Xp rebooing every time at the logon screen

[shiftlocked]

Arrrgggggg

This is a complete nightmare and im stuck. Ive been given the task of sorting a windows xp home machine.

When you boot it up and you get the user/password select screen and do nothing it reboots BUT its a clean reboot, ie no hardware or anything failing.

Now what i did notice was a box popup saying that the computer was going to shut down in 5 seconds

(those who have used the shutdown.exe file will know what the file looks like)

Can anyone point me to where programs are loaded up at this section. Ive done an MSconfig and nothing in there

Tried a system restore, doesnt work

Tried to get into it via safe mode, doesnt work

As its XP home it doesnt have the logging tools that im used to on a server (or ive forgotten how they get there)

now this machine did have some trojans on it, some spyware called porn pass manager or something similar to that

So over to you guys, any ideas. Its one of those stupid machines from curries so im not sure that i can do a restore from the disks that came with it .

I dont have an xp home with sp2 disk to do a repair so im stuck with trying to fix it lol

 

[JN]

I remember this one from a well known virus not so long ago (could have been blaster virus).

If you can get to desktop, type this in the run box:

shutdown /a

Should abort the shutdown process and allow you to troubleshoot.

 

[shiftlocked]

ah yes i forgot to say, that if im quick enough when im on the password screen to enter a password then i can get into the desktop.

 

[JN]

Here you go mate(if its the blaster worm or variant):

[FONT=Arial, sans-serif][SIZE=-1][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif] QUICK INSTRUCTIONS [/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/SIZE][/FONT][FONT=Arial, sans-serif][SIZE=-1][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif] How to get rid of Lovsan worm in 8 minutes: [/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/SIZE][/FONT]

[FONT=Arial, sans-serif][SIZE=-1][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif] 1. Boot up the infected computer [/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/SIZE][/FONT]

[FONT=Arial, sans-serif][SIZE=-1][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif] 2. If you keep getting the "Shutdown in 60 seconds" dialog, click Start / Run, and execute command 'shutdown -a' [/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/SIZE][/FONT]

[FONT=Arial, sans-serif][SIZE=-1][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif] 3. Download and save the F-LOVSAN tool to your desktop from: ftp://ftp.f-secure.com/anti-virus/tools/f-lovsan.zip [/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/SIZE][/FONT]

[FONT=Arial, sans-serif][SIZE=-1][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif] 4. If you're running Windows XP, Windows System Restore might restore the infection afterwards. Disable it by following these rules: http://www.f-secure.com/v-descs/sfc_dis1.shtml [/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/SIZE][/FONT]

[FONT=Arial, sans-serif][SIZE=-1][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif] 5. Download and run the Microsoft patch to close the RPC hole. [/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/SIZE][/FONT]

[FONT=Arial, sans-serif][SIZE=-1][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif] Download for Windows 2000 from www.microsoft.com:

http://www.microsoft.com/downloads/details.aspx?FamilyId=F4F66D56-E7CE-44C3-8... [/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/SIZE][/FONT]

[FONT=Arial, sans-serif][SIZE=-1][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif] Download for Windows XP from www.microsoft.com:

http://www.microsoft.com/downloads/details.aspx?FamilyId=5FA055AE-A1BA-4D4A-B... [/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/SIZE][/FONT]

[FONT=Arial, sans-serif][SIZE=-1][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif] 6. The patch installer will reboot the machine in the end. When the machine reboots, enter SAFE MODE by keeping F8 pressed when the computer screen goes black for a moment, then choose "1) Safe mode" [/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/SIZE][/FONT]

[FONT=Arial, sans-serif][SIZE=-1][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif] 7. When the computer has booted up in Safe Mode, log in and execute the F-LOVSAN tool you downloaded in step 3. [/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/SIZE][/FONT]

[FONT=Arial, sans-serif][SIZE=-1][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif][FONT=Arial, sans-serif] 8. Reboot normally - and you're done. [/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/FONT][/SIZE][/FONT]

 

[shiftlocked]

ta fella, ill give that a go. Cant get into safe mode but ill see what i can do

 

[shiftlocked]

Right ive given that a go and its not the lovescan virus. Its still doing a reboot at the logon screen after about 5 seconds.

I deleted ms defender to give me the logs of what other trojans were there. Ill re install it to see if it keeps the logs somewhere nice and hidden.

 

[FarFarAway]

I'd say get yourself a nice fresh re-install mate

 

[Sticky Mick]

Last time I saw this it was the graphics card that was overheating.

But as you there's nothing wrong hardware wise...

Can you boot from CD? Try a Linux Live Distro CD and see if you can sort something through there. That method has helped me a few times with none booting PCs.

 

[Rastalovich]

It`s highly likely that whatever removed the previous malware has effed something.

Not being able to boot into safe can be bad sign.

If u want to scan the drive with another pc, u could always connect it as a slave or on another s2 port, and scan it from a good windo$e install.

 

[shiftlocked]

Well the machine was over heating, on idle it was a lovely 71 degrees and the bios told it to turn off at 82 which it was hitting a lot.

The problem with a re install is that its a an Iqon machine from curries so it would more than likely be a system re install which is a pita backing up documents.

I know that its defo runnign something to shut down the system because once I saw a box flash up that you get on a Win2k or NT box when a shut down has been exectuted, either remotely of via a script.

Tried a sys restore but thats borked as well. I might try a SP2 install over the top , get some windows updates and see what happens then.

 

[Ham]

Holy ****. What cooling are you on?

 

[Toxcity]

I guess its a dodgy stock cooler that needs a clean... Get rid of all the dust and give the CPU a new coat of Grease. Should be fine.. Unless the CPU has been Damage.. I won't of thought so though.