Can't shut down the computer

[Steve Burke]

A standard piece of malware will run at software level....easily being picked up by malwarebytes and suchlike and being stopped and killed.. HOWEVER many of these programs contain "rootkits" that are designed to head into the library level or system level of your system and thereby be untouched my Anti virus or malware detectors! every time you restart or restore..POW..your virus is back!

a GOOD anti spyware or anti virus will run scans beyond the usual software and library lvls and have full access to system level scanning! In order to do that you need an Anti Virus that will operate WITHOUT being in a windows enviroment! Avast does! and so do some others....without a boot time scan your limting the ability to disbale and destroy infected system files............

 

................last year i picked up a rootkit myself....AVG didnt spot it or stop at all! I installed Avast and within 5 mins it was dead and buried! REMEMBER malware and virus' are designed to HIDE from your scans! relying only on one product is foolish in the extreme! an AV program can be fooled into missing files and also simply not detecting them! If it happened to me with my 16+ years of experience then i promise you it can happen to you too!

 

Unlike the free version of AVG the paid-for version I have includes automatic anti-rootkit scanning. It's the main reason I upgraded.

 

Will this do the job?

 

I also like the Link Scanner that AVG offers for free. This tells me if sites I'm proposing to visit via a search engine are safe or not. It works both on Explorer and Firefox.

 

My way of thinking is that it's better to avoid getting infected in the first place, and one of the highest risks is visiting sites I don't know via Google. I have AVG set to do an automatic daily scan, but damage could be done in the meantime, and of course you can't guarantee to get rid of all nasties even with an anti-virus package.

 

I'd add that I know very little about computers. Any advice is gratefully received!

[kirisute]

Unlike the free version of AVG the paid-for version I have includes automatic anti-rootkit scanning. It's the main reason I upgraded.

 

Will this do the job?

 

I also like the Link Scanner that AVG offers for free. This tells me if sites I'm proposing to visit via a search engine are safe or not. It works both on Explorer and Firefox.

 

My way of thinking is that it's better to avoid getting infected in the first place, and one of the highest risks is visiting sites I don't know via Google. I have AVG set to do an automatic daily scan, but damage could be done in the meantime, and of course you can't guarantee to get rid of all nasties even with an anti-virus package.

 

I'd add that I know very little about computers. Any advice is gratefully received!

 

ive found the AVG link scanner to be handy for sure..it shows you what sites might be harbouring nasties..however in my tests ive also found that AVG sometimes struggled to stop and infection from those sites if you do actually go to them, Avast on the other hand usually blocks the site instantly and flags any temporary files in doing so, closing the site and killing any quick fire temp files its started to load.....

its horses for courses...they both do what they should.....

my only suggestion is dont rely on one for a long period of time; "just because it seems to be working"; swapping them about a bit can often detect files that have slipped between one or another system....

[Andrew Burgess]

more bad new today - had the dreaded blue screen today - twice it had happen

 

first one saying ***0X0000007F, (0X0000000D, 0X00000000, 0X00000000) this morning

 

and the second just a few minutes ago

 

Win32k.sys - Address BF8049D2 base at BF 80000000, DateStamp 4dldd63F

 

This is far more complicated to me now and asking me to update all the system which I regularly do anyway.

 

I would be appreciated if anyone shed the lights on this

[chavender]

time for a re-install & format !i'm affraid ,copy off what you need too save ,make a list of the programs on the computer & all drivers (back up the drivers ,if possible) . so you can put the same ones back on .

 

i'd suspect theres some little nasty lurking someware ,thats causing the underlying problems (the shutdown & restart mearly covered up what was happening) best solution would be too re-install windows .& if you can run checkdisk on the hard drive before you format it . then re-instal windows.

Edited February 14, 2011 by chavender

[kirisute]

more bad new today - had the dreaded blue screen today - twice it had happen

 

first one saying ***0X0000007F, (0X0000000D, 0X00000000, 0X00000000) this morning

 

and the second just a few minutes ago

 

Win32k.sys - Address BF8049D2 base at BF 80000000, DateStamp 4dldd63F

 

This is far more complicated to me now and asking me to update all the system which I regularly do anyway.

 

I would be appreciated if anyone shed the lights on this

 

you certainly have something more fundamental wrong there somewhere....could be virus activity.....

could easily be a bad ram module as well....

how conversant are you with pulling your pc appart? does it have multiple sticks of ram? if it does i would suggest you first pull one and test, then the other.....you might well have to test for a good hour or so.....

with your history of virus acitvity then a rootkit might be lurking about: try this:

http://greatis.com/unhackme/detail.htm

it will basically run a rootkit search before your windows boot..thereby enabling you to scan for unwanted files opening on windows....i suggest you have your laptop nearby so you can check the EXE's that it flags; as its certain that some will be harmless or useful files for software you have installed.

the website gives decent instructions on removal if it finds anything.

 

shame to reformat before checking all possibilities....having said that be careful what you back up your data to if you do reformat..a virus can easily transfer to portable media along with your temp files and settings files.....

an easier method is to drop the hard drive out entirely....install a new one and instal your windows plus a good AV....then plug your old drive in as a slave and let the AV system scan...because the old drive is no longer running windos none of the files will be locked and any hidden virus will be found and killed.

 

this all depends on how conversant you are with your pc though.

[jimpy0]

Some Viri [ Virus's ] can hide in memory so a removal and swapping over of your chips may also be beneficial before a complete fresh install - try running memtset see what comes back

[corydoras]

Some Viri [ Virus's ] can hide in memory so a removal and swapping over of your chips may also be beneficial before a complete fresh install - try running memtset see what comes back

There is NO virus that can 'hide' in memory chips between power cycles. It's just not possible.

 

Here's my recipe.

 

Re-Install XP

Install SP1

Install SP3

Install Microsoft Security Essentials (If you can still get it for XP)

At the moment I'm running Win 7, Panda Cloud Antivirus (free edition), Windows Firewall is OFF (I have a perfectly good hardware firewall in my router) and I have never had so much as a rogue cookie on my system

 

If you suspect you have a rootkit type piece of software on your machine then the only safe way to deal with it is to totally format your hard disk and re-install XP.

 

That's not just my opinion, it's also the opinion of one of Microsofts top Windows Architects, Mark Russinovich.

 

Read Mark's blog entry on rootkits here http://blogs.technet.com/b/markrussinovich...itrevealer.aspx

 

Mark has a very educational webcast here that will explain what rootkits and malware do and how to detect and get rid of them. You can watch it here.

 

You can download Mark's Rootkit Revealer from and some other very useful utilities from here.

 

If Rootkit Revealer indicates that you do indeed have a rootkit on your system then a re-install really is THE ONLY way to go. One can NEVER have confidence in a PC that has been compromised by a Rootkit.

[jimpy0]

There is NO virus that can 'hide' in memory chips between power cycles. It's just not possible.

 

You wouldnt like to lay money on that statement would you ?????

[kirisute]

You wouldnt like to lay money on that statement would you ?????

 

actually its going to depend on what your refferring to as "memory"

"memory" resident virus' never actually entered what is termed by "joe bloggs" as memory or the system RAM (random access memory); what they DID do was enter the system CMOS or BIOS memory..a different type of solid state memory on the motherboard that can be "written" to by the system.

RAM cannot be written too without system power! when the power is turned off the RAM is flushed and loses all data (which, oddly enough, is why alot of pc problems can be solved by a restart!)

the other type of "memory" resident virus simply didnt rely on a program running to load the virus..ie the virus luked about in the system memory (cache) whilst the system was running and simply infected what it chose....its "memory" resident simply because it doesnt stop working when the infected files that opened it are closed....when the system is turned off though..system cache and page files etc are cleansed, as are system RAM chips..thereby the virus can no longer be "memory resident"; it can however instantly start again on windows boot when then files infected runs again and the cycle repeats!

techs are now in fact working on a state of RAM that will retain memory without power...they have created a multi layered chipset that is a combination of standard RAM and slid state memoy that WILL be capable of storing data for a certain perion of time with no power; when these start to work then we will truly be into the area of seeing "instant" boot pc system and hardware.

few years away yet though.

 

so your both right!

Edited February 18, 2011 by kirisute

[corydoras]

You wouldnt like to lay money on that statement would you ?????

Yes I would. It defies the laws of physics for any data to survive in RAM after a reboot or power-cycle. Edited February 18, 2011 by corydoras