KayLatvia

Error Windows has encountered a critical problem and will restart automatically in one minute - malware or Google Desktop?

8 posts in this topic

OK first my background: I write computer programs but not for work. Have built many a PC from scratch, and back in the days before ghosting drives I have removed viruses, but now I don't even bother--I just reinstall from an old ghosted HD image.

But this recent virus (or malware, etc) has made me curious as to what it is, so I'm asking the board whether we can try and identify it. If successful, I will donate to this org at least USD $25.

System: Intel i5, new, SATA drives, 4 MB RAM, worked fine. Bought in Thailand, where there's lots of cracked programs but trust me, it's not that (I know it's hard to believe, but I've not had problems with such machines before--let's ignore the issue of a secret rootkit keylogging everything I type--the issue for this post is the immediate problem I outline below, not any possible counterfeit programs that may or may not be on this system)

Virus: automatic reboot after a few minutes with a warning message: 'Windows has encountered a critical problem and will restart automatically in one minute'. I have researched this and sometimes it's due to a hardware problem, but in this case, with new hardware that worked for 2 months without a single problem, I doubt it.

Reason I want to find this virus: my ghost image on this PC (a Intel i5) is over a month old, and though I don't do anything important on this machine (I'm posting from my laptop, where I do my real work), I have made some tweaks in the last 30 days and if I reinstall the image I lose those tweaks.

Problem started when a computer geek friend who is heavily into security gave me some data using a USB thumb drive. He joked: "I hope you don't catch a virus" after explaining how USB drivers can fool a PC and how USB drives spread viruses. I'm 90% sure it's because of this incident--since the problems started right after I plugged in the USB drive. But, there's a 10% chance IMO that it's Google Desktop Search--since the index got corrupted, I got a message from Google Desktop Search asking me to uninstall the program and reinstall it--and I did uninstall it, but the problem persists. That said, I doubt Google is at fault since their programmers are pretty good. I think it's my geek friend's machine was infected (ironically--I will needle him now) with a virus that got on my USB stick.

The logs I attached herein. I'm typing this in a middle of a huge electrical storm in Thailand, but I'll check back in a few hours or within a day since it's late evening on Sunday but Monday morning here.

Kay

DDS.txt inline below, the other two files, Attach.txt and Ark.txt, are attached as Zip files

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Administrator at 7:44:14 on 2011-08-15

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3241.2018 [GMT 7:00]

.

AV: COMODO Antivirus *Enabled/Updated* {675CEE69-9702-A524-3989-6D7CC8BF3695}

SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\system32\vmnat.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\Windows\system32\vmnetdhcp.exe

C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files\VMware\VMware Player\hqtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Administrator\Downloads\vddi7lgm.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

uRun: [Google Update] "c:\users\administrator\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [gStart] c:\garmin\gStart.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [<NO NAME>]

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload

mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: ??&????????? Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

LSP: c:\program files\vmware\vmware player\vsocklib.dll

DPF: {7F245E01-651F-48E5-8A85-4752EC65E4ED} - hxxp://192.168.1.126:1026/Cisco210Viewer.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.157.1

TCP: Interfaces\{3CBF1114-AA0A-4AF8-8E9C-B70480A9C499} : DhcpNameServer = 192.168.157.1

TCP: Interfaces\{69767670-D613-4EC2-AE9D-C1ABF869941E} : DhcpNameServer = 203.144.206.29 203.144.206.49

TCP: Interfaces\{69767670-D613-4EC2-AE9D-C1ABF869941E}\169627C6966756 : DhcpNameServer = 168.95.1.1

TCP: Interfaces\{69767670-D613-4EC2-AE9D-C1ABF869941E}\332626D277C616E6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{69767670-D613-4EC2-AE9D-C1ABF869941E}\4505D2C494E4B4F5445314532324 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C6548D16-39DD-485E-B744-69E903176900} : DhcpNameServer = 192.168.60.2

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\96bqwrm7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\users\administrator\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2011-4-10 57112]

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-4-9 752128]

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2011-1-6 17256]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 236600]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 35768]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-4-9 218688]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-4-9 3975088]

R2 OS Selector;Acronis OS Selector activator;c:\program files\acronis\diskdirector\oss\reinstall_svc.exe [2010-5-25 2139400]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-4-1 2656280]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-3-25 539248]

R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-4-9 163232]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-4-1 269824]

R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-4-1 41088]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-4-27 64904]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-4-27 146568]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\drivers\JME.sys [2011-1-22 98928]

S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-11 545792]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-4-1 189440]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-9-10 11520]

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-12 136176]

S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-12 136176]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

.

=============== Created Last 30 ================

.

2011-08-15 00:32:56 -------- d-----w- c:\users\administrator\appdata\roaming\Malwarebytes

2011-08-15 00:32:51 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-15 00:32:51 -------- d-----w- c:\programdata\Malwarebytes

2011-08-15 00:32:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-15 00:32:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-11 13:35:19 -------- d--h--w- c:\program files\Zero G Registry

2011-08-11 13:35:19 -------- d-----w- c:\program files\Britannica 10.0

2011-08-11 13:33:03 -------- d--h--w- c:\users\administrator\InstallAnywhere

2011-07-28 17:39:09 -------- d-----w- c:\program files\RootKitScanner_GMER

2011-07-28 03:38:18 -------- dc----w- c:\users\administrator\appdata\local\MigWiz

2011-07-18 09:57:57 -------- d-----w- c:\users\administrator\appdata\local\COMODO

2011-07-18 08:00:02 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-07-18 08:00:02 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-07-17 13:07:15 -------- d-----w- c:\windows\Profiles

.

