Prev: Logitech MX700 Optical Mouse
Next: computer does not boot
From: John the WebTV Man on 19 Apr 2008 08:43
Here's the latest..

The problem still is that the computer will run normally for a period,
then "stall" and not espond to either Mouse or Keyboard. By pulling the
Power Plug and then reconnecting and restarting right away, it will
again run normally for a period of time. AVG will provide a pop-up
Threat Alert for a Trojan Horse Generic4.TAB detected in the "smss.exe"
file. If I click "Ignore", the computer may continue to run. I have made
online downloads where the computer ran for over an hour without
stalling/freezing.

The "Beast" is a Presario 5000 with a 900 MHz AMD Athlon CPU, 256 Mb
RAM, 30 Gb Quantum Fireball HD, Windows 2000 Pro SP4 with ALL the
upgrades, 56K PCTEL Platinum v.90 Compaq modem, SMC 10/100 Compaq LAN
card, gForce nVidia Compaq Video card, CDROM, CD-RW, 3-5" 1.44Mb FD.
Installed s/w includes... AVG 7.5 Anti-Virus, MS Office 2000, SpyBot
S&D, Ad-Aware, and some lesser applications.

I have spent the best part of yesterday and this morning playing with
the computer and have tried a number of things to no avail. Here are
some of the things I did, that made no difference to the problem:

[1] Ran a complete Anti-Virus scan using AVG 7.5 with latest
updates...it found nothing....made no improvement.

[2] Ran SpyBot S&D new update install and it picked up 12
items...removed them and rebooted....made no improvement.

[3] Ran new instal and updaatel of Ad-Aware and it detected 56 Cokies
items which I deleted...made no difference

[4] I replaced the2 256Mb RAM sticks with 2 new known good ones....made
no difference, still had the Freeze condition.

[5] Removed 2 USB Flash Drives [that both share IRQ 11] I had installed
and that made no difference as I still got a Freeze.

[6] I have rechecked and installed ALL the Microsoft Win2K
Updates....all 65 of them and it made no difference afterward...still
got the Freezes.

[7] I ran the defrag [even tho it didn't really need Defrag] and after
restart, that made no difference as a stall happened about 20 minutes
later.

In GOOGLE checking the "smss.exe". I found that a problem was a sign of
a Trojan infection. Said that the SMSS.EXE file should be located in the
C:\WINNT\system32\config folder...and if not, that was a sign of the
Trojan problem. I have not found a "fix" to correct that problem and any
help or suggestions are ost welcome and appreciated.

Sorry for the long post....TIA....John

From: kony on 19 Apr 2008 09:46
On Sat, 19 Apr 2008 01:21:13 -0400, Paul <nospam(a)needed.com>
wrote:


>For a video card test, you could try the demo loop on
>3DMark2001SE. But with 256MB of memory available, I
>don't know if that would load OK or not. If Prime95 is
>passing, I'd want to find something to load up the
>video card, and see how sensitive it is to a workout.
>
>http://www.majorgeeks.com/download99.html
>
>There are some older video card benchmarks, but they don't
>sustain a test for very long, and I don't think they can be
>set in a loop.

It may not matter if it's a loop, if the video card were
failing enough that it locks up in 2D, running one pass in
3D should be enough to raise temp. 3Dmark2000 would be more
appropriate if it's integrated video (and that old a
board/memory tech) though 2001 should run on 256MB.

From: kony on 19 Apr 2008 10:08
On Sat, 19 Apr 2008 08:43:07 -0400, jgulow(a)webtv.net (John
the WebTV Man) wrote:

>Here's the latest..
>
>The problem still is that the computer will run normally for a period,
>then "stall" and not espond to either Mouse or Keyboard. By pulling the
>Power Plug and then reconnecting and restarting right away, it will
>again run normally for a period of time. AVG will provide a pop-up
>Threat Alert for a Trojan Horse Generic4.TAB detected in the "smss.exe"
>file. If I click "Ignore", the computer may continue to run. I have made
>online downloads where the computer ran for over an hour without
>stalling/freezing.

On a Win2k system using (virus updated definitions) AVG, I
scanned smss.exe, it did not detect it as a trojan. On that
Win2k system smss.exe was version 5.0.2195.6601, approx 45KB
in size, CRC value B8EB12B4. One copy is in the
/winnt/system32 folder, and an identical backup copy is in
the /winnt/system32/dllcache/ folder.

It might be possible I have an older version of this file
than you, but check yours as I doubt AVG should be detecting
this as a virus - and it may be one. Therefore if you are
infected you should work on removing those and/or doing a
clean windows install, otherwise who knows how much of your
problems are malware - even if there is another, different
problem present.


>The "Beast" is a Presario 5000 with a 900 MHz AMD Athlon CPU, 256 Mb
>RAM, 30 Gb Quantum Fireball HD, Windows 2000 Pro SP4 with ALL the
>upgrades, 56K PCTEL Platinum v.90 Compaq modem, SMC 10/100 Compaq LAN
>card, gForce nVidia Compaq Video card, CDROM, CD-RW, 3-5" 1.44Mb FD.
>Installed s/w includes... AVG 7.5 Anti-Virus, MS Office 2000, SpyBot
>S&D, Ad-Aware, and some lesser applications.
>
>I have spent the best part of yesterday and this morning playing with
>the computer and have tried a number of things to no avail. Here are
>some of the things I did, that made no difference to the problem:
>
>[1] Ran a complete Anti-Virus scan using AVG 7.5 with latest
>updates...it found nothing....made no improvement.

Then I don't understand why it was previously flagging
SMSS.EXE as a trojan. Also keep in mind that AVG, and other
AV products, may not find 100% of the malware and once one
such program finds it's way onto your system it may download
others if you have a working internet connection, and/or
replicate itself including a thread watching the files so if
they're removed they get replaced again. Some of those are
a real PITA and require running in safe mode, checking file
dates, what's running in the background, looking for hidden
files in the recycle bin and more... all kinds of tricky
things these malware might do to stay on a system.


>[2] Ran SpyBot S&D new update install and it picked up 12
>items...removed them and rebooted....made no improvement.
>
>[3] Ran new instal and updaatel of Ad-Aware and it detected 56 Cokies
>items which I deleted...made no difference
>
>[4] I replaced the2 256Mb RAM sticks with 2 new known good ones....made
>no difference, still had the Freeze condition.

Run memtest86+ for a couple hours, if there are any errors
that will need corrected before anything else... but I doubt
memory is causing the problem unless it's quite instable,
fewer errors will tend to cause crashes of one sort or
another instead of complete lockup.


>
>[5] Removed 2 USB Flash Drives [that both share IRQ 11] I had installed
>and that made no difference as I still got a Freeze.
>
>[6] I have rechecked and installed ALL the Microsoft Win2K
>Updates....all 65 of them and it made no difference afterward...still
>got the Freezes.
>
>[7] I ran the defrag [even tho it didn't really need Defrag] and after
>restart, that made no difference as a stall happened about 20 minutes
>later.

Don't defrag anymore until you know if the memory is stable.
If memtest86+ finds errors, now all your data is potentially
corrupt and should be gone through. Needing to defrag is a
performance factor only, will never cause this kind of
problem (lockup).


>
>In GOOGLE checking the "smss.exe". I found that a problem was a sign of
>a Trojan infection. Said that the SMSS.EXE file should be located in the
>C:\WINNT\system32\config folder...and if not, that was a sign of the
>Trojan problem. I have not found a "fix" to correct that problem and any
>help or suggestions are ost welcome and appreciated.

Well... do you have any copies of that file anywhere besides
\system32\ -and- \system32\dllcache\ folders?

If you do have other copies, delete them. If you can't in
regular mode, reboot to safe mode. Sometimes with really
difficult problems it is helpful to pull the drive out,
mount in another system, boot the other system to it's own
OS installation (not the one on the drive you just moved)(be
careful about this, sometimes a bios will see a new drive
and it happens to have defaulted to trying to boot the new
one), THEN scan the drive for malware.

If it'll help, here's a copy of smss v5.0.2195.6601 from
win2k w/SP4 & patches.
http://69.36.166.207/usr_1034/smss.exe
You can google for various CRC calc utilities to compare
your copy of smss.exe, it's CRC value to the one above or
the CRC value I listed further up in this post.

Another thing you might do is make a Ubuntu LiveCD, boot the
system to that and see if it freezes up. If so, odds are
high it is a hardware problem. If not, odds are better it's
something wrong with your windows installation and/or
malware on it still.
From: Paul on 19 Apr 2008 10:10
John the WebTV Man wrote:
> Here's the latest..
>
> The problem still is that the computer will run normally for a period,
> then "stall" and not espond to either Mouse or Keyboard. By pulling the
> Power Plug and then reconnecting and restarting right away, it will
> again run normally for a period of time. AVG will provide a pop-up
> Threat Alert for a Trojan Horse Generic4.TAB detected in the "smss.exe"
> file. If I click "Ignore", the computer may continue to run. I have made
> online downloads where the computer ran for over an hour without
> stalling/freezing.
>
> The "Beast" is a Presario 5000 with a 900 MHz AMD Athlon CPU, 256 Mb
> RAM, 30 Gb Quantum Fireball HD, Windows 2000 Pro SP4 with ALL the
> upgrades, 56K PCTEL Platinum v.90 Compaq modem, SMC 10/100 Compaq LAN
> card, gForce nVidia Compaq Video card, CDROM, CD-RW, 3-5" 1.44Mb FD.
> Installed s/w includes... AVG 7.5 Anti-Virus, MS Office 2000, SpyBot
> S&D, Ad-Aware, and some lesser applications.
>
> I have spent the best part of yesterday and this morning playing with
> the computer and have tried a number of things to no avail. Here are
> some of the things I did, that made no difference to the problem:
>
> [1] Ran a complete Anti-Virus scan using AVG 7.5 with latest
> updates...it found nothing....made no improvement.
>
> [2] Ran SpyBot S&D new update install and it picked up 12
> items...removed them and rebooted....made no improvement.
>
> [3] Ran new instal and updaatel of Ad-Aware and it detected 56 Cokies
> items which I deleted...made no difference
>
> [4] I replaced the2 256Mb RAM sticks with 2 new known good ones....made
> no difference, still had the Freeze condition.
>
> [5] Removed 2 USB Flash Drives [that both share IRQ 11] I had installed
> and that made no difference as I still got a Freeze.
>
> [6] I have rechecked and installed ALL the Microsoft Win2K
> Updates....all 65 of them and it made no difference afterward...still
> got the Freezes.
>
> [7] I ran the defrag [even tho it didn't really need Defrag] and after
> restart, that made no difference as a stall happened about 20 minutes
> later.
>
> In GOOGLE checking the "smss.exe". I found that a problem was a sign of
> a Trojan infection. Said that the SMSS.EXE file should be located in the
> C:\WINNT\system32\config folder...and if not, that was a sign of the
> Trojan problem. I have not found a "fix" to correct that problem and any
> help or suggestions are ost welcome and appreciated.
>
> Sorry for the long post....TIA....John
>

So with that processor, it probably isn't based on a slot 1 Intel processor :-)
I notice in the Crucial.com memory list, there are many sub-models of
Presario 5000.

What I would do, seeing as you could potentially be facing two problems
at the same time, is boot Knoppix (knopper.net) or Ubuntu (ubuntu.com)
Linux LiveCDs. These are versions of Linux, where you don't need to install
anything on disk. You can even leave your hard drive in the computer while
testing (if it is NTFS formatted, then it probably won't be mounted in
Linux automatically - NTFS capability exists, but if available in a
distro, may be read only).

http://www.knopper.net/knoppix-info/index-en.html

"What are the minimum system requirements?

32 MB of RAM for text mode, at least 96 MB for graphics mode with KDE
(at least 128 MB of RAM is recommended to use the various office products)"

Both of those distros are a 700MB download. You need a CD burning program
that can take an ISO9660 image and burn it to a CD. The first time I did
it, I actually had to purchase a new burner, because the archaic one I
had previously, wouldn't even do 700MB. I used the Nero that was bundled
with the new burner, to prepare the CD.

Once you boot from the CD, and the Linux desktop appears, you can use
Firefox (browser) and go to mersenne.org and find the Linux version of
Prime95. Download the executable package to your home directory.
Then run Prime95, to see if there is a processor or memory
stability problem. (The nice thing about Linux, is you can run multiple
copies of Prime95 if you want, as long as each copy has its own directory
to play in.) You download each time you boot into Linux, because if using
a LiveCD, there may not be any permanent file space to save stuff.
Prime95 may be too big to keep on a floppy (although I've put other
test programs on a floppy, for testing via this method).

So Linux can be used as an independent verification of a hardware problem.
For example, on my 440BX box, I was having problems with graphics freezing
when more than 512MB of memory was present. I thought the problem was
with Windows, until one day on a lark, I booted the Linux CD. Within
10 seconds or so, Linux froze too. Which told me there was a problem
with the hardware (as both OSes were doing it, and there would be no
virus present in the Linux bootup). If I only installed 2x256MB on
that machine, it was as stable as a rock (I could run Prime95 for
16 hours). The instant I used 3x256MB or 4x256MB, it would freeze
in no more than a minute or two after the desktop appeared.

So the only potential limitation with a technique like that, is the
minimum amount of memory that will work with those boot discs. It
would seem you meet the minimum, but I've never tested on a
machine with less than 512MB.

Paul
From: John the WebTV Man on 20 Apr 2008 10:43
Well, at 2am this morning events dictated a new approach as things had
gotten to the point that the PC would no longer boot windows before
freezing. I threw in the towel....wiped and reformatted the hard drive
and did a clean install of Win2K Pro. All seems OK now...I need to
install Win2K SP4 [a 130Mb download] and then all my protective
stuff...AVG 7.5, Ad-Aware, Comodo and SpyBot S&D. When that is stable
and working OK, then I will install all the applications software.

The problem was definitely Malware of the "Downloader" or "Backdoor"
Tojan type that spoofs the Windows "SMSS.EXE" and takes over the PC.
From the GOOGLE search, it is detectable but apparently not "fixed" by
many [if any??] anti-virus programs. It displays a variety of symptoms
including the stall/freeze of the Mouse and Keyboard as I first saw.
None of the protective applications I had installed [AVG 7.5, Ad-Aware
and SpyBot] detected it on full scans...only AVG came up with periodic
"Threat Alerts" regarding trouble with the "SMSS.EXE" file. Here's
hoping my problems are all behind me now.

Thanks for all your thoughts, emails and postings....it was a great
comfort to know that there are others interested enough in a [my]
problem to offer their help.

First  |  Prev  |  Next  |  Last
Pages: 1 2 3
Prev: Logitech MX700 Optical Mouse
Next: computer does not boot