TechSpot

When I log on, my computer freezes after about 30 seconds

By DaMaluJordan
Feb 22, 2009
Topic Status:
Not open for further replies.
  1. I think my computer has just been infected with some type of virus. I am running Windows Vista Home Premium 64-bit. When I get to the log on screen, I input my password and it takes me to my desktop. After about 30 seconds, an unusual icon appears in the system tray. It is a gray circle that seems to be broken up into small squares inside. I have no clue what that. My brother says that it looks similar to the Adobe Acrobat system tray icon. As soon as it appears, my computer freezes. I can't access anything. The only thing I can do is press Ctrl+Alt+Del. When I do that, I can choose to start the task manager but that does me no good. The task manager does come up but it is completely untouchable. I can't end any processes or anything. The entire dialog box is frozen. The only real option I have is to log off from the screen that comes up in Vista when you press Ctrl+Alt+Del. In the approximately 30 seconds that I have between log on and complete freeze, I tried to figure out what process it was in task manager which caused my computer to freeze. I really couldn't find anything that appeared when that icon appeared. I'm not sure what to do. I managed to get AVG to start scanning my computer in that 30 seconds that I had but I'm not sure if I'll be able to do anything with it once the scan is complete. What should I do? By the way, I am writing this message on my Windows XP on another computer in my house.
     
  2. mflynn

    mflynn TS Rookie Posts: 2,793

    Do the TechSpot 8 steps: http://www.techspot.com/vb/topic58138.html

    Skip no steps (do not install another virus scanner if you already have one, ask me before installing a Firewall).

    Most importantly update MalwareBytes (MBAM) and SuperAntiSpyware (SAS)!

    Before you scan with either MalwareBytes or SuperAntiSpyWare do the Extra Configs below these have become most important lately

    SuperAntispyware extra config

    After installed double-click the icon on your desktop to run it.

    Update the program definitions.

    Click the Preferences button.

    Then Scanning Control.

    In Scanner Options make sure all boxes are checked except #3 Ignore System Restore.. are checked:

    MalwareBytes extra config

    After update but before running
    Click settings and confirm all are Checked.

    I repeat Update these 2 programs.

    Run them and attach their logs.

    Do this correctly and we will make a short job of this!

    Mike
     
  3. DaMaluJordan

    DaMaluJordan TS Rookie Topic Starter Posts: 74

    I'll try to do all of this but I'm not sure if I can. Like I said earlier, my computer basically completely freezes after about 30 seconds. After that 30 seconds, I can't access anything. I don't think I will be able to do some of these things in less than 30 seconds but I'll try.
     
  4. mflynn

    mflynn TS Rookie Posts: 2,793

    Yea you did say that!

    I meant to tell you to boot to Safe Mode with Networking. It may be OK there. Let me know if it is.

    Mike
     
  5. DaMaluJordan

    DaMaluJordan TS Rookie Topic Starter Posts: 74

    I was able to enter safe mode with networking. It didn't freeze. I'll try and do all the steps now. I'll reply back once I complete the steps. Thanks.
     
  6. mflynn

    mflynn TS Rookie Posts: 2,793

    Good to know Safe Mode is not effected.

    Mike
     
  7. DaMaluJordan

    DaMaluJordan TS Rookie Topic Starter Posts: 74

    There's another problem now. AVG won't run in safe mode. It keeps saying: License number could not be fully verified. I'm using Microsoft's License number for it so I'm not sure why it's not working. It worked fine before. Reinstalling it doesn't work either. Should I skip the AVG step?

    Actually, disregard that last statement I made. I was able to go into normal mode and quickly install each program after logging off and logging back on 4 times. Right now I'm running the scans in the normal mode. Once they are complete, I will attach them. By the way, I think I've pinpointed the process that caused my computer to freeze. I think it's something called rlvknlg.exe*32. It's something called Relevant Knowledge. When I ended that process, the icon didn't appear in the system tray so my computer didn't freeze anymore. I'll still run all the scans just in case. I'm sure just ending that process alone didn't solve the problem. I'm sure it's still there somewhere.
     
  8. mflynn

    mflynn TS Rookie Posts: 2,793

    Well actually my message at the top I advised to not install a Virus scanned if you already had one. Did you not have a virus scanner already?

    But proceed I will see it in the logs.

    Mike
     
  9. DaMaluJordan

    DaMaluJordan TS Rookie Topic Starter Posts: 74

    Finished

    Something went wrong with AVG so I had to reinstall it. Anyway, I think everything is fixed. I have the three log files attached though. Please take a look and tell me if there is anything left that I should do. Thanks.
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    -> No action taken on MBAM scan, for found issues
    Please re-run Malwarebytes
    Confirm updated (third tab)
    Then do the above quoted message, but this time "Remove all found issues"

    By the way, you will need to then restart, and run (and attach) a new HJT log

    ---------------

    By the way, you presently have AVG8 (not ideal)

    Uninstall your AVG Antivirus
    Then run the removal tool
    Here is the 32Bit version (most users): http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe
    Here is the 64Bit version: http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe

    Restart

    Install Avira free AntiVirus

    Then run Malwarebytes ;)
     
  11. DaMaluJordan

    DaMaluJordan TS Rookie Topic Starter Posts: 74

    Ok

    I've removed AVG and installed Avira. I'm rescanning with Malwarebytes right now. Once it's done, I'll remove everything, which I'm sure I did before but I guess something happened. I'll rescan with Hijackthis after and attach both log files when I'm done.
     
     
  12. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Get ready for the Avira "found Virus" notifications :D
    You need to quarantine them manually each time one is found

    To avoid watching the screen for this, you can run a full scan with Avira first
    On the first found Virus, you can select Quarantine (as per usual) but this time you can tick, make this the default action (no need to stay and watch then) :grinthumb
     
  13. DaMaluJordan

    DaMaluJordan TS Rookie Topic Starter Posts: 74

    Logs

    Well, I was right about the Malwarebytes thing. I did remove them before. I rescanned and found nothing this time. I'll attach the latest log. I'll also attach the latest log of hijackthis.
     
  14. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    You know I'm going to contact Malwarebytes over this
    Because your last log said, "No action taken" But it still removes them anyway :)confused: )
    This has happened a lot of times on many threads

    I haven't viewed the HJT log as yet, but did Avira find any more Virus or Malwares?

    I need to sign off soon, and checking the log takes some concentration, which I'm presently losing :zzz:
     
  15. DaMaluJordan

    DaMaluJordan TS Rookie Topic Starter Posts: 74

    Avira is almost done scanning. It is currently at 99.8%. If Avira finds stuff, I'll quarantine it. If it comes with a log, I'll show you that as well.

    Here is a log from Avira. It found some things but it didn't give me any option to get rid of them so I'm not sure. If it was those rare popups from avira, I've deleted or quarantined those files. Should I do anything else or am I good?
     
  16. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Looks good :grinthumb

    Clear & Reset System Restore's Cache

    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
    * Tick on the checkbox - Turn off System Restore on all drives
    * Click Apply
    Turn it back 'On' by unticking the same checkbox & click Apply, and then OK
     
  17. DaMaluJordan

    DaMaluJordan TS Rookie Topic Starter Posts: 74

    Thank you. I've done everything you said and everything seems to be running just fine. Thanks again.
     
  18. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Thanks for the update :grinthumb
     
  19. mflynn

    mflynn TS Rookie Posts: 2,793

    Good morning

    I too have noticed several people say they removed and the 2nd run was different or clean.

    Thread Closing-------------------------------------------------------------------

    Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.

    Remove ComboFix
    Start-Run
    type
    combofix /u
    Hit enter or click OK.

    Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

    Save to desktop.

    This will remove all the tools we used to clean your computer.


    Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"

    Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.

    If prompted to Reboot click, Yes.
    OTCleanit will delete itself when finished, If not delete it by yourself.

    -------------------------------------------------------------------------------------
    Run CCleaner http://www.ccleaner.com/download/builds (get SLIM at bottom no Yahoo toolbar)
    Run twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

    Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.

    KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
    Fantastic cleaner.
    -------------------------------------------------------------------------------------
    The issues can and are likely found is in System Restore so do the below

    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

    Then Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.
    -------------------------------------------------------------------------------------

    Every two weeks or so, run MBAM and SAS until clean.

    They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.

    If they find something they can not clean, then get back to us.

    Additionally run CCleaner. ATF-Cleaner and KCleaner.
    ----------------------------------------------------------------------------------------
    I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.

    It was designed to be used with and to co-exist with other Virus scanners.

    Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.

    It's like looking at it with 2 sets of eyes and from a different angle.

    It works like some Firewalls do to learn what is good/bad.

    After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.

    As it queries you about the prompt to help you determine to approve or not you can google it with one click.

    http://www.threatfire.com/Download/
    -------------------------------------------------------------------------------------
    Look at http://www.javacoolsoftware.com/spywareblaster.html

    Run SpyBot ocassionally and use the Immunize function.
    http://www.safer-networking.org/en/download/

    I highly reccomend Hostman: Hostman http://majorgeeks.com/HostsMan_d4592.html

    Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.

    A Disk Scan (chkdsk) and Defrag are in order.

    Mike
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.