My PC date Time rolls back

Godzestla · #1 August 3rd, 2010, 06:15 AM

Hi,

this is my first post here so my apologies if it's not the correct way.
Since 1 week, my PC date_time goes back. When i boot my machine, the time and hour displaied is the dat_time of last machine stop. I reset that manually and suddenly during my work, the time (and date) goes back some around 15 or 30 minutes.

This is a professional machine so i'm not allowed to install whatever i'd like to check and clean.

I'm using (mandatory) Symantec Endpoint protection 11 (Virus and Firewall).
The full scan has not found any malicious process, unfortunately.

I've tried malwareBytes that had helped me in the past, but nothing is also found.

I've noticed in my active process that WMIPRVSE.EXE is running twice, what i never saw before. My queries on the web explained that WMIPRVSE.EXE should be located in \system32\wbem, and that's the case. (so no a infected version in \system32 directly).

I've use Sybot S&D to checkout all the startup processes (procs and services) and i have desactivated all the unnecessary ones.

No improvement.

I really loose my nerves on that and don't know what i can use to try to find this malicious process.

Could someone give me some tips to fight this problem ?

Thanks in advance.

Godzestla.

Peter2150 · #2 August 3rd, 2010, 08:20 AM

Have you replaced the batter on the mother board.

tobacco · #3 August 3rd, 2010, 09:52 AM

Quote:

Originally Posted by Peter2150

Have you replaced the batter on the mother board.

Sounds "tasty" Pete!

xxJackxx · #4 August 3rd, 2010, 09:59 AM

CMOS battery is a good start. Also make sure you are set for the correct time zone. If neither of those is an issue, are you on a domain? Maybe it is syncing with a domain controller that has the wrong time, or is possibly in another time zone. Just throwing out some possibilities.

Godzestla · #5 August 3rd, 2010, 10:02 AM

Hi Peter2150,

Thanks for the reply.
This is planned to be done, but i don't think the battery 'low' issue could explain that since my today's boot , time rolls back and back and back. The delay between the current time and the computer one is now 4 hours, compared to zero last time i boot and reset the difference. (around 4 hours ago).
This brings such a chaos in the event viewer than i cannot find what is actual or not.
But despite that and the obvious ennoying impact , this sounds a bit funny.

I'm actually running the Windows XP Cleaning Procedure (MajorGeeks) linked from this site and so far a Trojan.Agent/Gen-FakeAlert(Local) has been detected by SuperAntiSpyware (still scanning).

Life sucks.

Peter2150 · #6 August 3rd, 2010, 10:03 AM

Quote:

Originally Posted by tobacco

Sounds "tasty" Pete!

Groan

Godzestla · #7 August 3rd, 2010, 10:04 AM

XXjackXX,

the time zone is correct. The domain is effectively attached but only my computer is rolling back the time, the 100 others are ok.

What the f.... is it ?

xxJackxx · #8 August 3rd, 2010, 10:17 AM

It sounds like that if SUPERAntiSpyware found Trojan.Agent/Gen-FakeAlert(Local) then you are off to a good start on solving the problem.

Godzestla · #9 August 3rd, 2010, 10:23 AM

I hope you are right, despite the object found sounds like a normal 'server team provided one'.

Let's set the time correct, reboot and see.

See you.

Searching_ _ _ · #10 August 3rd, 2010, 10:59 AM

Don't forget to check the BIOS time to see if it changed.

Try surfing with Sandboxie. Might help prevent things in the box changing things outside the box.

Godzestla · #11 August 4th, 2010, 04:12 AM

Hi,

the Trojan was not the cause.

My pc is now rebooted with bad date and time and the time is now rolling back again.

I'll reboot and check the Bios date.

xxJackxx · #12 August 4th, 2010, 10:23 AM

BIOS date won't likely be different. Has the battery been replaced yet?

Also, though it may not matter, what OS are you running?

Searching_ _ _ · #13 August 4th, 2010, 11:35 AM

I have had problems in the past with malware changing the BIOS time.
Whether through windows or actually changing CMOS, I don't know.

Goes like this:
Windows time changes, usually 3 or 4 hours.
Reboot, check BIOS time, no change.
Reset time in Windows to correct the time, reboot.
Time is changed by 1 hour, what happened, I corrected it already.
Reboot, check BIOS time, It's now 3-4 hours different.

Maybe it's a trick to get you to reboot so it can be installed deeper.

Malware was changing the time in the BIOS.
I fixed using UBCD and the WipeCMOS tool.
Since I use Sandboxie religiously, no more time changes, go figure.

It doesn't hurt to check/replace the battery either.

Godzestla · #14 August 5th, 2010, 04:50 AM

Hi,

i've replaced the battery, synchronized BIOS date_time and windows one and now it seems to be correct and permanent.

Very strange this rolling back date_time phenomenon when the machine run. I'm not able to understand the link with the battery, but i have to accept that there is a link.

Computers ! Not to understand.

For info, my OS is XP 32 Bits SP3.

Thanks to all of you for your help.

Regards.

G@dz

lotuseclat79 · #15 August 5th, 2010, 08:47 AM

Why not install and run an NTP time server (there should be one at your place of work as you mention that this is a professional machine), or at home is doing consulting work.

The NTP time server will automatically keep correct time for your location based on its correct configuration.

-- Tom

xxJackxx · #16 August 6th, 2010, 10:27 AM

The domain he is on would likely override any NTP settings he would have so it would be pretty pointless to bother with. Great to hear it is fixed!

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search