[Smooth Criminal]

story......
a girl comes to me in the morning and says her system has gone wrong.......<no more giving info on her :evil:>
basically its a system similar to mine
1.5 years old hardisk formatted at least 10 times in the past...the most recent being 6 months back
2.p4,256mb ram,crappy mercury mobo and sort
the problem is when she boots xp....the thing gets stuck....that is her explorer doesnt open<i tried opening it and after 15 minutes it did.....i just launched the hijack this and again it moved away
restarted it by pressing ctrl...alt.del but it goes away and then keeps comin and going:???:.......>

i would have done a full format and said gtfo but.......she insist that i should not format and do something else<as she fears her hardisk maybe gone as its giving squeaky noises already><tried explaining her but in vain>

my first interpretation was to see if its infected or not.....

so i installed hijack this<currently downloading avg>......here is the log file

so can you guys look into it and find something like a virus in it??

 

[Naix]

Did she install any program recently or did she use memorystick from untrusted source?

 

[Smooth Criminal]

no....no........it just happend like that

3 cases could be possible
1.****ed up xp
2.virus
3.combo of the two
4.hardisk is going dead

 

[gamefreak94]

One solution: Change the HD, it's out-of-date and won't hold on much longer any way, better that she back-up all her data rather then loose it

 

[masta.g.86]

That log file isn't pointing out anything like a virus.

1.) Try right-clicking on the C: drive and go to properties.
2.) Click the "Tools" tab.
3.) Under "Error checking" (or "Scandisk") click "Check Now".
4.) Make sure BOTH options are checked.
5.) Click "Start".
6.) You will get a message saying that a disk check cannot be performed until after restart, so restart the computer and be patient. (It can take quite a while. Brew a cup of coffee in the meantime. )

 

[gamefreak94]

Or you could just go into 'Run' and type 'chkdsk'

 

[masta.g.86]

Or you could just go into 'Run' and type 'chkdsk'

'chkdsk /f /r' to be the equivalent of what I originally posted...

 

[gamefreak94]

Is there a difference between the pre-boot scan and the one that happens inside the OS? My dad thinks its better to run the pre-boot one so that it can access all the Widows files and stuff. Just asking because I find it to be pretty time consuming and would rather run the normal one if there's no real benefit

 

[Kirby]

Is there a difference between the pre-boot scan and the one that happens inside the OS? My dad thinks its better to run the pre-boot one so that it can access all the Widows files and stuff. Just asking because I find it to be pretty time consuming and would rather run the normal one if there's no real benefit

chkdsk can only run in read-only mode when used inside the OS. If problems are found, then it can only be fixed during pre-boot (hance why chkdsk won't run with the /F switch)

 

[RF]

D:\WINDOWS\system32\csrsc.exe << theres one, get processexplorer too.

 

[masta.g.86]

D:\WINDOWS\system32\csrsc.exe << theres one, get processexplorer too.

Ah, you're right RF! :thumb: I guess I mistook csrsc.exe for one of the many other csr*.* files in system32.

So yeah, there's a virus. Check it out here.

 

[RF]

Went to play Left4Dead, there is more garbage but not necessarily virus/malware/etc.

Nuke these with an IE reset or disable the add-on. Easy to do in IE7

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = Rediff Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Rediff Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Rediff Search
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

That previously mentioned virus is also running as a service:

O23 - Service: Windows Spool Services (WinSpoolSvc) - Unknown owner - D:\WINDOWS\system32\csrsc.exe

net stop winspoolsvc

 

[Smooth Criminal]

ahh thanks for the responses.......
currently trying those.......and man o man this ***** is taking 25 minutes to load......LOL......guess the hardisk......i never saw a virus that can do that kinda ****

 

[Naix]

I can see ur attempt to make her ur gf Good Luck though :thumb:

 

[Smooth Criminal]

exactly ,:drool: she looks so cute........

headsup::

i slept early yesterday didnt do anything much.......i would do the above things in an hour or so+run avg to see if its something from virus side.......

 

[Squall-Leonhart]

good catch RF, the windows spool service does not exist as a legit service

C:\WINDOWS\system32\spoolsv.exe = Legit
C:\WINDOWS\system32\csrss.exe = Legit

 

[PCXL-Fan]

if it comes to salvaging the data off the disk try giving GRC SpinRite a whirl.

its also capable off assessing whether or not the drive is going (dieing).

Tell her she can repay you by taking you out for hot coffee.

 

[Smooth Criminal]

hell yeah.........avg/tips by rf did the trick for me<gives a non gay hug to rf>
i followed a normal virus clean protocol.......and woo.........the system works in all its glory
it has some slow downs here and there coz of the crappy harddisk but its booting fine and i am able to run some programs on it

i got her permission to load an nlighted xp on it...that would make it run even faster

thanks guys.......


also another news.......i am getting a mobo+processor for christmas......<already have the ram and hardisk powersupply>

i would be going for an igp again ......a mobo with nvidia 9400+ e7200 would work fine.........