Looks like a MAJOR PROBLEM...SOS!!

One of my friends is using WinXP Pro, Bitdefender Std, MSAS & SPybot.
Of late, the computer has been malfunctioning.

1)There are instances of LSASS.exe exploit that forces it to shut down.
2)Network Configuration Wizard has stopped functioning.
3)User "Administrator" got corrupted too.
4)BD detected no virus bodies.
5)MSAS says its clean too.

What could be the possible problem? Please suggest solutions to the same.

Your response will be highly appreciated,

Warm Regards

Abhishek

 

Even SYSTEM RESTORE is not functioning now!!!!!

 

For the shutdown problem: Click "Start" > "Run" type "shutdown -a" click ok, this should take care of the shutdown problems. System Restore should be disabled anyway until you are clean, so don't about that, you should about some of the other things happening.

Now go online and scan (shutdown BD while doing this) with couple the free services like:

http://housecall.trendmicro.com/

http://www.pandasoftware.com/activescan/

See if it picks up anything and post back.

 

Well....the culprit has shut down my LAN connection and I am unable to access the internet.
What else should I do?
Why is system restore not functioning?

Abhishek

 

Well, I will try to download that tomorrow and will get back to you.
Thanks

Abhishek

 

Try a repair of Windows:

Another possiblilty is:

 

If you find Windows system files affected, you can place your Windows CD in the drive, click start> run type in CMD, when the black window opens type in "sfc /scannow" SFC (System File Checker, a part of Windows File Protection) will replace any changed/damaged system files with a clean copy. SFC may not solve every problem, but it's a good start that anyone can do.

Hope this helps...

Let us know how you go.

Cheers

 

Honest to IT and users of IT. Back your important files on to floppy (CD, DVD anything really). Have an archive of information. It sounds really stupid, but issues like you and many more out there are mostly in the same boat, only the finer details are different.
DO NOT have too many defence (adaware, spyware, anti-virus,.. ect) software on your pc. They will conflict with each other. In other words, try to keep your pc set-up as simple as possible. Then add the necessary software extra like office, games.... ect.
Cos your last resort back-up plan is wipe your hard drive (or replace with new hard drive) and re-install OS.
By reading your issues, this is the best recommendation I can offer. If trully you want to solve the issue for future purposes, re-install the set-up you had previous breaking down the stages of each programm software installing and see when your PC "*****" itself and you have your answer. But if you do this, do not keep important information on there without a copy else where that is not connected to your PC.
Keep It Short Simple And Stupid Silly (KISSASS) .... this is not offending anyone but a moto I do myself. I own and run and internet cafe and when you have multiple users coming in to use your PC's you can not run around pointing fingers at people. Some might do something without intention.
Atleast I have a final resort to fall back on to (if all the hardware is perfectly fine). Start fresh and learn from your mistakes. I'm still learning, life is one big learning experience.

 

Gross, what a username to see appearing here...

Seems like a virus infection to me, could be Blaster or some other virus. The Microsoft Malicious Removal Tool could help.

 

Tried the Windows Malicious Software Removal Tool. No Infections at all. Even Bitdefender Std 8 says that the PC is clean.

 

If my pc misbehaved like that I would just do a clean format and reinstall windows . ( Start a fresh with a clean system). I would also be frugal and thoughtful with what I load up regarding software , as mentioned in a earlier post. . So often the more security we load up the more conflict can occur.

 

Solved the problem, finally. Avast Pro said that it detected Nimda worm, but it was unable to take any action on it.
Ran BD free, it detected NOTHING.
Then I tried the free Avast Cleaner and it dutifully removed the infection.

I am surprised that the MS Malicious Software Removal Tool, BD, and Avast Pro failed to remove a common worm like Nimda.

Any Comments?

Best Regards,
Abhishek

 

Yes.

The MS Tool is crap, and a bad MS joke.

Very, very limited possibilities, and can not do what it is promising.

 

Fine MS is crappy, but what about BD and Avast?
And Avast Pro was helpless and the Avast Cleaner cleaned the worm!!!!
Isnt that queer?

 

Avast Pro (even Home) has the avast Virus Cleaner built in. It is offered to the user whenever a virus covered by the cleaner is detected in memory, or by the on-access scanner.

How did you do the scan with avast Pro?

Thanks
Vlk

 

I have Avast Pro too, so I ran the scan. But it couldnt clean Nimda..it detected it though.
So I ran Avast Cleaner which is bundled with the Pro version and it cleaned the nasty.
How could Avast pro and BD free miss something like Nimda? BD even failed to detect it. My definitions were all updated.

 

What do mean you by "missed"? Are you suggesting that the infection happened after installing the AV's? That is, that the AV's were installed on the machine when the infection took place?

Thanks Vlk

 

Well I had Avast and BD free installed, Avast detected Nimda, but was unable to clean it or delete it. Then I ran BD, it didnt even detect the worm.
Then Avast Cleaner did the trick!

Abhishek

 

Well, the problem is re-occuring now. Avast detects Nimda..but is unable to do anything...Avast Cleaner then cleans it.
Then the virus reappears...and so on...

Meanwhile BD free doesnt even detect it!!!

What should I do.? The worm is reappearing all the time after cleaning!

Abhishek

 

1. Reappering in which file, exactly?
2. Does the avast virus cleaner find Nimda in memory? Or only in a file?
3. Is the computer in a LAN? Does it have any open shares?
(the "net share" command will display the list of shares)

Thanks
Vlk

 

Nimda appears in C:/Documents & Settings/All users/Documents/Playlists.
The folder "Documents" doesnt exist in All Users when I browse All Users.

No trace is detected in memory.

The PC is on lan with no open shares

 

Are you set to view hidden folders? Is it a transient location? What do you see in terms of running processes (use Process Explorer).

Blue

 

It is a transient location. Memory is clean. No malicious running processes.

 

Any Comments?