none
windows 7 restarts itself after connecting to internet

    Question

  • My laptop Lenovo 412 was infected with AV security virus. To remove this virus, I have used anti malware bytes, MC 2010 total protection anti virus software and removed infections. After this, when I log on to internet, within 5 minutes I will get a message saying windows has encountered a critical issue and system will restart itself.

    I have run sfc /scannow as Administrator. No integrity issues found.

    On e scan with one care full protection, it has shown several infections and cured them.

    At the end there was a message that 4 infections could not be cured i.e Trojan Rowindal

    Please let me know how to proceeed

    Monday, September 06, 2010 5:28 PM

Answers

  • Hi,

    I would like to provide the following suggestions:

    1. By default, only the System account has access to the System Volume Information folder. You may spcifically give the Administrator the full permissions on this folder and its subfolders and files, and then try to run the antivirus software to remove the virus again.

    2. From this issue, I would like to suggest that you contact McAfee support to see if they have special update or tools to complete remove these 4 viruses, and check if there are other viruses.

    3. Actually, the officially recommended method is still to format and re-install the compromised computer from a known good build (i.e. operating system CD + all security patches while disconnected from the network). For more information on hacking, please see these links:

    Help: I Got Hacked. Now What Do I Do?

    http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

    Help: I Got Hacked. Now What Do I Do? Part II

    http://www.microsoft.com/technet/community/columns/secmgmt/sm0704.mspx

    How A Criminal Might Infiltrate Your Network

    http://www.microsoft.com/technet/technetmag/issues/2005/01/AnatomyofaHack/default.aspx

    Malicious Software Removal Tool

    http://www.microsoft.com/security/malwareremove/default.mspx

    The Day After: Your First Reponse To A Security Breach

    http://www.microsoft.com/technet/technetmag/issues/2005/01/IncidentResponse

    4. You can also contact your antivirus vendor for assistance with identifying or removing virus or worm infections. If you need more help with virus-related issues, contact Microsoft Product Support Services.

    For information about Security updates, visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy. If you are having issues with installing the update itself, visit Support for Microsoft Update for resources and tools to keep your PC updated with the latest updates.

    I hope this helps. Thank you for your time and cooperation!

    (Please note that the newsgroups are staffed weekdays by Microsoft Support professionals to answer your non-urgent, break/fix systems and applications questions. Our goal is to provide 24 hour response to all questions. If this response time does not meet your needs, please contact Customer Service and Support (CSS) for more immediate assistance. For more information on available CSS services, please click here: http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607.)

    Regards,

    Sabrina

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    Wednesday, September 08, 2010 7:52 AM
  • Thanks for the updates. I have installed kaspersky TDSKiller.exe. It found one malicious file pxnumci.sys in system32\drivers (not sure about correct name) After quarantining this file, internet was connecting and was stable.

    But when ever I restart my m\c again the file was becoming active and I had to run TDSKiller each time.

    I have unstalled J2SE(Java ) and after that, the file stopped appeaing. Now I'm able to connect to internet without issues. I have tried 4-5 times.

    I'm scanning my m\c for any other issues with one care live, McAfee total protection, windows malicious software removal tool. I will monitor situation for next 2-3 days and post the results

     

    • Marked as answer by Sabrina Shen Wednesday, September 15, 2010 8:38 AM
    Wednesday, September 08, 2010 9:22 PM

All replies

  • I recommand to you to proceed by a repair operation for your OS:

    http://www.sevenforums.com/tutorials/3413-repair-install.html

     

     

    This should solve your problem.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Monday, September 06, 2010 6:15 PM
  • I don't have the windows installation DVD as lenova has not sent it.

    Let me know how to proceed

    Tuesday, September 07, 2010 11:56 PM
  • I don't have the windows installation DVD as lenova has not sent it.

    As you don't have the DVD, I recommand to you to perform a System Restore in Windows 7.

    http://www.sevenforums.com/tutorials/700-system-restore.html

    Please choose a restore point that dates before the appearance of your problems.

     

    If you find no restore point that can be used to solve your issue, please see with Lenova so that they send you the DVD and proceed by a repair operation.

    Keep in mind that all your files or folders created after the restore date you will use will be deleted.

     

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Wednesday, September 08, 2010 12:20 AM
  • Hi,

    I would like to provide the following suggestions:

    1. By default, only the System account has access to the System Volume Information folder. You may spcifically give the Administrator the full permissions on this folder and its subfolders and files, and then try to run the antivirus software to remove the virus again.

    2. From this issue, I would like to suggest that you contact McAfee support to see if they have special update or tools to complete remove these 4 viruses, and check if there are other viruses.

    3. Actually, the officially recommended method is still to format and re-install the compromised computer from a known good build (i.e. operating system CD + all security patches while disconnected from the network). For more information on hacking, please see these links:

    Help: I Got Hacked. Now What Do I Do?

    http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

    Help: I Got Hacked. Now What Do I Do? Part II

    http://www.microsoft.com/technet/community/columns/secmgmt/sm0704.mspx

    How A Criminal Might Infiltrate Your Network

    http://www.microsoft.com/technet/technetmag/issues/2005/01/AnatomyofaHack/default.aspx

    Malicious Software Removal Tool

    http://www.microsoft.com/security/malwareremove/default.mspx

    The Day After: Your First Reponse To A Security Breach

    http://www.microsoft.com/technet/technetmag/issues/2005/01/IncidentResponse

    4. You can also contact your antivirus vendor for assistance with identifying or removing virus or worm infections. If you need more help with virus-related issues, contact Microsoft Product Support Services.

    For information about Security updates, visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy. If you are having issues with installing the update itself, visit Support for Microsoft Update for resources and tools to keep your PC updated with the latest updates.

    I hope this helps. Thank you for your time and cooperation!

    (Please note that the newsgroups are staffed weekdays by Microsoft Support professionals to answer your non-urgent, break/fix systems and applications questions. Our goal is to provide 24 hour response to all questions. If this response time does not meet your needs, please contact Customer Service and Support (CSS) for more immediate assistance. For more information on available CSS services, please click here: http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607.)

    Regards,

    Sabrina

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    Wednesday, September 08, 2010 7:52 AM
  • Thanks for the updates. I have installed kaspersky TDSKiller.exe. It found one malicious file pxnumci.sys in system32\drivers (not sure about correct name) After quarantining this file, internet was connecting and was stable.

    But when ever I restart my m\c again the file was becoming active and I had to run TDSKiller each time.

    I have unstalled J2SE(Java ) and after that, the file stopped appeaing. Now I'm able to connect to internet without issues. I have tried 4-5 times.

    I'm scanning my m\c for any other issues with one care live, McAfee total protection, windows malicious software removal tool. I will monitor situation for next 2-3 days and post the results

     

    • Marked as answer by Sabrina Shen Wednesday, September 15, 2010 8:38 AM
    Wednesday, September 08, 2010 9:22 PM
  • Did you get the answer you wanted?
    MCITP, Network+
    Tuesday, October 12, 2010 6:59 PM