Thread: constant restarts
View Single Post
Old 11-19-2006, 09:24 PM  
Deckard
TSF Team, Emeritus
 
Deckard's Avatar
 
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows


I don't know if this will take care of the reboot problem, but it very well might. You may have a worm hidden in there.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.


On a machine with Internet access

Download CleanX-II
Please download CleanX-II and save it to your thumbdrive.


Download Attachment
Download the file attached to this post and save it to your thumbdrive.

On your machine we're working on

Copy Tools to Desktop
Since we need to go into Safe Mode, your thumbdrive may not be available. Copy CleanX-II and whirlpool6.zip from your thumbdrive to your Desktop. Extract the contents of whirlpool6.zip.


Reboot
Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.


Run CleanX-II
  1. Disconnect/unplug the computer from the Internet.
  2. Save any work which you're doing & close all other programs.
  3. Double-click CleanX-II.exe
  4. The tool will begin scanning your machine. Because this worm names it's files randomly, there are a series of cross-checks/verification processes to ensure that the tool does not remove legitimate files. Depending on the size of your drives, this scan may take several minutes. Please be patient during this period & allow it to complete it's task.
  5. Once it has finished scanning, it will provide a log file, which will be saved to your Desktop with the name CleanX-II.txt. Please post that log.

Fix Registry
Double-click on the whirlpool6.reg file, which you got from the downloaded attachment here. It will ask you if you want to merge/add it to the registry -- choose Yes. You may delete both whirlpool6 files now.


Deletions
Delete this file if it still exists: C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\br4743on.exe


Reboot
Reboot your system to Normal Mode.


Re-run ComboFix
Double click combofix.exe & follow the prompts. When the tool has finished, it will move the old log to C:\ComboFix2.txt and produce a new log in C:\ComboFix.txt. Please include both logs in your next reply.
With Your Next Post...
Please copy these logs and paste the following with your next reply (in this order please):
  1. The contents of CleanX-II.txt,
  2. the contents of C:\ComboFix.txt,
  3. a new HiJackThis log taken after ComboFix finishes.
Let me know if your computer has quit rebooting and if your Internet connectivity has been restored.
Attached Files
File Type: zip whirlpool6.zip (406 Bytes, 64 views)
__________________
The chance to begin again in a golden land of opportunity and adventure.

Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.


UNITE/ASAP: Proud member since 2006
Deckard is offline