Am I still attacked with keylogger + Windows 7 shutting down automatically...

[nac]

Just back home...
I restored windows to the one I saw in system restore (repair windows). Now I loaded windows normally, will see whether I get any shutdown issue. Mean while I will try to load bitdefender in usb and run it.

Chris, Yeah, that's the last resort. Just that I have to make sure, windows doesn't shutdown when I am working in safe mode or ubuntu as you suggested.

 

[gagan_kumar]

Out of doubt, I raised this query on other thread. This thread is continuation of that and issues (assuming) I am facing since then...



After discussing things with you guys about the keylogger, I didn't find any issues with the computer, yesterday. But now I am facing an issue - Windows rebooting itself.

I turned on my computer today, Adobe flash update window popped up and I clicked INSTALL. PC hanged and restarted automatically (I wasn't in front of the system when that happened). When rebooting windows shows the message that "the windows wasn't shutdown properly", I chose "Start windows normally". But the windows stayed blank for about 5-10 minutes. I manually rebooted (by pressing physical button in the CPU cabinet). Windows asked whether to launch repair or start normally. I clicked "Launch Repair". After 10 minutes, windows couldn't repair it and restarted. I went to Safe Mode and did system restore. Even after that the issue (system rebooting) is not gone. Till now system have rebooted about half a dozen times, once I noticed the blue screen (Windows have detected a problem and shuttingdown...) Before reading everything, system shutdown(ed?). Somewhere in the middle I read TCP.ip

Now I think, about 3-4 times system rebooted when I tried to access internet. But I am not sure whether that I am wildly assuming it after reading that "TCP.ip" or that's the fact.

I have downloaded and installed Malwarebyte to detect any trace of keylogger. It detected something called "Opencandy" in roaming folder and removed them. I guess it's nothing to do with keylogger.

Coming to my current problem, what could be the issue?
* Should I do memory test, HDD test?
* If there is any problem I am facing recently, that would be with my DVD drive. But it's been like that for quite sometime. Now I have removed it from the computer.
* PSU fan is up and running, so I don't think it's because of heat or something to do with power. (Few years ago, I had similar problem and had to replace PSU then).
* A new pen drive was used yesterday. (No, it's not connected now).

Is this problem something to do with the discussion I had yesterday (like someone playing or attacking) or it's just the coincidence and actually there is a problem in my computer?

- - - Updated - - -

I forgot to add this...
After seeing TCP.ip, I uninstalled LAN/ethernet drivers and restarted to let windows install the driver when loaded.

I think, since then I am not facing any issue (but I am not sure). I am online for more than one hour without getting rebooted.

When I tried to find crash dump, only one file exists in that folder. (I think that's the one when I saw the TCP.ip blue screen notice before windows shutdown)

- - - Updated - - -

In the last 45 minute system had shutdown thrice due to OS detected some error in tcpip.sys. After second time, I unplugged DVD drive connection. But still PC shutdown even after disconnecting dvd drive. I am trying to find the cause for this issue. I would really appreciate any help regarding this.

- - - Updated - - -

Today, so far system rebooted about 4 times.

I ran chkdsk, it ran for more than an hour. While it was running, sometime it stayed idle for long time. I thought it's frozen. But suddenly it started running. At the end of the process, it said "an unspecified error occurred" and alphanumeric code like thing.
And "Unable to set chkdsk ran once flag" and frozen for about 15 minutes before restarting just to continue the chkdsk process. I let it run, and it did run for another hour and frozen at the end. Again it said "an unspecified error occurred" but two errors this time. I waited for windows to reboot itself, but it didn't for more than 30 minutes and I lost my patience. So I manually rebooted, and tried to repair. But windows couldn't find a problem. Checked system restore, now it shows an older one which I didn't see it yesterday. Ran Windows memory diagnostic and I didn't see the result when I logged in after rebooting.

Now this issue is really annoying. I couldn't work.

Finally, I found the crash dump. Here is the last two...





There is nothing new hardware/software I installed on 22nd night (that was the last day my system was running fine). But suddenly on 23rd morning out of blue this issue popped up and I couldn't do my work yesterday.

Please help me to fix this issue. I want the system to be up and running before Monday morning.

problem solved or still there?

- - - Updated - - -

well i can't do much help but ask a few questions .........

first is ur pc able to boot up properly
second if yes then for how much time
third try working in ur system without any network connection and see how much time it can work without problems
try replace that file which is giving u error from some other's person's os file...........(same windows version ofcourse)
also try taking a picture of the screen(blue screen) if u get a chance............

REMEMBER FRESH INSTALL IS REALLY THE BEST SOLUTION HERE..........

 

[kunalgujarathi]

Scan with Malwarebytes once!

 

[nac]

I have been using windows (normally booted) for the last 45 minutes. So far no issues. Can't conclude it too early...

