Windows XP freezes and 1 continuous beep - Page 12 - Overclock.net

mastercosby · 04-09-09

Ignore the last part of my previous post, I didn't read the whole thread before I posted. Good to know the problem is related though.

What I did find interesting though is that windows live started working again when I booted in debugging mode.

psmith · 04-09-09

Quote:

Originally Posted by winston

Just finished working on a machine with same symptoms. Try scanning your pc with:

http://rootrepeal.googlepages.com/RootRepeal.zip

Run the program, select File at the bottom, then Scan. Our Dell PC w/ winXP would lock up within an hour or so and emit one continuous beep. Root Repeal found a Master Boot Record virus. Once removed, we ran Malwarebytes and haven't had it lock up yet--12 hours so far!

MBR infected! I can't believe it, the nightmare could be over!

Running in 'debugging mode' I ran RootRepeal, scanning files and NO MBR problem was found. Re-booting without 'debugging mode' and scanning again and immediately the MBR problem shows up - right click, select 'immediate repair and reboot' (or something to that effect) and so far so good.

I also had quite a few 'Stealth Objects' that are no longer there when running RootRepeal again.

Although I've looked I couldn't find any detailed information on 'debugging mode', but it seems it must execute a different kernal (or files that make up the kernal) or even slightly different boot record? (I don't understand the details of the MBR).

So, YOU MUST run RootRepeal without debugging mode on, or it wont find the MBR problem.

If you system won't come up without debugging mode you can try a system restore - to get it to come up. If that doesn't work, from safe mode run MSCONFIG and turn of as many processes as you can (sorta a custom safemode) - although, maybe Rootrepeal works in safemode? Haven't tried it, but chances are it might not find the MBR problem with safemode on...?

jkaz · 04-09-09

RootRepeal also found the MBR rootkit on my computer ;]

Hopefully this is the end...

psmith · 04-09-09

Infection caused by: Web page (assume javascript)

Code:

Application                      Found Problem
Anti-Virus
 TrendMicro OfficeScan            No   
 AVG                              No
 ESET                             No
  Others?

Anti-spyware/maleware
 SuperAntiSpyware                 No
 Malwarebytes Anti-Malware        No
 SpybotSearchandDestroy           No
 AVG anti-spyware                 No
 ESET                             No
  Others?

Anti-Rootkit
 Sophos                           No
 GMER                             No
 Rootkit Unhook                   No
 RootRepeal                       YES YES YES

jkaz · 04-09-09

Wait lol after rootrepeal is done scanning how do we remove the files?

psmith · 04-09-09

Right-click and select immediate repair and reboot. (on the MBR! entry)

jkaz · 04-09-09

Wow i'm an idiot thanks.

Did you also delete other things that came up during the scan? The first scan revealed a ton of things but after I deleted the MBR rootkit most of these disappeared.

There's still a couple things left though and I'm not sure what to do.

skoops · 04-09-09

You guys, I think we have finally exterminated this virus!

I just ran the RootRepeal program as well, and of course, it found the infected MBR! I immediately stopped the scan, right-clicked on the file and repaired and restarted, just like you guys said to do. As of now, I have not had any freezing, I think we finally figured it out guys!

Thank you so much to the person who found a fix for this horrendous virus, it is greatly appreciated!

So everyone, try running that program, delete the infected MBR and you should be all cleaned up!

Thanks to everyone who participated in this thread as well, we did it guys!

jaz007 · 04-09-09

Awesome guys!
Can't try it as I reformatted my hard drive, but 2 questions:
- what's the name of that virus
- how come it went through my up-to-date antivirus ?
Thanks

skoops · 04-09-09

Quote:

Originally Posted by jaz007

Awesome guys!
Can't try it as I reformatted my hard drive, but 2 questions:
- what's the name of that virus
- how come it went through my up-to-date antivirus ?
Thanks

Didn't really have a name, it just said infected MBR or something along those lines.

That, I have no idea, must be an extremely new virus that hides itself.

		Overclock.net - Overclocking.net > Intel > Intel CPUs
Windows XP freezes and 1 continuous beep

04-09-09	#111 (permalink)
mastercosby New to Overclock.net Join Date: Apr 2009 Posts: 3 Rep: 0 Unique Rep: 0 Trader Rating: 0	Ignore the last part of my previous post, I didn't read the whole thread before I posted. Good to know the problem is related though. What I did find interesting though is that windows live started working again when I booted in debugging mode.

04-09-09	#113 (permalink)
jkaz New to Overclock.net Join Date: Apr 2009 Posts: 13 Rep: 0 Unique Rep: 0 Trader Rating: 0	RootRepeal also found the MBR rootkit on my computer ;] Hopefully this is the end...

04-09-09	#115 (permalink)
jkaz New to Overclock.net Join Date: Apr 2009 Posts: 13 Rep: 0 Unique Rep: 0 Trader Rating: 0	Wait lol after rootrepeal is done scanning how do we remove the files?

04-09-09	#116 (permalink)
psmith New to Overclock.net Join Date: Apr 2009 Posts: 12 Rep: 0 Unique Rep: 0 Trader Rating: 0	Right-click and select immediate repair and reboot. (on the MBR! entry)

04-09-09	#117 (permalink)
jkaz New to Overclock.net Join Date: Apr 2009 Posts: 13 Rep: 0 Unique Rep: 0 Trader Rating: 0	Wow i'm an idiot thanks. Did you also delete other things that came up during the scan? The first scan revealed a ton of things but after I deleted the MBR rootkit most of these disappeared. There's still a couple things left though and I'm not sure what to do.

04-09-09	#118 (permalink)
skoops New to Overclock.net Join Date: Apr 2009 Posts: 28 Rep: 0 Unique Rep: 0 Trader Rating: 0	You guys, I think we have finally exterminated this virus! I just ran the RootRepeal program as well, and of course, it found the infected MBR! I immediately stopped the scan, right-clicked on the file and repaired and restarted, just like you guys said to do. As of now, I have not had any freezing, I think we finally figured it out guys! Thank you so much to the person who found a fix for this horrendous virus, it is greatly appreciated! So everyone, try running that program, delete the infected MBR and you should be all cleaned up! Thanks to everyone who participated in this thread as well, we did it guys!

04-09-09	#119 (permalink)
jaz007 New to Overclock.net Join Date: Apr 2009 Posts: 2 Rep: 0 Unique Rep: 0 Trader Rating: 0	Awesome guys! Can't try it as I reformatted my hard drive, but 2 questions: - what's the name of that virus - how come it went through my up-to-date antivirus ? Thanks

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)