Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Machine is re-booting non stop.


  • Please log in to reply

#1
dvprao

dvprao

    New Member

  • Member
  • Pip
  • 9 posts
I am running Symantec AV 8.0 client ( Corp Edition) wiht Definitions dated 18.1.2006.
All of a sudden in teh morning of 20.1.06 couple of trojans were intercepted by the real time protector.
I have deleted the quarantined files but I get the follwoing error after some time.

instruction at 0X0067BC70 could not be written. the referenced memory 0X00000000. Please click OK to close or something like that. After I click OK/Close, I get this pminous message box saying the the Windows is shutting down in 30 seconds and actually shutdown and reboots. The error message is Services.exe is shutting down wiht service specific error -1073741674

If the computer is not conncted I get a different kind of error ( some kind of execution protecition)

I suspect that it is something ot do with either Bit torrent software which is used by my son or MSN Messenger.

Any help or hint is appreciated. ( of course, please do not advise me to re-install and I will upgrade my AV to Version 10.0 today it self :tazz:

Thanks - DVP
  • 0

Advertisements


#2
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
do you remember the name of the trojan found?
  • 0

#3
dvprao

dvprao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi thanks for hte reply.
Yes I tried to copy and paste the list but could not.
The list is quite big the one remember are
download.trojan
downlaoder.trojan
and trhere were couple more.

I realized that agains tht rules , I posted hte hijack this logs to another thres on the same topic.
I also see one more by a person named TARGET and he seemd to be pretty frustrated abut this issue.

I remmeber at least two years aog seeing the same problem on a Win98 machine ( that dreded RPC error) that wa linked ot a very mailicious virus ( I think it was called Bug bear) . This one has almost similar behaviour.

This partucular pice of crap was picked up while getting shady software for shady means !!!! I got my lesson !!!

For a while i was thinking it it something to do wiht the ROOT KIT issue that is making rounds ????

In any case, I can not find any help in Micorsoft.com or Symantec.com and I do not know if there is help availbale anywhere else.

But certainly I would like otget to the bottom of this , if possible.

For now, I have bought a new HD and installed a fresh XP Pro on it and by passsed the bootable partion o n thi shard drive. I am saving it till I hear from you as to how to tackle this thing. I am really keen to understand how this thing is able to evade the top of hte line Anti-Virus and Anti-spy software given issued by Micorsoft and Symantec.

Any help is appreciated.
Thnaks
  • 0

#4
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
wewll...number 1 symantec is nowhere near top o the line...nor is the microsoft jazz...much better and more...freee stuff...but...that's for later...

so you bought a new hd...installed xp....and then moved the virus infected one over to the slave drive?...at this point...(unless you have some programs that you can't replace) copy all your data off the old drive onto the new....and format the old on....or smash it with a hammer...whichever makes you happier hehe
  • 0

#5
dvprao

dvprao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Yes I agree with you that I should not have used "top of the line" adjective....

But, can you help ?
Thanks
  • 0

#6
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP

so you bought a new hd...installed xp....and then moved the virus infected one over to the slave drive?...

is this correct?
  • 0

#7
dvprao

dvprao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Yes. The mother board supports up to 4 SATA drives and the priority can be switched at BIOS level.
Booting form the new drive, I scanned the entire drive ( the infected one) with no threats identified...

But when I switch back to this drive to boot, the same probelm appears.
( like others who have experienced this issue, if I keep that memory address errro dialog box in the back ground, I can continue ot wrk wihtout any problem. But teh reboot occurs when I acknowledge the dailog.)
( I get exactly 60 seconds before reboot after that...)

Thank you...
  • 0

#8
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
ok...so you basically have a brand new fresh primary drive with xp on it....is there a reason that you want to keep the other drive as the primary? or would backing up your data off of it then formatting and using it as a slave drive be...not what you want?
  • 0

#9
dvprao

dvprao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Data is safe...
I got the new drive only to get to the bottom of this issue..
I will be keepting the infected drive as such without any modificaitons and keep on looking for help at fora like these.

I am looking for a solution to this problem.
  • 0

#10
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
that's cool...we can accomplish trying to get to the root of the infection...unfortunatly..you have to be able to boot to the drive to do such a thing...

if you can boot to the drive you can post in the malware forum...and they will get to the bottom of any infections...
  • 0

#11
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
dvprao:

I did a search on the error you were having when I was working on another log. Are you still having problems?
  • 0

#12
dvprao

dvprao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Yes. Like mentioned before, I bought a new Hard drive and installed OS on that. I am accessgint ehdata on teh infected direv as a slave....

I installed Symanted Anti Virus (Enterprise) 10.00 version and scanned the infected drive fully , and nothing is reported.

But the probelm is still there becasue, when I switch to htis infected drive and boot, the problem starts again.

I have sseend this similar behavious when a Pc was affected wiht a virus known as bugbear, couple of years ago. BUt this seems very persistent.


The probelm started with my son downloadinga Crack file ( some kind of key genrator routine - for CD key for a stupid game) . He does not evenmknwo this guy. I am sure he must have had a good laugh at my expense. Becasue fo this reason, I do not want ot go to Microsoft for resolution if this issue.


Any help is appreciated.
  • 0

#13
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Not sure if I have all the answers yet, but let's try.

Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP