• If you would like to get your account Verified, read this thread
  • The TMF is sponsored by Clips4sale - By supporting them, you're supporting us.
  • Reminder - We have a ZERO TOLERANCE policy regarding content involving minors, regardless of intent. Any content containing minors will result in an immediate ban. If you see any such content, please report it using the "report" button on the bottom left of the post.
  • >>> If you cannot get into your account email me at [email protected] <<<
    Don't forget to include your username

Computer Geeks! Ayla ny needs your help!

A

AffectionateDan

Verified
Joined
Jan 3, 2002
Messages
8,114
Points
36
Tracy's computer recently had a worm virus, which has been eliminated, but ever since, her computer is continuously restarting itself while it's on. She's already done QuickRestore, opened the CPU up and thoroughly cleaned it out with an entire can of air, with no results. She's been told by a friend that there's a patch available, but her computer won't stay booted long enough for her to go and get it. Is there anything else she can do to fix this and get back her computer? 😕 :idunno: If all else fails, she can take it to a computer shop and have them rob her, but here's hoping that someone in the "family" can make it all betterz. HELP!
 
If the system was XP she should also turn off system restore and clean out the system again. Perhaps the virus is still lurking there and this is why the computer keeps turning itself off. Just a thought. Good luck. 😀 😀
 
Agh! That really sucks Big Dan. I'll bump it to Dtrell and see if he has any ideas but I had same problem recently at home. Had to buy a new hard drive. Cost me about $80 but it did solve the problem. I'll keep my fingers crossed for her...I have XP as well. I'm guessing she's unable to reformat her hard drive???

XOXO
 
If it's doing that, she likely has a virus still in there. I had the same problem and couldn't get rid of it with any of the patches or antivirus software. I ended up having to nuke my system. Fortunately, I had backups of nearly everything. So, I didn't lose much.

Ann
 
well, it seems she´s got some kind of version from the known worm called "wormblaster"

This one reboots your pc in a random time whenever you turn it on.

I happen to have a patch that can clean all the early versions of this worm.

However, if she´s dealling with the newest deadly versions...now those things are very bad news! I could give you all the steps needed to clean them but it´s gonna be tough.

Let´s hope she´s dealling with the first ones! In that case, give some e-mail with about 300k free space and I´ll send you a patch that most of the times can solve the problem.

We portuguese do have troubles with worms and virus everytime lol
unfortunately....
 
Kurch...

Gotta agree with Kurch on this one. If that doesn't work, back up whatever you can and reformat....

Q
 
my dad just had the worm virus and we tried everything..but what finally worked was uninstalling XP all together then the virus was gone because the newer worms cant infect 98 or below...but good luck, there is a web site you can try which helped us here it is: http://www.sarc.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
Plus this may help from her system rebooting:
Click Start > Run. (The Run dialog box appears.)
Type:

SERVICES.MSC /S

in the open line, and then click OK. (The Services window opens.)


In the right pane, locate the Remote Procedure Call (RPC) service.



--------------------------------------------------------------------------------
CAUTION: A service named Remote Procedure Call (RPC) Locator exists. Do not confuse the two.
--------------------------------------------------------------------------------



Right-click the Remote Procedure Call (RPC) service, and then click Properties.
Click the Recovery tab.
Using the drop-down lists, change First failure, Second failure, and Subsequent failures to "Restart the Service."
Click Apply, and then click OK.


--------------------------------------------------------------------------------
CAUTION: Make sure that you change these settings back once you have removed the worm.

Hopefully this was help...good luck
 
I also reccomend perhaps using erasing softawre that will wipe the hard drive totally clean. I think there is a company Eastek that makes such a thing. The important thing here is to do a completely reformat to make sure the bugger is gone. Then reload the system. I hope you get your computer to work. Good luck.
 
AffectionateDan said:
She's been told by a friend that there's a patch available, but her computer won't stay booted long enough for her to go and get it. HELP!
Click to expand...

If there's a 'patch' available, it's already too late.

If there's a 'removal tool' available, there's hope.

Somebody who knows Tracy will have to download the removal tool and snail-mail it to her on a floppy or a CD.

Tracy then boots in safe mode and runs the removal tool.

EDIT: eh, forget snail-mail. Try Fed-Ex overnight. What was I thinking ?
 
Most drastic case...

And this is pretty drastic,,,

But it will remove the problem.

Format the hard drive FROM THE BIOS.

i.e., do NOT allow the boot process to complete.

Interrupt the system bootup procedure, and,,, there are a lot of variables to be considered here, so I won't post things that are "sometimes" true.

Anyway, within your BIOS is the capacity to really erase the entire hard disk; and I mean this one REALLY does the trick, you will have no software left on the disk at all.

From there you can install a truly "clean" system with no left-over stuff lying around.

Major warning: you lose it all doing this.

I think this is what Ann was describing when she said "nuked".

Anyway, it really is drastic stuff, but it will get rid of any and all virii, although you may throw out the baby with the wash.
 
Man, recovery sucks donut ? Like standing on the edge of a 1,000 foot cliff with a tiny parachute that may or may not open.

Never been there but I will be someday.

Try all options before replying 'yes' to 'format C: drive now?'

AAAARRRGGGGGGGGG !!!!!!!!!!!!!!!!!!!!!
 
Hmmm,,, so if I can write a utility which is,,,,

-- Small enough to boot from a 3.5 inch floppy,,,

-- Can access the disk controller directly

-- Read, search out, and find the given threat

-- Disable him

Nahhh,,, I can't be the first human on earth to think this up. If it took me 90 seconds to come up with the scheme, minds better than mine have clearly beaten me to the punch.

That is an idea, though; an antivirus solution that has its own ultra-minimal OS, That does not boot windows before it begins;

Hmmm,,,, I'll bet Microsoft has been thinking about this long long lonnnnnng before I ever started rambling about it

It is a solution that would work for the customer, but which would not involve them. I wonder; has anyone written a freeware/shareware edition of this ? I'm just thinking; boot from a floppy, have a zillion Viri signatures on a CD-Rom, Duh, Might fly.
 
Note to Ayla,,,

When you finally get this resolved, QUIT using microsoft-whatever to read your E-mail.

I'll get a list of suggested alternatives if needed (there must be a dozen of them).

Anyway, The overwhelming majority of virii enter your computer as E-mail attachments targeting Microsoft E-mail applications.

(I was quite sad when I lost my unix shell account)
 
If its the Sasser.worm try this to stop the rebooting process:
----------------------------------------------------------------
1. To end the malicious process
On Windows NT/2000/XP computers, you must first end the malicious process. Follow these instructions:

1. Press Ctrl+Alt+Delete once.
2. Click Task Manager.
3. Click the Processes tab.
4. Double-click the Image Name column header to alphabetically sort the processes.
5. Scroll through the list and look for the following processes:
* avserve.exe
* any process with a name consisting of four or five digits, followed by _up.exe (for example, 74354_up.exe).
6. If you find any such process, click it, and then click End Process.
7. Exit the Task Manager.
----------------------------------------------------------------
visit http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html to research a more permanent solution
 
Random rebooting is often a sign of one of the recent RPC-based worms like Blaster and Sasser. To protect against future infections you need to install the patch from Windows Update - these can actually be downloaded as installable files instead of automatically installing on the downloading machine, just hit the "Windows Catalog" link. You can then download them on a non-infected machine and transfer them to the other machine for install (Make sure the other machine is not connected to the net, pull out its cable if necessary).

Once the patch is installed run the removal tools from Symantec to get rid of the virus, and make sure the virus protection is up-to-date immediately! I've lost count of the number of people who think they're protected simply by having an antivirus program installed, even though it's not downloaded any updates for years 🙁
 
Sooooooooooooo what happened? Whats the latest? Is it fixed? If not you might want to let a professional look at it. They could narrow down what the problem is a lot better than we could through this message board.
 
I agree with Collin, there are shops that can recover most data from a hosed PC and give it back to you clean and functional.

Here's some hints for the future from an idiot who's on six hours per day with a cable connection and never had a problem.. yet...

1. run Zonealarm (free) http://www.zonelabs.com/store/content/home.jsp

2. run Internet Explorer (if you use it) on high security at all times with your favorite sites (TMF, etc) in your trusted sites list for ease of use. Dunno how that works with Netscape or Mozilla, but if you use either of those you're lots safer because hackers target I.E. (95% of installed base).

3. download and run UnPlug http://grc.com/unpnp/unpnp.htm

4. don't open attachments in e-mails you receive.

5. read up on the JS.SCOB Trojan, only two weeks old: http://securityresponse.symantec.com/avcenter/venc/data/js.scob.trojan.html

even the TMF could find itself a distributor of this trojan, so you might want to remove the TMF from your 'trusted sites' list until Myriads verifies that the TMF has any available safeguards against this trojan in place.
Continue to run I.E. on high security.

6. Download and install latest Microsoft fixes here:
http://v4.windowsupdate.microsoft.com/en/default.asp
 
sounds like you had blaster but didn't fully get rid of it

Go hear to learn hnow to stop blaster from shutting down windows first so you can stay online long enough:

http://www.microsoft.com/security/incident/blast.mspx

Then go here to download the removal program to remove blaster from your system:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html

Also, install the Microsft patch here:
http://www.microsoft.com/security/bulletins/200309_windows.mspx

That remover tool cleaned out my Mom's WindowsXP nicely and she has no problems with blaster. It is also a free remover. The patch needs to be done right after you remove it so that you remove the thing that blaster effects in the first place. And always make sure you run Windows updater every few days, especially on a day when you hear a new mega virus is out, and every day for the next week in case they haven't gotten the patch that day. Sometimes it takes them a few days.
 
Well, these are all very helpful and all, but...

...it was far too late for any of this to have helped, I guess. Her computer's in some shop now, in Intensive Care, hooked up to life support and the little machine that goes *Ping!*... even worse, she's having TMF withdrawals! Poor thing!
 
I hope Ayla can have this problem fixed soon, that really sux :sowrong: Miss ya around here Ayla! 😀 Wish you could sick one of those trunk monkeys on the bloody virus makers, lol! 😡
 
thank you for all of the advice, you guys (and smooches to Dan for posting this for me). my computer woes even have my repair guy stumped. I am on a borrowed laptop for the time being. I really shouldn’t be peeking at TMF… but I couldn’t resist 🙂 I’ll have to give this thing a thorough cleaning before I send it back to my mother lol

and now I'm off to do a little light reading... 😀
 
thank you so much, leafstk. I really shouldn’t be peeking at this site with this computer… but should be ok just so long as I don’t look at pictures and stuff. right? right?! (I hope I hope I hope lol)
 
Ayla... Easy solution...Just in case....

Next time ( hopefully there will not be one ) if you cant fix it and you cant get the answer from Norton at www.symantec.com., Have someone remove the drive. Place it into a external enclosure and plug it into a USB or firewire port and clean it as a slave. Cost less and less headaches.. but to let you know the fix it on Nortons site.. but you will have to edit the registry.


Adam
 
You must log in or register to reply here.
What's New
3/9/26
Check out the TMF Welcome Forum and take a moment to say hello!

Door 44
Live Camgirls!
Live Camgirls
Streaming Videos
streaming tickling videos on demand at the TMF!
Tickling videos on demand!
Pic of the Week
Pic of the Week
Congratulations to
*** brad1701 ***
 The winner of our weekly Trivia, held every Sunday night at 11PM EST in our Chat Room
Back
Top