And lastly - if all is lost --- you can still get your data - pics - music off the PC by using a Linux Live CD --- happy to walk you thru that if needed
Hmm, could do that but I stupidly bought my PC from PCWorld so only have a recovery CD and not the full Windows programme, would it work with this (I bet that's a really dense question! lol)
<stop press> only 20 mins into the scan but it's come up with:
C:\pagefile.sys Virus Win32:Notre
?!?!?!?!
A google produced this :
""Virus.Win32.Notre.a
Aliases
Virus.Win32.Notre.a (Kaspersky Lab) is also known as: Win32.Notre.a (Kaspersky Lab), W32/Notre (McAfee), W32.Dref@mm (Symantec), Win32.Norther.7989 (Doctor Web), PE_NOTRE.A (Trend Micro), BehavesLike:Win32.FileInfector (SOFTWIN), CRYPT.WIN32 (Eset)
Behavior Virus
Currently there is no description available for this program.
As many viruses and worms are modifications of earlier versions, it may help you to check the descriptions of similar programs. If such descriptions are available, they will be listed at the top of the page.
Our virus analysts work hard to ensure that descriptions of the commonest and most potentially dangerous software are available to users. The Virus Encyclopedia is updated on a regular basis.
If you cannot find the description you need, please check back later, or contact us on""
Also got a lot of hits with crylic (?) writing so this may be a fresh virus from Mother Russia (or the local areas) ---- argh
Did the scan finish? If so did it fix youre problem if not... Then there might be a sulotion! Does this apear at startup(look at atachment? or try this if a script is running at startup its most likely loaded into the explorer process so.... Try this in normal mode! Hit "Windows + r" to bring up the Run process box then quickly type cmd and hit enter (return). Then once the black box apears like posted in atachment type tskill explorer /a and hit enter.everything will disapear dont be scared its basicaly saying end a program thats running in the backround and everything should refresh (like the desktop should come back)... Tell me how it goes?
Did the scan finish? If so did it fix youre problem if not... Then there might be a sulotion! Does this apear at startup(look at atachment? or try this if a script is running at startup its most likely loaded into the explorer process so.... Try this in normal mode! Hit "Windows + r" to bring up the Run process box then quickly type cmd and hit enter (return). Then once the black box apears like posted in atachment type tskill explorer /a and hit enter.everything will disapear dont be scared its basicaly saying end a program thats running in the backround and everything should refresh (like the desktop should come back)... Tell me how it goes?
Hi Halo, scan has finished, I've deleted it, but having googled Notre myself, it seems it may re-create as it's in pagefile.sys which apparently Windows will automatically re-create when I load up again! It's far too late to be testing now, so will update tomorrow.
By the way, I couldn't see the image you were referring to?
disable system restore and then delete it again that might fix it or go online and use this website http://virusscan.jotti.org/ scan youre page file then look at what ever detects the virus so then you can download that antivirus and scan with that it will detect the virus and delete it because i fit detects it online it should beable to detect it with the program!! hope this helped....
Or she could just disable the page file function for 30 days. The machine will run like crap, but believe me it will prevent that virus from re-manifesting itself.
Right, I've run the umpteenth anti-virus software package and the latest has found "w32.gavgent". I've google'd it and it seems to be doing everything that my computer is doing. Spyware Terminator advises me it's been removed, I've checked my regedit as a couple of trusted website have advised and can't find the paths they suggest this trogan creates.
However, my PC is still doing the same as it was!!!
Then it's time to format it. Viruses arent' 100% removable, neither is spyware or malware. I used to get sad when I got viruses...Six years ago...Now the only time I get one is when I give it to myself to check my system's stability.
The rule of software is; anything can go wrong at any time to make you lose everything, be prepared to hit the enter key when you've got fdisk C: typed in.
It should've been the first decision you made. No matter how good the anti-whatever is; the whatever it is will always get stronger. Adware and spyware are proof of that. Viruses have been contesting that fact for 10 years and still are going strong. You fought the good fight but this was one no one could've won.
Trogan, I've never seen a hardware device cause the opening of SOFTWARE that isn't part of the device's firmware. So enlighten me as to how a piece of hardware is opening Windows Calculator?
From my perspective ( from debugging brand new MB designs + brand new BIOS code + brand new (pre-product chipsets / CPUs) --- the only reason a XP system spontaneously reboots ( no BSOD ect.) is when either when a program forces such an event (malware or a test program) or the non-core memory becomes totally thrashed --- core memory being the region where XP is running out of. When the OS core memory gets thrashed you get a total freeze-up / hang.
