Not sure if this is even virus or spyware related, but
skywalker45
Bloomington, IN. USA
Hey guys! I’m having this strange problem with my PC. Over the past few days my kids have been complaining that the PC won’t come out of standby. You know what I’m talking about. I have 4 profiles running on XP SP2. I have my monitor and hard disks set to shut down after 20min. Normally if you press a key or move the mouse the PC will come alive. It hasn’t been coming alive recently and I’ve found the only way to get it back up is to push the reset button. Well, the problem gets uglier. Last night my son complained that the PC would not come out of standby. I’ve been in the habit of pulling the side cover off my PC and dusting it out about every 3 months. I’ve done this dozens of times. I use an anti-static dusting gas made especially for this job. So I did that last night. I hooked the PC back up and turned it on. Everything seemed normal and it booted to the profile login screen. When I clicked my profile it took it a very long time to load, much longer than normal. When the desktop finally loaded, I didn’t have any icons and no tool bar, just my wallpaper. Finally the rest loaded (after about 30 sec) except my quick launch bar had disappeared and Norton real time protection would not enable. I had to enable this manually. When I did that I got a message window that said something about a bad registry entry and that windows restored it from a log. I thought I should run a full anti-virus to make sure everything was OK. I ran it and nothing was found. Then I tried to check my email. I use Mozilla T-Bird. It said my host could not be found. I could not surf the net at all. So I reset the winsock catalog and then restarted. This got my internet and email back. I updated and ran Trend Micro sysclean. It didn’t find anything.
I decided I would run Microsoft anti-spyware. The program won’t even start. It says that it can’t be started (error 101). It then tells me that if this problem continues I should uninstall and then reinstall the program. I tried to do that. When I tried the uninstall a message box appeared that said “The windows installer could not be found”. I decided I had had enough and I would restore my PC to an earlier time, so I clicked system restore. I got a message box up that said “System restore cannot protect your computer at this time. Please restart your computer and run system restore.” I did and it still doesn’t work. All the snapshot files are there (note that I can’t even do this from the advanced options F8 menu on startup). The XP help and support center will not start either. Whenever I log off, instead of Explorer immediately closing I get the box that says, “The program is not responding” then you have the option of canceling or ending now. If I click “end now” I get a box up that goes by so quick I can’t read it but it says something about a .exe file (named something like nddwin.exe) not being initialized and references some .dll file. Chkdsk also finds no system file problems of any kind and Spybot finds nothing.
So this is where I am. Doesn’t this sound like some virus activity of some kind? It seems to have only affected the programs you would really need for security. It has totally disabled Norton Live Update, Microsoft Anti-Spyware, and System Restore, but no program I’ve ran so far has found anything. Most other programs seem to run just fine. Any help would be appreciated. I’m pulling my hair out. Oh, hijack this does not show anything abnormal either. I had a massive attack a few months ago and the log has not changed since the cleanup. I thought I should also add that when I go to control panel and click system--the system restore tab is gone!!
More information as of 9/1/05 evening:
When I went home I decided to check the system registry since the symptoms I'm having appear to be related to some kind of worm spread through MSN messenger. I checked for system restore in HKEY_LOCAL MACHINE. I found the key and sure enough the system restore had been disabled. The key looked like this:
DisableSR
The key value was set to 0 for off. I changed it to one and I got the tab for system restore back, however when I opened the tab I noticed that restore is shut off and no drives are being monitored (keep in mind that all the volume information snapshots are still there). I tried to enable system restore and got a message that said: "system restore could not enable on one or more of your drives. Restart windows and try again". Obviously this would not work. So that's where I am now. The registry appears to be completely baked or somehow rendered useless in the current configuration. I'm thinking that my daughter picked up a worm that did this damage and now the worm has deleted itself or cannot be detected with all the security software I have. I'm going to reset my winsock catalog (Again!!) and go online to do a trend micro housecall scan. Because all the security type programs and files have been affected and I can't even use internet explorer makes me think more than ever that this is definitely a worm infection. Any other thoughts anyone might have please, please post them. Thanks.
I decided I would run Microsoft anti-spyware. The program won’t even start. It says that it can’t be started (error 101). It then tells me that if this problem continues I should uninstall and then reinstall the program. I tried to do that. When I tried the uninstall a message box appeared that said “The windows installer could not be found”. I decided I had had enough and I would restore my PC to an earlier time, so I clicked system restore. I got a message box up that said “System restore cannot protect your computer at this time. Please restart your computer and run system restore.” I did and it still doesn’t work. All the snapshot files are there (note that I can’t even do this from the advanced options F8 menu on startup). The XP help and support center will not start either. Whenever I log off, instead of Explorer immediately closing I get the box that says, “The program is not responding” then you have the option of canceling or ending now. If I click “end now” I get a box up that goes by so quick I can’t read it but it says something about a .exe file (named something like nddwin.exe) not being initialized and references some .dll file. Chkdsk also finds no system file problems of any kind and Spybot finds nothing.
So this is where I am. Doesn’t this sound like some virus activity of some kind? It seems to have only affected the programs you would really need for security. It has totally disabled Norton Live Update, Microsoft Anti-Spyware, and System Restore, but no program I’ve ran so far has found anything. Most other programs seem to run just fine. Any help would be appreciated. I’m pulling my hair out. Oh, hijack this does not show anything abnormal either. I had a massive attack a few months ago and the log has not changed since the cleanup. I thought I should also add that when I go to control panel and click system--the system restore tab is gone!!
More information as of 9/1/05 evening:
When I went home I decided to check the system registry since the symptoms I'm having appear to be related to some kind of worm spread through MSN messenger. I checked for system restore in HKEY_LOCAL MACHINE. I found the key and sure enough the system restore had been disabled. The key looked like this:
DisableSR
The key value was set to 0 for off. I changed it to one and I got the tab for system restore back, however when I opened the tab I noticed that restore is shut off and no drives are being monitored (keep in mind that all the volume information snapshots are still there). I tried to enable system restore and got a message that said: "system restore could not enable on one or more of your drives. Restart windows and try again". Obviously this would not work. So that's where I am now. The registry appears to be completely baked or somehow rendered useless in the current configuration. I'm thinking that my daughter picked up a worm that did this damage and now the worm has deleted itself or cannot be detected with all the security software I have. I'm going to reset my winsock catalog (Again!!) and go online to do a trend micro housecall scan. Because all the security type programs and files have been affected and I can't even use internet explorer makes me think more than ever that this is definitely a worm infection. Any other thoughts anyone might have please, please post them. Thanks.
0
This discussion has been closed.
Comments
skywalker