Remove-Malware.com Forums

[Dieselman]

Those are OpenDNS servers FieryDemon.

[jenny]

No, I do not recignize the IPs. What should I do with the IP? Delete? How can I do it.
BTW; I tried to run a malware scan but after the scan runs for I while the PC shuts down.
Now it seems to only be shutting down when I try to run the scan. I have 2 Vista PCs and
both are having the same problem. I am sure that it is not heating up. It seems to no be
BSOD related. So, what could it be and what may be the solution?

[Dieselman]

Please read what I said. Those are OpenDNS servers so they are safe. You set up OpenDNS yourself or somebody else did. Try running a full scan in Safe Mode. To get into Safe Mode press F8 repeatly upon boot up.

Sorry about previous post. I overlooked MSE.

[FieryDemon]

The log doesn't show anything suspicious but that doesn't mean you are malware free.

You may want to download the following program first, then try a scan in safe mode to see if the computer restarts. Here is a link on how to get into safe mode. http://windows.microsoft.com/en-CA/windows-vista/Start-your-computer-in-safe-mode


Download to the desktop:Dr.Web CureIt

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, Click Options > Change settings
• Choose the Scan-tab, remove the mark at Heuristic analysis.
• Back at the main window, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
  
  If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.

[jenny]

FieryDemon,

I followed your instructions and ran the software in safemode (full scan) it seem to moved some
things. But it took a day and a half to almost complete the scan. And I say almost becuase
the computer just shut down before the scan finishing. I tried to run the full scan again and
after one more day and a half runnig the computer shut down again before completing the
full scan. I am just getting frustrated and don't know what else to do. It seems that
the problem has to do with some kind of hack tool that is shutting down the pc to avoid
from being removed by the software.

I also ran the Microsoft Fix It tool and it seems to be finding a problem in the srat up.
I discarded everything I feel is not nesessary (including Live Messanger) for normal funtioning
of the pc. But after the fix it test completes. It always finds an issue with to many programs running
in the startup. furthermoe, if I restart the pc program like IM launch at the startup like if it has life
of it's own.

I really don't know what else to do.

I am running the Microsoft Windows Malicious Removal Tool. Let's see it it finds the problem before
shutting down.

Thanks for your help anyway!

[Dieselman]

Its not a hacking tool and I told you to run a scan in safe mode. Sounds to me more like a hardware failure. Your best bet is to probably reformat. Do you have your recovery cd's?

[jenny]

I did run the scan on safemode. Yes I have the recovery CD. Any advice?
BTW; What is the best, most relaible and compatible Anit-Virus I can use with Windows Vista?

[ALookingInView]

I'd say it sounds like a hardware issue (overheating), but with it happening on two different machines I'm also at a loss.

If you'd like everyone's advice on an AV, as well as making sure all your other bases are covered, please open a new topic here after reading this.

[Dieselman]

Focus on fixing your pc. Then worry about what av your going to use. After all this time maybe you should reformat and see what happens. If nothing changes then you have a hardware issue. Is this still happening on both pc's?

[jenny]

Yes. It is still happening. But what is very strange about it. Is that the machines are working normally. With the
exception that one of them keeps activating some deactivated features like IM at start up. And the fact the
both stopped shuting down randomlly. Now both machines are only shutting down when running DrWeb or Ati-Spyware/Anit Virus.