Cannot Shutdown..

Recently infected by the WIN32:Rbot-G Trojan, but Avast got rid of it.. The only problem i have now is that when XP tries to shutdown, nothing happens. Whether i shutdown from Start button, or from task manager, nothing happens. It just sits and looks at me. No idea if its connected to the Trojan, but any ideas?

 

Any error message when you try to shutdown?

Does system lock up when you try to shutdown?

Will XP shutdown if you run shutdown -f ?

 

shutdown.exe -f doesn't work. There are no error messages, it doesn't hang.. When i hold the power button down, it does shut down, thats the only way i seem to be able to do it. After i switch it back on again, there are no error messages.

 

Can you shutdown from Safe Mode?

 

Yes. Strangely, i can also shutdown from the welcome screen. As soon as i log in (as system admin) it won't work. This has nothing to do with a Win32:Rbot-G trojan i recently had but was removed by Avast does it?

 

It might, there could be a leftover process running.

Since the problem doesn't happen in Safe Mode I think the thing to do is use msconfig to perform clean-boot troubleshooting and narrow it down to a process or service, as described here:

"How to perform a clean boot in Windows XP"
http://support.microsoft.com/default.aspx?kbid=310353

 

Okay. I've done this. The problem is with 'Load Startup Items'

In the Startup section of msconfig, there are very dodgy looking .exe files with scrambled-looking filenames like wupfyny.exe and wuawx.exe. This is sasser/blaster isn't it? I didn;t notice these before. Why didn't Avast pick these up? I'll re run it. Thanks for your help so far!

 

Okay. I ran housecall by trendmicro, and it found Worm Rbot.WU, Troj PopSpy.A and Worm Francette.L

How did i get those? I'm gonna restart and see if they're there again.

Thanks!

 

Okay. Those .exe files wupfyny.exe and wuawx.exe are still running in Startup. I searched for the files, and deleted them, but everytime i restart, they're back in Startup, but i can't find them when i search. I disabled them from Startup, but how do i get rid of them? Help!

 

Right. Everything seems to be okay. Those two files are gone, they still appear in the startup on msconfig, but they're disabled, and i guess harmless.

Everything seems to be running okay, so i'll guess i'll leave it. Thanks everyone!

 

If you still want to delete them, you can try Autoruns. That's a fairly extensive viewer for what's run on startup, and it gives you the opportunity to delete as well as disable.

 

hmm. they don't show up. maybe they are gone after all. Thanks.

 

It's probably a good idea to run Adaware and Spybot, there might be spyware nasties on your machine.