| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 70074 | 2006-06-21 07:18:00 | Really Bad Restart Problem: Please Help | chronicle (10595) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 464970 | 2006-06-21 07:18:00 | ok, so i was playing an online game against someone, i kept beating him, and he kept wanting to play me, untill i asked him why he wanted to play me so bad when i was beating everytime, so he said "cuz i'm hacking your comp." so i thought it was a bluff, but i was cautious, so i quickly turned off the comp. and unhooked the internet. the next day i was having a problem w/ a program, every few seconds it would start up again. then i updated my virus definition files for the first time in a long time, and after the update, a pop-up from norton showed that i had a trojan virus named svchost.exe. i got sooo ticked off, that idiot really did hack my comp. when the update was finished it automatically restarted, becuase it was supposed to. but when it turned back on, it showed the destop w/ it's icons then a few seconds later it resarted again, and it just keeps doing that. i'm on my laptop now, and i have some very important files on my desktop, can anyone help me PLEASE??? |
chronicle (10595) | ||
| 464971 | 2006-06-21 09:13:00 | Have you tried booting in safe mode. Hold down the F8 key apoun booting to get into safe mode. Trevor :) |
Trev (427) | ||
| 464972 | 2006-06-21 09:36:00 | Get the file in my signature below and post the log here. | Speedy Gonzales (78) | ||
| 464973 | 2006-06-21 10:13:00 | svchost.exe is a fairly important part of the Windows networking stuff. What has probably happened is that the virus overwrote part of that file, and then Norton damaged it even more trying to repair the file. You should boot up in safe mode (command prompt only) and run 'sfc /scannow' - this should fix it. If that doesn't work, something I have found to help in many situations is to reinstall SP2. Seriously, because this replaces a lot of the critical OS files that can be damaged by viruses etc, and although sfc works in most situations it doesn't sort everything. | Erayd (23) | ||
| 464974 | 2006-06-21 10:50:00 | ok, so i was playing an online game against someone, i kept beating him, and he kept wanting to play me, untill i asked him why he wanted to play me so bad when i was beating everytime, so he said "cuz i'm hacking your comp." the next day i was having a problem w/ a program, every few seconds it would start up again. then i updated my virus definition files for the first time in a long time, and after the update, a pop-up from norton showed that i had a trojan virus named svchost.exe. i got sooo ticked off, that idiot really did hack my comp. Drivel. More like you hadn't updated it in a long while so it was already there. Hopefully you have anti-spyware as well and a firewall. |
pctek (84) | ||
| 464975 | 2006-06-21 18:51:00 | Logfile of HijackThis v1.99.1 Scan saved at 12:26:24 AM, on 6/22/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ie.redirect.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = ie.redirect.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ie.redirect.hp.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [NAV CfgWiz] "c:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
chronicle (10595) | ||
| 464976 | 2006-06-21 22:23:00 | i've reformatted my entire comp 3 times already and everytime it comes off the reformat it works fine, but then when the comp. is turned off or restarted, the problem re-occurs. this is really effed up. | chronicle (10595) | ||
| 464977 | 2006-06-21 23:09:00 | i've reformatted my entire comp 3 times i doubt it . if you did your "important files" would be history! looking at your log it looks like your nortons has been disabled so don't go onto the net with it . first thing to do is boot into safe mode and turn off the auto restart . if it reboots in safe mode you can disable it on the bootscreen (ie the one after you hit f8 and select safe mode on, down the screen a bit has "disable reboot . . . ") download some AV tools (with another pc of course) and give the pc a good scan . |
tweak'e (69) | ||
| 464978 | 2006-06-22 01:13:00 | i fixed it. it was the Welchia worm aka MSBlast.D, LoveSan.D or Nachia. just had to delete svchost.exe and dllhost.exe (not the ones in system32, they were hiding in some Win file, i forget). thnx to all, yea the files are gone, sux really bad, live and learn to create backup files huh? | chronicle (10595) | ||
| 1 | |||||