Question about fixing BSODs

aplefka · Oct 13, 2007

Yeah but I didn't visit any questionable sites or open any questionable emails. Man I hate the state of the internet today.

dclive · Oct 13, 2007

Do you have a router between your PC and the public internet?

aplefka · Oct 13, 2007

aplefka · Oct 13, 2007

Wow I just ran Spybot and had 50 entries! I deleted them all and am running it again. I suppose I'd better have AVG run a scan too.

dclive · Oct 13, 2007

And did you find the files I specified?

seemingly random · Oct 13, 2007

Originally posted by: aplefka
Man I hate the state of the internet today.

It is frightening. You might want to check the accounts of any credit cards or financial passwords you entered on any sites.

Keyloggers, rootkits, etc. - it's a minefield. It's up to you but I always reformat and reload after a virus infection. You can never be sure that other files aren't infected.

didn't visit any questionable sites

How can one be sure of this? Maybe a site you thought you were on was actually hijacked.

aplefka · Oct 13, 2007

Man I might as well reformat now before any more damage is done. At least I'm at the point where I can back up anything I need to. I'm just worried about my other two hard drives, what if they're infected you know? That's a lot of music and games I'd lose if I had to reformat them.

seemingly random · Oct 13, 2007

This is easy to say - I don't do it near enough - but backup regularly (whatever regular means). Even if it's only to another pc or offline hd.

In regards to reloading after a virus infection: I don't consider an ad tracker a virus though some would consider them an invasion of privacy.

Don't forget to wipe the disk first.

aplefka · Oct 15, 2007

Well that's all I had were some trackers. I deleted all of them and ran Spybot again after several restarts and it's coming up clean now. AVG came up clean as well. I might reformat again just to be sure. Still not sure if I should reformat my other drives just to be safe. Probably will.

seemingly random · Oct 15, 2007

If several different virus/malware removers are showing a clean system, I would run it (without entering any personal/financial info anywhere) for a while before reloading just to see what happens. I hope all that was found was ad trackers and no keyloggers. Things are still unresolved though since, ad trackers "shouldn't" make the system unstable.

sysinternals has rootkit detector utility.

Can orthos run successfully now?

You might want to eventually reload just for peace of mind.

dclive · Oct 15, 2007

Originally posted by: dclive
SW20 REG_SZ C:\WINDOWS\system32\sw20.exe
SW24 REG_SZ C:\WINDOWS\system32\sw24.exe
WinSys2 REG_SZ C:\WINDOWS\system32\winsys2.exe

Unless you can ID these files, you're probably infested with malware.

If that's correct, and you cannot ID those files, *then* I'd suggest talking about that reinstall.

Did you find the files I specified?

aplefka · Oct 17, 2007

dclive, I found them but I don't know what they're from/for. Probably not a good sign.

Also, random, I will try to run Orthos after finishing copying some files over to my new external hard drive. I figured after all these issues it was time to invest in one so I'm copying over all data and preparing for a complete reformat. I actually bought a new boot drive because my 30 gig system drive was just too small once I started to install apps/utilities on it.

How can I be sure that I've completely wiped clean my other two drives as well besides just deleting and re-creating their partitions?

seemingly random · Oct 17, 2007

Wiping utilities: Data Lifeguard Tools 11.2 for DOS (CD) and SeaTools for DOS. Use the option to either clear the entire disk (takes hours) or zero the beginning and end of disk (takes minutes). It's good to have one each of these cd's available even though they'll rarely be needed - along with the latest memtest86+. If one were adept at such things, a cd could be constructed that includes all of these. Seagate's DiscWizard looks interesting - it might recognize non-seagate drives.

Check here about winsys2.exe - looks evil. Googling sw2[04].exe reveals a possible MSI utility or a virus. I'd get these taken care of immediately if not already done. Hopefully this pc has been quarantined. We can only be glad that virus s/w has bugs just like all other s/w or this might still be unknowingly compromising the pc.

Running orthos doesn't have to be a dreaded task. It reveals most problems in just a few minutes.

It's never a bad thing to have things backed up multiple times. This can quickly get out of control with different versions but then I'd rather spend the time messing with different versions than having no versions available. Ironically, the stability of current drives causes us to forget to backup.

dclive · Oct 17, 2007

Originally posted by: aplefka
dclive, I found them but I don't know what they're from/for. Probably not a good sign.

Also, random, I will try to run Orthos after finishing copying some files over to my new external hard drive. I figured after all these issues it was time to invest in one so I'm copying over all data and preparing for a complete reformat. I actually bought a new boot drive because my 30 gig system drive was just too small once I started to install apps/utilities on it.

How can I be sure that I've completely wiped clean my other two drives as well besides just deleting and re-creating their partitions?

Just format them. There is no active MBR if they don't boot. During the XP install, the booting drive's MBR is re-written, and assumedly you'd reformat C: during the install, so, do so, then install all OS updates and an AV product.

Do this while you're behind a router, and don't go anywhere else (any other surfing) until you've done this and are fully patched, protected with AV, etc.

aplefka · Oct 17, 2007

Yeah I figured I would wait until I install all AV/MW stuff before even installing the drivers for my wireless card so there's no way I can be compromised. I'm curious though, what's the choice free (or cheap) AV software these days? I still run AVG, is something better out there?

Thanks so much again guys, I probably would've run for months without ever having fixed any of my issues and just been pissed that my new computer wasn't functioning properly.

seemingly random · Oct 17, 2007

Master boot record

The term MBR is a bit of a misnomer since it includes four 16-byte partition records and the code for the bios to load into ram to continue the boot process. This code is relocated to 0x7c00 iirc - it had to work in 64K pc's. The MBR always resides at the same place (head/track/sector) on all drives so the bios can find it.

A drive will 'boot' only if it has an MBR and one of the partition records in the MBR is marked as bootable (system) - which should only occur if it's been formated and contains a valid OS. A drive can have an MBR and still not be bootable. Or it can have no MBR.

This distinction is made since at one point, fdisk (the partitioner) could work successfully - update the partition record(s) - but not update the entire MBR if it already existed. Formating would also work correctly since the MBR only needs to be read. The Disk Management utility, found in Windows 2k and later, combines the functionality of fdisk and format. I personally don't know if it re-writes the entire, pre-existing MBR each time there is a modification or just the particular partition record. It seems like it should, to guard against malware, etc, but there have been compatibility issues with alternative OS's such as Linux, so it might not.

In the wikipedia article, the Structure of a Master Boot Record shows a Code Area [0 - 1BC). This is the area that virus's have been known to diddle in.

Originally posted by: dclive
Do this while you're behind a router, and don't go anywhere else (any other surfing) until you've done this and are fully patched, protected with AV, etc.

Succinct and excellent advice for everyone in all scenarios. The firewall in the router will protect from port scanners. There is no Windows firewall pre-XP/SP2 so even if SP2 is applied during the update process, there is a small window of opportunity for port scanners to do their evil deeds. This can be overcome by slipstreaming SP2 to an XP or XP/SP1 install cd - a fairly involved process.

There are a lot of opinions in the Security forum about malware scanners/protectors.

aplefka · Oct 18, 2007

I've got an install disc that has XP with SP2 so when it installs the OS it's already there.

But I'm still not taking any chances. Any advice on anti-virus software?

seemingly random · Oct 18, 2007

http://forums.anandtech.com/me...=2092256&enterthread=y

I think this applies to XP also.

aplefka · Oct 18, 2007

Awesome. Thanks.

By the way, is Orthos supposed to reset my computer when it finishes because it just did it again.

seemingly random · Oct 18, 2007

No. I don't believe orthos has an end.

Things still aren't right.

I suggest removing all "unnecessary" h/w including any nic, unplugging all but one hd (both power and data cables), wiping, reloading XP and nothing else (ie. no OS/driver updates or 3rd party s/w) except for orthos - this can be copied from a USB key. It should run forever. If not, there's a h/w problem.

aplefka · Oct 18, 2007

Will do upon receiving my new system drive.

seemingly random · Oct 18, 2007

The new drive probably doesn't need to be wiped. You can decide on partition sizes while waiting - it's such a pain to change later.

aplefka · Oct 18, 2007

Yeah I meant I'll wipe the other drives upon the new one's arrival. I most definitely word things worse as it gets later. Hopefully by tomorrow evening I will have this all sorted out.

aplefka · Oct 18, 2007

Okay so I got the new drive, reformatted the old system drive and retired it for emergency use only (it had a nice long run ), deleted the old partitions on the other two and created new ones, then installed XP on the new drive. Ran AVG right out of the gate before installing wireless card drivers and nothing came up. Running Spybot now and about halfway through nothing's coming up. I'll run Orthos next and see what's up. Anything else I should do?

After that I gotta figure out why my two front USB ports aren't working. One thing after another, I swear.

Edit: There were 7 cookies found in Firefox by Spybot so I just deleted them. Hopefully that'll be the end of that.

Edit 2: Ran Orthos for about 15 mins then the computer reset itself. It got through 4-5 tests. Good or bad?

dclive · Oct 18, 2007

Originally posted by: aplefka
Okay so I got the new drive, reformatted the old system drive and retired it for emergency use only (it had a nice long run ), deleted the old partitions on the other two and created new ones, then installed XP on the new drive. Ran AVG right out of the gate before installing wireless card drivers and nothing came up. Running Spybot now and about halfway through nothing's coming up. I'll run Orthos next and see what's up. Anything else I should do?

After that I gotta figure out why my two front USB ports aren't working. One thing after another, I swear.

Edit: There were 7 cookies found in Firefox by Spybot so I just deleted them. Hopefully that'll be the end of that.

Edit 2: Ran Orthos for about 15 mins then the computer reset itself. It got through 4-5 tests. Good or bad?

Looks like hardware if you're running stock XP drivers with nothing added or installed.

Question about fixing BSODs

Lifer

Elite Member

Lifer

Lifer

Elite Member

Diamond Member

Lifer

Diamond Member

Lifer

Diamond Member

Elite Member

Lifer

Diamond Member

Elite Member

Lifer

Diamond Member

Lifer

Diamond Member

Lifer

Diamond Member

Lifer

Diamond Member

Lifer

Lifer

Elite Member