbelt firewall?

Here is the WhoCrashed report:

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.


On Tue 2/2/2010 8:05:44 AM your computer crashed
This was likely caused by the following module: atapi.sys
Bugcheck code: 0x1000007F (0x8, 0x80042000, 0x0, 0x0)
Error: UNEXPECTED_KERNEL_MODE_TRAP_M
Dump file: C:\WINDOWS\Minidump\Mini020210-01.dmp
file path: C:\WINDOWS\system32\drivers\atapi.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: IDE/ATAPI Port Driver
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Sun 1/31/2010 8:23:12 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x1000007F (0x8, 0x80042000, 0x0, 0x0)
Error: UNEXPECTED_KERNEL_MODE_TRAP_M
Dump file: C:\WINDOWS\Minidump\Mini013110-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Sat 1/30/2010 9:32:08 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x1000007F (0x8, 0x80042000, 0x0, 0x0)
Error: UNEXPECTED_KERNEL_MODE_TRAP_M
Dump file: C:\WINDOWS\Minidump\Mini013010-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Fri 1/29/2010 9:01:03 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x1000007F (0x8, 0x80042000, 0x0, 0x0)
Error: UNEXPECTED_KERNEL_MODE_TRAP_M
Dump file: C:\WINDOWS\Minidump\Mini012910-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Fri 1/29/2010 2:14:40 AM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x1000007F (0x8, 0xF78B0D70, 0x0, 0x0)
Error: UNEXPECTED_KERNEL_MODE_TRAP_M
Dump file: C:\WINDOWS\Minidump\Mini012810-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Mon 1/25/2010 8:54:08 PM your computer crashed
This was likely caused by the following module: fxtdipob.sys
Bugcheck code: 0x100000D1 (0x0, 0x1C, 0x1, 0x83853C04)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini012510-01.dmp



On Mon 1/25/2010 4:46:34 AM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x1000000A (0x0, 0x1C, 0x0, 0x80537362)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini012410-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.




--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

7 crash dumps have been found and analyzed. Note that it's not always possible to state with certainty whether a reported driver is really responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
  • 0

#9
The Skeptic

The Skeptic

    Trusted Tech

  • Technician
  • 4,075 posts
Regarding Sun Belt: I am not familiar with the program so I can't express any opinion. However, I can tell you what my experience is as far as other firewalls are concerned: I tried a number of them during the years (Comodo, Sygate and ZoneAlarm) and always removed them after a short time because of a variety of problems: considerable slowdown, inability to connect to some internet sites that I use on a regular basis, plain crashed etc. I use Microsoft's firewall and find it adequate to my needs. You will surely hear different opinions.

Re. the crashes in your computer: Please run Recovery Console and type:

copy d:\I386\Driver.cab c:\system32\ntoskrnl.exe /v

d: is the drive letter in which the CD is placed. If it's not d: then write the correct one.

In addition click Srart > Run. In the dialog box type SFC /SCANNOW (please note the single space before /) and press Enter. Now Windows will look for corrupted or missing files and will replace them with new files. You will probably need your XP installation CD. Let the process run to the end at which the dialog box just disappear.

Edited by The Skeptic, 05 February 2010 - 12:48 AM.

  • 0

#10
tonyneves

tonyneves

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hello again. I ran the recovery console and typed in copy d:\I386\Driver.cab c:\system32\ntoskrnl.exe /v but it said the specified file did not exist.

I also ran the command SFC /SCANNOW
It loaded, and then scanned a while to verify the windows files, I checked up on it and the process had finished, but no other actions took place.


The windows cd was in drive d.

Did I do this correctly?


Thankyou!
  • 0

Advertisements


#11
The Skeptic

The Skeptic

    Trusted Tech

  • Technician
  • 4,075 posts
My instructions were probably somewhat wrong about ntsokrnl. Let's leave it at the moment because I guess that if sfc /scannow did it's job (you did it correctly, by the way) then ntoskrnl should have been fixed too.

How is the computer working now?
  • 0

#12
tonyneves

tonyneves

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hello again skeptic!


The machine has crashed again. It often crashes while streaming video, using itunes, or playing the game battlefield 2.

I have noticed, the sound usually starts glitching and skipping, and thats when I know I have to manually restart it.

Here is another WhoCrashed report, thank you again so much for helping:

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.


On Fri 2/5/2010 3:20:19 AM your computer crashed
This was likely caused by the following module: atapi.sys
Bugcheck code: 0x1000007F (0x8, 0x80042000, 0x0, 0x0)
Error: UNEXPECTED_KERNEL_MODE_TRAP_M
Dump file: C:\WINDOWS\Minidump\Mini020410-01.dmp
file path: C:\WINDOWS\system32\drivers\atapi.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: IDE/ATAPI Port Driver
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Tue 2/2/2010 8:05:44 AM your computer crashed
This was likely caused by the following module: atapi.sys
Bugcheck code: 0x1000007F (0x8, 0x80042000, 0x0, 0x0)
Error: UNEXPECTED_KERNEL_MODE_TRAP_M
Dump file: C:\WINDOWS\Minidump\Mini020210-01.dmp
file path: C:\WINDOWS\system32\drivers\atapi.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: IDE/ATAPI Port Driver
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Sun 1/31/2010 8:23:12 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x1000007F (0x8, 0x80042000, 0x0, 0x0)
Error: UNEXPECTED_KERNEL_MODE_TRAP_M
Dump file: C:\WINDOWS\Minidump\Mini013110-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Sat 1/30/2010 9:32:08 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x1000007F (0x8, 0x80042000, 0x0, 0x0)
Error: UNEXPECTED_KERNEL_MODE_TRAP_M
Dump file: C:\WINDOWS\Minidump\Mini013010-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Fri 1/29/2010 9:01:03 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x1000007F (0x8, 0x80042000, 0x0, 0x0)
Error: UNEXPECTED_KERNEL_MODE_TRAP_M
Dump file: C:\WINDOWS\Minidump\Mini012910-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Fri 1/29/2010 2:14:40 AM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x1000007F (0x8, 0xF78B0D70, 0x0, 0x0)
Error: UNEXPECTED_KERNEL_MODE_TRAP_M
Dump file: C:\WINDOWS\Minidump\Mini012810-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.



On Mon 1/25/2010 8:54:08 PM your computer crashed
This was likely caused by the following module: fxtdipob.sys
Bugcheck code: 0x100000D1 (0x0, 0x1C, 0x1, 0x83853C04)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini012510-01.dmp



On Mon 1/25/2010 4:46:34 AM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x1000000A (0x0, 0x1C, 0x0, 0x80537362)
Error: Unknown
Dump file: C:\WINDOWS\Minidump\Mini012410-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.




--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

8 crash dumps have been found and analyzed. Note that it's not always possible to state with certainty whether a reported driver is really responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
  • 0

#13
The Skeptic

The Skeptic

    Trusted Tech

  • Technician
  • 4,075 posts
I would check the RAM and components temperature.

To test the RAM: Download Memtest from here. Download the first option, unzip the file and burn the ISO file to a CD. For burning the CD download and install BurnCDCC from the links in my signature. It is a very simple program used only for ISO files burning. Boot the computer with the CD and let it run at least one full pass. There should not be any errors (red lines).

To test components temperature download Everest using the link in my signature. Run the program and click Computer and then click Sensor. Read and record the temperatures and voltages that show up. Now minimize the program and load the computer by streaming video (if this is the correct term) and, at the same time, scanning the system with your antivirus. After about 10 minutes maximize Everest and write down again temps and voltages. Please report the results.
  • 0

#14
tonyneves

tonyneves

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I have read that when testing ram, if you have two modules you should only have one at a time to test.

Is this correct? Or can I run the test with both modules in?

Thanks
  • 0

#15
tonyneves

tonyneves

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi.

Ran the memtest, which reported no errors. However, I had both sticks of ram in still. Should I do the test one stick at a time?


As for everest, I took two screen shots. One before "overloading" my pc, and one while running antivirus scan and streaming video from web.


Here are the screen shots, first one = before, second = while loading computer

Attached Thumbnails

  • everest_one.JPG
  • everest_two.JPG

Edited by tonyneves, 05 February 2010 - 02:54 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP