Continuous auto-restarting when connecting to internet

Inactive
By Nikhil Modi
Apr 8, 2013
  1. Hello! My McAfee enabled computer was exposed to an unsecured public network recently. The first subsequent use showed no difference from a healthy computer, but that was the last normal use. Upon connecting to the internet, via wireless and wired connections, while booting in safe or in normal mode, it seems to start a short time-count after which it restarts automatically.

    Failed approaches:
    1. A system restore to older points has made no difference.
    2. In a hurry to resume normal use, I backed up all personal data and restored to factory settings, hoping a fresh image would result in resumption of the original state. This made no difference.

    I now have no AV software installed. Searching similar topics on techspot reviels close similarity with several older cases, but since they all had different solutions, I hesitate in directly trying one particular solution without advice (which I would greatly appreciate).
  2. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    For how long your computer will stay up in any mode?
    What Windows version is it?
  3. Nikhil Modi

    Nikhil Modi Newcomer, in training Topic Starter

    The computer stays up for about 30 seconds on this Windows 7 HP Pavilion G6. I'm unable to determine the exact "alive" time because it wouldn't boot up anymore: I was using the system recovery tools to put in a clean image from the recovery partition- a 2 step process. After the first step and subsequent rebooting, windows failed to start with the message "An error occurred while attempting to read the boot configuration data." I am able to reach a command prompt window via system recovery options, but cannot start windows.
  4. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  5. Nikhil Modi

    Nikhil Modi Newcomer, in training Topic Starter

    I wasn't able to get to the command prompt via the 3 methods mentioned, but found another way, also using System Recovery options:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 27 days old)
    Ran by SYSTEM at 09-04-2013 22:21:56
    Running from F:\
    Windows 7 Home Basic (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================

    ==================== Services (Whitelisted) ===================
    4 CNPreloadedSvc; C:\Program Files (x86)\Roxio\RoxioNow Player\PreloadedSvc.exe [433136 2010-09-11] (Roxio)
    2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [681528 2010-08-05] (Hewlett-Packard)
    ==================== Drivers (Whitelisted) =====================

    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========

    ==================== One Month Modified Files and Folders =======
    2013-04-09 22:21 - 2013-04-09 22:21 - 00000000 ____D C:\FRST
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================

    ==================== Memory info ===========================
    Percentage of memory in use: 17%
    Total physical RAM: 3893.86 MB
    Available physical RAM: 3220.41 MB
    Total Pagefile: 3892.01 MB
    Available Pagefile: 3214.41 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.88 MB
    ==================== Partitions =============================
    1 Drive c: () (Fixed) (Total:76 GB) (Free:55.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (RECOVERY) (Fixed) (Total:14.87 GB) (Free:1.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: (RESEARCH) (Removable) (Total:3.72 GB) (Free:2.24 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 374 GB
    Disk 1 Online 3820 MB 0 B
    Partitions of Disk 0:
    ===============
    Disk ID: FEB7AE86
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 76 GB 200 MB
    Partition 2 Primary 14 GB 450 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 76 GB Healthy
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D RECOVERY NTFS Partition 14 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Disk ID: DE8AF07C
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3816 MB 4032 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F RESEARCH FAT32 Removable 3816 MB Healthy
    =========================================================
    ============================== MBR Partition Table ==================
    ==============================
    Partitions of Disk 0:
    ===============
    Disk ID: FEB7AE86
    Partition 1:
    =========
    Hex: 807E261907FEFFFF0040060000008009
    Active: YES
    Type: 07 (NTFS)
    Size: 76 GB
    Partition 2:
    =========
    Hex: 00FEFFFF07FEFFFF0048593800D8DB01
    Active: NO
    Type: 07 (NTFS)
    Size: 15 GB
    ==============================
    Partitions of Disk 1:
    ===============
    Disk ID: DE8AF07C
    Partition 1:
    =========
    Hex: 000001010C14D5C9801F000080407700
    Active: NO
    Type: 0C
    Size: 4 GB

    Last Boot: 2009-09-06 16:58
    ==================== End Of Log =============================
  6. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    I don't see anything malicious there but there is something totally wrong with Windows installation.

    What exactly did you do?
  7. Nikhil Modi

    Nikhil Modi Newcomer, in training Topic Starter

    I used HP's system recovery tool (accessed via F11) and selected System Recovery. It explained the first step would be "Recovery Preparation", which would reformat the main partition, and the 2nd step would be a "Recovery Installation", which would install software and drivers. It mentioned that the system would reboot several times during the process. The first reboot occured at the end of the preparation step, but did not succeed.

    I ran a checkdisk on both partitions: the recovery partition was just fine, the main partition showed something unusual I didn't understand completely.
  8. Broni

    Broni Malware Annihilator Posts: 46,388   +252

    I t could be some hard drive issue but since it's not malware related I suggest you create new topic in some other appropriate forum.
  9. Nikhil Modi

    Nikhil Modi Newcomer, in training Topic Starter

    It started out being an infection issue; I moved (too) quickly in re-imaging the harddrive (and thus the scan log looked clean). I was able to restore it and is now functioning normally. I thank for your help!
  10. Broni

    Broni Malware Annihilator Posts: 46,388   +252



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.