I've got a feeling that my computor has a virus or been hacked or something but norton antivirus can't find anything. I know norton is poo, but I'm not sure what to do now. The symptons are, The internet keeps shutting down like every half hour, with a pop up saying it has encounterd a problem, and one saying something about not being able to write memory. When I try to log in to my internet bank, as I press submit another little window opens and asks me to verify my pin number. I phoned the bank and they say it's nothing to do with them. It's also disrupted other passwords, Ebay have supposedly emailed me saying my password may of been compromised and it has all been reset.
I'm not sure what action I should take. Could anyone advise me on what to do next, or no of a way to get rid of it or where on the system I could find it.:grin2 :grin2
Thank you:grin2 :grin2

Norton is an antivirus so will not spot any security issues other than virus'.

Have you got a firewall in place? If not, let me know and I'll PM you a link for a firewall program.

This will show you what programs are requesting outbound access and also list the IP addresses of any computers trying to connect to your PC.

Do you use a router (wireless or wired) or are you plugged straight into the wall?

Also, click this link ( http://www.merijn.org/files/hijackthis.zip ) and save to your desktop. If you already have winzip or winrar - double click the icon and run the .exe program. This will list most items on your PC that are suspicious. If you know how to do a screenshot, email me it and I'll tell you which bits (if any) to delete.

Personally i would disconnect the modem/router from the PC, save all your files to CD/DVD and complete a full reformat.

Its a bit of a strong way to do things but i don't trust the antivirus programmes enough to clear them especially as your banking on line.



DONT BANK ON LINE UNTILL YOUR 1000000% SURE ITS GONE SOME SPY WEARE WILL LOG YOUR KEY STORKS THEN EMAIL THEM OFF TO THE HACKER, THEY THEN HAVE ALL YOUR PASSWORDS!

The pop up that you get, does it mention anything to do with Windows having to shut down and gives a countdown of 30 secs????

And mention anything like

'Shutdown was initiated by NT Authority\System’

The pop up that you get, does it mention anything to do with Windows having to shut down and gives a countdown of 30 secs????

And mention anything like

'Shutdown was initiated by NT Authority\System’


No none of that, as soon as I press ok it shuts down, next time it pops up i'll write down what it said..:grin2 :grin2

Okay what about this message?

"'Remote Process Call (RPC) server terminated unexpectedly’.

Okay what about this message?

"'Remote Process Call (RPC) server terminated unexpectedly’.

Tbh I'm not sure. I know one pop up is just the standard"browser has ecounterd a problem and needs to close" but I'm not sure what the other one said. I'll get it next time it shuts down. It's something about not being able to write memory and then a load of numbers :grin2 :grin2

That sounds more like a general exception error to me, or memory protection fault ;)

If you want to check to be on the safe side,

Download the free 30 day trial of "The Cleaner"

http://www.moosoft.com/

Its a powerful Trojan scanner and it will find not only spyware but also Trojans that could be lurking and dont get picked up most of the Anti Virus stuff.

Instead of using Norton (its a system hog anyway) use AVG 7.1 its free, automatically updates and tends to find stuff that Norton cant.

http://free.grisoft.com/freeweb.php/doc/5390/lng/us/tpl/v5

For spyware you either use Adaware but i personnally use Spyware Blaster because it stops the Spyware getting on there in the first place rather than allowing it and then trying to clean it up later ;)

http://www.download.com/SpywareBlaster/3000-8022-10196637.html


I have been using them 3 programs on every PC i have installed for people over the last few years, not only for cleaning their PC's but also when i have installed all their networks and software too, i havent had any of them come back to me after that complaining of virii or spyware ;)



Oh and a top tip for anyone concerned about getting hit with an email virus (worm virus that automatically starts mailing people from your address book)

Try making a new contact in your address book along the lines of something obscure

eg nonastywormsonmypcplease @ nastyvirusandtrojans.com

What happens then when you get infected (god forbid) is that the worm will attempt to email all of your contacts randomly, on attempting to email that spoof address that does not exist, your ISP mail server will return and unable to send message, you wouldnt have sent it because you know it doesnt exist, however the worm virus doesnt know that ;)

Et voila, instant virus alarm for emails ;)

(but the best solution is to set an preview pane on emails so it only reads the header, if its from someone you dont know then delete it unless you are absolutely positive that its not carrying any executable file :)

I use a programme called 'Adware' to detect and delete all my spyware.

Its free and easily downloaded at www.download.com

if the problem still happens after the spyware checks others have suggested

ctl+alt+delete taskmanager and go thought each process and check what each one is, if you don't know what is is kill it

if you can't kill the process you may need to use a third party tool
(process explorer - from www.sysinternal.com is very handy at killing processes and can help identifying processes that are running if you aren't sure what they are)

do you browse the web using internet explorer..? if so install firefox and use that instead and see if the problem still occurs

the exception your recieving might be caught by windows built in debugger drwatson , if it is check in documents and settings - all users - think its under application data as a hidden folder... do a search for drw* and you'll find it if its there

start->run->msconfig and check what you have selected to run on startup (this just queries the run keys (and run once keys in the register) normally you find something there thats starting the program when you log onto windows

have you gone though the event logs for clues...?

check your windows services to see if you've got any new services set to automatic start

when was the last time you ran windows update..?

run a 'netstat -a' from a command prompt to see what ports your machine has open... try to identify all the ports... unknowns could very well be a clue to the problem

if you get really stuck you could try running filemon and regmon and see what is being accessed... but this might be going a little far

if you are getting "'Remote Process Call (RPC) server terminated unexpectedly’. start a command prompt and simply do a
shutdown -a
that will stop the machine shuttingdown/rebooting (for a while)


or the problem could simply be a corrupt dll... if your running xp it might be worth re-applying service pack 2 (and the post service pack 2 patches)

if it has only just started happening can't you just set a system restore point bakc to before the date it had started happening and then see if it works?

The problem with a system restore is that if it was a virus, then they are able to infect the registry in such a way that they can attach themselves so that the computer gets re-infected even using system restore, which is why whenever you suspect a virus infection, you should disable system restore, run the virus cleaner and then reboot, and then re-run the virus cleaner to be certain ;)

ohhhhh lol ...just a suggestion 'cus i could'nt think of anything else....also i've got AVG antivirus and since iv had it there hasn't been one virus..we used to have mcafee but that was crap and kept letting them in....so when you get sorted try it!

Right.................. I've still got the bloody thing and it's driving me crazy. I've had to walk away from it a few times,well I was pulled away from it, because I WILL smash the the f**k out of it:shooter :shooter if it carrys on, then I'll have no virus and no computor.
Thanks everyone for your help, but to be honest lads I don't think I know enough about computors to sort it out. I've tried a few things that you have suggested but still no joy.
Chromium05, I done that thing you said but I didn't have a clue what it all meant. I don't now how to do a screenshot and I'm worried about sending any emails out.
Two, I've looked at the link you said but again I really don't know what I'm looking at. I had a look through the processes in task manager to see if I could spot anything in there, but tbh I don't know what any of it is.I'm not sure what should be there and what shouldn't.
Lateshift, I downloaded all those links. As soon as I did this alarm went off and a pop came up saying it had found a trojan then it went off again and found another one. Then I done a scan and it found another 5, But I'm never sure what to do next. As I don't know what files they are I don't know if I should just delete them or quratine them Infact I just don't know how to use antivirus programs properly.,so I spat the dummy and just deleted them all. Actually there's still 1 in quratine. After that I done another 2 scans and found nothing, but whatever is causing the problem is still there.
It really is causing me loads of hassle, especially my internet bank it's buggered me right up. I cant even re-install everything as I don't have the discs for xp. My girlfriend went to see a fortune teller a couple of weeks back and had a moan about how much she charges, I think the witch has cursed us. Ever since then we've had nothing but agro.
Anyway not sure what to do now, I know what I'd like to do,,,,,,,LATESHIFT you haven't got a grenade knocking about anywhere have youhttp://www.essexbikers.co.uk/forum/images/icons/icon12.gif

Thanks again for your help guys:grin2 :grin2

This thing I've got, could it do anything on here?

The forums are safe from your pc and so is everyone else if they are running virus software, it might be driving you mad but its not the end of the world ;)

if you have a car then you are more than welcome to bring the PC to me and i will sort it all out for you, i just slap a network cable into my router and go to work on it using the internet for whatever i need, but i really need to see the error messages and what trojans its finding to be able to do it.

to take a screenshot you just use the "print screen" button on your keyboard (normally above the arrow keypad somewhere) from there, go into photoshop or whatever graphics software you are using (works in MS Paint too) and then right clock and select paste.

It will take an image of whatever is happening on your desktop at the time and you can then view it in the graphics package.

then email it over to one of us so we can look at it, dont worry about sending it to me if you think its got a virus, i can work round that ;)

The forums are safe from your pc and so is everyone else if they are running virus software, it might be driving you mad but its not the end of the world ;)

if you have a car then you are more than welcome to bring the PC to me and i will sort it all out for you, i just slap a network cable into my router and go to work on it using the internet for whatever i need, but i really need to see the error messages and what trojans its finding to be able to do it.

to take a screenshot you just use the "print screen" button on your keyboard (normally above the arrow keypad somewhere) from there, go into photoshop or whatever graphics software you are using (works in MS Paint too) and then right clock and select paste.

It will take an image of whatever is happening on your desktop at the time and you can then view it in the graphics package.

then email it over to one of us so we can look at it, dont worry about sending it to me if you think its got a virus, i can work round that ;)

Thanks lateshift, Thats very kind of you to offer to sort it out, It may just come to that, but I think I'd need a lorry for this. It's quite old:grin2 I'll see if I can screenshot and email you a few things first. See if it means anything to you.
Cheershttp://www.essexbikers.co.uk/forum/images/icons/icon10.gifhttp://www.essexbikers.co.uk/forum/images/icons/icon10.gif