Gagan,
* Since I haven't used it for long, I better assume that the problem is yet to be solved.
* Yes, system properly boots (coz of system shutdown to prevent damage, windows bring up that option (Repair or Launch windows) when booting.
* Time varies every time. Sometimes as soon as logged in, and sometimes more than an hour.
* Yeah, I will try without any network.
* I thought about replacing/fixing that file. But I wasn't sure that's a right thing or not
* I have posted the crash dump before (If you want the snapshot, I will post it)

Fresh installation - Yeah, I agree. But that's the last option.

Kunal, Already done.

- - - Updated - - -

Crash dumps disappeared. I think coz of system restored to earlier point.

- - - Updated - - -

3hrs+ and still running fine... I think this is the longest since the issue started.

- - - Updated - - -

I suspect there should be some error in the file I downloaded (bitdefender rescue disc). So thinking of downloading it again... Here is the snapshot of download page from where I downloaded. Can I try the other files instead of downloading the same one I downloaded before?

Here is the site address *download.bitdefender.com/rescue_cd/

*i102.photobucket.com/albums/m108/tkphotos1/res_zpsbe277856.png

 

[rijinpk1]

try the green one. how do you download?? IDM? use any download manager instead of downloading directly from browser.

 

[nac]

^ I am not using any download manager. This time I will use one to download the one suggested.

 

[ankush28]

Dude always check and verify MD5 hash of this kind of files!!!
No matter from where you download there are chances that it may get corrupted(even IDM).
I always double check file hash before booting, its like unique fingerprint of file.

 

[nac]

Thank you Ankush. This is something I have never heard before.
But googling return this result among others...

In December 2008, a group of researchers used this technique to fake SSL certificate validity, and CMU Software Engineering Institute now says that MD5 "should be considered cryptographically broken and unsuitable for further use", and most U.S. government applications now require the SHA-2 family of hash functions. In 2012, the Flame malware exploited the weaknesses in MD5 to fake a Microsoft digital signature.

The security of the MD5 hash function is severely compromised.

I don't understand the depth and this doesn't sound good.

- - - Updated - - -

Downloaded and installed Flashget 3.7 download manager and initiated the download.

 

[ankush28]

Thank you Ankush. This is something I have never heard before.
But googling return this result among others...

I don't understand the depth and this doesn't sound good.

- - - Updated - - -

Downloaded and installed Flashget 3.7 download manager and initiated the download.

Lol you just went truely in depth analysis of md5.
For general purposes md5 or sha-1 is enough. All you need is to do is download any programs which calculates md5 for file. Mostly all security apps, bootable images comes with md5. Look for them on respective webpages. If both code matches then you're good to go.


On this page - *download.bitdefender.com/rescue_cd/ there is md5 available.

 

[nac]

After 10hrs of use, PC hanged and shutdown. But didn't see BSOD or crash dump

^
Yeah, I saw that file. I opened the md5 file in notepad and see a code. And downloaded verifier tools from here... *www.microsoft.com/en-in/download/details.aspx?id=11533

Instruction to use the tool here *support.citrix.com/article/CTX116166

Can I go ahead and try? Both are clean and safe, right?

- - - Updated - - -

Again the new bitdefender is not working. Something I am really missing or there is something wrong with the iso image.

But this time it didn't say "error", instead

Linux c32: Not a COM32R image
Boot: |

- - - Updated - - -

I give up... I have tried several times to load bitdefender, none was successful.

Can I try it using magic iso/disc virtually mounted and scan the system? If not, I am dropping the idea of making bootable usb.

 

[chris]

Can I try it using magic iso/disc virtually mounted and scan the system? If not, I am dropping the idea of making bootable usb.

You need to boot, there is no other way as these are linux. The USB drive is FAT formatted ? I have some problem when i first try to get bootable USB drive, i can't remember exact problem. Try making bootable DVD if you have DVD writer.

 

[nac]

System was running fine throughout the day like yesterday. Unexpected shutdown happened one hour ago. Again second time few minutes ago.

What was I doing then? I was running McAfee virus scan. Could this be the reason?
I wasn't there in front of the system when the system shutdown first time (today). Checked for BSOD, there is no crash dump. Something stroke my mind to check event viewer. I checked, here is the snapshot.

*i102.photobucket.com/albums/m108/tkphotos1/EV2_zpsd8cf22b2.png *i102.photobucket.com/albums/m108/tkphotos1/EV3_zps082efab5.png

*i102.photobucket.com/albums/m108/tkphotos1/EV1_zps0b4916ef.png

And this is the snapshot of event viewer after 2nd shutdown.
*i102.photobucket.com/albums/m108/tkphotos1/2ev_zpsf1fbc799.png

If you guys can see anything in these snapshots with regards to my issue, let me know.

Note: Mcafee was installed about few days before this issue started. But it was running fine for about 5-6 days.

