Computer Security & Viruses/Sudden system instability

Advertisement

Expert: - 5/10/2008


Question
QUESTION: Hi,
  Recently, my Compaq Evo P4 has been falling prey to strange occurences. Firstly, it doesn't hibernate nad gets frozen on the "preparing to Hibernate" part. A scan-disk runs on start-up even though the last shut-down went smoothly and always scans Drive J in particular. And sometimes when I log on to the Internet, the 'blue screen of Death' appears saying that the PC has to shut-down. This happens despite the fact that I have 3 anti-viruses installed, AVG 7.5 Free, Eset Nod32 v3.0.621.0 and McAfee Anti-vitrus 10. I also have PrevX CSI installed. The problem gets temporarily fixed when I restore a fresh Windows image using Acronis True Image 8, but then starts appearing again after a few days.
         Thanks in advance,

ANSWER: Hi Ali

I'm surprised the computer is working at all, actually.  You should NEVER have more than one anti-virus program running on the same PC.  Doing so will cause system instability and crashes such as you are experiencing.  Keep Nod32 and uninstall the other two.  PrevX is a malware scanner and can run along side Nod32 just fine.  You may also wish to run a disk check to find errors on the drive after you uninstall.  Click Start, Run, type cmd then click OK.
At the command prompt, type chkdsk /r then hit enter.   Let me know if you are still having problems after doing the above.  

Brian

---------- FOLLOW-UP ----------

QUESTION: Hi,
  Turns out, the anti-viruses weren't the culprits. Actually, it is a sinister Root-kit virus named "TSR.BOOT". It was detected by NOD32 but when it tried to clean it up, the virus froze my system and didn't allow any sort of access to any file. Restoring a fresh image has temporarily fixed the problem. But I still need advice on how to remove this virus or if there is anyway of cleaning up the MBR without risking all the precious data on my PC.

Answer
Hi Ali

TSR.BOOT virus result is from a heuristic analysis. This sometimes causes false positive virus identification, especially on some boot loaders and boot managers where the code looks like a virus, but really isn't.  I have found some reports stating that NOD gives you a TSR.BOOT due to a boot loader modifying the boot sector.  So I believe that you can safely ignore this finding.  

Brian

Computer Security & Viruses

All Answers

Answers by Expert:

Ask Experts

Volunteer

Brian Benosky

Expertise

I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.

Experience

I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here: http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm I am also a Top Contributor of General Computing answers in Yahoo! Questions.

Education/Credentials
College Educated Self-taught Computer Skills

©2012 About.com, a part of The New York Times Company. All rights reserved.