J
Jose
Flightless Bird
On Mar 10, 10:05 am, Eric <E...@discussions.microsoft.com> wrote:
> We've encountered a virus on one of our windows xp professional machines. It
> locks the computer up at random intervals. We've cleaned the computer using
> multiple different anti-viruses which fixes the problem for a time, however
> the virus always comes back within a day. We've used anti-rootkits andfound
> nothing as well.
>
> It also seems to only lock the computer up if it is connected with the
> ethernet cable.
>
> Any suggestions would be greatly appreciated.
You did not say what scanners you re using or what seems to be found
with what you are using.
A lockup may not be caused by malicious software. Malicious software
would rather just be annoying in different ways. If you still have
the problem after running these scans, keep reading and you will be
able to figure it out.
Perform some scans for malicious software, then fix any remaining
issues:
Download, install, update and do a full scan with these free malware
detection programs:
Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/
They can be uninstalled later if desired.
To eliminate questions and guessing, please provide additional
information about your system.
Click Start, Run and in the box enter:
msinfo32
Click OK, and when the System Summary info appears, click Edit, Select
All, Copy and then paste the information back here.
There will be some personal information (like System Name and User
Name), and whatever appears to be private information to you, just
delete it from the pasted information.
Generate a crash dump on a system that is hanging (when it is broken),
then analyze the crash dump
If your system stops responding, hangs or freezes and you can't figure
out why, you can force a BSOD which will create a crash dump file that
you can analyze and see what is running at the point of the freeze and
get some ideas that do not involve guesswork.
While it may seem odd to think about purposefully causing a Blue
Screen Of Death (BSOD), Microsoft includes such a provision in Windows
XP. The feature is built in to XP specifically to diagnose the problem
when a system stops responding and there is no trail in any of the
Event Logs, etc. about what might have happened.
Here's how to force your system to create a BSOD:
Before making registry changes, backup your registry with this popular
free and easy to use tool:
http://www.larshederer.homepage.t-online.de/erunt/
For PS/2 keyboards, launch the Registry Editor (Regedit.exe) and
navigate to:
HKLM\System\CurrentControlSet\Services\i8042prt\Parameters
For USB keyboards (this USB requirement is a rumor to me so far):
HKLM\System\CurrentControlSet\Services\kbdhid\Parameters
Click Edit, select New DWORD Value and name the new value
CrashOnCtrlScroll.
Double-click the CrashOnCtrlScroll DWORD Value, type 1 in the Value
Data text box, and click OK.
Close the Registry Editor and restart Windows XP.
When you want to cause a BSOD (when your system has stopped
responding), press and hold down the [Ctrl] key on the right side of
your keyboard, and then tap the [ScrollLock] key twice. Now you should
see the BSOD and you will have a crash dump file to analyze.
If your system reboots instead of displaying the BSOD, you'll have to
disable the Automatically Restart setting in the System Properties
dialog box. To do so, follow these steps:
Press [Windows]-Break.
Select the Advanced tab.
Click the Settings button in the Startup And Recovery panel.
Clear the Automatically Restart check box in the System Failure
panel.
Click OK twice.
You can read about the feature here:
http://msdn.microsoft.com/en-us/library/cc266483.aspx
Now when your system locks up, force a BSOD and analyze the crash dump
for clues. You can usually narrow it down with certainty in literally
just a few minutes once you are set up to analyze the dump files. It
takes longer to get setup to analyze than it does to analyze!. If you
don't want to learn how to do that, some helpful person will be happy
to analyze your crash dump for you.
There is no harm in leaving the feature enabled - you can leave it
enabled all the time with no performance hit, but if you are compelled
to remove it:
Launch the Registry Editor (Regedit.exe) and navigate to:
HKLM\System\CurrentControlSet\Services\i8042prt\Parameters
Select the CrashOnCtrlScroll value, click the Edit menu, and select
the Delete command.
Close the Registry Editor and restart Windows XP.
