System infected with multiple malwares from a single email attachment
Started by
SSri09
, Feb 27 2013 03:53 PM
#31
Posted 03 March 2013 - 04:51 PM
#32
Posted 04 March 2013 - 03:08 PM
I had a tough time removing the heatsink screws, which were tucked under the fan cover I wonder who came up with that brilliant idea
My workstation runs 24x6. So, I do not expect the thermal paste to last for 7 years. May be 2 years is probably correct, although I now think it may be better to remove and reapply once a year.
Thanks for the read on the temperature. Thermal paste was found wanting. The workstation is 4 1/2 years old, while the thermal paste was applied about 3 years before. I applied Arctic Silver 5. The idle temperate came down to a low 40 deg C. The intel test passed with the CPU temp some 43-48 deg C below the maximum. I think it would go down once the thermal paste starts taking effect; this is about 90-96 hours for Arctic Silver. The fan was working very hard probably due to the CPU temperature and RAM. I understand from the HP forum that the higher the RAM and the higher the fan noise. My workstation has 28 GB DDR2 fully buffetted ECC RAM, which sits below just one 120mm fan. Unfortunately, there is no space to install an additional fan in the case. I do not know if the front I/O panel needs to be changed; the ambient temperature thermostat is on the front panel. I think it costs a few pounds on the e-bay; so, I may as well replace it.
I will paste the windows event viewer of memory diagnostics in a couple of days once the Memtest86 is finished. I could not find anything on Google as far as interpreting the memory test event ID is concerned.
My workstation runs 24x6. So, I do not expect the thermal paste to last for 7 years. May be 2 years is probably correct, although I now think it may be better to remove and reapply once a year.
Thanks for the read on the temperature. Thermal paste was found wanting. The workstation is 4 1/2 years old, while the thermal paste was applied about 3 years before. I applied Arctic Silver 5. The idle temperate came down to a low 40 deg C. The intel test passed with the CPU temp some 43-48 deg C below the maximum. I think it would go down once the thermal paste starts taking effect; this is about 90-96 hours for Arctic Silver. The fan was working very hard probably due to the CPU temperature and RAM. I understand from the HP forum that the higher the RAM and the higher the fan noise. My workstation has 28 GB DDR2 fully buffetted ECC RAM, which sits below just one 120mm fan. Unfortunately, there is no space to install an additional fan in the case. I do not know if the front I/O panel needs to be changed; the ambient temperature thermostat is on the front panel. I think it costs a few pounds on the e-bay; so, I may as well replace it.
I will paste the windows event viewer of memory diagnostics in a couple of days once the Memtest86 is finished. I could not find anything on Google as far as interpreting the memory test event ID is concerned.
#33
Posted 04 March 2013 - 03:31 PM
It is entirely possible the errors showed by windows memory diagnostics may have been caused by the high temperature causing the memory unstable. It is nevertheless strange the testing screen and event viewer showed different outcomes. The Memtest86 is therefore going to be important.
#34
Posted 04 March 2013 - 03:59 PM
Speedfan probably reads about 50 now since it appears to have made a 30 degree improvement so things are getting back to normal. I expect the high temps were causing the errors. Good thing you got the bad email or you might have really cooked the CPU.
#35
Posted 05 March 2013 - 01:24 AM
The memtest86 is still running. It completed one pass taking 12 hours. Second pass is being tested. The tests are set at default (9-10 tests). I might allow it to run until until midnight and stop the test. I will then be able to post some test results tomorrow. Thank you sir!
#36
Posted 06 March 2013 - 04:20 PM
Memtest86
completed 3 full passes without errors after more than 32 hours.
Intel Test
--- IPDT64 - rev 1.24.0.0 ---
--- Start Time: 03/06/2013 08:54:57---
--- Skipping Config ---
--- Reading CPU Manufacturer ---
Expected --> GenuineIntel
Detected --> GenuineIntel
Found --- Genuine Intel Processor ---
--- Temperature Test ---
Temperature Test Passed!!!
Temperature = 54 degrees C below maximum.
--- Reading Brand String ---
Detected Brand String:
Intel Xeon X5450 3.00GHz
Brand String Test Passed!!!
--- Reading CPU Frequency ---
Expected CPU Frequency is --> 3.00
Detected CPU Frequency is --> 2.99999
CPU Frequency Test Passed!!!
--- Reading FSB ---
Expected FSB : --> 1333
Detected) FSB : --> 1333
CPU FSB Test Passed!!!
--- Running Base Clock test ---
--- This CPU does not support base clock test ---
--- Running Floating Point test ---
Million Floating Points per Second, MFLOPS --> 345.6
Floating Point Test Pass ---
--- Running Prime Number Generation Test ---
Operation Per Second--> 664579
Prime Number Generation Test Pass ---
--- Reading Cache Size ---
- Detected L1 Data Cache Size --> 4 x 32
- Detected L1 Inst Cache Size --> 4 x 32
- Detected L2 Cache Size --> 12288
- Detected L3 Cache Size --> Not Detected.
Cache Size Test Passed!!!
