My PC date Time rolls back

Hi,

this is my first post here so my apologies if it's not the correct way.
Since 1 week, my PC date_time goes back. When i boot my machine, the time and hour displaied is the dat_time of last machine stop. I reset that manually and suddenly during my work, the time (and date) goes back some around 15 or 30 minutes.

This is a professional machine so i'm not allowed to install whatever i'd like to check and clean.

I'm using (mandatory) Symantec Endpoint protection 11 (Virus and Firewall).
The full scan has not found any malicious process, unfortunately.

I've tried malwareBytes that had helped me in the past, but nothing is also found.

I've noticed in my active process that WMIPRVSE.EXE is running twice, what i never saw before. My queries on the web explained that WMIPRVSE.EXE should be located in \system32\wbem, and that's the case. (so no a infected version in \system32 directly).

I've use Sybot S&D to checkout all the startup processes (procs and services) and i have desactivated all the unnecessary ones.

No improvement.

I really loose my nerves on that and don't know what i can use to try to find this malicious process.

Could someone give me some tips to fight this problem ?

Thanks in advance.

Godzestla.

 

Sounds "tasty" Pete!

 

CMOS battery is a good start. Also make sure you are set for the correct time zone. If neither of those is an issue, are you on a domain? Maybe it is syncing with a domain controller that has the wrong time, or is possibly in another time zone. Just throwing out some possibilities.

 

Hi Peter2150,

Thanks for the reply.
This is planned to be done, but i don't think the battery 'low' issue could explain that since my today's boot , time rolls back and back and back. The delay between the current time and the computer one is now 4 hours, compared to zero last time i boot and reset the difference. (around 4 hours ago).
This brings such a chaos in the event viewer than i cannot find what is actual or not.
But despite that and the obvious ennoying impact , this sounds a bit funny.

I'm actually running the Windows XP Cleaning Procedure (MajorGeeks) linked from this site and so far a Trojan.Agent/Gen-FakeAlert(Local) has been detected by SuperAntiSpyware (still scanning).

Life sucks.

 

XXjackXX,

the time zone is correct. The domain is effectively attached but only my computer is rolling back the time, the 100 others are ok.

What the f.... is it ?

 

It sounds like that if SUPERAntiSpyware found Trojan.Agent/Gen-FakeAlert(Local) then you are off to a good start on solving the problem.

 

I hope you are right, despite the object found sounds like a normal 'server team provided one'.

Let's set the time correct, reboot and see.

See you.

 

Don't forget to check the BIOS time to see if it changed.

Try surfing with Sandboxie. Might help prevent things in the box changing things outside the box.

 

Hi,

the Trojan was not the cause.

My pc is now rebooted with bad date and time and the time is now rolling back again.

I'll reboot and check the Bios date.

 

BIOS date won't likely be different. Has the battery been replaced yet?

Also, though it may not matter, what OS are you running?

 

I have had problems in the past with malware changing the BIOS time.
Whether through windows or actually changing CMOS, I don't know.

Goes like this:
Windows time changes, usually 3 or 4 hours.
Reboot, check BIOS time, no change.
Reset time in Windows to correct the time, reboot.
Time is changed by 1 hour, what happened, I corrected it already.
Reboot, check BIOS time, It's now 3-4 hours different.

Maybe it's a trick to get you to reboot so it can be installed deeper.

Malware was changing the time in the BIOS.
I fixed using UBCD and the WipeCMOS tool.
Since I use Sandboxie religiously, no more time changes, go figure.

It doesn't hurt to check/replace the battery either.

 

Hi,

i've replaced the battery, synchronized BIOS date_time and windows one and now it seems to be correct and permanent.

Very strange this rolling back date_time phenomenon when the machine run. I'm not able to understand the link with the battery, but i have to accept that there is a link.

Computers ! Not to understand.

For info, my OS is XP 32 Bits SP3.

Thanks to all of you for your help.

Regards.

G@dz

 

Why not install and run an NTP time server (there should be one at your place of work as you mention that this is a professional machine), or at home is doing consulting work.

The NTP time server will automatically keep correct time for your location based on its correct configuration.

-- Tom

 

The domain he is on would likely override any NTP settings he would have so it would be pretty pointless to bother with. Great to hear it is fixed!