> We've encountered a virus on one of our windows xp professional machines. It
> locks the computer up at random intervals. We've cleaned the computer using
> multiple different anti-viruses which fixes the problem for a time, however
> the virus always comes back within a day. We've used anti-rootkits andfound
> nothing as well.
>
> It also seems to only lock the computer up if it is connected with the
> ethernet cable.
>
> Any suggestions would be greatly appreciated.
You did not say what scanners you re using or what seems to be found
with what you are using.
A lockup may not be caused by malicious software. Malicious software
would rather just be annoying in different ways. If you still have
the problem after running these scans, keep reading and you will be
able to figure it out.
Perform some scans for malicious software, then fix any remaining
issues:
Download, install, update and do a full scan with these free malware
detection programs:
Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/
They can be uninstalled later if desired.
To eliminate questions and guessing, please provide additional
information about your system.
Click Start, Run and in the box enter:
msinfo32
Click OK, and when the System Summary info appears, click Edit, Select
All, Copy and then paste the information back here.
There will be some personal information (like System Name and User
Name), and whatever appears to be private information to you, just
delete it from the pasted information.
Generate a crash dump on a system that is hanging (when it is broken),
then analyze the crash dump
If your system stops responding, hangs or freezes and you can't figure
out why, you can force a BSOD which will create a crash dump file that
you can analyze and see what is running at the point of the freeze and
get some ideas that do not involve guesswork.
While it may seem odd to think about purposefully causing a Blue
Screen Of Death (BSOD), Microsoft includes such a provision in Windows
XP. The feature is built in to XP specifically to diagnose the problem
when a system stops responding and there is no trail in any of the
Event Logs, etc. about what might have happened.
Here's how to force your system to create a BSOD:
Before making registry changes, backup your registry with this popular
free and easy to use tool:
http://www.larshederer.homepage.t-online.de/erunt/
For PS/2 keyboards, launch the Registry Editor (Regedit.exe) and
navigate to:
HKLM\System\CurrentControlSet\Services\i8042prt\Parameters
For USB keyboards (this USB requirement is a rumor to me so far):
HKLM\System\CurrentControlSet\Services\kbdhid\Parameters
Click Edit, select New DWORD Value and name the new value
CrashOnCtrlScroll.
Double-click the CrashOnCtrlScroll DWORD Value, type 1 in the Value
Data text box, and click OK.
Close the Registry Editor and restart Windows XP.
When you want to cause a BSOD (when your system has stopped
responding), press and hold down the [Ctrl] key on the right side of
your keyboard, and then tap the [ScrollLock] key twice. Now you should
see the BSOD and you will have a crash dump file to analyze.
If your system reboots instead of displaying the BSOD, you'll have to
disable the Automatically Restart setting in the System Properties
dialog box. To do so, follow these steps:
Press [Windows]-Break.
Select the Advanced tab.
Click the Settings button in the Startup And Recovery panel.
Clear the Automatically Restart check box in the System Failure
panel.
Click OK twice.
You can read about the feature here:
http://msdn.microsoft.com/en-us/library/cc266483.aspx
Now when your system locks up, force a BSOD and analyze the crash dump
for clues. You can usually narrow it down with certainty in literally
just a few minutes once you are set up to analyze the dump files. It
takes longer to get setup to analyze than it does to analyze!. If you
don't want to learn how to do that, some helpful person will be happy
to analyze your crash dump for you.
There is no harm in leaving the feature enabled - you can leave it
enabled all the time with no performance hit, but if you are compelled
to remove it:
Launch the Registry Editor (Regedit.exe) and navigate to:
HKLM\System\CurrentControlSet\Services\i8042prt\Parameters
Select the CrashOnCtrlScroll value, click the Edit menu, and select
the Delete command.
Close the Registry Editor and restart Windows XP.
XPzj0LwKHA.5036@TK2MSFTNGP02.phx.gbl...