==================== Find3M ====================

.

.

============= FINISH: 7:46:40.94 ===============

Attach.zip

ark.zip

Share this post


Link to post
Share on other sites

I ran MSERT (Microsoft Safety Scanner 1.0.3001.0) - a.k.a. Microsoft Security Emergency Response Tool - latest version downloaded from Microsoft, and no viruses were found. I am doing the same using Malwarebytes' Anti-Malware in "Full Scan" mode and I suspect the same will happen.

So far no crashes, but I'm running under "Safe Mode". I've read that some viruses that give the "Windows has encountered a critical problem" error message seem to lie dormant in Safe Mode.

Further, at least once when rebooting I got, alongside the Administrator account (one account named Administrator--sorry I should change it I know) a hidden "Oher User" icon--I've never seen this before. I could not find it in the Accounts section of the Control Panel. I assume this was the work of the virus, but I've not seen it since. Strange.

Please examine my files and let me know what files I should not be loaded in non-Safe Mode. For instance, I don't run Garmin's map program though it's loaded on my machine. I don't some other programs.

What are the chances that, since I'm in Safe Mode, that it's a driver problem not a virus? Since MSERT is not showing any viruses? And I bet Malwarebytes, which is running now for 15 minutes without showing any viruses found, also does not find any problems? But why would the driver problem manifest itself either after Google Desktop (which BTW is designed for XP, not Windows 7, and is being phased out by Google, unfortunately) crashed (and which I uninstalled) or, after I plugged in a USB stick (generic, not a Kingston, which seem to be more foolproof) that was FAT32 formatted, and had not been used much if at all on this i5 PC, and somehow some corrupt driver on the USB stick somehow 'infected' my i5 PC?

Kay

Share this post


Link to post
Share on other sites

This problem may be related to a Google Desktop Search database being corrupted (coincidentally at the very same moment, or shortly just before, the suspect USB stick was inserted into my PC). This is somewhat improbable in my mind, but it's possible since when I tried to reinstall Google Desktop Search I got a message from Google's installer saying "could not upgrade database. There may not be enough free space on the drive or another program may be locking the database.... D 80070020 5.9.1005.12345 "

I tried 'repairing' Google but no luck... I just had the system reboot.

I found this link: http://desktop.google.com/support/bin/answer.py?answer=12354 and I am going through the steps now (trying 'overinstall' then 'uninstall' at the moment).

I will keep this post updated in cases others have the same problem. Very annoying because this problem, if it is Google's fault, mimics an undetectable virus. BTW Malwarebytes did not detect any malware, just as I thought.

Kay

Share this post


Link to post
Share on other sites

Just a quick note: I removed Google Desktop from the system. After about an hour of running Windows I have yet to see a re-occurrence of the problem. Before the problem would manifest itself within minutes (when the computer was idle, in non-Safe Mode, so presumably Google Desktop was working on indexing. So it looks like Google Desktop rather than some unknown malware was the problem. It seems Google Desktop, which is being phased out by Google, was written for Windows XP more so than Vista/7 and causes problems if the index used in the program becomes corrupted. This problem mimics a virus or malware.

I will update this if conditions change.

I still intend to donate something, since this forum, a successor to CastleCops, is useful.

For now I close this thread.

Kay

Share this post


Link to post
Share on other sites

Unfortunately I spoke too soon--it's back. I get the same error now, "Windows has encountered a critical problem and will restart automatically in one minute". This problem from what I've read on the net could be either a bad software driver or a virus. It's hard to tell. Running Malwarebytes in "Full Scan" mode now...but I doubt it catches anything, as last time it did not.

Perhaps I have a rootkit since this is in all probability a counterfeit Windows 7 OS? But see my original files uploaded--no rootkit there? And doubtful I have a rootkit now because I've used these potentially counterfeit Windows OSes for years without problems, and this one for two months without a problem. Besides if it was a rootkit designed to compromise my system it would not advertise itself in this way but stay silent. I think this might be a virus that is not yet on anybody's radar screen, or perhaps a bad driver. I notice for example that this version of Windows 7 does not handle "encrypted" folders very well, and I did set up such an encrypted folder.

I will hold this thread open a while longer. I would like to catch this virus, as an academic exercise, but the easiest thing to do is to go back to the hard drive image snapshot before these problems started, using Acronis.

Share this post


Link to post
Share on other sites

Unfortunately I spoke too soon--it's back. I get the same error now, "Windows has encountered a critical problem and will restart automatically in one minute". This problem from what I've read on the net could be either a bad software driver or a virus. It's hard to tell. Running Malwarebytes in "Full Scan" mode now...but I doubt it catches anything, as last time it did not.

Perhaps I have a rootkit since this is in all probability a counterfeit Windows 7 OS? But see my original files uploaded--no rootkit there? And doubtful I have a rootkit now because I've used these potentially counterfeit Windows OSes for years without problems, and this one for two months without a problem. Besides if it was a rootkit designed to compromise my system it would not advertise itself in this way but stay silent. I think this might be a virus that is not yet on anybody's radar screen, or perhaps a bad driver. I notice for example that this version of Windows 7 does not handle "encrypted" folders very well, and I did set up such an encrypted folder.

I will hold this thread open a while longer. I would like to catch this virus, as an academic exercise, but the easiest thing to do is to go back to the hard drive image snapshot before these problems started, using Acronis.

I found, using a stand alone CD by Kaspersky, that this virus (which escaped my other anti-virus programs) may be responsible: TrojanDownloder. Win32.Agent

I removed this virus, and for now the system is not acting up.

Kay

Share this post


Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Looks like you got the situation under control. Anything else I can help with?

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.