Results 1 to 13 of 13

Thread: Virus? Malware?

  1. #1
    Star Lounger
    Join Date
    Aug 2005
    Posts
    78
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Today I see blue (horizontal) stripes where the maximize, minimize and close boxes should be in Windows applications.

    Running XP, Version 5.1, Service Pack 3.

    Any idea what might be causing this?

    Joel

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts
    Although I can't exclude it, malware wouldn't be the first thing I'd suspect here.

    Does the problem persist after restarting your PC?

  3. #3
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts
    [quote name='jefnl05' post='787902' date='07-Aug-2009 07:01']Today I see blue (horizontal) stripes where the maximize, minimize and close boxes should be in Windows applications.

    Running XP, Version 5.1, Service Pack 3.

    Any idea what might be causing this?

    Joel[/quote]

    If it persists after a restart, could you post a screen shot of that corner of the screen ?? Thanks.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  4. #4
    Star Lounger
    Join Date
    Aug 2005
    Posts
    78
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hans, Doc Watson, others,

    it's worse ... now I can't start the computer, except in Safe Mode. Usually the 2nd or 3rd screen I see is a light blue screen asking me to click on the appropriate user (icon) ... now I can't get there (do get to a blank or almost blank light blue screen).

    I've tried
    --System Restore, back a few days or weeks
    --Last Known Good Configuration

    without success.

    Norton AntiVirus (with latest updates) found no viruses. Spybot found no malware, although I was using 1.6.0 (not 1.6.2 which is newest version) with updates from several months ago ... couldn't download new version or updates.

    Is there a reliable online site that I could use to scan for malware? If all else fails, can I re-install Win (XP) from .cab files on the hard disk (and would it include all the updates through 3?) Other suggestions?

    Many thanks!

    Joel

  5. #5
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts
    [quote name='jefnl05' post='787949' date='07-Aug-2009 13:13']Hans, Doc Watson, others,

    it's worse ... now I can't start the computer, except in Safe Mode. Usually the 2nd or 3rd screen I see is a light blue screen asking me to click on the appropriate user (icon) ... now I can't get there (do get to a blank or almost blank light blue screen).

    I've tried
    --System Restore, back a few days or weeks
    --Last Known Good Configuration

    without success.

    Norton AntiVirus (with latest updates) found no viruses. Spybot found no malware, although I was using 1.6.0 (not 1.6.2 which is newest version) with updates from several months ago ... couldn't download new version or updates.

    Is there a reliable online site that I could use to scan for malware? If all else fails, can I re-install Win (XP) from .cab files on the hard disk (and would it include all the updates through 3?) Other suggestions?

    Many thanks!

    Joel[/quote]

    I'm guessing that you are trying all this while in Safe Mode. Is System Restore actually restoring to an earlier time or failing when you try ??

    You ask if there is an online site to scan the system, but if it will only start in Safe Mode, how will you get on the internet to do the scan ?? If you can install a program on the system and are able to access the internet to update the definitions, I'd suggest you try Malwarebytes. The FREE version is the blue DL button on the page.

    Unless you bought the machine new with all the updates and SP3 loaded, they will not be in any of those .cab files. You will have to update and patch Windows after re-installing and reinstall all your programs and restore the data you backed up before you started the restoration (you did do that, right ??).
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  6. #6
    Star Lounger
    Join Date
    Aug 2005
    Posts
    78
    Thanks
    0
    Thanked 0 Times in 0 Posts
    [quote name='DocWatson' post='787952' date='07-Aug-2009 17:32']I'm guessing that you are trying all this while in Safe Mode. Is System Restore actually restoring to an earlier time or failing when you try ??

    You ask if there is an online site to scan the system, but if it will only start in Safe Mode, how will you get on the internet to do the scan ?? If you can install a program on the system and are able to access the internet to update the definitions, I'd suggest you try Malwarebytes. The FREE version is the blue DL button on the page.

