Question

Locked

HP desktop w/ win vista

By Orion92 ·
Keeps rebooting/restarting after I fixed the network problem with 'netsh winsock reset'. Before fixing, the pc was able to boot up but unable to get on the internet nor did it detect any network. After fixing, the network/internet works after the first bootup. Thereafter it keeps rebooting, I'm assuming that some virus came thru once it has network access. Since then it been rebooting, please help I tried things in safe mode but not everything can be scan in safe mode. Thanks all for your help.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

A couple of things to try

by Jacky Howe In reply to HP desktop w/ win vista

Click Start, Run type msconfig and press Enter.

Now if you have the Configuration Utility open.
Configure selective startup options
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
Click to clear the Process SYSTEM.INI File check box.
Click to clear the Process WIN.INI File check box.
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
Click the Services tab.
Click to select the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, save the settings and restart the PC.

If it is working in Normal mode re-enable one item at a time until you find out what is causing the problems.
When you have it sorted out re-run the Configuration Utility and in the System Configuration Utility dialog box, click the General tab, and then click Normal Startup.

If that doesn't work try this.

Follow the steps below with the System started and restarted in Safe Mode with Networking. Running in Safe Mode loads a minimal set of drivers for the Operating System. You can use these options to start Windows so that you can modify the registry or load or remove drivers.

With the new strains of Virus that have been created you may find it necessary to rename the executable files so that they will work. Rename mbam-setup.exe and then navigate to the install folder and rename mbam.exe. Do not change the files extension from .exe. Do the same with Spybot.

Removing malware from System Restore points
To remove the malware, you must first disable System Restore, then scan the system with up-to-date antivirus software - allowing it to clean, delete, or quarantine any viruses found. After the system has been disinfected, you may then re-enable System Restore. The steps for disabling System Restore vary, depending on whether the default Start Menu or the Classic Start Menu is being used.

Default Start Menu XP
If using the default Start Menu, click Start | Control Panel | Performance and Maintenance | System. Select the System Restore tab and check "Turn off System Restore".

Classic Start Menu XP
If using the Classic Start Menu, click Start | Settings | Control Panel and double-click the System icon. Select the System Restore tab and check "Turn off System Restore".

Vista
Start, right mouse click Computer and select Properties. Select Advanced System Properties, click contine and then System Protection. Untick the box nect to Local Disk C: and click on Turn System Restore off.


After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from "Turn off System Restore".

Download Malwarebytes Anti-Malware, install it and update it.

<a href="http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe" target="_blank"><u>Malwarebytes</u></a>

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.

If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
<a href="http://malwarebytes.gt500.org/mbam-rules.exe" target="_blank"><u>mbam-rules</u></a>

I would keep scanning with it until it is clean by closing out and rebooting and running it again.


Download Spybot - Search & Destroy and install it. Update it and run it.

<a href="http://www.safer-networking.org/en/download/index.html " target="_blank"><u>Spybot</u></a>

Also run this Rootkit Revealer GMer
http://www.gmer.net/index.php

FAQ
http://www.gmer.net/faq.php

Just to be on the safe side when you finish do an online scan with Bitdefender or Google for an online scanner.

http://www.bitdefender.com/scan8/ie.html

Collapse -

Sorry

by Orion92 In reply to A couple of things to try

Sorry I didn't get back to you, I tried everything you post and some works and some didn't work. But at least I can get to the desktop b4 the blue screen come up again. Still trying to figure this out.

Collapse -

See how you go with this

by Jacky Howe In reply to Sorry

First thing to do is Update all of your Motherboard Device Drivers and see how it performs.

Click Start, right mouse click Computer and select Properties. Select Advanced System Properties, continue. Select Settings for Startup and Recovery. Untick Automatically Restart.

Minidump Files can be found here. C:\WINDOWS\Minidump\Mini******-**.dmp

How to read the small memory dump files that Windows creates for debugging

http://support.microsoft.com/kb/315263

To download and install the Windows debugging tools, visit the following Microsoft Web site:

http://www.microsoft.com/whdc/devtools/debugging/default.mspx

Instructions on using Windbg.

Open Windbg and select file, Symbol file path and brows to the Symbol folder that you have downloaded and installed Symbols to, select OK.

Close the workpage and save the Workspace information. This should lock in the Symbol path.

Open Windbg and select file and select Open Crash Dump then navigate to the minidump, highlight it and select Open.

There are two ways to use !analyze -v the easiest is to click on !analyze -v under Bugcheck Analysis.

When you have ran the initial dump if you look to the bottom of the screen you will see kd> to the right of that type in !analyze -v and press the Enter key.

Ctrl + a will let you copy the information and paste it into notepad.

Look to the bottom of the page for information like this. This was fixed by updating the Graphics Drivers.

FAULTING_THREA 864f6a98

DEFAULT_BUCKET_I GRAPHICS_DRIVER_FAULT

CUSTOMER_CRASH_COUNT: 1

BUGCHECK_STR: 0xEA

PROCESS_NAME: logon.scr

LAST_CONTROL_TRANSFER: from 00000000 to bfef0fea

STACK_TEXT: f6434e6c 00000000 00000000 00000000 00000000 sgiul50!DrvBitBlt+0x585

STACK_COMMAN .thread 0xffffffff864f6a98 ; kb

FOLLOWUP_IP: sgiul50!DrvBitBlt+585 bfef0fea 75f9 jne sgiul50!DrvBitBlt+0x580 (bfef0fe5)

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: sgiul50!DrvBitBlt+585

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: sgiul50

IMAGE_NAME: sgiul50.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 3b7dfec7

FAILURE_BUCKET_I 0xEA_IMAGE_sgiul50.dll_DATE_2001_08_18

BUCKET_I 0xEA_IMAGE_sgiul50.dll_DATE_2001_08_18

Collapse -

Tried to follow

by Orion92 In reply to See how you go with this

these steps but not succeeding, maybe I'm not reading it well. Do I have to be in normal mode or safe. I'm still unable to boot up to normal mode. Thanks for your help.

Collapse -

Send me a copy of

by Jacky Howe In reply to Tried to follow

your latest minidump files. You will have to PM me to get an address.

Collapse -

Have you tried

by The Scummy One In reply to HP desktop w/ win vista

System Restore or last known good?

Collapse -

Yes

by Orion92 In reply to Have you tried

I've tried restore and last known was not an option. Thanks

Back to Malware Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums