60 Second Shutdown Virus

normbarb

normbarb

Member
Reaction score
0
Location
Gainesville, VA
I have two computers with a virus that shuts down the computer after 60 seconds. The computers are completely crippled. Is there a program that will allow me to scan for this by attaching the drive to another computer via USB port?

This should be posted on the Security/Virus Forum. However, I do not have permission to post on the forum and no one at Technibble will reply to my request about gaining permission to post.

Thanks for your help,
Norm
 
60 Second Shutdown

The computer just hangs in normal mode and give a keyboard error in Safe Mode (KB works on other computers) and will not all any KB inputs. I looked at Malwarebytes and Microsoft Security Essentials, but neither seems to allow me to scan a drive other than than the C: drive.

Norm
 
Hi,

You need to look at Live CD's which run in an enviroment outside of the OS. I would suggest starting with Dr.Web. There are plenty of others out there. You could also slave the drive to another PC and scan it that way.

You can find Dr. Web here...
http://www.freedrweb.com/livecd/?lng=en

If you are serious about learning to remove malware, you consider setting yourself up a Virtual PC and going to sites to get it infected. I am sure there is a thread on this already.

You should also visit BleepingComputers, they are an excellent resource for malware removal.

Hope this helps.
 
My friend had an infections that sounds similar to this - I couldn't be bothered to fix it because he's an arse and I also wouldn get paid, but I told him to go into Safe Mode and run malwarebytes, and I got a call 10 minutes later saying it was fixed
 
Last edited:
60 Second Shutdown

I have used Malwarebyes on many customers' computers. But this 60 second shutdown just kills it. The one that I have now just hangs up as soon as it boots.

Norm
 
TLE said:
Hi,

You need to look at Live CD's which run in an enviroment outside of the OS. I would suggest starting with Dr.Web. There are plenty of others out there. You could also slave the drive to another PC and scan it that way.

You can find Dr. Web here...
http://www.freedrweb.com/livecd/?lng=en

If you are serious about learning to remove malware, you consider setting yourself up a Virtual PC and going to sites to get it infected. I am sure there is a thread on this already.

You should also visit BleepingComputers, they are an excellent resource for malware removal.

Hope this helps.
Click to expand...

Thank you very much. I have been used BleepingComputers, but everything that I try gets killed by the 60 second shutdown. Using "shutdown -a" will keep it from shutting down, but none of the scan programs seem to work properly after I use it.

I like the idea of using a virtual pc to get infected. I am very interested in learning more about malware. Thanks for all your help.

Norm
 
shutdown -a

Of course if you don't have a keyboard...

Make a batch in All Users\Start Menu\Programs\Startup either by taking out the drive or booting of a live CD
 
normbarb said:
I have two computers with a virus that shuts down the computer after 60 seconds. The computers are completely crippled. Is there a program that will allow me to scan for this by attaching the drive to another computer via USB port?

This should be posted on the Security/Virus Forum. However, I do not have permission to post on the forum and no one at Technibble will reply to my request about gaining permission to post.

Thanks for your help,
Norm
Click to expand...

Yes, you can slave and scan it with Malwarebytes. When you have it slaved onto your own PC via USB port and it's showing up under My Computer, right click it and select "scan with malwarebytes...", assuming ofc you've got MBAM installed on your own PC lol :)
 
I will be happy to post the name of the virus if I am able to find it. I was chasing this one on another computer for a week. Accidentally, messed up the registry and had to reload windows. Got another computer yesterday with the same thing. I am going to try the external boot using Dr Web and also USB scan using Malwarebytes and possibly Microsoft Security Essentials if it will scan external drive.

May be late today or tomorrow before I get to it.

Norm
 
Running Malwarebytes to scan a slaved drive.

Malwarebytes looses much of its effectiveness and also loses critical whitelisting since it no longer sees system files on the slaved drive as system files since they aren't in the system folders of the currently running OS.

This was posted on the Malwarebytes forum by a staff member.
 
I got infected with something like this a while back, at first I thought my system was overheating and shutting down , so I did a format (had nothing of importance on it) to see if was a virus, as dells don't report system tempuratures. You might wanna check the startup entries, you could some interesting stuff there.
 
I've had infections that will prevent you from running any anti-malware tools before, one thing that works for me is to copy MalwareBytes from flash memory to the infected system and rename the executable. Mbam.exe gets named something random like Amp.exe.
You may have to remove the existing install of malwarebytes and reboot to safe mode for this to work with the newly renamed copy, best of luck hope this helps :)
 
1stCallUK said:
You may have to remove the existing install of malwarebytes and reboot to safe mode for this to work with the newly renamed copy, best of luck hope this helps :)
Click to expand...

Malwarebytes is not designed to work in safe mode and is not as effective. If you do need to rename the .exe, rename it somthing random, or iexplore.exe. This does not always work though.
 
Whilst it might not be as effective, it is still very much worth running. I've removed many infections in safe-mode. I'll follow up with a normal mode scan. Sometimes it finds something extra. Often it doesn't.
 
MobileTechie said:
Whilst it might not be as effective, it is still very much worth running. I've removed many infections in safe-mode. I'll follow up with a normal mode scan. Sometimes it finds something extra. Often it doesn't.
Click to expand...

Totally agree, effective is as effective does, purely a quicker option to try before stripping a drive out.
 
Norm - Out of interest, how do you know it is being caused by a virus?

Have you tried to stop it running with rkill?

Or, if you can get it running in 60 secs you could try Process Explorer to suspend (not shut down) the process it relies on.

Failing that I'd be looking to edit the registry and delete the relevant startup entries.
 
Dr Web

I created a Dr Web boot disk and I am running it now. It has found a bunch of files infected with "Backdoor Trojan".

I find Dr Web very hard to read on the screen. I have tried a couple of different resolutions and fonts and font sizes.

Not finished scanning, so I don't know if I can clean it yet.

Norm
 
You must log in or register to reply here.

Similar threads

Pork Chop
Second Monitor Doesn't Wake Up - Using DP to HDMI Adapter
Replies
8
Views
1K
Pork Chop
Pork Chop
Pork Chop
[SOLVED] Can't remove fake BSOD that might use mshta.exe
Replies
5
Views
884
NviGate Systems
NviGate Systems
HCHTech
What hardware to share dual monitors between desktop and laptop
Replies
5
Views
964
GTP
GTP
Billed1954
HP Pavilion All-in-One - 24-k0024 BIOS and CMOS Issues
Replies
8
Views
3K
Billed1954
Billed1954
Pork Chop
[WARNING] PSA: Lenovo USB-C Port Failures – A Serious Ongoing Issue
2
Replies
37
Views
4K
Pork Chop
Pork Chop
Back
Top