PDA

View Full Version : Auto Shutdown (Virus Version)


pokerus34
May 27th, 2009, 06:33 PM
Darn...

After I inserted a CD into my PC, It automatically shuts down instantly after I open it.

http://www.leewardcomputerrepair.com/WindowsTips/Viruses/What_You_Should_Know_About_Blaster_Worm_files/system_shutdown.gif ---> It looks exactly like this...

Just change the 00:00:21 into 00:00:00 in my case...

I think this is a Worm Virus... Any suggestions on how to remove it? (Besides Reformatting the PC)???

P.S. - And I can't play my PC game because of that... :(

Zet
May 27th, 2009, 06:42 PM
get an anti-virus program and anti-spyware program


what CD is this?

pokerus34
May 27th, 2009, 06:45 PM
A self-burned CD... I must have put some files that I haven't scanned...

The only problem is, my anti-virus was outdated so it doesn't automatically scan the files...

And as soon as I am installing it, It shuts down... :(

I have no time at all to do any process because of that...

Gerri Shin
May 27th, 2009, 06:55 PM
so It doesn't happen as soon as you insert the disc, but rather after you've initiated the installer?
If it only occurs when you start the installer then you can still scan the disc with you AV software.
In any case I would suggest re-burning the disc after scanning you whole system. (If you don't have an up to date AV you can always download AVG free, that should work fine in the mean time.)

pokerus34
May 27th, 2009, 07:00 PM
Oh, no no! It's not about the Disc! I thrashed the disc because it really had a virus when I did a quick scan in my PC...

It's really about the system. As soon as my Desktop finishes loading, It shows the Auto-Shutdown screen and restarts...

My Desktop loads fast, so it shutdowns fast too... :(

Gerri Shin
May 27th, 2009, 07:07 PM
try booting in Safe mode, then you should be able to do a scan for viruses.

Rukario
May 27th, 2009, 07:07 PM
start your PC in safe mode, update your AV and scan..

Ninja Tree
May 27th, 2009, 07:42 PM
Uhm...
Start > Run > msconfig > Startup
Make sure nothing shady is checked.

pokerus34
May 27th, 2009, 08:11 PM
@Rukario/Gerry Shan --> Yeah, I'll try Safe Mode... That way It won't Auto-Restart... Then Update my Anti Virus and Scan...

@Ninja Tree --> I can't even run "Run!" XD

Thanks Guys...

But any more suggestions in case it doesn't work?

I don't wanna reformat... :)

Ninja Tree
May 27th, 2009, 08:21 PM
Uhm...
Start > Run > msconfig > Startup
Make sure nothing shady is checked.

Then try this before doing that...
Turn on computer > Keep pressing F8 until it says something about safe mode> Proceed to safe mode > Reread my previous post

pokerus34
May 27th, 2009, 08:23 PM
Yeah... I'm about to try that! Thanks! :)

--------------------

I've already tried these:

*Reboot
*Safe Mode
*Safe Mode with Command Prompt
*Restore System to Good Settings

None of them changed anything...

EVEN IN SAFE MODE IT STILL RESTARTS!...

Help? :(

Ayano Katagiri
May 28th, 2009, 08:34 PM
If I remember correctly this is like the blaster worm virus that was going around in '03.
I had to reformat my system then. :(

If you have another computer, try to find something that can remove this worm and copy it onto your infected machine. When you're booting up, make sure you have absolutely no Internet connection at all. I'm not 100% sure (my memory doesn't serve me well) but I think the worm causes the system to become unstable when it detects any Internet connection - dial-up or broadband. So try it like that and do a scan with a AV. Hopefully it works out for you.

Thrace
May 28th, 2009, 09:54 PM
Are you by any chance using XP SP1 (or earlier)? If so you should install SP2 or SP3, I had this problem once and installing SP2 worked for me.

pokerus34
May 28th, 2009, 11:57 PM
@Thrace - That's like saying to reformat my PC. :)

@Ayano - I have my Laptop for now, I just don't have a Lan Cable... Darn :(

Zet
May 29th, 2009, 12:09 AM
@Thrace - That's like saying to reformat my PC. :)

@Ayano - I have my Laptop for now, I just don't have a Lan Cable... Darn :(
you can use the upgrade option instead of making a fresh install. though there is the small chance of losing files

pokerus34
May 29th, 2009, 12:25 AM
Well, If I upgrade it, what about the Virus? It will still be there...

And I can't even upgrade it. Firstly I don't know how, second I can't open my desktop because that's where the virus strikes and last I don't have a CD. :(

Zet
May 29th, 2009, 12:26 AM
the update might fix what ever the exploit the virus does.


Then it looks like you'll need to format

Pazuzu
May 29th, 2009, 03:27 AM
the update might fix what ever the exploit the virus does.


Then it looks like you'll need to format

Bullocks. Hairy ones too.

Sasser and it's variants add themselves to the autostart, which when you iron over windows again will not be lost.

Get a Linux (or Windows) Live CD with a virus scanner, boot from that, and scan your harddisks.

If it finds no viruses, start a registry editor from the Live CD and try removing the viruses entries manually. (Almost every antivirus site has instructions how to do that in the virus information.)

pokerus34
May 29th, 2009, 04:02 AM
Yeah... Im about to reformat my PC right now. Well, I have XP, what CD should I use?

... Live CD... I think I have One... XD

beauty. proletariat
May 29th, 2009, 05:57 AM
Things to use:

Avast.
(does a system scan before booting up after restart)

Install SP3.

Try the blaster worm fix on microsofts website.

Counterfeit
May 29th, 2009, 07:23 AM
As soon as my Desktop finishes loading, It shows the Auto-Shutdown screen and restarts...From what I can tell you still have time before the computer shuts down. (21 seconds in the screenshot)

What you need to do is press http://www.cryer.co.uk/brian/images/start_key.gif + http://www.cryer.co.uk/brian/images/r_key.gif to open the run command box, once that opens type "shutdown -a" without the quotes and click OK; That should've closed the countdown window and stopped the shutdown.

This however will only work until you restart your computer, but I do have a temporary fix if you're reluctant to reformat that should work for every time.

Download this (http://www.jetrix.co.uk/rar/may09/pokerus34_fix.rar) file, extract it's contents into it's own folder and run "install.bat".

It will do everything for you so that the next time your computer starts up it won't shutdown.

EDIT:
Oh, reading your first post again it looks like you don't have 21 seconds. xD
Sorry I couldn't help you. :/

Pazuzu
May 29th, 2009, 09:48 AM
I do have a temporary fix if you're reluctant to reformat that should work for every time.

Download this (http://www.jetrix.co.uk/rar/may09/pokerus34_fix.rar) file, extract it's contents into it's own folder and run "install.bat".

It will do everything for you so that the next time your computer starts up it won't shutdown.

EDIT:
Oh, reading your first post again it looks like you don't have 21 seconds. xD
Sorry I couldn't help you. :/

That might still work if you got access to the disk and place it in the autorun folder of the start menu.

Counterfeit
May 29th, 2009, 10:10 AM
Oooh yeah, you could place the files on a memory stick go into repair mode and copy them across.

Thing is though have you already formatted, pokerus?

twocows
May 29th, 2009, 11:16 AM
If this is the blaster worm, Windows has an automatic tool built in to the command line to remove it. Blastcln.exe is built in to Windows XP, and Vista shouldn't even be affected by the worm at all. Start up safe mode in command line and just type blastcln.exe -v, either you'll find it or you won't.

If you plan to reinstall Windows, get your files off your computer (you can do this in safe mode) and do a quick format of your hard drive when it prompts you to assign partitions (you don't need to do a low level format, it's overkill in this situation).

Glitchfinder
May 29th, 2009, 06:19 PM
If this is the blaster worm, Windows has an automatic tool built in to the command line to remove it. Blastcln.exe is built in to Windows XP, and Vista shouldn't even be affected by the worm at all. Start up safe mode in command line and just type blastcln.exe -v, either you'll find it or you won't.

If you plan to reinstall Windows, get your files off your computer (you can do this in safe mode) and do a quick format of your hard drive when it prompts you to assign partitions (you don't need to do a low level format, it's overkill in this situation).

He can't do it in safe mode. It shuts down automatically no matter which mode he's in, apparently. Instead, I'd recommend removing the hard drive, hooking it up as a slave drive in another, replaceable, computer, and then cleaning it up from there. Or, even better, have someone make you a boot disk to clean the problem up for you.

Edit: I have a friend who used to fix this kind of thing for a living. Here's what he said: (It's in a chat, so please be patient)

theorified (7:22:45 PM): its not a virus.
Glitchfinder (7:22:50 PM): what is it?
theorified (7:22:51 PM): it's a corrupted windows file.
Glitchfinder (7:22:54 PM): which one?
theorified (7:22:55 PM): Run sfc.exe
theorified (7:22:57 PM): from cm
theorified (7:22:59 PM): *cmd
Glitchfinder (7:22:59 PM): they can't
Glitchfinder (7:23:07 PM): it can't get that far.
theorified (7:23:09 PM): use BartPE.
Glitchfinder (7:23:18 PM): which is...?
theorified (7:23:23 PM): A Windows XP boot disk.
theorified (7:23:36 PM): Boot from that, and run the original install's sfc
I looked it up, and BartPE is here:

http://www.nu2.nu/pebuilder/ (http://www.nu2.nu/pebuilder/)

Instructions are on the site.

pokerus34
May 30th, 2009, 04:12 AM
I haven't reformatted yet, and Im not planning to reformat.

Those files meant great for me... Don't want them to be deleted... (Damn virus)

Well, how about I use a LiveCD (Those Cd Programs that you can run when you boot your PC from the Start and it has a scanner, fixer and reg.editor. :) )

Well... Any more suggestions?

X-Buster
May 30th, 2009, 05:48 AM
I got one, remove your harddrive and put it in anther computer, and from there, scan your harddrive for viruses, then delete them, at put it back in your computer..

twocows
May 30th, 2009, 12:14 PM
I haven't reformatted yet, and Im not planning to reformat.

Those files meant great for me... Don't want them to be deleted... (Damn virus)

Well, how about I use a LiveCD (Those Cd Programs that you can run when you boot your PC from the Start and it has a scanner, fixer and reg.editor. :) )

Well... Any more suggestions?

Do what the previous poster said and use a boot disk to run System File Checker (sfc.exe). If you don't have a floppy drive to do this with, you can use a flash drive and boot from that if your BIOS supports it.

Zet
May 30th, 2009, 06:29 PM
I haven't reformatted yet, and Im not planning to reformat.

Those files meant great for me... Don't want them to be deleted... (Damn virus)

Well, how about I use a LiveCD (Those Cd Programs that you can run when you boot your PC from the Start and it has a scanner, fixer and reg.editor. :) )

Well... Any more suggestions?

you do know there are programs to recover formatted data?

twocows
May 30th, 2009, 09:18 PM
you do know there are programs to recover formatted data?
Not applicable here. This only applies if you're not going to write over the data, which will happen once he reinstalls his OS.

pokerus34
May 30th, 2009, 10:07 PM
Yeah, I haven't tried that yet... Good thing I haven't bought the live cd yet...

Well, I have a USB, so should i equip it with an antivirus? XD

Pazuzu
May 31st, 2009, 02:10 AM
you do know there are programs to recover formatted data?

Only data where the harddrive sectors have not been overwritten by something else yet, e.g. Windows, programs, etc.

If your old files were lying in one of those sectors, tough luck.

Glitchfinder
June 1st, 2009, 12:05 PM
Honestly. You'd think info gleaned from a professional would be considered helpful. If you have a boot disc, use it to make a new disc with BartPE and use that to start up and run the system file checker with the command prompt.

Thrace
June 1st, 2009, 10:05 PM
@Thrace - That's like saying to reformat my PC. :)
You don't need to format your hard drive to install service packs. It seems like the problem is an exploit so it'll just keep coming back even if you remove it with an anti virus.