Solve : Possible virus problem??

1.	Solve : Possible virus problem??
Answer» Hi all, I am having some strange problems with my PCs and hopefully someone will be ABLE to advice me. Thanks in advance. How it started was that my sis's notebook running windows 2000 starts to act werid. Sometimes the notebook can bootup, other times, it will not boot up and you will get this error: Windows 2000 could not start because the following file is missing or corrupt: \system32\ntoskrnl.exe. Please reinstall a copy of the above file. And if successfully bootup, I will sometimes get a domain is not avaliable error and still not able to login. After many many tries, I will be able to get in. So we suspect it's a virus, and I tried running virus scan (NORTON, AVG, Online scanning) but the virus scan will not be able to complete the scan, it will usually hang around 50-53%). So what I did next was to take out the hdd and connect it as a USB drive to my PC. The hdd show up and I attempt to carry out a virus scan with AVG Free. But of course, the scan could not complete and again hangs at around 53%. And it also cause some of the programmes running in my windows XP system to lock up. When I do a reboot at this point, I was not able to get my XP system to start up and I get the following error: Windows 2000 could not start because the following file is missing or corrupt: \system32\ntoskrnl.exe. Please reinstall a copy of the above file. I am totally buffled since my pc is running XP and not Win2k, how is that error possible? A vrius..A boot sector virus ? So I tried to reboot the system from cd-rom, with the XP pro cd in it, it failed. So I decided to pop in the Win2k Pro cd, and what happen next is very strange. I let the system reboot, and when the prompt came up "press any key to contiune booting from cd-rom", I ignore that and the system bypass the cd-rom, but somehow, because the win2k cd is in the drive, my system manage to boot into xp normally ( I tried the same thing without the win2k cd in the cd-rom and the system just return me the same ntoskrnl.exe error, a win XP cd will not work too). I make the mistake of replacing the ntoskrnl.exe through repair console from the XP pro cd, and after this, the system no longer boot up at all. So I did a format on the C: (holding the OS), and did a clean install of XP. Everything went well until I had to reboot after the installation, and to my horror, the same ntoskrnl.exe error came back. Again I had to pop in the win2k cd into cd-rom and do the same thing as before to boot up XP. Next I went into bios to set the boot up device [1] as Hdd, and disabled the rest of the options. And somehow, this seems to set everything right, and I was able to boot into XP normally. (My previous boot set up are [1] cd-rom, [2] hdd, [3] floopy). I also run a full system scan on my system (all my 5 partitions) and AVG was able to complete the scans and all partitions came up as clean. But I am still not sure if my system is indeed ok. Is there any chance, anyone knows what is happening here? Work of a virus? Another question, how can I check if my boot sector is really clean? If I am indeed infected by a boot sector virus, I would not have been able to boot up my system, is that right? I have no idea what I have caught from my sis's HDD since the virus scan cannot complete. Any help is greatly appreciated. Thank you for reading such a long post. romi.... Are we talking about 2 differant machines or just the laptop? What is the current status of the problematic MACHINE ? I have just reread the post again and it is the laptop....... Have you booted it up in Safe mode and run a full antivirus scan with AVG ? It would be a good idea to D/L AVG antispyware and run it in safe mode as well. http://free.grisoft.com/doc/20/lng/us/tpl/v5 I am going to move this post into the spyware and virus section as well. dl65 I am talking mainly about the problems on my XP machine. It somehow caught what was on the hdd from my sis's notebook. Nothing has been done about the notebook yet. I am trying to fix my PC first. I hope this clears up the confusion. The main catch of the problem is that my pc is running XP but I am GETTING a windows 2000 error.romi.... ok....... reboot the XP machine into safe mode and run scans with both AVG anti virus and AVG antispyware. Let us know the results of the scans. dl65 Quote romi.... ok....... reboot the XP machine into safe mode and run scans with both AVG anti virus and AVG antispyware. Let us know the results of the scans. I will do that tonight when I get home. But I did do a full scan with AVG Free and nothing turns out. Will follow up.romi.... Was the scan run in safe or normal mode ? dl65 Follow what dl65 already advises but make sure you have exposed all Hidden Files & Folders first. To enable the viewing of Hidden files follow these steps: 1. Close all programs so that you are at your desktop. 2. Double-click on the My Computer icon. 3. Select the Tools menu and click Folder Options. 4. After the new window appears select the View tab. 5. Put a checkmark in the checkbox labeled Display the contents of system folders. 6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. 7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types. 8. Remove the checkmark from the checkbox labeled Hide protected operating system files. 9. Press the Apply button and then the OK button and close My Computer. ********************* (On Windows 2000 or XP)... Download Ewido/AVG Anti Spyware from here …. http://www.ewido.net/en/ It has a fully working 30 day trial period. Install it and update it to the latest definitions. Do NOT use it yet. Now boot to safe mode. Here’s a “how to” if you’re not sure .. http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406 When in safe mode run a full system scan with AVGAS and let it fix what it wants to. REMEMBER TO SAVE THE SCAN REPORT and also remember where** you saved it. Reboot to normal mode and use the computer as you would usually do. [FOOTNOTE > this is a good program to use as an “on demand” scanner even after the trial period is over. Keep it updated and use it to scan your computer from time to time]. Post back the scan report and update us. OJ

Answer»

Hi all,

I am having some strange problems with my PCs and hopefully someone will be ABLE to advice me. Thanks in advance.

How it started was that my sis's notebook running windows 2000 starts to act werid. Sometimes the notebook can bootup, other times, it will not boot up and you will get this error:

Windows 2000 could not start because the following file is missing or corrupt:

\system32\ntoskrnl.exe.

Please reinstall a copy of the above file.

And if successfully bootup, I will sometimes get a domain is not avaliable error and still not able to login. After many many tries, I will be able to get in. So we suspect it's a virus, and I tried running virus scan (NORTON, AVG, Online scanning) but the virus scan will not be able to complete the scan, it will usually hang around 50-53%).

So what I did next was to take out the hdd and connect it as a USB drive to my PC. The hdd show up and I attempt to carry out a virus scan with AVG Free. But of course, the scan could not complete and again hangs at around 53%. And it also cause some of the programmes running in my windows XP system to lock up. When I do a reboot at this point, I was not able to get my XP system to start up and I get the following error:

Windows 2000 could not start because the following file is missing or corrupt:

\system32\ntoskrnl.exe.

Please reinstall a copy of the above file.

I am totally buffled since my pc is running XP and not Win2k, how is that error possible? A vrius..A boot sector virus ? So I tried to reboot the system from cd-rom, with the XP pro cd in it, it failed. So I decided to pop in the Win2k Pro cd, and what happen next is very strange.

I let the system reboot, and when the prompt came up "press any key to contiune booting from cd-rom", I ignore that and the system bypass the cd-rom, but somehow, because the win2k cd is in the drive, my system manage to boot into xp normally ( I tried the same thing without the win2k cd in the cd-rom and the system just return me the same ntoskrnl.exe error, a win XP cd will not work too).

I make the mistake of replacing the ntoskrnl.exe through repair console from the XP pro cd, and after this, the system no longer boot up at all. So I did a format on the C: (holding the OS), and did a clean install of XP. Everything went well until I had to reboot after the installation, and to my horror, the same ntoskrnl.exe error came back. Again I had to pop in the win2k cd into cd-rom and do the same thing as before to boot up XP.

Next I went into bios to set the boot up device [1] as Hdd, and disabled the rest of the options. And somehow, this seems to set everything right, and I was able to boot into XP normally.

(My previous boot set up are [1] cd-rom, [2] hdd, [3] floopy).

I also run a full system scan on my system (all my 5 partitions) and AVG was able to complete the scans and all partitions came up as clean.

But I am still not sure if my system is indeed ok. Is there any chance, anyone knows what is happening here? Work of a virus?

Another question, how can I check if my boot sector is really clean? If I am indeed infected by a boot sector virus, I would not have been able to boot up my system, is that right?

I have no idea what I have caught from my sis's HDD since the virus scan cannot complete. Any help is greatly appreciated.

Thank you for reading such a long post.
romi.... Are we talking about 2 differant machines or just the laptop?
What is the current status of the problematic MACHINE ?
I have just reread the post again and it is the laptop.......
Have you booted it up in Safe mode and run a full antivirus scan with AVG ?
It would be a good idea to D/L AVG antispyware and run it in safe mode as well.
http://free.grisoft.com/doc/20/lng/us/tpl/v5
I am going to move this post into the spyware and virus section as well.
dl65 I am talking mainly about the problems on my XP machine.
It somehow caught what was on the hdd from my sis's notebook.
Nothing has been done about the notebook yet.
I am trying to fix my PC first. I hope this clears up the confusion.

The main catch of the problem is that my pc is running XP but I am GETTING a windows 2000 error.romi.... ok....... reboot the XP machine into safe mode and run scans with both AVG anti virus and AVG antispyware.
Let us know the results of the scans.

dl65 Quote

romi.... ok....... reboot the XP machine into safe mode and run scans with both AVG anti virus and AVG antispyware.
Let us know the results of the scans.

I will do that tonight when I get home. But I did do a full scan with AVG Free and nothing turns out. Will follow up.romi.... Was the scan run in safe or normal mode ?

dl65 Follow what dl65 already advises but make sure you have exposed all Hidden Files & Folders first.

To enable the viewing of Hidden files follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and close My Computer.

***********************

(On Windows 2000 or XP)...

Download Ewido/AVG Anti Spyware from here ….

http://www.ewido.net/en/

It has a fully working 30 day trial period.

Install it and update it to the latest definitions.

Do NOT use it yet.

Now boot to safe mode. Here’s a “how to” if you’re not sure ..

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

When in safe mode run a full system scan with AVGAS and let it fix what it wants to.

REMEMBER TO SAVE THE SCAN REPORT and also remember where you saved it.

Reboot to normal mode and use the computer as you would usually do.

[FOOTNOTE > this is a good program to use as an “on demand” scanner even after the trial period is over. Keep it updated and use it to scan your computer from time to time].

Post back the scan report and update us.

OJ

Solve : Possible virus problem??

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment