Main Area and Open Discussion > General Software Discussion

Scary Driveby Attack / Mysterious failure / Other

(1/6) > >>

TaoPhoenix:
Okay, today was a weird day.

For no apparent reason while surfing what I think are safe sites, about 2PM my computer suddenly quit responding! Well, whatever etc, time to reboot. And then upon rebooting, processes started failing to load at very low levels! It was easy to tell that both mouse and keyboard were working, aka not a simple bad battery. But what was really scary is the comp didn't want to accept the function key to choose boot modes! (I think it's F8) to go into safe mode! Then when it did boot up (partially), it worked for like five seconds before doing anything would lock it up!

Has anyone here had their comp used in a botnet? What does that look like? That was my guess, though I was thinking virus, or hard drive dangers (though the pattern felt wrong for that one), and a couple other things. The suddenness and "thoroughness" were unnerving because the usual sequence of Go-To tricks weren't working. No easy Safe Boot. No easy System Restore.

I got a break when I went to the Bios and turned off Quickboot, and some logo setting, and something else. Then that slowed the machine down long enough to get the F8 boot menu to show, and Safeboot with networking worked, and it stayed there. So I made some copies of some important data to the spare internal drive. And I had browsers, so a vague memory led me to check the web and remember msconfig, where I turned off a bunch of stuff, a couple of which looked rather fishy. I went for a System restore to a couple of days ago, and that partially worked. Then on a boot in debug mode and a couple other variants, something finally gave way and MsSecEssentials sent a different notice "this process has stopped. Restart the process?" and then it's been fine since (though I haven't rebooted since all that!) So I still don't know if it's completely fixed.

Yeah, I need to do all those virus scans and stuff, but I think that can wait a little since it all seems to be back and I need to have my energy up for all that to concentrate. But it's leading me to think, is MS isn't officially doing security updates on XP anymore, how long before someone finds something really nasty and just goes mass comp hunting?

40hz:
But it's leading me to think, is MS isn't officially doing security updates on XP anymore, how long before someone finds something really nasty and just goes mass comp hunting?

-TaoPhoenix (April 16, 2014, 06:56 PM)
--- End quote ---

That's not so much an 'if' as 'when,' unfortunately. :o

An article which discusses some things to look for if you think you've been compromised can be found here.

And a not-bad step by step guide for removing malware is this one:

Stoic Joker:
For no apparent reason while surfing what I think are safe sites, about 2PM my computer suddenly quit responding! Well, whatever etc, time to reboot. And then upon rebooting, processes started failing to load at very low levels! It was easy to tell that both mouse and keyboard were working, aka not a simple bad battery. But what was really scary is the comp didn't want to accept the function key to choose boot modes! (I think it's F8) to go into safe mode! Then when it did boot up (partially), it worked for like five seconds before doing anything would lock it up!-TaoPhoenix (April 16, 2014, 06:56 PM)
--- End quote ---

Let's stop here for a second, because what I'm seeing are several indicators of a hardware failure. Either a memory or HDD failure can result in these symptoms...botnet infestation not so much. So if diagnostic and repair efforts continue more damage may be incurred. If the HDD is failing, repair attempts may very well push it over the edge. if the memory is failing, repair attempts may (will IME) further scramble the drive.

From the top:
 Take a quick peek inside the case and make sure it's not clogged dust/overheating.
 Rule out the keyboard, especially the fancy ones that mode switch between media and F'n key functions. I always keep a basic proper 104 key keyboard handy to avoid getting trapped in the media key nightmare.
 Make sure the BIOS isn't giving you to small a window or no warning (you already did this one - and it worked). For strange machines I usually just start tapping the F8 key after the KB initializes (the lights flash) to flood the buffer.
 Run a manufacturers diag on the HDD.
 Run a memory check (preferably Memtest 86 if available).
 Boot to a command prompt and run chkdsk C: /R

Only after these more pedestrian causes have been eliminated should we start looking for signs of Ziggy Stardust's Uber hacker spiders from Mars. ;)

40hz:
Only after these more pedestrian causes have been eliminated should we start looking for signs of Ziggy Stardust's Uber hacker spiders from Mars.
-Stoic Joker (April 17, 2014, 07:30 AM)
--- End quote ---

But doesn't everybody do those first before running over to the PC security blogs? :huh: ;)

And yes indeed, it does sound a lot like a HD just might be starting to go... 8)

TaoPhoenix:
Only after these more pedestrian causes have been eliminated should we start looking for signs of Ziggy Stardust's Uber hacker spiders from Mars.
-Stoic Joker (April 17, 2014, 07:30 AM)
--- End quote ---

But doesn't everybody do those first before running over to the PC security blogs?
And yes indeed, it does sound a lot like a HD just might be starting to go...
-40hz (April 17, 2014, 07:46 AM)
--- End quote ---

Well, not that I ran to a blog - it was more an off the cuff question based on general confusion. So if a couple of opinions are coming in re hardware failure, maybe that's "the lesser evil" but it's also where my skillset drops off a cliff. Meanwhile it's still okay as of today. I'll try a couple of those checks to see what's up. Maybe a defrag will move stuff off a bad sector too.

Navigation

[0] Message Index

[#] Next page