Re: problem w/ cold boot
From: Pegasus \(MVP\) (I.can_at_fly.com)
Date: 12/07/04
- Next message: Pegasus \(MVP\): "Re: Access registry remotely?"
- Previous message: Bob H: "Re: 'system file missing or corrupt' again!"
- In reply to: loki: "Re: problem w/ cold boot"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 8 Dec 2004 09:25:09 +1100
You need to read the technical details on the Trend Micro site
about this virus, what damage it does and how to clean up
after it.
It is a common misconception that a virus scanner can fix up
whatever damage was done by the a virus. This is not always
true. A virus scanner will kill the virus but some damage may
remain, same as the small pox virus leaves behind the
well-known marks. To me a PC infected with a virus is a
compromised PC, and I will always rebuild it.
"loki" <craigmclaughlan_remove@terra.es> wrote in message
news:ulAnaQH3EHA.1408@TK2MSFTNGP10.phx.gbl...
> it's not syhost.exe but sychost.exe
>
> after more fluffing about here's what the scans say:
>
> EZ: nothing
> trendmicro: 1 trojan-bkdr sdbot.io
> trojan remover 6.3.3: no problems
> the cleaner professional 4.1: 8 trojans but not *my* trojan.
>
> have run trendmicro again and this time it *let* me delete bkdr sdbot.io
>
> re your question "How come your machine got infected";
>
> i run EZ antivirus, always up to date with a weekly hard disk scan.
> i have zone alram's firewall.
> i run ad-aware every month.
> i run spybot-search every month.
> and as of their latest version, i use firefox, not IE.
>
> i also delete unknown emails with attachments and avoid bad neighbourhoods
> to the extent that i can, i'd have thought that i was pretty careful with
> the above, but something seemed to get through.
>
> in theory i have now have a clean machine. if any damage has been done to
> the O/S, (i'll find out next time i cold boot), is it just a case of
> inserting the w2000p cd and booting from that?
>
>
>
>
>
> "Pegasus (MVP)" <I.can@fly.com> escribió en el mensaje
> news:OCL$UZ92EHA.4028@TK2MSFTNGP15.phx.gbl...
> > Google lists some 10 hits for syhost.exe, all of them bad.
> > Use your Win2000 CD to boot into Recovery Console,
> > then rename it to syhost.ex.
> >
> > I cannot assist you further with the removeal of your viruses.
> > I keep my machines completely clean of viruses, hence I have
> > no experience with their removal. How good are your own
> > virus defences? Your firewall? How come your machine
> > got infected?
> >
> > Note that it is often not possible to completely clean an
> > infected machine. Some viruses leave some damage behind
> > that cannot be repaired, same as smallpox leaves scars
> > behind.
> >
> >
> > "loki" <craigmclaughlan_remove@terra.es> wrote in message
> > news:uyYMrS62EHA.2788@TK2MSFTNGP15.phx.gbl...
> > > scan has just finished. it came up with 3 viruses; 2 as part of
unzipped
> > > dreamweaver file which (i deleted) and a 3rd.
> > >
> > > C\WINNT2\SYSTEM32\SYCHOST.EXE
> > >
> > > i tried to delete this but got "cannot delete as currently in use".
> > >
> > > i recognise this file in codestuff starter, it is there twice. could i
> try
> > > disabling both or is it a 'good' file?
> > >
> > >
> > > "Pegasus (MVP)" <I.can@fly.com> escribió en el mensaje
> > > news:O9G0nv52EHA.3128@TK2MSFTNGP14.phx.gbl...
> > > > If you are now unable to restart the machine in Safe Mode
> > > > then you may well have reached the point where it needs
> > > > to be rebuilt. This time you should take a snapshot when
> > > > the rebuild is finished so that it is easy to restore it on future
> > > > occasions. Products such as Acronis, Partition Magic or
> > > > Ghost can be used to take a snapshot, or even a command line
> > > > zipper in combination with a Bart PE boot disk (www.bootdisk.com).
> > > >
> > > > I cannot commend on "codestuff starter" - I have never used
> > > > it. If msconfig.exe does not run on your machine then there
> > > > is something very wrong with it.
> > > >
> > > >
> > > > "loki" <craigmclaughlan_remove@terra.es> wrote in message
> > > > news:%237Uqtq52EHA.1564@TK2MSFTNGP09.phx.gbl...
> > > > > tried to boot up again in safe mode and cannot. not sure but the
> > problem
> > > > > seems to be getting worse, maybe this changes your instructions?
> > > > >
> > > > > here's what i can add:
> > > > > i tried downloading and installing msconfig.exe 12 months ago but
> > could
> > > > not,
> > > > > so instead downloaded and use 'codestuff starter'. is that
adequate
> or
> > > > > should i try to install msconfig.exe again?
> > > > > i had scanned my hard disk with EZ antivirus, nothing found. (as
you
> > > > > specifically said "external" virus scanner i'm scanning now as
> > > suggested,
> > > > > will post again if it finds anything.)
> > > > > i had run adaware, nothing. i also ran spybot search, again
nothing.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > "Pegasus (MVP)" <I.can@fly.com> escribió en el mensaje
> > > > > news:u3r2dzw2EHA.3708@TK2MSFTNGP14.phx.gbl...
> > > > > > We're finally making some progress! If you can boot in Safe
> > > > > > Mode then you have a problem with one of your drivers or
> > > > > > with one of your startup programs. You should now identify
> > > > > > which one it is. I recommend this process:
> > > > > >
> > > > > > - Disable all non-essential adapters (sound, network) via the
> > > > > > Device Manager (Control Panel / System / Hardware), then
> > > > > > see if the problem persists.
> > > > > > - Disable all non-essential programs, using msconfig.exe
> > > > > > (http://www.svrops.com/svrops/dwnldoth.htm).
> > > > > > - Scan your PC with an external virus scanner, e.g.
> > > > > > on www.antivirus.com ("free online scan").
> > > > > > - Download and run adaware
> > > > > > (http://lavasoft.element5.com/software/adaware/)
> > > > > >
> > > > > >
> > > > > > "loki" <craigmclaughlan_remove@terra.es> wrote in message
> > > > > > news:OUZgAkt2EHA.1192@tk2msftngp13.phx.gbl...
> > > > > > > i realise i'm not being very clear; i have no problems with
the
> > > > english
> > > > > > > language, it's giving you the exact translation of the spanish
> > > > > > > messages/options that my pc gives me that throws me!
> > > > > > >
> > > > > > > more info:
> > > > > > >
> > > > > > > i pressed F8 and booted in safe mode, but once booted up,
didn't
> > > know
> > > > > what
> > > > > > i
> > > > > > > should do/be looking for.
> > > > > > >
> > > > > > > i tried booting up using a W2000P emergency backup floppy
(with
> > > > > registry)
> > > > > > > that i made some time ago. that gave me a 'non-system disk or
> disk
> > > > > error'
> > > > > > > message. i had a few older copies which i tried too, same
> result.
> > > > > > >
> > > > > > > i then tried with a w98 emergency backup floppy and it read it
> > fine
> > > > and
> > > > > > > booted up.
> > > > > > >
> > > > > > > looked like it couldn't read the floppy, but then it did. huh.
> > > > > > >
> > > > > > > when i got out and rebooted normally, the clock had gone back
an
> > > hour,
> > > > > as
> > > > > > if
> > > > > > > it were on summer time again.
> > > > > > >
> > > > > > > huh again.
> > > > > > >
> > > > > > > i'll try now booting in Last known good configuration mode.
> > remember
> > > i
> > > > > > need
> > > > > > > to log off and leave the pc off fr a half hour or so before it
> > will
> > > > fail
> > > > > > > again (if it fails, and i restart, or simply restart, there's
no
> > > > > problem).
> > > > > > >
> > > > > > > thanks for sticking with me on this.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > "Pegasus (MVP)" <I.can@fly.com> wrote in message
> > > > > > > news:eyn5$$s2EHA.2676@TK2MSFTNGP12.phx.gbl...
> > > > > > > > I'm afraid this does not clarify things. When you press F8
> > during
> > > > > > > > the early boot phase then you get several boot-up options.
The
> > > > > > > > two important ones are:
> > > > > > > > - Safe Mode
> > > > > > > > - Last known good configuration
> > > > > > > >
> > > > > > > > So far I have not been able to determine if you have tried
> these
> > > > > > > > two modes, and what the result was in each case.
> > > > > > > >
> > > > > > > > To overcome the language problems, you might be better off
> > > > > > > > posting in a Spanish Windows 2000 newsgroup.
> > > > > > > >
> > > > > > > >
> > > > > > > > "loki" <craigmclaughlan_remove@terra.es> wrote in message
> > > > > > > > news:eKXvxDs2EHA.1452@TK2MSFTNGP11.phx.gbl...
> > > > > > > > > problem seems to be getting worse, when i logoff the pc
> > restarts
> > > > > > itself
> > > > > > > > and
> > > > > > > > > i have to logoof a 2nd time.
> > > > > > > > >
> > > > > > > > > tried the f8 route and started in error test mode
(whatever
> > it's
> > > > > > called
> > > > > > > in
> > > > > > > > > english, i'm using a spanish version of w2000p so am
> > > translating).
> > > > > > > > >
> > > > > > > > > i have 2 copies of w2000p on my pc, this goes back to the
> day
> > > when
> > > > > the
> > > > > > > > > machine was setup 30 months ago. there were some bugs and
> the
> > > tech
> > > > > > said
> > > > > > > > > "i'll just reinstall windows". several hours later and
with
> > the
> > > > help
> > > > > > of
> > > > > > > > > another tech he tells me i've got 2 copies of windows on
the
> > > > machine
> > > > > > but
> > > > > > > > not
> > > > > > > > > to worry. and everything has been ok until now.
> > > > > > > > >
> > > > > > > > > so i started up on the normal version for boot and it
looked
> > > fine.
> > > > > not
> > > > > > > > sure
> > > > > > > > > what to do once i got there though :-(
> > > > > > > > >
> > > > > > > > > so logged off, restarted and here i am!
> > > > > > > > >
> > > > > > > > > do this clarify?
> > > > > > > > >
> > > > > > > > > "Pegasus (MVP)" <I.can@fly.com> escribió en el mensaje
> > > > > > > > > news:uoxHQ2f2EHA.2876@TK2MSFTNGP12.phx.gbl...
> > > > > > > > > > You made no comment about the various alternative boot
> > > > > > > > > > options that become visible when you press F8.
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > "loki" <craigmclaughlan_remove@terra.es> wrote in
message
> > > > > > > > > > news:%2341ZDze2EHA.524@TK2MSFTNGP09.phx.gbl...
> > > > > > > > > > > using codestuff starter i disabled the non essentials
> and
> > > > still
> > > > > > get
> > > > > > > > the
> > > > > > > > > > same
> > > > > > > > > > > problem.
> > > > > > > > > > >
> > > > > > > > > > > looking at eventvwr.exe i get a message that it cannot
> > read
> > > > the
> > > > > > > system
> > > > > > > > > > > register, damaged.
> > > > > > > > > > >
> > > > > > > > > > > could that be it?
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > "Pegasus (MVP)" <I.can@fly.com> escribió en el mensaje
> > > > > > > > > > > news:eF%23nBOG2EHA.2644@TK2MSFTNGP11.phx.gbl...
> > > > > > > > > > > > Firstly I would press F8 early during the boot phase
> to
> > > see
> > > > > > > > > > > > if any of the alternative boot options get me
further
> or
> > > > > reveal
> > > > > > > > > > > > some details about the reason for the reboot.
> > > > > > > > > > > >
> > > > > > > > > > > > I would also use msconfig.exe when Windows is up, to
> > > > > > > > > > > > disable all non-essential startup tasks. You can get
> it
> > > from
> > > > > > > > > > > > here: http://www.svrops.com/svrops/dwnldoth.htm.
> > > > > > > > > > > >
> > > > > > > > > > > > You can run the eventviewer (eventvwr.exe) only when
> > > > > > > > > > > > Windows is up and running.
> > > > > > > > > > > >
> > > > > > > > > > > > "loki" <craigmclaughlan_remove@terra.es> wrote in
> > message
> > > > > > > > > > > > news:OwAY%23DF2EHA.1192@tk2msftngp13.phx.gbl...
> > > > > > > > > > > > > fair enough, here's what i can say:
> > > > > > > > > > > > >
> > > > > > > > > > > > > the boot process gets as far as the large
"starting
> > > > windows"
> > > > > > > > > message,
> > > > > > > > > > > with
> > > > > > > > > > > > > the row filling up, then it goes back to the
> original
> > > > screen
> > > > > > > where
> > > > > > > > > it
> > > > > > > > > > > > shows
> > > > > > > > > > > > > processor details, etc. it seems to loop like this
2
> > or
> > > 3
> > > > > > times
> > > > > > > > then
> > > > > > > > > > > just
> > > > > > > > > > > > > gets stuck on the "starting windows" message, and
> > stays
> > > > > there.
> > > > > > > > > > > > >
> > > > > > > > > > > > > there are no error messages.
> > > > > > > > > > > > >
> > > > > > > > > > > > > not sure what the event viewer is. if the above
> > doesn't
> > > > > help,
> > > > > > > how
> > > > > > > > > can
> > > > > > > > > > i
> > > > > > > > > > > > > access it?
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > > "Pegasus (MVP)" <I.can@fly.com> escribió en el
> mensaje
> > > > > > > > > > > > > news:Or8bet41EHA.2568@TK2MSFTNGP10.phx.gbl...
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > "loki" <craigmclaughlan_remove@terra.es> wrote
in
> > > > message
> > > > > > > > > > > > > > news:OYBxN7x1EHA.1192@tk2msftngp13.phx.gbl...
> > > > > > > > > > > > > > > just recently w2000p has been hanging on
> startup.
> > it
> > > > > seems
> > > > > > > to
> > > > > > > > > have
> > > > > > > > > > a
> > > > > > > > > > > > few
> > > > > > > > > > > > > > > attempts at starting, i can see the process
but
> > then
> > > > it
> > > > > > goes
> > > > > > > > > back
> > > > > > > > > > to
> > > > > > > > > > > > the
> > > > > > > > > > > > > > > beginning.
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > (startup normally takes some time; around 3 or
4
> > > > > minutes,
> > > > > > > > which
> > > > > > > > > i
> > > > > > > > > > > put
> > > > > > > > > > > > > down
> > > > > > > > > > > > > > > to the A/V and firewall.)
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > i reboot and it starts 2nd time around, but
i'm
> > > > worried
> > > > > > that
> > > > > > > > one
> > > > > > > > > > day
> > > > > > > > > > > > it
> > > > > > > > > > > > > > > won't... so it seems that a hot reboot works
> fine
> > > but
> > > > a
> > > > > > cold
> > > > > > > > > > reboot
> > > > > > > > > > > > > > doesn't.
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > the only new software i've addded that *might*
> > > > coincide
> > > > > > with
> > > > > > > > > this
> > > > > > > > > > > > > problem
> > > > > > > > > > > > > > is
> > > > > > > > > > > > > > > EZ antivirus v6 and mozilla firefox v6.
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > i've run a virus scan and ad-aware and still
> have
> > > the
> > > > > > > problem.
> > > > > > > > i
> > > > > > > > > > > have
> > > > > > > > > > > > > all
> > > > > > > > > > > > > > > updates for w2000p.
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > i'd also like to know just what i do in case
it
> > does
> > > > > hang
> > > > > > > and
> > > > > > > > > > won't
> > > > > > > > > > > > > reboot
> > > > > > > > > > > > > > > EVER.
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > thanks
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > It's a little difficult to comment on your case
> > since
> > > > you
> > > > > > > > > > > > > > include no details about how far the failed boot
> > > > processes
> > > > > > > > > > > > > > go, what messages you get, what happens when the
> > > > > > > > > > > > > > machine stops and what reports you see in the
> Event
> > > > > Viewer.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Next message: Pegasus \(MVP\): "Re: Access registry remotely?"
- Previous message: Bob H: "Re: 'system file missing or corrupt' again!"
- In reply to: loki: "Re: problem w/ cold boot"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
