System Hangs, hard drive reels, virus? NOT!! I LOVE NOD32...but HELP!!

Discussion in 'other security issues & news' started by zarathustra1900, Aug 16, 2005.

Thread Status:
Not open for further replies.
  1. zarathustra1900
    Offline

    zarathustra1900 Registered Member

    Hello:

    Hopefully I can add some incredibly useful information for someone out there, and moreso, request some serious help from all of you.

    Excuse if this does not *precisely* belong within Wilders, however, I have been up 4 days and nights on this and as a constant lurker wanted to contribute SOMETHING.

    In brief, hard drive reels, constantly running on application usage of various sorts. Thought I had virus

    I own a Toshiba, XP Pro, (NTFS), P4. Opera, ALL Diamond CS products, RegGuard, Cyberscrub, ran Kaspersky as my AV religiously, but am a serious convert to NOD32. Outstanding software. My point is I am well protected, do not particulary visit high risk sites, but one never knows...

    downloaded and ran Ewido and others...all of reasonable repute. Nothing ever found and convinced I did not have a virus or Trojan. Occurs in several processes.

    Toshiba has rep for overheating. Been doing some serious overclocking and thought it was overheating.

    Cleaned up registry, HD checked in every possible way that can be done within computer ... downloaded sofware for reducing CPU temp, checking temp, etc.

    ...I am in Europe, local phone is not free, 56k at best modem connect..yes, I am tired and not a happy camper.

    At any rate,

    NOD32 has a handy little view of all files read in real time scanning.

    I see strings of files blip which occur EXACTLY at the same time as my hard drive hangs.


    a long string: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...."



    ANSWER: A search of files brought up a few recent wipes. Only a couple. "RECYCLER" had several MB of old files as well. Now removed in the normal system process of Recycle bin/recycler remove process.

    Get this. The M@#$ F@#$#@ Wipe program "Cyberscrub" which I had used for ages was NOT completely deleting some files.

    I have been aware sometimes it would not be able to delete files even after reboot. When wiped or half wiped, the file changes with no extension to a VERY long string of letters as above. I would simply select ignore and continue and as they were "scrambled" and unreadable, deleted normally most of time...BUT the app has ascrewed up recently leaving files in this way.


    Having installed and uninstalled, RESTORED system settings, ETC ETC!!http://www.wilderssecurity.com/newthread.php?do=newthread&f=44#

    ...the culprit, therefore, has been previously erased programs and files, renamed this very long string, under the same directory and name (as they were reinstalled) and the machine is still going to these files in between the new proper files and hanging.


    I have wiped system folders, backups, windows apps, as much as I can wihtout causing system errors to clean up XP and system.

    Most of these files, and all system files I erased are regenerated. The system is going over these long string semi-wiped file strings before reaching the new corrected ones and hanging. Creeping along half-wiped file, real file, half wiped file, real file. Slow as hell.



    SOLUTION:

    Please help, I am fried at this point. I don't know.

    Upon using Search, ALL of the system folders (yes hidden as well) I cannot locate. Even delete them to recycle bin would be fine and through RECYCLER. I do not have to wipe them.


    But they remain, somehow, suspended in some place which I do not know how to reach.http://www.wilderssecurity.com/newthread.php?
    do=newthread&f=44#


    I should not say exaclty that as NOD32 sees them during routine active scanning, and they will, oddly, briefly pop up I notice on the search page when I open another program or previosly erased file for a second.



    I goto the file location shown which actually I could view briefy while accesing another program file with similar problem that I COULD find using the Windoze search feature, and cannot find the file "aaaaaaaaaaaaaaaaaaaaaaaaaaaa..." etc.





    #1Does anyone know where I can access these files? DOS, Safe Mode, I don't know. I am exhausted at this point. Is there something involved related to NTFS as to why I cannot locate these files on the C:\ ?

    #2 Where would they be exaclty? Hidden file "RECYCLER" does not show them.


    Thank you very much in advance for any help.

    Apologies for length. Hopefully this may help another perplexed by same problem.

    HJ
  2. Blackspear
    Offline

    Blackspear Global Moderator

    Hi zarathustra1900, welcome to Wilders.

    You will need to download and run “Hijack This” found here and post your log at one of the HijackThis Specialist Forums, the two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

    Once your system is clean I would suggest that you take a look here: Why did I get infected in the first place? Also, for further information on security and how to make your system that much stronger, see here, as well there are discussions here and even more here.

    Hope this helps...

    Let us know how you go.

    Cheers :D
  3. Wherethebeef
    Offline

    Wherethebeef Guest

    HJ

    if understanding your post correctly YOU SAID THAT YOU ARE NOT INFECTED......but that your system is jammed with previously wiped files....is that correct?

    You can try installing CRAPCLEANER an see what it locates and removes..

    http://www.ccleaner.com/

    would suggest that you turn off system restore so that you don't re-install those bad files again....turn it back on after your system is cleaned.


    if crapcleaner works... afterwards try installing: Eraser

    http://www.heidi.ie/eraser/

    which is free so do not be mis-led by the website...just go to downloads..

    earser may finish FULLY wiping those bad files after crapcleaner removes them....if it can.....

    hopefully this will work. there are other more complicate ways but its to late at night for me to go into that.....

    Good Wishes
  4. zarathustra1900
    Offline

    zarathustra1900 Registered Member

    To begin, thank you both for your replies.

    Let me explain, briefly, I have a program that wipes files. All files change during an erase process normally, these are also scrambled.

    Many files being used by the system require reboot to completely erase, theoretically.

    Many times they don't.

    So, I would click ignore, as they are already scrambled, and delete through recycle bin/RECYCLER(which is of course a hidden file for those who don;t know.)

    NOD32, in short alerted me to the fact that long strings of files ie. "aaaaaaaaaaaaaaaa etc." were being processed casuing system to hang.

    I removed several programs , and reinstalled them. When accessing the same files, they were being "RE-read" hanging on the erased string and then to the proper folder file.

    I cannot access these string files?!

    I have searched everywhere. Well, not everywhere otherwise I would find them.......


    Yes I do have CCLeaner which I downloaded among others as a possible solution, and these are deeper system files I cannot find.

    I have Hijack this and have yet to post log as I did not believe I had a virus, worm, etc.


    I do not have many apps or applications and I keep a tight look on them.


    I ended up repairing through cd. Not what I wanted but I am tired...


    Which leads me to a NEW thing which I am posting separately above found today..

    Anyone heard of "Savvis"??

    Find them in my web firewall log while analyzing connections.....

    Windows updates go through their servers?!

    Please tell me yes.


    Receiving packets from an svchost connection. UDP.

    Process Guard alerts me, and I have really tightened everything down, but in Europe ISPs are open field for crap...and I am concerned.


    THX again very much for help.
  5. zarathustra1900
    Offline

    zarathustra1900 Registered Member

    ......and thanks Blackspear for the links.....
  6. wherethebeef
    Offline

    wherethebeef Guest

    your system seems to be in a real mess after you wiped. as bad as it is maybe you should seriously consider a reformat otherwise you will find yourself stuck with a crippled computer that your security programs may not be fully protecting due to files and dll lost
    There is always a chance that you could recover those wiped files but thats not really the proper way to go. As much time as you are wasting just do a reformat an get it over with..........burn what you can onto a disk if you have a burner..if not get a free one just for this job......don't drive yourself nuts over this....it not worth it....sometimes you just need to start over.......reformat.

    Savvis should not be an issue...its a networker.....svchost can get infected so thats another story.......I doubt that you are infected..instead it appears that you just made some mistakes.......we all do eventually.......

    good luck........I really don't know of anything else to suggest...
  7. Blackspear
    Offline

    Blackspear Global Moderator

    My pleasure.

    Cheers :D
  8. zarathustra1900
    Offline

    zarathustra1900 Registered Member

    Thanks "Where the Beef" (haha, good name.

    Yes, you are right, that is what I did.

    One tends to spend too much time repairing when it is easier sometimes to simply begin anew.

    The 4 concentrated hours of a reformat and reinstall are less effort and time spent figuring out a solution that may or may not work.

    Word to the wise, be cautious with wipe software. Not the simple cleaners, but the serious "hardware recovery" erasing software.

    Some files cannot be erased, and system must be restarted to access them as program must gain control before OS.

    If you just let it go like I did, a scrambled file will remain in neverland casuing said issues.

    Thanks again all for help.
Thread Status:
Not open for further replies.