From: K. on
I have a 4 yr old Compaq Pressario running Windows XP Service Pack 3
with 2GB of Ram and 300GB hard disc and NVidia GeForce 7500LE video. No
ports are open externally on my wireless router, I run Windows Firewall
and AVG antivirus software.

During boot up or within 10 mins of boot up the PC unexpectedly reboots.
If this doesn't happen within the first 10 mins then the PC operates as
expected for as long as I want.

Sometimes I get the serious error window on reboot with the option to
report the incident to Microsoft, sometimes not. However the information
in the system event log is consistent:

System Error, Error Code 1000008e, Category (102) Event 1003, User N/A
and then 4 parameter hex codes which vary each time.

Using F8 to boot into safe mode allows for stable performance and I have
run complete command line virus scans with AVG which take several hours
but report no errors. One time when the PC was stable I ran the online
virus/spyware scan from live.com, again no problems found.

The event log provides a link to the microsoft website and sends error
information. One of the options there was the Haxdoor virus but I've
searched for some of the files associated with it, with search hidden
files selected, but didn't find any, and there is nothing unexpected in
the registry area of winlogin/notify.

Can anyone help me with a cure to this problem, other than reinstalling
Windows which to me would be the last resort. I apologise for not
searching the newsgroup archive for this, but the more observant may
notice I am sending this message from my Mac portable and its taken me
enough time already to find some newsreader software and set it up. For
the 18 years I have used Usenet, its always been on the PC, and since
about 1995 using a Demon Internet developed program called Turnpike.

Thanks for any help folk can provide.

K.
From: Rich Barry on
Have you seen this MS Article
http://support.microsoft.com/kb/903251




"K." <kkm(a)w3.to> wrote in message
news:z1Vbn.37675$Ym4.19417(a)text.news.virginmedia.com...
>I have a 4 yr old Compaq Pressario running Windows XP Service Pack 3 with
>2GB of Ram and 300GB hard disc and NVidia GeForce 7500LE video. No ports
>are open externally on my wireless router, I run Windows Firewall and AVG
>antivirus software.
>
> During boot up or within 10 mins of boot up the PC unexpectedly reboots.
> If this doesn't happen within the first 10 mins then the PC operates as
> expected for as long as I want.
>
> Sometimes I get the serious error window on reboot with the option to
> report the incident to Microsoft, sometimes not. However the information
> in the system event log is consistent:
>
> System Error, Error Code 1000008e, Category (102) Event 1003, User N/A and
> then 4 parameter hex codes which vary each time.
>
> Using F8 to boot into safe mode allows for stable performance and I have
> run complete command line virus scans with AVG which take several hours
> but report no errors. One time when the PC was stable I ran the online
> virus/spyware scan from live.com, again no problems found.
>
> The event log provides a link to the microsoft website and sends error
> information. One of the options there was the Haxdoor virus but I've
> searched for some of the files associated with it, with search hidden
> files selected, but didn't find any, and there is nothing unexpected in
> the registry area of winlogin/notify.
>
> Can anyone help me with a cure to this problem, other than reinstalling
> Windows which to me would be the last resort. I apologise for not
> searching the newsgroup archive for this, but the more observant may
> notice I am sending this message from my Mac portable and its taken me
> enough time already to find some newsreader software and set it up. For
> the 18 years I have used Usenet, its always been on the PC, and since
> about 1995 using a Demon Internet developed program called Turnpike.
>
> Thanks for any help folk can provide.
>
> K.


From: K. on
On 08/02/2010 17:10, Rich Barry wrote:
> Have you seen this MS Article
> http://support.microsoft.com/kb/903251
>
>
>
>
> "K."<kkm(a)w3.to> wrote in message
> news:z1Vbn.37675$Ym4.19417(a)text.news.virginmedia.com...
>> The event log provides a link to the microsoft website and sends error
>> information. One of the options there was the Haxdoor virus but I've
>> searched for some of the files associated with it, with search hidden
>> files selected, but didn't find any, and there is nothing unexpected in
>> the registry area of winlogin/notify.

Yes thanks I found that page or one very similar to it.

With search for hidden files on, I didn't find either vdmt16.sys or
vdnt32.sys anywhere on my system, neither did I find any reference to
draw32 or drct16 in the registry, both via a find search in the whole
registry and a manual examination of the registry keys under:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\

Is it possible to have this virus without the above files. I'll try and
check through that long list tomorrow to see if I find any evidence of
any of them.

Thanks for your response.

K.
From: Jose on
On Feb 8, 12:43 pm, "K." <k...(a)w3.to> wrote:
> On 08/02/2010 17:10, Rich Barry wrote:
>
> > Have you seen this MS Article
> >              http://support.microsoft.com/kb/903251
>
> > "K."<k...(a)w3.to>  wrote in message
> >news:z1Vbn.37675$Ym4.19417(a)text.news.virginmedia.com...
> >> The event log provides a link to the microsoft website and sends error
> >> information. One of the options there was the Haxdoor virus but I've
> >> searched for some of the files associated with it, with search hidden
> >> files selected, but didn't find any, and there is nothing unexpected in
> >> the registry area of winlogin/notify.
>
> Yes thanks I found that page or one very similar to it.
>
> With search for hidden files on, I didn't find either vdmt16.sys or
> vdnt32.sys anywhere on my system, neither did I find any reference to
> draw32 or drct16 in the registry, both via a find search in the whole
> registry and a manual examination of the registry keys under:
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon\Notify\
>
> Is it possible to have this virus without the above files. I'll try and
> check through that long list tomorrow to see if I find any evidence of
> any of them.
>
> Thanks for your response.
>
> K.

I suggest expanding your malicious software scanning horizons.

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

If the scans run clean and the issue happens again, diagnose and
resolve it with certainty by examining the crash dump file after your
next failure.


From: K. on
On 08/02/2010 19:06, Jose wrote:
> I suggest expanding your malicious software scanning horizons.
>
> Download, install, update and do a full scan with these free malware
> detection programs:
>
> Malwarebytes (MBAM): http://malwarebytes.org/
> SUPERAntiSpyware: (SAS): http://www.superantispyware.com/
>
> They can be uninstalled later if desired.
>
> If the scans run clean and the issue happens again, diagnose and
> resolve it with certainty by examining the crash dump file after your
> next failure.
>
>

Thanks for the suggestions. I've just finished a full Ad Aware scan
which showed nothing. I'll run these tomorrow if I can get the PC stable
enough to download them, as I don't have net access in safe mode.

I'll post again tomorrow.

K.