I keep being clobbered by SASSER 1

[gizmo1973]

But all removal tools say I'm not infected.
I have tried the SOPHOS removal tool, PANDA AVG and Microsofts patches.
Is this a new version or am I missing something?

Regards, Phil.

M.U.F.C. Show your true support here:

http://shareholdersunited.org/join.php?ref=125059000

"Shares not Shirts

 

[gizmo1973]

Ok, so a blow by blow of what I have done and its results!

02:00GMT Ran trendMicro s housecall, two virus found. 1 backdr_rbt x 2 files and 1 other rbt both not classed as destructive though machine could be hi jacked, removed both.
Downloaded and ran McAfee Stinger, no results shown.
Switched Machine settings In the System Failure box and Unticked "Automatically reboot".
TT then went down so could not install Patches as per docNorton (as I couldn’t remember them)

11:00GMT, started machine and after 5 minutes the machine rebooted (no blue screen) whilst I was downloading the 1st patch.
On restart the machine blue screened after chkdsk but before log on with a result of DRIVER_IRQL_NOT_LESS_OR_EQUAL Tech Info of ***STOP: 0x000000D1, 0X7577B5E6, 0X000000FF, 0X00000001, 0XF4767FB) Also in chkdsk a hell of a lot of “First allocation units not valid this entry will be truncated” and “ xxxxxx is a cross linked file with xxxxx)

Downloaded and ran x3 Patches as per Doc Norton, 1st and last (in Chris’s order) gave me the error message that my Service Pack was of a higher number than the patches referred to.
The 2nd (KB824146) gave me this error xpsp1hfm.exe is not a valid win32 application
As mentioned before Ad-Aware, Spybot etc all ran before to no effect, would a HJT log be any use?
Hopefully this means I am up to date?
Beginning to suspect a new piece of Hardware, a Belkin, Hi-Speed USB 2.0, 4-Port hub. Bought new from a reputable dealer but have disabled and removed and still get re-boots.
What I have noticed is that after a significant idle time the machine will re-boot up to 3 times in the first 10 to 20 minutes but then will run fine for hours on end.

Sorry for the essay but wanted to get everything across as it happened.
P.S. At home with machine today so any advice can be tried now!!!


Regards, Phil.

M.U.F.C. Show your true support here:

http://shareholdersunited.org/join.php?ref=125059000

"Shares not Shirts

 

[jrbarnett]

Yes, post a HijackThis log. Don't know if it will show anything but there's always a chance.

John

 

[gizmo1973]

Ok tired everything now and still the mahcine shuts down, sometimes with a warining (as above) but most often without any reason why!
I am now thinking of clobbering the hard drive and reinstalling XP or does anyone have any more ideas before I do this?

Regards, Phil.

M.U.F.C. Show your true support here:

http://shareholdersunited.org/join.php?ref=125059000

"Shares not Shirts

 

[IFRs]

I would open it up, reseat all cards and cables. Remove, clean and reinstall the RAM. Boot from a CD and run a scan disk and defrag. I think your hardware is getting flakey. If all else fails, fdisk, format and reinstall (after backing up of course)

 

[iamnotageek]

Try a system restore back to a date just before the fun started. The d1 bugcheck code is usually a driver issue, but can be bad RAM, and they are difficult to isolate without running a Windows debugger on the minidump.

If the System Restore doesn't fix it, consider running some hardware diagnostics, especially on the RAM. Microsoft has a pretty good one for free, at

http://oca.microsoft.com/en/windiag.asp