1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XP keeps rebooting, afd.sys doesn't load

Discussion in 'Windows XP' started by blackhead, Jul 22, 2010.

  1. blackhead

    blackhead Flightless Bird

    Hi there everyone.

    Last night I was logged into a site called typeracer.com where people
    type against one another in a typing competition. In the past, I have
    never had any problems doing this, but the computer suddenly reset
    itself and sine then, I have been unable to get the computer to boot
    up normally, where instead it keeps resetting itself.

    I have found the following:

    1. I tried a system restore to the previous day, but that hasn't
    worked

    2. I can boot up in safe mode, but not in safe mode with network
    support where it again resets itself

    3. Booting up with a bootlogfile shows that quite a few drivers fail
    to load, with afd.sys continually failing to load with perhaps over
    100 instrances of it trying to be loaded but failing.

    Thanks everyone!
     
  2. Alias

    Alias Flightless Bird

    On 7/22/2010 3:27 PM, blackhead wrote:
    > Hi there everyone.
    >
    > Last night I was logged into a site called typeracer.com where people
    > type against one another in a typing competition. In the past, I have
    > never had any problems doing this, but the computer suddenly reset
    > itself and sine then, I have been unable to get the computer to boot
    > up normally, where instead it keeps resetting itself.
    >
    > I have found the following:
    >
    > 1. I tried a system restore to the previous day, but that hasn't
    > worked
    >
    > 2. I can boot up in safe mode, but not in safe mode with network
    > support where it again resets itself
    >
    > 3. Booting up with a bootlogfile shows that quite a few drivers fail
    > to load, with afd.sys continually failing to load with perhaps over
    > 100 instrances of it trying to be loaded but failing.
    >
    > Thanks everyone!


    Go into Safe Mode again and configure it to stop rebooting by right
    clicking on My Computer/Properties/Advanced/Start up and
    recovery/Settings and untick (uncheck) where it says Automatically
    restart. Then, the next time it reboots, you will be able to read the
    Blue Screen and have a code you can Google to find out what the problem is.

    --
    Alias
     
  3. Paul

    Paul Flightless Bird

    blackhead wrote:
    > Hi there everyone.
    >
    > Last night I was logged into a site called typeracer.com where people
    > type against one another in a typing competition. In the past, I have
    > never had any problems doing this, but the computer suddenly reset
    > itself and sine then, I have been unable to get the computer to boot
    > up normally, where instead it keeps resetting itself.
    >
    > I have found the following:
    >
    > 1. I tried a system restore to the previous day, but that hasn't
    > worked
    >
    > 2. I can boot up in safe mode, but not in safe mode with network
    > support where it again resets itself
    >
    > 3. Booting up with a bootlogfile shows that quite a few drivers fail
    > to load, with afd.sys continually failing to load with perhaps over
    > 100 instrances of it trying to be loaded but failing.
    >
    > Thanks everyone!


    If the file is there, and you have a means at your disposal to get
    at it, upload the file to virustotal.com . Virustotal can scan individual
    files (with some size limits, so you can't pump a whole DVD up to it).
    (In your current circumstances, I'd use my Ubuntu CD, as it has
    a web browser, and I could upload afd.sys to virustotal that way.)

    I think this is the last time that file was patched.

    http://support.microsoft.com/kb/956803

    When that update was installed, it keeps a copy of the older file
    in the uninstall folder. That is how I figured out 956803 was the
    last one to patch it.

    C:/WINDOWS\$NtUninstallKB956803$

    Your problem sure smells like malware... It'll be interesting to
    see, if any antimalware software will fail to run, as long as
    Windows is running. Since you can't run networking, it is going to
    be pretty hard to do that anyway (no ability to get virus
    definitions updated).

    If you want an offline scan, Kaspersky has a CD you can download.
    You boot the computer with this. It is Gentoo Linux with an AV
    scanner included as part of the file set. It needs a network
    connection to get definitions. As long as your Internet modem/router
    supports DHCP and automatic connections, you can use something
    like this for a scan. I don't know if this package is clever
    enough to do dialup networking all on its own or not. It
    doesn't have any trouble using my ADSL setup, since that
    supports DHCP OK, and I make sure the ADSL is running,
    before booting the CD.

    http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk10/

    Fortunately, that one is only 1/3rd of a full CD, and not
    quite as bad as some of the other LiveCD packages. Some
    of those are a 700MB download.

    I find it hard to believe, that all your symptoms are
    caused by one file being corrupted. Malware likes to
    damage the System Restore contents, so you can't rely
    on System Restore to put back a good set of files.

    Paul
     
  4. MowGreen

    MowGreen Flightless Bird

    blackhead wrote:
    > Hi there everyone.
    >
    > Last night I was logged into a site called typeracer.com where people
    > type against one another in a typing competition. In the past, I have
    > never had any problems doing this, but the computer suddenly reset
    > itself and sine then, I have been unable to get the computer to boot
    > up normally, where instead it keeps resetting itself.
    >
    > I have found the following:
    >
    > 1. I tried a system restore to the previous day, but that hasn't
    > worked
    >
    > 2. I can boot up in safe mode, but not in safe mode with network
    > support where it again resets itself
    >
    > 3. Booting up with a bootlogfile shows that quite a few drivers fail
    > to load, with afd.sys continually failing to load with perhaps over
    > 100 instrances of it trying to be loaded but failing.
    >
    > Thanks everyone!



    Is a 3rd party firewall (ex: Zone Alarm) installed ?
    What is the installed antivirus/security suite; did you recently replace
    the installed AV with another one ?

    Afd.sys is the Windows Ancillary Function drive for TCP/IP and it may be
    failing to load because of either a conflict with another driver, the
    Hard Drive is failing, malware, or the OS is corrupted.

    Try configuring the system to Clean boot in order to rule out 3rd party
    drivers as the cause:

    How to configure Windows XP to start in a "clean boot" state
    http://support.microsoft.com/kb/310353



    MowGreen
    ================
    *-343-* FDNY
    Never Forgotten
    ================

    banthecheck.com
    "Security updates should *never* have *non-security content* prechecked
     
  5. PA Bear [MS MVP]

    PA Bear [MS MVP] Flightless Bird

    To see the STOP error, you'll need to change the way Windows reacts to a
    BSOD.

    1. Reboot into Safe Mode:
    http://www.bleepingcomputer.com/tutorials/tutorial61.html

    2. Right-click on My Computer (on your desktop) | Properties | Advanced |
    Startup and recovery | Settings | System Failure | Make sure the first 2
    options here are checked but that "Automatically restart" is NOT checked |
    OK your way out and reboot into normal (Windows) mode.

    3. Post the STOP error on the BSOD; cf.
    http://www.google.com/search?hl=en&...afd.sys+BSOD&aq=f&aqi=g-e4g6&aql=&oq=&gs_rfai

    Alternately, look for the STOP error in Start | Settings | Control Panel |
    Administrative Tools | Event Viewer | System.

    Depending on its location, you might have a Trojan infection (e.g.,
    Backdoor.Tidserv.I!inf) on your hands.

    blackhead wrote:
    > Hi there everyone.
    >
    > Last night I was logged into a site called typeracer.com where people
    > type against one another in a typing competition. In the past, I have
    > never had any problems doing this, but the computer suddenly reset
    > itself and sine then, I have been unable to get the computer to boot
    > up normally, where instead it keeps resetting itself.
    >
    > I have found the following:
    >
    > 1. I tried a system restore to the previous day, but that hasn't
    > worked
    >
    > 2. I can boot up in safe mode, but not in safe mode with network
    > support where it again resets itself
    >
    > 3. Booting up with a bootlogfile shows that quite a few drivers fail
    > to load, with afd.sys continually failing to load with perhaps over
    > 100 instrances of it trying to be loaded but failing.
    >
    > Thanks everyone!
     
  6. blackhead

    blackhead Flightless Bird

    On 22 July, 14:27, blackhead <larryhar...@softhome.net> wrote:
    > Hi there everyone.
    >
    > Last night I was logged into a site called typeracer.com where people
    > type against one another in a typing competition. In the past, I have
    > never had any problems doing this, but the computer suddenly reset
    > itself and sine then, I have been unable to get the computer to boot
    > up normally, where instead it keeps resetting itself.
    >
    > I have found the following:
    >
    > 1. I tried a system restore to the previous day, but that hasn't
    > worked
    >
    > 2. I can boot up in safe mode, but not in safe mode with network
    > support where it again resets itself
    >
    > 3. Booting up with a bootlogfile shows that quite a few drivers fail
    > to load, with afd.sys continually failing to load with perhaps over
    > 100 instrances of it trying to be loaded but failing.
    >
    > Thanks everyone!


    Thanks to everyone that replied.

    The stop code was a 0x7f.

    I ran the microsoft malicious software removal tool and it found
    afd.sys was infected with the alureon.h virus.

    So after partially removing it, I'm back on the web, and doing some
    more research into this virus.

    Regards,

    Larry
     
  7. Paul

    Paul Flightless Bird

    blackhead wrote:
    > On 22 July, 14:27, blackhead <larryhar...@softhome.net> wrote:
    >> Hi there everyone.
    >>
    >> Last night I was logged into a site called typeracer.com where people
    >> type against one another in a typing competition. In the past, I have
    >> never had any problems doing this, but the computer suddenly reset
    >> itself and sine then, I have been unable to get the computer to boot
    >> up normally, where instead it keeps resetting itself.
    >>
    >> I have found the following:
    >>
    >> 1. I tried a system restore to the previous day, but that hasn't
    >> worked
    >>
    >> 2. I can boot up in safe mode, but not in safe mode with network
    >> support where it again resets itself
    >>
    >> 3. Booting up with a bootlogfile shows that quite a few drivers fail
    >> to load, with afd.sys continually failing to load with perhaps over
    >> 100 instrances of it trying to be loaded but failing.
    >>
    >> Thanks everyone!

    >
    > Thanks to everyone that replied.
    >
    > The stop code was a 0x7f.
    >
    > I ran the microsoft malicious software removal tool and it found
    > afd.sys was infected with the alureon.h virus.
    >
    > So after partially removing it, I'm back on the web, and doing some
    > more research into this virus.
    >
    > Regards,
    >
    > Larry


    There've been a few of those reported. Alureon is a root kit, which has
    the ability to hide itself. It made itself famous, when a certain Microsoft
    update, conflicted with it's behind-the-scenes activities.

    It modifies system files, as part of hiding itself.

    It hides some of its files, up near the end of your disk drive. In such a
    way, that only it can see them. That is how it can reinfect, after
    some malware tools attempt to remove it.

    It also goes by the name TDSS.

    Good luck getting rid of it.

    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Alureon

    "The top ten most commonly-targeted driver files are the following:

    atapi.sys
    iastor.sys
    iastorv.sys
    idechndr.sys
    nvata.sys
    nvatabus.sys
    nvgts.sys
    nvstor.sys
    nvstor32.sys
    sisraid.sys"

    As I understand it, it targets files like that, to help hide itself. Those
    are storage interface drivers.

    One purpose of the malware, is to redirect your computer to sites
    that generate advertising revenue for it. It doesn't really want to
    crash your computer, but wants to make you go to sites of its choosing.

    Paul
     

Share This Page