|
-
April 13th, 2006, 02:35 PM
#1
Registered User
Extremely odd booting behaviour
WinXP Pro... I've just cleaned up a slew of spyware and such... I noticed when I was shutting down I'm getting a buncha "This application cannot start because windows is shutting down". Very odd I thought, so I put it to normal and reboot the machine. I use Autoruns ( a startup thing like msconfig) to unselect a bunch of useless startup crap. And reboot again, the problem still occurs and msconfig is set back to selective startup. I look in the task manager and see a process running I told not to load so I terminate it and another process pops up and no it's not a virus process as it's regular HP stuff. So I terminate that and another different one starts... terminate that one and I get yahoo messenger loading... terminate that and MSN loads.... WTF? I've never seen this type of thing before, any ideas?
"We must always fear the wicked. But there is another kind of evil that we must fear the most, and that is the indifference of good men." -- Monsignor; The Boondock Saints.
-
April 13th, 2006, 03:11 PM
#2
Registered User
reloading may take less than fixing
Protected by Glock. Don't mess with me! 
-
April 13th, 2006, 03:13 PM
#3
Registered User
whilst I understand that, the customer does not want to do that.
"We must always fear the wicked. But there is another kind of evil that we must fear the most, and that is the indifference of good men." -- Monsignor; The Boondock Saints.
-
April 13th, 2006, 04:50 PM
#4
Registered User
Unfortunately, I see it quite a bit. You have a system that still isn't clean. I'd try Sysinternals Rootkit Revealer next, and see what comes up. Don't forget too that a legit file name isn't always the same thing as a legit file. Lots of malware these days installs bogus files with real or nearly real file names.
If the computer had any Smitfraud variants (Spyware Quake [a shiny new one], SpyFalcon, SpySherrif, Security Toolbar, SpyAxe, and many more) you should try this link: http://wiki.castlecops.com/Malware_R...SpyAxe_Removal
Malware tools you may want to try if you haven't are Ewido, the free version of Spycatcher, and SpySweeper. Usually if I've run a scan or two and the system is still flaky, I connect the drive into my Data Recovery/Malware Removal machine and run my tools from it. Removing some of the stealthier nasties can be much easier this way.
-
April 13th, 2006, 06:34 PM
#5
Registered User
I've never seen that behaviour before. You say it's probably a rootkit? The customer picked up the machine even though I told them it wasn't working quite right... I have a strong suspicion I'll have it back on Monday...
"We must always fear the wicked. But there is another kind of evil that we must fear the most, and that is the indifference of good men." -- Monsignor; The Boondock Saints.
-
April 13th, 2006, 06:41 PM
#6
Registered User
Likely you will.
I have seen this a number of times.
Ewido online scan is a good one
F-Secure Blacklight for rootkits is good too
Similar Threads
-
By riddellcomp in forum Tech-To-Tech
Replies: 13
Last Post: April 15th, 2004, 05:45 AM
-
By Six Eyed Smily in forum Networking
Replies: 14
Last Post: June 27th, 2003, 09:51 PM
-
By Social Enemy in forum Tech-To-Tech
Replies: 18
Last Post: December 4th, 2002, 05:27 PM
-
By Joshua12 in forum Tech-To-Tech
Replies: 7
Last Post: March 16th, 2002, 09:42 AM
-
By charliee in forum BIOS/Motherboard Drivers
Replies: 3
Last Post: July 12th, 2001, 02:34 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Bookmarks