    Unless you bought the machine new with all the updates and SP3 loaded, they will not be in any of those .cab files. You will have to update and patch Windows after re-installing and reinstall all your programs and restore the data you backed up before you started the restoration (you did do that, right ??).[/quote]

    Doc,

    System Restore says that it's acutally restoring.

    Safe Mode with Networking allows limited internet access ... IE works but not Firefox ... and Trend Micro HouseCall couldn't find enabled Java on the machine, then complained about the connection settings, then (other version without Java) seemed to hang while loading. I'll try the site that you suggested.

    If I have to restore Win from the .cab files ... is it still possible to get all the updates and patches from Microsoft?

    Thanks.

    Joel

    Joel

  7. #7
    Star Lounger
    Join Date
    Aug 2005
    Posts
    78
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I ran Malwarebytes (thanks, Doc!) ... no malicious items found.

    Should I try an online virus scanner? (Norton AV didn't find anything.) Or a general-purpose diagnostic program such as PC Pit Stop? Other suggestions?

    Thanks.

    Joel

  8. #8
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts
    This is sounding less and less like a virus/malware issue and more like a problem with system files or Windows itself.

    Try this....
    Go to Start>Run and at the prompt type sfc /scannow and hit enter. This utility will check for corrupt or damaged system files and prompt you to replace them from your XP CD or the .cab files on your system.

    For an overview of SFC take a look here. Let us know how you make out.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  9. #9
    Star Lounger
    Join Date
    Aug 2005
    Posts
    78
    Thanks
    0
    Thanked 0 Times in 0 Posts
    [quote name='DocWatson' post='787994' date='07-Aug-2009 20:57']This is sounding less and less like a virus/malware issue and more like a problem with system files or Windows itself.

    Try this....
    Go to Start>Run and at the prompt type sfc /scannow and hit enter. This utility will check for corrupt or damaged system files and prompt you to replace them from your XP CD or the .cab files on your system.

    For an overview of SFC take a look here. Let us know how you make out.[/quote]

    Thanks for the advice.

    Malware scan turned up no problems. Ditto for an online McAfee scan of Windows files.

    Tried to run SFC, but all that happened was that a black DOS box briefly flashed by. Tried this from a command prompt and got the following message:

    "Windows File Protection could not initiate a scan of system protected files.

    The specific error code is 0x000006ba [The RPC server is unavailable,]"

    Does Dell (OEM version of XP?) make it impossible to run SFC? Or is it impossible to run SFC in Safe Mode? Any suggestions?

    Joel

  10. #10
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts
    Take a look here for a possible solution. There is a .zip file with the registry fix the article discusses near the bottom of the page called sfcenable.zip. I can't see anything about it that would harm your system, but it is going to change a setting in the registry, so it is your call as to whether you want to try this or not.

    sfc /scannow should run in Safe Mode regardless of who built the machine. Are you certain that you are entering a space between "sfc" and "/scannow" ??
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  11. #11
    Star Lounger
    Join Date
    Aug 2005
    Posts
    78
    Thanks
    0
    Thanked 0 Times in 0 Posts
    [quote name='DocWatson' post='788067' date='08-Aug-2009 16:36']Take a look here for a possible solution. There is a .zip file with the registry fix the article discusses near the bottom of the page called sfcenable.zip. I can't see anything about it that would harm your system, but it is going to change a setting in the registry, so it is your call as to whether you want to try this or not.

    sfc /scannow should run in Safe Mode regardless of who built the machine. Are you certain that you are entering a space between "sfc" and "/scannow" ??[/quote]

    Doc,

    thanks for the speedy reply! Yes, I left the space blank.

    Will back up the registry and try the solution you suggested.

    Joel

  12. #12
    Star Lounger
    Join Date
    Aug 2005
    Posts
    78
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Doc, Hans,

    I checked the event viewer and found, as one of the first errors,
    "The driver nv4_disp for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates."

    I downloaded a new driver from the NVIDIA site and was able to boot!

    Thanks for all your suggestions and encouragement.

    Joel

  13. #13
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts
    Glad you got it sorted out. That fix was one we probably never would have come up with.

    Thanks for posting back with your solution.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •