Jump to content
Sign in to follow this  
SimonSmith

Is this a virus?

Recommended Posts

I posted about this in user to user help but had not much luck there but now think this is a virus so i'll post about the problem here

 

Not long after I first got my PC it restarted itself randomly and when it came back on windows told me the computer had recovered from a serious error.

 

The restarts happened occasionally but very rarely after that, but now it restarts nearly all the time. This isn't a case of I can't boot into windows normally it's a case of it restarts randomly at times. It usually restarts when the computer is doing allot or when I do something that triggers it to restart. I clicked the start button and it restarted, when windows was updating it restarted and it is slowly driving me insane! :pullhair: I've been into safe mode and safe mode with networking but I can't seem to find what could be wrong with the PC. In the other topic I was told to disable everything in the system configuration settings (msconfig) and re-enable each program one by one to find a problem but I can't see any programs set to startup that I don't recognise.

 

Another problem is that recently downloads have been getting corrupted and I think this might be work of the virus too. My Antivirus software recently went wrong and I had to uninstall it and when I tried to download it again it said the download was corrupted. Other downloads have been corrupted too.

 

Another symptom is applications and processes crashing and sometimes when I turn on the computer processes that run windows don't even load and sometimes they crash a while after the computer has been on but other times it's ok for a while but restarts when allot is being done (like loading all the programs set to run on startup) or when I do something.

 

This is slowly driving me insane and if I don't figure out how to fix it i'm gonna do this :cr@sh:

Share this post


Link to post
Share on other sites

The first thing to do in my opinion is go to an online antivirus scanner like Housecall or Symantec or NOD32 and do an online AV scan of your computer. I would also do on online scan for malware from one of the free online scan sites. If they find nothing it could be that some fine in Windows has become corrupted and you might try to use Windows restore to an earlier date prior to when the problem began. Do the scans first to make sure any bad stuff is gone before using Windows Restore. Hope this helps.

Share this post


Link to post
Share on other sites

I'm not sure of when to restore back to, I haven't had my computer on for months.

 

And I just got this error report this time:

 

Problem report summary

 

 

Problem type

Windows stop error (a message appears on a blue screen with error code information)

 

Solution available?

No

 

What does this problem mean?

Windows has encountered a problem it cannot recover from and it needs to be restarted

 

Cause

Unknown

 

Computer symptoms

A message appears on a blue screen with error code information (for example: 0x0000001E, KMODE_EXCEPTION_NOT_HANDLED)

 

Additional steps for you to take

Please continue to send problem reports so analysts at Microsoft can study and try to correct the problem as quickly as possible

 

 

Is that right? I get a number of causes when I do send error report.

Edited by SimonSmith

Share this post


Link to post
Share on other sites

UPDATE: I think I fixed my machine but I'm not sure. I really think it could be a virus now. I found a file in the startup tab of system configuration called NvCpl which I found out is a worm. I disabled the program in the startup tab but now when I start the computer in normal mode I get a message saying "System configuration is either in diagnostic mode or selective startup this message will appear every time you start windows to stop this message appearing choose normal startup" or something like that.

 

I don't know how to get this NvCpl thing out of my normal startup list nor wether I should remove it from the startup list and then remove the actual exe file or vice versa. I'm also concerned that NvCpl might not be a virus and could actually be something to do with my graphics card as it is made by NVIDIA and "Nv" could mean nvidia. I already found a process with the letters "nv" at the beginning which according to this online process library IS something to do with the nvidia graphics card.

 

I'm not even sure if I accomplished anything by disabling NvCpl from the startup tab as when I was using internet explorer in regular windows it crashed and a few minutes later when I was looking at the system configuration window again it restarted. When the comp loaded an error report came up and the result came back saying the error report was corrupted and this is the second corrupted error report I've had. I checked the process list after I disabled NvCpl and it wasn't running so I'm not sure if it was caused by that. Could the virus have reactivated itself while I was using my computer? Can they do that or do they have to be triggered to load at startup or by user activity?

 

The link to information about the process is http://www.processlibrary.com/directory?files=NvCpl

 

And the part of the registry the virus is in according to system configution is SOFTWARE\Microsoft\Windows\CurrentVersion\Run (I'm not sure if there's more to that file path)

 

The odd thing is that I ran a symantec free online virus scan (in regular windows) and it found nothing wrong.

 

And could I get an expert opinion on this?

Share this post


Link to post
Share on other sites

Nvcpl is most likely NVidia control panel, but it could also be malicious....

Link>> http://www.castlecops.com/s2546-NvCpl.html

 

I'm not too sure that your problem is malware, but this should find it if there is any....

 

Please download and install SUPERAntiSpyware Home Edition (free edition)

  • Load SUPERAntiSpyware and click the Check for Updates button.
  • Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!
IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
  • Open SUPERAntiSpyware and click the Scan your Computer button.
  • Check Perform Complete Scan and then click Next.
  • SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
  • Make sure that they all have a check next to them, and then click Next.
  • Click Finish and you will be taken back to the main interface.
  • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
  • I'll need a log afterwards of what has been found.
  • To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
  • Please post the results of the SUPERAntiSpyware log in your next reply.

Next please run a PC Pitstop test and post your TechExpress link. There are instructions on how to do this >>>here<<<

 

Paste your SUPERAntiSpyware log and a TechExpress link in your next post...... :)

Share this post


Link to post
Share on other sites

Nvcpl is most likely NVidia control panel, but it could also be malicious....

Link>> http://www.castlecops.com/s2546-NvCpl.html

 

I'm not too sure that your problem is malware, but this should find it if there is any....

 

Please download and install SUPERAntiSpyware Home Edition (free edition)

  • Load SUPERAntiSpyware and click the Check for Updates button.
  • Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!
IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
  • Open SUPERAntiSpyware and click the Scan your Computer button.
  • Check Perform Complete Scan and then click Next.
  • SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
  • Make sure that they all have a check next to them, and then click Next.
  • Click Finish and you will be taken back to the main interface.
  • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
  • I'll need a log afterwards of what has been found.
  • To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
  • Please post the results of the SUPERAntiSpyware log in your next reply.

Next please run a PC Pitstop test and post your TechExpress link. There are instructions on how to do this >>>here<<<

 

Paste your SUPERAntiSpyware log and a TechExpress link in your next post...... :)

 

Before I do anything I need to ask if I can download this SUPERAntiSpyware thing from Safe Mode With Networking and more importantly can I use it in safe mode?

 

And the pcpitstop test can that run in safe mode? I can boot into windows normally but usually after a few minutes it does odd things and/or restarts. Even now in safe mode with networking it's taken me ages to get into internet explorer without it crashing! My technique-try and try again.

Share this post


Link to post
Share on other sites

SAS should work fine, but I'm not positive about the Pit test. Give it a try, but the Anti-Spyware scan is more important..........

Share this post


Link to post
Share on other sites

SAS should work fine, but I'm not positive about the Pit test. Give it a try, but the Anti-Spyware scan is more important..........

 

I have a problem installing SUPERAntiSpyware in safe mode, I tried to install SUPERAntiSpyware in Safe Mode With Networking and when I tried I got an error saying "The system administrator has set policies to prevent this installation" the download in question was downloaded in safe mode with networking, but is safe mode blocking me from installing it? Is safe mode the problem?

 

My computer still crashes in normal mode and I have yet to find the cause of the problem.

 

Is there anyway to upload attachments to your posts on this forum? I have a screenshot of the error.

Edited by SimonSmith

Share this post


Link to post
Share on other sites

Sorry, I forgot about that. Windows Installer doesn't work in safe mode, and apparently that's what SAS uses.

You should save this or print it, in case your browser crashes or something.

 

Go to Start>Run and type in "Cmd" (no quotation marks). In the command prompt window that opens, type in

REG ADD “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\
Minimal\MSIServer” /VE /T REG_SZ /D “Service” net start msiserver.
and press enter. Be careful not to make any mistakes. Now try to install SAS, and if that doesn't work, then reboot back into safe mode and it should work then........

 

Don't worry, we'll get you cleaned up :)

Edited by Simonsells91

Share this post


Link to post
Share on other sites

Sorry, I forgot about that. Windows Installer doesn't work in safe mode, and apparently that's what SAS uses.

You should save this or print it, in case your browser crashes or something.

 

Go to Start>Run and type in "Cmd" (no quotation marks). In the command prompt window that opens, type in

REG ADD “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\
Minimal\MSIServer” /VE /T REG_SZ /D “Service” net start msiserver.
and press enter. Be careful not to make any mistakes. Now try to install SAS, and if that doesn't work, then reboot back into safe mode and it should work then........

 

Don't worry, we'll get you cleaned up :)

Just wondering is that registry entry permanent for safe mode?

 

Don't worry, we'll get you cleaned up :)

 

I certainly hope so or the data of my files is on your hands :lol:

 

And BTW another crash has happened and this time in safe mode (with networking) which makes me think it's a hardware problem. I tried to turn off my computer in safe mode and when I ACTUALLY clicked turn off it restarted! And I don't mean it restarted properly I mean the screen just went blank and started up again.

 

Same old crash. Not even a blue screen.

 

Oh well I'm gonna go add that registry entry after I finished watching TV.

 

Anyway everybody who's given their time and tried to helped me-thanks loads.

Share this post


Link to post
Share on other sites

I certainly hope so or the data of my files is on your hands :lol:

Believe me, I am an expert at disappearing......you'll never find me :ninja:

:lol:

 

On a more serious note, I believe that does set a registry key to permanently allow Windows Installer in Safe Mode. Like I said before, I'm not sure if it's malware, or software related at all, but best to look for that first.

 

But speaking of hardware, have you changed anything around recently. Maybe added a new stick of RAM, or even updated some drivers?

Share this post


Link to post
Share on other sites

Believe me, I am an expert at disappearing......you'll never find me :ninja:

:lol:

 

On a more serious note, I believe that does set a registry key to permanently allow Windows Installer in Safe Mode. Like I said before, I'm not sure if it's malware, or software related at all, but best to look for that first.

 

But speaking of hardware, have you changed anything around recently. Maybe added a new stick of RAM, or even updated some drivers?

 

:laughing: @ I am an expert at disappearing...... ROFL! Very good!

 

I don't think it would be such a good idea to leave windows installer enabled in safe mode, when I fix my comp I'd better delete that entry.

 

And the answer to your question about changing anything around, adding a new stick of RAM or updating any drivers is no. I would have mentioned if I did. In fact it's been some time since I last turned my computer on. I only started using it again recently.

Share this post


Link to post
Share on other sites

UPDATE: Still no progress. When I typed the command into the command prompt it said "Too many command line parameters" or something like that. When I try to install it in safe mode with networking it says the same thing "The system administrator has set policies to prevent this installation" but when I try to install it in minimal safe mode I get an error message saying "the download is corrupted" so I assume that the command line to enable windows installer in minimal safe mode worked but this time it's the fault of the download getting corrupted.

 

The downloads that get corrupted seem to be exe files. I downloaded a new version of Nokia PC suite for my phone about a month ago and it didn't say that the download was corrupted but instead "The installation was interrupted before it could finish" and it tried to install it but it wouldn't copy any files. This was about a month ago before my PC messed up badly and it could install the Nokia PC suite from the CD that came with my phone just fine. I haven't tried to install anything from CD recently though.

 

And windows crashed in safe mode again! I wasn't even doing much at the time. I was just browsing the internet trying to find out what could be wrong and it crashed! This is getting REALLY annoying.

 

So... Anybody got any ideas what could be wrong? I'm told that when a PC works fine in safe mode it's usually a software problem but my computer doesn't work fine in safe mode.

Share this post


Link to post
Share on other sites

I may just be shooting in the dark here, but let's see if some Windows system files are corrupted or gone. First you need the Windows XP installation CD, if you don't have one see if there is someone you can borrow it from. Hopefully you can get one.........

 

Put the CD in your drive. Now go back to the command prompt and type in sfc /scannow. This will check out all your system files, and replace any bad ones. See if that helps, again I'm just throwing out fixes that might be the solution.

Share this post


Link to post
Share on other sites

I may just be shooting in the dark here, but let's see if some Windows system files are corrupted or gone. First you need the Windows XP installation CD, if you don't have one see if there is someone you can borrow it from. Hopefully you can get one.........

 

Put the CD in your drive. Now go back to the command prompt and type in sfc /scannow. This will check out all your system files, and replace any bad ones. See if that helps, again I'm just throwing out fixes that might be the solution.

 

My PC is made by a company called MEDION and they supplied me with both a Windows XP CD and this disk called an "Application and support disc" so it should be fine.

 

Here is a link to the MEDION website in case you want to know more about their PCs.

 

http://www.medion.com/

 

I bought mine in december 2005 so it's nearly 2 years old.

 

UPDATE: I just tried to do that command and when I did the prompt came back with this error

 

"Windows file protection could not initiate a scan of protected system files

 

The specific error code is 0x000006ba [The RPC server is unavailable.].

 

I'm a bit rusty when it comes to using the command prompt so... any workaround?

Edited by SimonSmith

Share this post


Link to post
Share on other sites

Well, according to Microsoft and some other sites, that error only exists on Windows 2000. :huh: I think since you have the CD, a repair install of Windows XP would be the easiest step, and might just solve the problem. A repair install does not erase your hard drive, and should leave your personal files intact, but it reinstalls the whole operating system so you will lose Windows Updates, and some tweaks you may have done. However, I would strongly advise backing up your personal files to an external hard drive or some CDs/DVDs if you have them, there is always the possibility that something could go wrong...........

 

Here's a good guide on doing the repair install, you might want to print it out unless you have another PC with an internet connection. If you have any questions or you are uncertain about anything, ask.

 

http://www.windowsreinstall.com/winxphome/installxpcdrepair/

Share this post


Link to post
Share on other sites

Well, according to Microsoft and some other sites, that error only exists on Windows 2000. :huh: I think since you have the CD, a repair install of Windows XP would be the easiest step, and might just solve the problem. A repair install does not erase your hard drive, and should leave your personal files intact, but it reinstalls the whole operating system so you will lose Windows Updates, and some tweaks you may have done. However, I would strongly advise backing up your personal files to an external hard drive or some CDs/DVDs if you have them, there is always the possibility that something could go wrong...........

 

Here's a good guide on doing the repair install, you might want to print it out unless you have another PC with an internet connection. If you have any questions or you are uncertain about anything, ask.

 

http://www.windowsreinstall.com/winxphome/installxpcdrepair/

 

The error only exists in Windows 2000 Microsoft say? :blink: What? But I'm using windows XP Home Edition! It's what my PC came with. I was using safe mode so could that have something to do with it?

 

And how can I back up my data to CDs or DVDs in safe mode? Can I write to CDs when I'm using safe mode? I have a USB portable hard drive and that works in safe mode fine and I already have most of the data I want to keep on there.

 

Oh and BTW I forgot to mention that because SuperAntiSpyware told me the download was corrupted when I tried to install it I re-downloaded it using another computer I have, and burned it to a CD-RW using that computer, and when I tried to install it on the broken computer I got the same error message I had when I first tried to install SuperAntiSpyware (and that I still get when I try to install it in safe mode with networking) "Policies have been set to prevent this installation" or something like that, so I copied it from the CD-RW into the My Documents folder and then it said the download was corrupted again.

 

Should I install it straight from the CD-RW and should I even be getting that same policies set error message when I try to install it from CD in safe mode?

 

Basically to sum it up when I try to install it from the CD-RW it says policies have been set to prevent the installation, but following typing that command to enable windows installer in safe mode it doesn't say that error when I try to install from the hard drive but says that file corruption is to blame instead.

 

I want to look at what options I have before I try to repair or reinstall Windows XP as there may be a way to fix the problem with the help of my other computer that IS working.

Edited by SimonSmith

Share this post


Link to post
Share on other sites

I'm really not thinking this is malware, sounds like some Windows issues, or maybe hardware.......

 

Is there any chance you have a system restore point saved from before this problem started happening??

 

Here's a page on how to use system restore, if you haven't used it before.

http://support.microsoft.com/kb/306084

Share this post


Link to post
Share on other sites

I'm really not thinking this is malware, sounds like some Windows issues, or maybe hardware.......

 

Is there any chance you have a system restore point saved from before this problem started happening??

 

Here's a page on how to use system restore, if you haven't used it before.

http://support.microsoft.com/kb/306084

 

I have system restore and I know how to use it but I haven't been setting many restore points! Plus this only started happening recently and I haven't done anything I think could bug it up like this. It even crashes in safe mode sometimes! I'll look.

 

And I have also thought it could be hardware as it's been doing this infrequently at random times since I bought this PC. A year ago I was defragging an external HDD with allot of data saved to it and it crashed! I had just put big files on the drive and before that it didn't crash when defragging and when defragging the PF usage according to task manager was 1GB (all my memory) so I assumed it was the fault of those files and didn't risk defragging it again after that.

 

I now think it was probably abnormal for it to use that much memory and it was a fault of some hardware.

 

EDIT:Just a quick question, if I need to I can undo a restore can't I?

Edited by SimonSmith

Share this post


Link to post
Share on other sites

Yep, you can undo a restore if you need to. Hardware could be the problem.......If you could try running a PC Pitstop test and posting a TechExpress link that would really help us possibly diagnose your problem. There are some instructions here if you need them:

http://forums.pcpitstop.com/html/helpfiles/techexphelp.htm

Edited by Simonsells91

Share this post


Link to post
Share on other sites

UPDATE: I did a system restore back to april, I found a restore point that was set when I installed some software for my USB bluetooth adaptor.

 

I restored my system to that point and after I did when I tried to start in normal mode I got a windows stop error (this time it didn't even try to start) and it only worked in safe mode, when I got into safe mode after the restore system restore told me that the restore to the correct time was successful, but when I tried to undo the restore the option wasn't there!

 

I couldn't figure out what was causing the stop error but while the restore was in progress I got a message saying that to restore back to the time I set it would have to recover an old driver and that the recovery was successful. I couldn't figure out which driver this was, and I don't even remember updating any drivers from april onwards.

 

Another thing I think might have caused the system to stop working in normal mode might have been the system crashed while it was restoring as I looked at the progress meter and it was near the end but it was completing very slowly and I wasn't looking at the screen when it did finish I just went back to check on it when I heard my machine beep when it was restarting, and I don't think it could have finished in that short space of time when it was finishing very slowly, so I think it might have crashed while restoring and files might have got corrupted.

 

 

My system was in such a mess I couldn't figure out what to do to fix it, so I just used the recovery CD that came with my PC to return it to shipping status-all files erased, all programs that I installed gone, in short I nuked my hard drive as it were. After I did this restore the computer still crashed, so did applications and processes and my computer still did odd things. It had trouble reading a CD with the drivers for my Wi-Fi adapter, and when I was installing the software for it I kept getting messages telling me that some files on the CD could be corrupted. I have 2 of these Wi-Fi adapters so I have 2 software CDs for the adapters so to be sure the disc I first tried wasn't unreadable in some way I tried the disc that came with the other adapter, and it told me that the files on that one could be corrupted too!

 

I don't know if the restore CD repairs my system files as it didn't ask me for my windows XP installation disc, but I did a sfc /scannow in normal mode straight after I restored and the whole system froze up, I had to hold in the power button on my PC to turn it off as the mouse wouldn't move and just pressing the power button wouldn't turn it off.

