HELP ! HP XP System Restore installed, but Internet not working

Status
Not open for further replies.
L

lbarrueta

Beta member
Messages
2
I just had a new motherboard and hard drive installed in my HP Pavilion 310n. After succesfully loading the 6 disc HP XP Recovery discs, which I purchased 2 months ago from HP, I connected to the internet to register the new installation. Right away, my system slowed down alot, the Internet Explorer browser just kept 'searching' for the microsoft site, and finally the "System is shutting down....initialized by the NT Authority/System....C:\WINDOWS\SYSTEM32\ISASS.EXE...will terminate unexpectedly..code# 107374189" window popped-up.

This is the 3rd time this has happened to me while installing a new XP operating system on 3 different PC's! 2 on Dells (with Dell XP installations) and now on my HP (with an HP XP installation).

2 things:

1. Why is this happening? Are the drivers corrupted?

2. How can I fix the problem?

I loaded Norton Professional, updated it (in safe mode, the only way the internet works), and ran it deleted a couple of viruses. I also downloaded and ran VGS, which also found some viruses. backdoor.bot was one of them. But still having the same problem.

HELP!!!

Luis
 
I downloaded the malicious software checker from microsoft and it said my system was clean. problem still exists.

Any tother suggestions?
 
Anytime you replace major components like the motherboard you should always reformat and start fresh. If you don't a whole list of ugly problems can arise. I would suggest a clean frsh reformat. Also be sure to delete any old partitions and repartition the HD before you install a fresh copy. WinXP will prompt you for this.
 
well, according to my google search for that code above, you have been infected with the Sasser virus. here is the link to where i got the info, its bout a little over 1/2 way down the page by the administrator named Hunter. and its called Process for cleaning a Sasser infected system. here is what is written:
Process for cleaning a Sasser infected system

There are two ways that this can be done, in NORMAL mode, and in SAFE mode. Try the NORMAL mode first and if that doesn't work then try SAFE mode. Processes are below.

The error that you will see if you are infected with Sasser is

"System Process C:\windows\system32\lsass.exe terminated
unexpectedly with status code -107374189"

NORMAL mode

If your computer keeps rebooting, first do this:

As soon as your computer reboots and Windows loads and you are logged in, click
Start >> Run.
In the command line box, type the following:
shutdown -a
and click ok



This should stop the box from rebooting.

To end the malicious process:
Right-click on the Task Bar.

Click Task Manager.

Click the Processes tab.

Double-click the Image Name column header to alphabetically sort the
processes.



Scroll through the list and look for the following processes:

avserve.exe

any process with a name consisting of 4 or 5 digits followed by _up.exe
(eg 74354_up.exe).

If you find any such process, click it, and then click End Process.

Exit the Task Manager.

Next, go to http://windowsupdate.microsoft.com/ and install all missing patches. Make sure MS04-011, Security Update for Microsoft Windows (835732), is one of those patches. Or go directly to the patch from Microsoft.
Microsoft Security Bulletin MS04-011

http://www.microsoft.com/technet/security/...n/MS04-011.mspx

Finally, go to one of the sites below and download a Sasser Worm removal tool. Run this tool to clean the system of the Sasser worm.

SAFE mode

Restart the computer in the Safe Mode.
To do so after the Power On Self Test (POST), press and hold the F8 key.

From the Safe Mode, click Start, Run. In the Run box, type
"regedit" (without the quotes) and press enter.



Navigate to:
HKEY_LOCAL_MACHINE
+Software
+Microsoft
+Windows
+CurrentVersion
+Run



In the right-hand pane, look for any entry that might include:

avserve.exe
avserve2.exe
any process with a name consisting of 4 or 5 digits followed by _up.exe
(eg 74354_up.exe).

Delete any/all of the above entries and exit regedit.

You have now disabled the worm from running at startup, so
reboot and go back into normal mode again, and turn off ALL system restores to purge your system of any remnants.

To turn off systems restores...
Click Start, Programs, Accessories, System Tools, System Restore, System
Restore Settings, "System Restore" tab, and check the box. "Turn Off System
Restore on all drives", click "Apply" and "OK".




And delete all previous system restores by
Click Start,
Accessories,
System tools, Select the main system disk (typically Cļ
Disk Cleanup,
"More Options" tab,



"System Restore" section,
"Clean up" button,
click "Yes"

Open Windows Explorer to the
..\Windows\
..\WinNT\
..\Windows\System32\
..\WinNT\System32\



folder and DELETE *any* files called
avserve.exe
avserve2.exe
any process with a name consisting of 4 or 5 digits followed by _up.exe
(eg 74354_up.exe).

Next, go to the ..\Windows\Prefetch\ or ..\WinNT\Prefetch\
folder and find the reference to the above file/s (any reference
will be similar to: -.PF), for
example, avserve.exe-0235D8H6.pf, and DELETE it/them.



Now you can download and install the patch from Microsoft.
Microsoft Security Bulletin MS04-011

http://www.microsoft.com/technet/security/...n/MS04-011.mspx

Update your anti-virus package and do a full system scan.

Download one of the Sasser Worm removal tools from the list below and run it to clean the system.

Sasser Removal Tools

Symantec W32.Sasser Removal Tool

http://www.sarc.com/avcenter/venc/data/w32...moval.tool.html

F-Secure Sasser Removal Tool

ftp://ftp.f-secure.com/anti-virus/tools/f-sasser.zip

ftp.f-secure.com/anti-virus/tools/f-sasser.exe

McAfee Sasser Removal Tool

http://vil.nai.com/vil/stinger

Microsoft's Sasser Removal Tool

http://www.microsoft.com/downloads/details...&displaylang=en
"Step 4: Review Additional Technical Resources - If the cleaning tool above doesn't work for you, use the free worm removal tool available at your preferred antivirus software vendor's Web site"

A bit more on getting into SAFE mode

Windows 2000 / XP Users

To get into the Windows 2000 / XP Safe mode as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press your Enter key.

Trouble Getting into Windows 2000 or Windows XP Safe mode - If after several attempts you are unable to get into Windows 2000 or Windows XP safe mode as the computer is booting into Windows turn off your computer. When the computer is turned on the next time Windows should notice that the computer did not successfully boot and give you the safe mode screen.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message as the computer is booting. If this occurs instead of pressing and holding the "F8 key" tap the "F8 key" continuously until you get the startup menu.



Use the up and down arrow keys to move the highlight to your choice.

hope this helps
 
Status
Not open for further replies.

Similar threads

A
Microsoft Outlook 2021 Does Not Install Important Add-In Tool Anymore - Please Help
Replies
0
Views
1K
Azam.biz
A
S
HP NC 4000 XP installation
Replies
1
Views
1K
Joe C
Joe C
H
HP laptop review, HP 17-by3063st
Replies
1
Views
3K
tehnokraat
T
O
hello & mostly clueless & would appreciate mac security help after trojan attack!
Replies
0
Views
915
once2023
O
P
Blue screen error again?
2
Replies
16
Views
2K
phantom555
P
Back
Top Bottom