Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Unable to Shut Down and Log Off Correctly-Host Filed Infected

Status
Not open for further replies.
intuity

intuity

Technical User
Aug 17, 2004
69
US
Hi,
I am working on a friend's PC which runs Windows XP. She has the Administrator's account rights and has four oter user accounts created to share the PC. First problem is that she can't access Symantec's web site to download current anti virus files. I checked her host file and found a ton of entries with the 127.0.0.1 address pointing to all kinds off different web addresses. For the moment, I have simply deletd those entriesand cut and pasted the correct entry 127.0.0.1 local host.
I tried to run CWShredder but it terminated before completing indicating it ran into a problem and wanted to send a report to MicroSoft. I have not see nthis before. I then tried to run Spy Bot S&D it found a number of items to fix but could not fix them becasue it claimed some win.ine fiel with a German name to it was currently being used. Not sure what that is all about. Finally, she showed me that when she clicks on the start button, then clicks on shut down, it does not turn her PC off. She must then click on switch user id button, then click shut down and log off. I have never see nanything tha takes control of the ability to sut down or log off the PC, especially since she is the Administraator account. I would apprecaite step by step suggestions for how to clean and fix these problems, thanks, Intuity
 
Sort by date Sort by votes
See my notes in faq608-4650 as to why CWShredder terminates early.
 
Upvote 0 Downvote
Bcastner,

Thank you for the tip. What do you think is preventing her from suting down of just logging off correctly? IS it a rowser hijacking the system or some sort of virus\worm?

Intuity
 
Upvote 0 Downvote
It is a stuck process somehow.

As a test: Start, Run, CMD
shutdown -s -f -t 0

Does it now shutdown?

One thing that could possibly help is to add a new service:
But I would do the malware cleanup to make sure it is not a bad guy that is the stuck process.

In addition, you should review:


Best wishes,
Bill Castner
 
Upvote 0 Downvote
Bcastner,

Thank you once again I am new to the virus and malware clean up process and am having to ask some novice questions. OK, should I run all of the malware aclean up tools in normal mode on XP first or run them in safe mode first and then in normal mode after reboot? I am thinking that the infected host file will be taken care of properly by running the malware and spyware tools. I am not at the infeted PC at this time and wont be able to get to work on it more until around 7-8pm EST tonight. I am trying to get my plan of attack worked out so that I can focus intently on a strategy once in fron of the PC again. Thus, I am trying to determine which tools to run, the corect order and which operating mode to run them all in (normaal or safe). Norton anti virus always suggests running averything i nsafe mode then again in normal mode.
thanks, Intuity

 
Upvote 0 Downvote
I would before anything else disable System Restore (if an XP workstation).

First, in normal boot mode, let the Microsoft Antispyware (freeware until the end of July, 2005) handle the heavy lifting:
Second, reboot into normal Mode. follow faq608-4650 although you do not have to do the antivirus scans. Run CWShredder, Adaware and Spybot as discussed.

Third, boot into Safe mode. Run Adaware and Spybot.

Finally, hopefully you are still running the active agents in the Microsoft product. It would be worthwhile adding Spyware Blaster to the mix:
Best wishes,
Bill Castner


Best,
Bill Castner
 
Upvote 0 Downvote
Bcastner,

thank you very, very much for the detailed resolution process. This is what I neeed to put in place, a good plan! I'll implement this process later this eveng and will letyou know how it goes.

thanks,

Inuity
 
Upvote 0 Downvote
Bcastner,

Thank you very much for all of your suggestions. I disabled system restore first. Then, applied the Microsoft Antispyware tool and it found 23 various toolbar hijackers, adware, spyware, worms and trojans. The best part was that it described what each malicious program could do and the serverity of each application. Moreover, MSASW actually removed all of the items where CWShredder and Spy Bot S&D could not. Next, I ran Norton Anti Virus adn it found two virus files which I had to remove in safe mode.

The log off problem was resolved by MSAntispyware and running NAV. The only remaining problem is that something corrupted the NAV Redirector application. I followed NAV's instructions and it will have to be totally removed and reinstalled. All in all, your advice was responsible for a sucessful system restore. Thank you! Intuity.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

moveit
  • Locked
  • Question
Firefox will not let me sign in to my Tesco account
Replies
4
Views
381
teknance
teknance
Soisoi23
  • Locked
  • Question
Where to find a secure proxy?
Replies
4
Views
153
Mike Lewis
Mike Lewis
Sebastian42
  • Locked
  • Question
Firefox library is blank and just an icon
Replies
2
Views
145
Sebastian42
Sebastian42
Tedwhite
  • Locked
  • Question
How To Fix Firefox Freezing Issue In Windows 10?
Replies
2
Views
233
Tedwhite
Tedwhite
demigod7
  • Locked
  • Question
No internet in browser even after being connected to the internet
Replies
1
Views
211
xwb
xwb

Part and Inventory Search

Sponsor

Back
Top