Question

Locked

Windows Update/Rootkit/Virus?

By mbrewster ·
I have two computers that have the same problem. Both were at different locations when it cropped up.

-Both PCs are on different domains
-PC1 has group policies applied, login scripts, startup scripts, shutdown scripts, ect.
-PC1 has Vexira Antivirus, now removed
-PC1 has Adobe flash player, adobe reader, thunderbird, office 2003, and Java.
-PC1 is WinXP Pro SP3
-PC1 is a Gateway E series computer

-PC2 is WinXP Pro SP2
-PC2 is a Dell 2xxx series computer (I apologize I'm not next to it to get the model)
-PC2 has no group policies
-PC2 has Norton Antivirus, now removed
-PC2 had applications such as weatherbug and dealeo (crapware), now removed
-PC2 has Adobe flash player, adobe reader, office 2003, and Java.

Symptoms (both have the same):
-When the computer boots up with the network cable plugged in, after login the task bar stops responding. However the desktop is responsive.
Internet explorer works.
Task manager and control panel applets dont open. After trying to open a few things the PC will lock up.
After getting "A squared, Hijackfree" on the computer I disabled every application that starts on any users login. Through msconfig I have disabled all non windows services and verified that they dont start.
I tried to run Process Explorer however it is one of the applications that will lock up the computer. If it doesn't lock up the computer and does happen to run, the processes do not update. If I run a new process it doesn't get added to the process list. I can search for the process and it does find that it is running but I can't examine it because it isn't in the process list.

-When booting the computer up without the network cable plugged in the start bar doens't lock up after logging in. Task Manager works, and proccess explorer works. Control panel applets now work and dont lockup the computer. Plugging in the network cable after the computer has started doesn't cause problems. However if I try to copy data from the computer to another networked computer the PC will lock up.

-Rootkit revealer doesn't detect anything wrong. Neither antivirus detects anything wrong.

-The last windows update ran on either computer was KB958644 and rolling it back doesn't resolve the issue.

-Both computers stopped working after thursday of last week (10/24)

-Shutdown/startup scripts work properly while ethernet cable is plugged in. Including software installations. After logging in the PC no longer works properly. It isn't possible to log out.

-Safe mode and Safe mode with networking have the same effect as normal mode with the network cable plugged in.

Steps taken to resolve:

I rolled back all internet explorer updates on one computer including IE7 itself. Uninstalled all programs additional to windows (flash, pdf reader, Java, ect). Cleared all temp folders. Ran a system restore to a point almost a month ago. Disabled the NIC (acts the same as unplugging the NIC). Reinstalled NIC drivers. Checked for hidded non pnp devices.


My fear is that if I can't find out why these machines are doing this that I wont be able to prevent it from happening to another 450 of my computers. I will be running a repair installation over one of these computers to see if that resolves the issue but this isn't a valid fix assuming I will continue to run into the problem if steps to prevent are not in place.

This conversation is currently closed to new comments.

15 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

SP3 installation on SP2

by mbrewster In reply to Windows Update/Rootkit/Vi ...

Installing SP3 on PC2 didn't resolve the issue. I am now starting a repair installation.

Collapse -

Have you tried using a different network cable?...

by OldER Mycroft In reply to Windows Update/Rootkit/Vi ...

Clearly the problem only manifests itself when the network cable is attached. Doesn't that tell you anything?

Also, do these systems have a NIC installed? If so, maybe you could swap them out with another?

Have you traced the network cable to the 'other' end - what is happening there?

Collapse -

See if this is of any help

by Jacky Howe In reply to Windows Update/Rootkit/Vi ...

Check the memory.<br>
You can test the memory by running Windows Memory Diagnostic that can be downloaded from http://oca.microsoft.com/en/windiag.asp. If memory problems are found, try re-seating the RAM. If it doesn't work, replace the defective RAM.
<br><br>
<i>Keep us informed as to your progress if you require further assistance.</i>
<br><br>
<i>If you think that any of the posts that have been made by all TR Members, have solved or contributed to solving the problem, please Mark them as <b>Helpful</b> so that others may benefit from the outcome.
</i>

Collapse -

no solution

by mbrewster In reply to Windows Update/Rootkit/Vi ...

The issue was caused by windows update kb958644 and I haven't been able to resolve it yet.

Collapse -

Have you

by Jacky Howe In reply to no solution

tried removing the update to see if that will fix it.

Collapse -

But that would be logical !! Try to be sensible. <NT>

by OldER Mycroft In reply to Have you
Collapse -

ROFLMAO :^0 <NT>

by Jacky Howe In reply to But that would be logical ...

:^0 :^0 :^0 :^0 :^0 :^0 :^0

Collapse -

From the original post...

by OnTheRopes In reply to Have you

"<i>The last windows update ran on either computer was KB958644 and rolling it back doesn't resolve the issue."</i>

Collapse -

Oops - Slap on the head for OM and JH then!...

by OldER Mycroft In reply to From the original post...

In which case <head hung low> I'd reiterate my original point regarding the possibility of a rogue NIC (or two) or dodgy network cabling.

It's not beyond the realms of possibility for two separate NICs to die simultaneously, especially if they're both the same age. :)

Although I'd still be tempted to ask if the rollback was accompanied by a full shutdown and cold boot. Or if it was reinstated, since it didn't 'seem' to make any difference.

Collapse -

Good pickup

by Jacky Howe In reply to From the original post...

but I don't think that it is the problem. Both PC's should have picked up if it was. There is no reference to the memory test as yet.

Back to Software Forum
15 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums