Strange Hang

Greetings all....during the course of the day i often will reboot a few times as i shutdown me system when it is not in use. This works fine but when i boot in the morning after many hours of inactivity the system will often hang so i end up booting a second time and then all is well. This is strange.....what might be causing the problem

 

Have u checked for Virus and Spyware?

 

Yes....found nothing

 

Rainwalker;

Your system hangs when something is failing to communicate properly with something else. It could be device to device, device to driver, software to software, or your computer with another computer.

I suspect that since it happens daily, that it is a scheduled task. Check your "Scheduled Tasks" Control Panel. Then check your Event Viewer and look at the System, Security, and Application logs. Check for anomalies in the logs. Also check whatever other logs that you have that I do not know about.

Check the Device Manager for any failed devices. Make sure that you select "Show hidden devices" in the View menu. Look for icons that have yellow exclamation points, or red X's.

Use Microsoft BootVis as an analysis tool only. It will give you statistical information that you can use to analyze your boot up. Use it for analysis only.

Finally, if all of this does not work to locate the problem, you can put these two programs in the startup; Process Explorer and Port Explorer. Use Process Explorer to view all of the processes that are running at startup. Use Port Explorer to view what your system is trying to communicate with on the network, and what processes have initiated the communication. Process Explorer is free, Port Explorer is $30.

Close Hauled

 

Thanks Close Hauled ( i too would rather be sailing )
Nothing in Schduled Task...cked log there and found error to be 0x80070057
Found some info at MS .....not sure if i want to download possible fix or not. Still working on this. BTW..i have custom set the page file (some time ago) 1500 for both...i have 512 ram....this might also be the problem....i think

 

Rainwalker;

Please post the errors from the event log. I would like to see them.

Close Hauled

 

There are more of the same: The 1:30:14 @ 7/25/2004 is when i last booted.

"Task Scheduler Service" 7/25/2004 10:08:28 AM ** Error **
A failure occurred during service initialization.
The specific error is:
0x80070057: The parameter is incorrect.
"Task Scheduler Service"
Exited at 7/25/2004 10:08:28 AM
"Task Scheduler Service"
Started at 7/25/2004 1:30:12 PM
"Task Scheduler Service" 7/25/2004 1:30:14 PM ** Error **
A failure occurred during service initialization.
The specific error is:
0x80070057: The parameter is incorrect.
"Task Scheduler Service"
Exited at 7/25/2004 1:30:14 PM
[ ***** Most recent entry is above this line ***** ]


"Task Scheduler Service"
Exited at 7/11/2004 1:50:01 PM
"Task Scheduler Service"
Started at 7/11/2004 3:10:55 PM

 

Check this out:
http://support.microsoft.com/default.aspx?scid=kb;en-us;223375

Close Hauled

 

After reviewing this myself, I'd say that you need to go back to the "Scheduled Tasks" control panel. Also, please go to the DOS prompt and type AT and press Enter. This will list any scheduled tasks.

Also, search your hard drive for any .JOB files.

Close Hauled

 

I have done as you asked and i find no "Scheduled Tasks" at all. I have never used this tool.

 

How about the file search for .JOB files? Did you do that?

 

Well boys, it seems as though this is getting interesting. When i go to and attempt to add a new Schduled Task, system hangs and when i close the window i loose all the icons on me task bar...after a bit some return but not all. I have tried this a few times w/same result. I looked at Device Manager and found a yellow flag at Ak driver this is Antiak...sooooooooo i do a search for antiak driver @google and find a link to www.rootkit.com........i click on link and BANG tray icons go by-by...i reboot and search w/another engine and it seems there is a rootkit by that name now, according to Divice Manager this thing is turned 'OFF" so i tried to turn it on to see what would happen ( bad childhood habit ) and a dialog box came up informing me it could not turn it on.......ok.....i'm stuck

 

Fixed link.

 

Rainwalker;

I did a whois on rootkit.com and here is what I got:

The owner of that site co-wrote this book:

Exploiting Software (Amazon.com)

I would call this guy and ask him what he may know about it.

I would also post on this in "trojans and backdoors" forum as well.

Close Hauled

 

Thanks Close Hauled......i'll look into it in a day or two....and report back
Interesting that the only info i was able to find on Antiak was at his site.

 

Rianwalker;

I do not know why I did not think of this before. Submit the offending file (I believe that it might be "antiak.sys") to VirusTotal. You might find something there.

I PM'd you on this too. Did you send the file to DiamandCS like Jooske recommended?

Close Hauled

 

Not sure how to send it...do i l.click and 'Send to mail recipient"....where at DiamandCS ? Yes, it is antiak.sys

 

Here,

submit@diamondcs.com.au


snowbound

 

Thanks....found it a second after i asked
........i submitted to both locations.

 

Just got this. Well......i think it is an off the wall trojan.

Virus Total
_______________________________________________

Scan results
File: antiak.sys
Date: 07/27/2004 03:17:21
----
BitDefender 7.0/20040726 found nothing
ClamWin devel-20040719/20040726 found nothing
eTrustAV-Inoc 4641/20040726 found nothing
F-Prot 3.15/20040726 found nothing
Kaspersky 4.0.2.23/20040727 found nothing
McAfee 4381/20040726 found nothing
NOD32v2 1.823/20040726 found nothing
Norman 5.70.10/20040727 found nothing
Panda 7.02.00/20040726 found nothing
Sybari 7.5.1314/20040727 found nothing
Symantec 8.0/20040726 found nothing
TrendMicro 7.000/20040726 found nothing

 

@ Close Hauled..you have been a great help...you picked up the trail early and also thanks for the VirusTotal site...a handy thing to know.

 

Same here. What does it say about the file when you right click on it and bring up it's properties (Version, Summary, etc.)?

Close Hauled

 

Size 7.56 kb
on disk 8 kb
created jan-2004
modified may-2003
open with..there is an binocular icon
Advanced ....file is ready for archiving

that is more or less it. I have it disabled in Device Manager...not sure if that matters. Also DM has told me all along that it is "Stopped". Have not wanted to delete it in DM, as it may jump to another location.

Location: Device Manager > non-plug and play drivers > AK Driver

 

signing off for now. Have a good night..will get back tomorrow....got to see what's happen in Bean Town