 

This is looking more like a hardware problem and I can't diagnose it online as my browser keeps crashing (worse still I'm now using IE6) so I can't do a PC Pitstop test.

Share this post


Link to post
Share on other sites

Ok, this is almost definitely hardware. Sounds like RAM would be the first thing to test, first download Memtest86+ from >>Here<< . You will need to burn it as an ISO to a CD, so use an ISO burning program like >>ImgBurn<<. Then boot from the CD. You may have to configure it to boot from the CD in the BIOS, if you don't know how to do that here's a general guide: <<>><<>>.

 

Note: It is best for Memtest86 to run a long time to make sure it checks your RAM thoroughly. I would recommend around 12 hours, so it might be best to just set it up so it does it overnight.

Let me know what it finds........A single error probably means a bad stick of RAM.

Share this post


Link to post
Share on other sites

Bad news-I can't work properly in normal mode so how am I supposed to burn a CD from safe mode? I have another computer but it's so slow for burning CDs. Also I don't want to risk screwing up my working computer by downloading anything as my antivirus/firewall software has stopped working on that one as well so could I burn Memtest86+ using the CD writing facilities that are built into windows XP?

Edited by SimonSmith

Share this post


Link to post
Share on other sites

Bad news-I can't work properly in normal mode so how am I supposed to burn a CD from safe mode? I have another computer but it's so slow for burning CDs. Also I don't want to risk screwing up my working computer by downloading anything as my antivirus/firewall software has stopped working on that one as well so could I burn Memtest86+ using the CD writing facilities that are built into windows XP?

 

What anti-virus and firewall software do you have? I'm sure I could find some free alternatives.

 

Anyway, you can't burn an ISO with the built-in software. Give ImgBurn a try in safe mode, I think it should work fine, but I haven't tested it myself. It doesn't use Windows installer, so that shouldn't be a problem.

Share this post


Link to post
Share on other sites

What anti-virus and firewall software do you have? I'm sure I could find some free alternatives.

 

Anyway, you can't burn an ISO with the built-in software. Give ImgBurn a try in safe mode, I think it should work fine, but I haven't tested it myself. It doesn't use Windows installer, so that shouldn't be a problem.

 

Well I already have AVG Free for my working Pentium 4 computer but my main antivirus software has expired and so has my firewall so could you reccomend a good free firewall?

 

I burnt Memtest86+ using ImgBurn using my working Pentium 4 computer, and then ran Mentest in my broken Pentium D computer and it found loads of errors!

 

I ran 2 tests so far but I'm not sure how long I ran these tests for as at the time I didn't want to run it for 12 hours and I wasn't paying much attention to the WallTime counter, but I think they were around 20-30 minutes. I'll run a full 12 hour test tomorrow, I have another computer I can use while it's running so it's fine.

 

Anyway when I ran these tests many errors were found and according to the website NOT ONE error is acceptable. Here's a rough summary of the two tests I wrote down I wrote down

 

Test No. 1 WallTime: Unknown (Possibly 20-30 mins)

 

Test: 6 [Moving inversions, 32 bit pattern] Errors: 713

Test: 7 [Random number sequence] Errors: 1159

 

--------------------------------------------------------------------------------

 

Test No. 2 Walltime: Unknown (Possibly 20-30 mins)

 

Test: 6 [Moving inversions, 32 bit pattern] Errors: 4311

Test: 7 [Random number sequence] Errors: 2490

 

As you can see above, it seems that only those 2 types of memory tests are in progress when it finds those errors, according to the error summary it's only Test #6 and Test #7 that find those errors, the other tests according to the error summary report 0 errors.

 

One odd thing I noticed though was that though no errors were found, when it was running Test #8 [Module 20, ones & zeros] my computer was making a squeaking noise.

 

BTW I'm a bit confused with the scroll lock and scroll unlock commands in Memtest86+ as I don't know which keys I have to press to use them, I know (SP) and (CR) must mean the keys you press, but I don't know which keys on the keyboard they are!

Edited by SimonSmith

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...