There are of course rare exceptions to the above - but very rare. I'm with Amish Dude in that I'm not seeing a HW failure here --- some virus / spyware is initiating a sequence of events ... those events lead to a reboot either thru execution of a reboot command or by thrashing non-core memory. I should be clear here and say that a bad DRAM chip/stick can cause a reboot --- but I also don't like coincidences like getting a virus AND having a DRAM stick go belly up at the same time.
Sarah --- your next step should be to talk to your mates or go to a local small PC shop or 2 and pick up a Linux "Live CDROM" (usually for free) this will easily allow you to boot a full OS off of your CDROM ---- if your PC can boot Ubuntu or Fedora or Mandriva Live CDs and run for 15 - 20 minutes ---- you can even surf the web during the live session --- or look at your C: drive .... this will prove your motherboard / PC is OK .... except for the infected hard drive.
I'd be happy to help you move your important data off of your C: drive if you don't have a local Linux hack to help you --- use Linux move your data to a USB drive or stick and nuke your C: drive. PM me if you need to
Comments
C:\pagefile.sys Virus Win32:Notre
?!?!?!?!
Maybe one of your tech support guys has a XP CD !
You have no idea what I went through to get Avast lol!!!!
Pretty sure I could mug someone for one though!
A google produced this :
""Virus.Win32.Notre.a
Aliases
Virus.Win32.Notre.a (Kaspersky Lab) is also known as: Win32.Notre.a (Kaspersky Lab), W32/Notre (McAfee), W32.Dref@mm (Symantec), Win32.Norther.7989 (Doctor Web), PE_NOTRE.A (Trend Micro), BehavesLike:Win32.FileInfector (SOFTWIN), CRYPT.WIN32 (Eset)
Behavior Virus
Currently there is no description available for this program.
As many viruses and worms are modifications of earlier versions, it may help you to check the descriptions of similar programs. If such descriptions are available, they will be listed at the top of the page.
Our virus analysts work hard to ensure that descriptions of the commonest and most potentially dangerous software are available to users. The Virus Encyclopedia is updated on a regular basis.
If you cannot find the description you need, please check back later, or contact us on""
Also got a lot of hits with crylic (?) writing so this may be a fresh virus from Mother Russia (or the local areas) ---- argh
Hi Halo, scan has finished, I've deleted it, but having googled Notre myself, it seems it may re-create as it's in pagefile.sys which apparently Windows will automatically re-create when I load up again! It's far too late to be testing now, so will update tomorrow.
By the way, I couldn't see the image you were referring to?
Thanks
Sarah
What Avast found is a False Positive. The pagefile.sys is not infected.
I'm away from over the weekend, but I'll reply when I get back.
Have a good break!
However, my PC is still doing the same as it was!!!
AHH!!!
Help!!!!
The rule of software is; anything can go wrong at any time to make you lose everything, be prepared to hit the enter key when you've got fdisk C: typed in.
I'm starting to think this might be a hardware issue. It is hard to determine what is going on when you cannot get into Normal Mode.
Just to confirm: you are only using one Anti-Virus program?
Hi Trogan
Yep, AVG, Zonealarm purely for the Firewall.
I thought I had a breakthrough with wn32.gavgent being found but clearly not!!!
There are of course rare exceptions to the above - but very rare. I'm with Amish Dude in that I'm not seeing a HW failure here --- some virus / spyware is initiating a sequence of events ... those events lead to a reboot either thru execution of a reboot command or by thrashing non-core memory. I should be clear here and say that a bad DRAM chip/stick can cause a reboot --- but I also don't like coincidences like getting a virus AND having a DRAM stick go belly up at the same time.
Sarah --- your next step should be to talk to your mates or go to a local small PC shop or 2 and pick up a Linux "Live CDROM" (usually for free) this will easily allow you to boot a full OS off of your CDROM ---- if your PC can boot Ubuntu or Fedora or Mandriva Live CDs and run for 15 - 20 minutes ---- you can even surf the web during the live session --- or look at your C: drive .... this will prove your motherboard / PC is OK .... except for the infected hard drive.
I'd be happy to help you move your important data off of your C: drive if you don't have a local Linux hack to help you --- use Linux move your data to a USB drive or stick and nuke your C: drive. PM me if you need to
good luck
Thanks so much for your help,,,,,no doubt there'll be another instalment later in the week! (Bet you can't wait! lol)
Oh, happy New Year btw!