VIRUS CONTRÔLE PARITÉ 2
Solved
Mimi
-
sakr -
sakr -
Hello,
My computer shows PARITY CHECK 2 at startup and crashes (no keyboard, no mouse).
According to Sophos, it's a virus.
So I chose to reinstall Windows with a hard drive format.
After several attempts (it crashed during the file copy), I managed to restart Windows on a blank disk.
After the next reboot, the message was still there...
I can't see where the virus could be hiding to survive the format.
(REM I tested my memory sticks. They're fine...)
Does anyone have an idea?
Thanks
My computer shows PARITY CHECK 2 at startup and crashes (no keyboard, no mouse).
According to Sophos, it's a virus.
So I chose to reinstall Windows with a hard drive format.
After several attempts (it crashed during the file copy), I managed to restart Windows on a blank disk.
After the next reboot, the message was still there...
I can't see where the virus could be hiding to survive the format.
(REM I tested my memory sticks. They're fine...)
Does anyone have an idea?
Thanks
Configuration: Windows XP - Compaq DESKPRO
10 answers
Hello mimi
Can you restart in safe mode?
When the computer restarts, after the BIOS loading is complete, a black screen appears briefly, press the [F8] or [F5] key until the advanced options menu for Windows shows up.
Select "Safe Mode" and press [Enter]
@ to be continued
Can you restart in safe mode?
When the computer restarts, after the BIOS loading is complete, a black screen appears briefly, press the [F8] or [F5] key until the advanced options menu for Windows shows up.
Select "Safe Mode" and press [Enter]
@ to be continued
Hello Sioux,
Yes, I'm restarting in safe mode but... also in normal mode... until next time. Indeed, the virus can leave me alone from time to time...
The problem is that I took the opportunity to run Sophos, which knows the virus: it sees nothing! No virus in sight... I don't know what to think anymore...
I'll keep you posted the next time I get the message in normal mode, to let you know if it still works in safe mode.
Thanks and see you!
Yes, I'm restarting in safe mode but... also in normal mode... until next time. Indeed, the virus can leave me alone from time to time...
The problem is that I took the opportunity to run Sophos, which knows the virus: it sees nothing! No virus in sight... I don't know what to think anymore...
I'll keep you posted the next time I get the message in normal mode, to let you know if it still works in safe mode.
Thanks and see you!
re
Ok, I thought you couldn't start in normal mode at all
1) Apparently, you need to eliminate a cause related to chipsets or drivers...
http://www.vintage-computer.com/vcforum/showthread.php?t=2269
but I didn't fully "understand"
-------------------------------------------------------------------------------------
And I found this too http://vil.nai.com/vil/content/v_910.htm#tab5
-------------------------------------------------------------------------------------
2) To try to eliminate an infectious cause
Download HijackThis
hijackthis
Install it and click on the shortcut on your desktop
Then click on "Do a system scan and save a logfile"
Close HijackThis and copy-paste the entire log and post it here in response
@+
Ok, I thought you couldn't start in normal mode at all
1) Apparently, you need to eliminate a cause related to chipsets or drivers...
http://www.vintage-computer.com/vcforum/showthread.php?t=2269
but I didn't fully "understand"
-------------------------------------------------------------------------------------
And I found this too http://vil.nai.com/vil/content/v_910.htm#tab5
-------------------------------------------------------------------------------------
2) To try to eliminate an infectious cause
Download HijackThis
hijackthis
Install it and click on the shortcut on your desktop
Then click on "Do a system scan and save a logfile"
Close HijackThis and copy-paste the entire log and post it here in response
@+
You had understood well...
I myself was surprised to start in normal mode.
Now, it crashes later, unexpectedly. I'm running a memtest...
To be continued...
I myself was surprised to start in normal mode.
Now, it crashes later, unexpectedly. I'm running a memtest...
To be continued...
Well, it crashed during the memtest. There were 0 errors still detected.
HijackThis will give me the list of programs running at startup, right?
But I just reinstalled Windows, so there’s nothing else but Windows yet... Is it really wise?
On the other hand, I just remembered that the computer got struck by lightning about a month ago. Since then, the ethernet connection with the livebox hasn't worked anymore. So I connected it via USB: it's working fine. But it's possible that the motherboard also took a hit and the more time passes, the worse it gets... I'm afraid my computer is in its last hours (a Compaq bought in 2000 but still serving me well...)
In any case, a big thanks for the advice...
HijackThis will give me the list of programs running at startup, right?
But I just reinstalled Windows, so there’s nothing else but Windows yet... Is it really wise?
On the other hand, I just remembered that the computer got struck by lightning about a month ago. Since then, the ethernet connection with the livebox hasn't worked anymore. So I connected it via USB: it's working fine. But it's possible that the motherboard also took a hit and the more time passes, the worse it gets... I'm afraid my computer is in its last hours (a Compaq bought in 2000 but still serving me well...)
In any case, a big thanks for the advice...
Bonjour
Bonne nouvelle !! C'était donc cela, fini ce message stressant ?? :)
Mets-le en résolu stp.
Salut
Bonne nouvelle !! C'était donc cela, fini ce message stressant ?? :)
Mets-le en résolu stp.
Salut
Hello Mimi3
At the start of the discussion above
Change the status of the discussion
In order to improve the quality of the exchanges, please indicate whether the discussion below met your expectations:
Unresolved issue (please post additional information to raise the thread)
Resolved issue (please post a message summarizing the solution)
Talk soon!
At the start of the discussion above
Change the status of the discussion
In order to improve the quality of the exchanges, please indicate whether the discussion below met your expectations:
Unresolved issue (please post additional information to raise the thread)
Resolved issue (please post a message summarizing the solution)
Talk soon!
Hello,
I also have the same problem. After a scan with hijackthis here is the test result.
Please, if someone could interpret it for me and tell me what my problem is.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:00, on 26/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\roger\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Quick Launch of Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 3403 bytes
I also have the same problem. After a scan with hijackthis here is the test result.
Please, if someone could interpret it for me and tell me what my problem is.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:00, on 26/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\roger\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Quick Launch of Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 3403 bytes