Chris, Yeah it was FAT32 formatted. My friends have tried to load windows OS using USB drive. It was so simple, but I am banging my head.

 

[chris]

Atapi error, look like HDD/cable problem. Try reconnecting the cable, so that you can be sure there is no loose connection.

I have problem with windows installation from USB drive. Not sure why, i can boot from USB windows drive, but it fail at hard disk formatting screen. I had to make DVD to finish the install. That was my first and last Bootable Windows USB trail... may be something wrong with the way i created bootable drive, or that ISO file.

 

[beingGamer]

Constant hanging, rebooting points to heating of CPU or peripherals. Clean your CPU, remove any dust on the processor heat sink.

if doesn't help, download & run 'Combofix'

 

[rijinpk1]

Atapi error, look like HDD/cable problem. Try reconnecting the cable, so that you can be sure there is no loose connection.

I have problem with windows installation from USB drive. Not sure why, i can boot from USB windows drive, but it fail at hard disk formatting screen. I had to make DVD to finish the install. That was my first and last Bootable Windows USB trail... may be something wrong with the way i created bootable drive, or that ISO file.

i am using power iso for the same purpose. no issues till date. you will have some settings to be changed in the bios.
@op, as [MENTION=94364]chris[/MENTION] mentioned, hdd cable might be loose. re-seat it properly. also post a screenshot of hdtune/crystal disk info.

 

[nac]

I have disconnected DVD drive few days ago, could that be the reason for that "atpi" thing?

I have disassembled everything and dusted. Yeah, there lots of dust in the cabinet esp. CPU fan. I will download those applications and run it... Will get back to you with the result.

1. The day this issue started - When I logged in that day, adobe flash player update window popped up and I clicked "Install". Could this be the reason for my problem? May be this version not compatible or have some bugs???

2. The last two times system shutdown when I was running McAfee virus scan. Could this be the one?

When the system shutdown last time, I saw the BSOD. There supposed be a crash dump, but I couldn't find any. Is there anywhere else I can look for it? Yes, it's the same tcpip.sys.

- - - Updated - - -

Can I run those software when I am working? I mean will they take too much memory/CPU to run? I don't want to get interrupted when I am working.
HDtune
Speedfan

 

[rijinpk1]

I have disconnected DVD drive few days ago, could that be the reason for that "atpi" thing?

I have disassembled everything and dusted. Yeah, there lots of dust in the cabinet esp. CPU fan. I will download those applications and run it... Will get back to you with the result.

1. The day this issue started - When I logged in that day, adobe flash player update window popped up and I clicked "Install". Could this be the reason for my problem? May be this version not compatible or have some bugs???

2. The last two times system shutdown when I was running McAfee virus scan. Could this be the one?

When the system shutdown last time, I saw the BSOD. There supposed be a crash dump, but I couldn't find any. Is there anywhere else I can look for it? Yes, it's the same tcpip.sys.

- - - Updated - - -

Can I run those software when I am working? I mean will they take too much memory/CPU to run? I don't want to get interrupted when I am working.
HDtune
Speedfan

you can safely work when running those 2 softwares.

uninstall mcafee; that could be the problem!

 

[nac]

System shutdown few hours ago unexpectedly. I was working then. No, there was no virus scanning or anything. There was no error in the event log before the shutdown happened. Here is the snapshot. *i102.photobucket.com/albums/m108/tkphotos1/evnew1_zpse8d8e964.png After rebooting, there were plenty of errors. Like this... *i102.photobucket.com/albums/m108/tkphotos1/evnew2_zps03cc1a9f.png Uninstalled mcafee and installed g data trial. When I was trying to install g data, it showed compatibility issues with an application (visual studio ... AVG...) and I had to uninstall that. I guess that's a leftover of AVG. Correct if I am wrong. Running HD tune pro. Here is the snapshot of HDD Health *i102.photobucket.com/albums/m108/tkphotos1/hd_zpsf8e9058c.png

- - - Updated - - -

HD tune error scan snapshot *i102.photobucket.com/albums/m108/tkphotos1/htune_zps3961f34d.png Speed fan snapshot. I just opened the program, the information are already there. So didn't run anything... *i102.photobucket.com/albums/m108/tkphotos1/sf_zpsa2ecb132.png I don't know whether it's me or the forum. I don't see any options like inserting image, font size/color or anything. Though I am giving space between lines, my messages are getting compressed with no line space or anything. G data is not updating it's database. "Error connecting server". Seems like my issues are growing

 

[chris]

CRC error on HDD don't look normal. Again, i am not sure how much SMART data can be trusted, it varies between HDD makers.

Since you have install every software recommended by other, including non functioning keylogger, windows may be in bad shape now. It will be better to reinstall Windows. Only install minimum required software on your PC, more software make PC slow, more vulnerable and you need to keep them all updated.

 

[whitestar_999]

CRC error count almost always means faulty sata cable,change it & this value should stop changing.