October 04, 2007

PC Freezes, explorer.exe CPU 100% usage

Problem: PC freezes 1 minute after entering windows login, even in safe mode

Symptoms: Memory is ok (mem test passed ok), graphics card changed, modem and CDs disconnected - pc still freezes soon after entering user login. Task manager did not froze - everything within explorer.exe did. End task on explorer.exe and enetering explorer.exe on run worked, but sometimes that also completly froze after cca 10 minutes. Safe mode worked ok for 15 seconds - 2 minutes and then also windows have frozen. Task manager worked mostly ok in safe mode. Start-up items of non-windows files in msconfig was unchecked.

Solution: HDD must be taken out of PC and attached to another PC as secondary drive. Scan with at least 3 online scanners (kaspersky, ewido, f secure, trend micro etc...), twice!
In this case, PC worked fine after these were deleted:

D:\WINDOWS\system32\AppCert\wnl32.dll Infected: Trojan-Downloader.Win32.Agent.dng skipped
D:\WINDOWS\system32\boelcnrd.dll Infected: Trojan.Win32.Agent.bsj skipped
D:\WINDOWS\system32\dpvacmc.dll Infected: Trojan-Dropper.Win32.Agent.bxm skipped
D:\WINDOWS\system32\drivers\kmfpkblm.sys Infected: Rootkit.Win32.Agent.iy skipped
D:\WINDOWS\system32\mmrqvwkv.dll Infected: Trojan-Dropper.Win32.Agent.bzw skipped
D:\WINDOWS\system32\watvtyhw.dll Infected: Trojan.Win32.Delf.agv skipped
D:\WINDOWS\system32\wneeuggh.dll Infected: Trojan.Win32.Delf.agw
D:\WINDOWS\system32\catsrvn.dll
D:\WINDOWS\system32\devmgra.dll
D:\WINDOWS\system32\lljqrtdk.dll
D:\WINDOWS\system32\sns.exe
D:\WINDOWS\system32\vtqlobkk.dll
D:\WINDOWS\pss\MS_upd_98251.exeCommon Startup
D:\WINDOWS\pss\Update_0709_KB261721.exeCommon Startup
D:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
D:\found.000\file0000.chk Object is locked skipped
D:\System Volume Information\_restore{616AEE53-AC10-4393-B43B-0DAE11791A1B}\RP2\A0023033.sys Infected: Rootkit.Win32.Agent.iy skipped
D:\System Volume Information\_restore{616AEE53-AC10-4393-B43B-0DAE11791A1B}\RP5\A0057121.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.az
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)