IIRC, this sort of sounds like the Conficker virus/worm. There are several things that can take care of it such as MalwareBytes(1) and the MS Malicious Software Removal Tool(2). Read up on Conficker to see if it fits his issues.
1) http://malwarebytes.org/ 2) http://www.microsoft.com/security/malwareremove/default.aspx Thanks, Bobby -----Original Message----- From: hardware-boun...@hardwaregroup.com [mailto:hardware-boun...@hardwaregroup.com] On Behalf Of DSinc Sent: Saturday, August 15, 2009 4:12 PM To: Hardware Group Subject: [H] Suggestions? A Nephew called and indicates his PC may be infected with something strong enough to prevent him from doing much. I agreed to share all the tools I have with him. I am rusty and have not used any of these tools since 2005. (thank you ESET.) PC is older vintage, 1.2GHz, 512 RAM, XPpro. Machine has had Kazpersky A/V on it for the past week. Prior to that was an ESET trial version. But, there was an UNKnown period between ESET and Kazpersky! Ultimately I may get the machine here for a direct look/see if the Nephew can not doctor it himself. Basically, whatever he tries to download (A/V or tool) and/or (?) launch nets him a BSOD and reboot. He did try to go back to a previous Restore Point prior to this recent OBS, but XP seems to be unwilling to do the Restore. The BSOD/Reboot sounds like ConfickerC to me, but,...??? Could be a rootkit also. I have never seen one. No experience. I suggested he swap his RAM dimms just to eliminate/hylight a bad one. It was my only shot ATM. RKR (System Internals) does identify some "stuff" that "...contains Nulls..." before it freezes. Does this scenario ring any bells? Yes, Nephew does understand, and, is willing to wipe the HD and start fresh if that is the last resort. I can loan him my BartPE CD, but its' A/V is now 3 years old with no way to update it. Besides, I've never been able to get networking ops norml with my BarPE CD........ :( I expect the Nephew here later this afternoon, or, within a day or two to get my tools and maybe to scan/check his flash drives. Your suggestions/ideas are very welcome............ :) Duncan