Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
Today when I went to start my computer, it would restart right after the start up logo. I am able to get online and run it in safe mode but am puzzled by what is causing the problem. Only idea is my temp folder. For the past week Norton has been hitting me with alerts of temp files acting weird and being removed from my temp folder that seem to just reappear after a while. Deleting the temp folder has fallen on some resistance since it says a file is open somewhere else. Properties shows there are 12 folders, yet there are none visible even when I turn hidden files on. Last note is when I had windows run a scan on all programs that start up, one of them was from the temp folder. Do not know if that is the cause of this problem since I dont even get to the windows loading page before the restart happens. Happens right after those orbs make the windows logo, then black screen fallowed by restart
Also says superfetch is not running yet that might be do to being in safe mode.
you will have bare minimum amount of services running in Safe Mode, that is normal.
Were you able to get to the user login screen at all or it reboots even before that?
If you can get to the user login screen and it craps out afterward, the local user profile is corrupt.
If it happens beforehand, it is the filesystem. If you haven't made any changes to your system, installed/uninstalled any programs or drivers, my guess you got hit by a pesky malware.
How Windows savvy are you? Would you be able to boot to a removable media like DVD/Flash drive and scan the system? I personally recommend and use UBCD for any kind of diagnostic work where you cannot even boot the operating system in normal mode. I like using a bootable media to scan for system and malware issues because the operating system is inactive so if there is a malware infection, even if there is a hidden partition created by a powerful Trojan, you will be able to eradicate the issue that way.
You could however, boot in Safe Mode w/ Networking to see if you get a network connection, then download couple of solid standalone malware/virus scanners. Downloading a normal application like Malwarebytes and trying to install it in Safe Mode would probably not work. So, I would probably start buy deleting temp file folders using a standalone tools like ATF-Cleaner and try running something like McAfee's Stinger which is a standalone app that doesn't require installation and checks for boat load of infections and quite effective.
Anyhow, just throwing some ideas to get you rolling.
Thanks I will start going down the list to see what might work. Must be a system infection since it happens before the windows login page. Right after window loads and you gain control of your mouse and keyboard, instead of showing the typical blue windows page, it just stays black for around 30 seconds before restarting.
Summery: Was infected by ZeroAccess Trojan. Stinger removed almost all the files, enough for me to get into the system but not enough to stop it from trying to reinstall itself. Ran Norton's fix for the problem and can now get in with any problem yet I am still getting reports of files trying to run on my system.
May of found the cause, waited a minute and nothing. Opened firefox and got hit with reports of trojan's. Firefox could be infected and is linking me to malware
Note* Might not be firefox after all. It would seem that the moment I open either Internet Explore or Firefox I start to get hit by trojan's. All from ZeroAccess, which is located in file services.exe in System32 it would seem.
Last edited by rgomez912; 03-06-2013 at 11:58 PM..
Summery: Was infected by ZeroAccess Trojan. Stinger removed almost all the files, enough for me to get into the system but not enough to stop it from trying to reinstall itself. Ran Norton's fix for the problem and can now get in with any problem yet I am still getting reports of files trying to run on my system.
May of found the cause, waited a minute and nothing. Opened firefox and got hit with reports of trojan's. Firefox could be infected and is linking me to malware
Note* Might not be firefox after all. It would seem that the moment I open either Internet Explore or Firefox I start to get hit by trojan's. All from ZeroAccess, which is located in file services.exe in System32 it would seem.
In short, your system is infected, internet browser is just a vessel or probably a trigger mechanism for the Trojan to activate itself since it seemingly hooked itself to core system process/services. Sounds like a Rootkit type.
If it is really that pesky, my advice, salvage your files (documents, pictures, bookmarks/favorites, etc.) and the do a fresh install of Windows. As a novice user, it is not worth taking a chance on a compromised system.
1:15AM - 924e.tmp detected by SONAR
1:24AM - da19.tmp detected by SONAR
4:16AM - Unauthorized access blocked(Set Registry Security Key)
11:27AM - 2f75.tmp detected by SONAR
4:23PM - Unauthorized access blocked(Set Registry Security Key)
7:08PM - IP Address has disappeared from adapter Teredo Tunneling Psuedo-Interface...
7:08PM - IP Address has disappeared from adapter Teredo Tunneling Psuedo-Interface...
7:08PM - Protecting your connection to newly detected network....
7:08PM - Protecting your connection to newly detected network....
8:38PM - An instance of AAB7.tmp is preparing to access the internet.
****************Start of major infection?**********************
8:38PM - You allowed AAB7 to access your network resources.
************************************************** ******
8:38PM - IP Address has disappeared from adapter Teredo Tunneling Psuedo-Interface...
8:38PM - IP Address has disappeared from adapter Teredo Tunneling Psuedo-Interface...
3/6/13
12:49AM - An instance of 6d60.tmp is preparing to access the internet
1:39AM - No user is logged in.
8:24AM - Firewall has been enabled
8:24AM - Protecting your network on newly detected network....
8:24AM - Protecting your network on newly detected network....
8:24AM - Protecting your network on newly detected network....
8:24AM - Protecting your network on newly detected network.....
8:24AM - IP has disappeared from adapter....
8:24AM - Protecting your network on newly detected network......
8:24AM - An instance of Norton360/ccsvchst.exe is preparing to access the internet
8:28AM - Firewall setting "AlertThreadEnabled" changed
8:28AM - User logged in.
8:28AM - Connected to a shared network(******)
8:28AM - Connected to a protected network(******)
*Around this time I tried to get on but could not and made this thread*
3/7/13
12:16AM - Firewall has been enabled
12:16AM - Protecting your network on newly detected network....
12:16AM - Protecting your network on newly detected network....
12:17AM - Protecting your network on newly detected network....
12:17AM - Protecting your network on newly detected network.....
12:18AM - IP has disappeared from adapter....
12:18AM - Protecting your network on newly detected network......
12:21AM - An instance of Norton360/ccsvchst.exe is preparing to access the internet
12:22AM - Firewall setting "AlertThreadEnabled" changed
12:22AM - User logged in.
12:22AM - Connected to a shared network(******)
12:22AM - Connected to a protected network(******)
If that didn't work, I would pull the plug (restore your pc to factory settings with a CD or from the hard drive partition) like TurcoLoco suggested. I think you can waste more time searching for viruses when the computer can be made clean (like when you first bought it on day one) in less time.... especially if you do transactions on your pc that you don't want someone stealing passwords, etc.
If that didn't work, I would pull the plug (restore your pc to factory settings with a CD or from the hard drive partition) like TurcoLoco suggested. I think you can waste more time searching for viruses when the computer can be made clean (like when you first bought it on day one) in less time.... especially if you do transactions on your pc that you don't want someone stealing passwords, etc.
I've used TDSSKiller recently and was amazed how well it worked. Awesome tool!
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.