--- Determining MMX - SSE capabilities ---
--- CPU FEATURES DETECTION FOR ---
--- MMX SSE ---
MMX - MMX Supported --> Yes
SSE - SSE Supported --> Yes
SSE2 - SSE2 Supported --> Yes
SSE3 - SSE3 Supported --> Yes
SSSE3 - SSSE3 Supported --> Yes
SSE4.1 - SSE4.1 Supported --> Yes
SSE4.2 - SSE4.2 Supported --> No
--- MMX SSE - capabilities check complete ---
MMX Test Result --- PASS
SSE Test Result --- PASS
SSE2 Test Result --- PASS
SSE3 Test Result --- PASS
SSSE3 Test Result --- PASS
SSE4.1 Test Result --- PASS
SSE4.2 Test Result --- Not Tested
MMX SSE Testing Passed !!
--- Determining AVX AES PCLMULQDQ capabilities ---
--- CPU FEATURES DETECTION FOR ---
--- AVX/AES/PCLMULQDQ ---
AVX - Advanced Vector Extensions Supported --> No
AVX OS Support - AVX Operating System Supported --> No ---> No Test Required
AES - Advanced Encryption Standard Supported --> No ---> No Test Required
PCLMULQDQ - Polys Carry-Less Multiply Supported --> No ---> No Test Required
--- AVX AES PCLMULQDQ capabilities check complete ---
AVX Compare Test Result --- Not Tested
AES Test Result --- Not Tested
PCLMULQDQ Test Result --- Not Tested
No AVX AES PCLMULQDQ Tests required
--- IMC NOT Supported on this Processor ---
..Platform Controller Hub Test not supported curent chipset..
..Skipping Platform Controller Hub Test..
Skipping Platform Controller Hub Test
..
..Query 4..
..
--- Querying for Intel® Integrated Graphics Device (IGD) ---
..Intel® Integrated Graphics Device not supported on this processor..
..Skipping Intel® Integrated Graphics Device Presence Test..
..
--- CPU Load ---
--- Load Level = 8
CPU Load Passed!!!
--- Temperature Test ---
Temperature Test Passed!!!
Temperature = 48 degrees C below maximum.
--- Test End Time: 03/06/2013 08:58:56---
Real Temp
The real temp results (difference to Tj Max) is pretty closer to the Intel test.
The system I believe is fine. The only drag I find is the Chrome, which sometimes become unresponsive besides taking ages to open the Load Files window. This happened before opening the e-mail attachment. I intend installing Kaspersky and run the virus scan. I will post the results in the next couple of days. Thanks very much for your help,
notebook syncs with the workstation
I have scanned the notebook with ESET, Kaspersky, MBAM, TDSSkiller, Rogue Killer and adwCleaner. They did not show anything. I do not think the notebook is infected from the workstation, although I sync the application/data drives of them . I never sync the OS. I therefore assume the notebook is fine, unless you think that should be checked as well. If that's the case, please let me know if I need to post the OTL logs of the notebook in this post itself.
Many thanks for your kind help. This is greatly appreciated.
#37
Posted 06 March 2013 - 06:47 PM
I wouldn't worry about cross-infection as we never found any real malware on this one. Just some adware and the overheating.
I don't see why Chrome is acting up tho. You might try running it with add-ons disabled and see if it still has problems:
http://readwrite.com...o_enter_safe_mo
Usually it is one of the add-ons that causes the problem so if this helps go in and disable them all and then enable then one at a time until you find the problem.
.
I don't see why Chrome is acting up tho. You might try running it with add-ons disabled and see if it still has problems:
http://readwrite.com...o_enter_safe_mo
Usually it is one of the add-ons that causes the problem so if this helps go in and disable them all and then enable then one at a time until you find the problem.
.
#38
Posted 12 March 2013 - 08:42 AM
Free trialing Kaspersky. It's a resource hungry app; it can crawl the system to a standstill when scanning or updating; the latter is not a problem, while the former is. It gave my laptop and the notebook a clean chit.
However, the problems (still persists with KAV for a long time amongst the users) are outlook protections. Google Sync and slow loading time of the browsers. The Google Sync gets disconnected all the time, while the KAV blocks all incoming and outgoing emails from outlook. I tried disconnecting the add-ins in the outlook or disbling the email protection on the KAV settings. Even a system reboot does not help! Unless this is something else, which I doubt, I am going to have to throw out the KAV. The AVAST messed up my critical online back up. It never allowed the online backup, even after allowing exceptions in the settings.
This leaves a free trial of Bit Defender or the not so great MSE!
Thanks for your help.
However, the problems (still persists with KAV for a long time amongst the users) are outlook protections. Google Sync and slow loading time of the browsers. The Google Sync gets disconnected all the time, while the KAV blocks all incoming and outgoing emails from outlook. I tried disconnecting the add-ins in the outlook or disbling the email protection on the KAV settings. Even a system reboot does not help! Unless this is something else, which I doubt, I am going to have to throw out the KAV. The AVAST messed up my critical online back up. It never allowed the online backup, even after allowing exceptions in the settings.
This leaves a free trial of Bit Defender or the not so great MSE!
Thanks for your help.
#39
Posted 12 March 2013 - 10:11 PM
I'm not a real Kaspersky expert but the one I worked on used a proxy server for Internet traffic. If you go into IE and do Tools, Internet Options, Connection, Lan Settings, I think Use a Proxy Server will be checked and if you click on Advanced you can put in some Exceptions. You might try putting in the address of your email server that Outlook is trying to reach. There may also be some options in Outlook.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users