PC Reboots When Installing WIN XP Updates

Hi, I'm having a problem installing updates for WIN XP. Everythime win xp downloads updates and I try to install them, the update wizard initializes, then without warning immiediatly reboots the system, so I cant install the updates. I just started experiancing the problem recently. maybe someone can tell me whats going on by reading my "save dump" file.


my log file:

The computer has rebooted from a bugcheck. The bugcheck was: 0x1000008e (0xc0000005, 0xb5dab532, 0xb4690a28, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini121506-03.dmp.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

see this attaghment

 

any help please?

 

Hmmmm....doubt this has much to do with ram.

The best way to troubleshoot this is to follow my debugging procedures in the FAQ forum:

http://forums.majorgeeks.com/showthread.php?t=35246

Debug output shows:



Microsoft (R) Windows Debugger Version 6.6.0003.5
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Documents and Settings\Jeremy\Desktop\Mini121506-03\Mini121506-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Fri Dec 15 14:21:01.693 2006 (GMT-7)
System Uptime: 0 days 0:17:39.422
Loading Kernel Symbols
..............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..............
Unable to load image system32:lzx32.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for lzx32.sys
*** ERROR: Module load completed but symbols could not be loaded for lzx32.sys
ERROR: FindPlugIns 8007007b
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, b5dab532, b4690a28, 0}

Probably caused by : system32:lzx32.sys ( lzx32+2532 )

-snip-

















Granted, its a lot of crap you don't need to know, but the likely culprit, which I bolded, raises an alarm.

Notice the : in system32:lzx32.sys? This is indicates its an alternate data stream. The file is "hiding" behind something else, in a different portion of the filesystem.


http://www.sarc.com/avcenter/venc/data/backdoor.rustock.b.html

To quote a small portion of the text:

Sounds to me like you have a virus problem, and its not going to be a walk in the park to remove.

http://forums.majorgeeks.com/showthread.php?t=35407

 

I recevied some tips in a PM, give them a shot, and if they don't work, I will transfer your post to the malware forum.

Download and install AVG Anti-Rootkit.
http://www.majorgeeks.com/AVG_Anti-Rootkit_d5249.html

Have it fix the C:\WINDOWS\system32:lzx32.sys hidden driver.

Reboot, and remove the file from your system manually, if it is there. It would be located in C:\WINDOWS\system32.

Good luck.

 

thnks, ya i noticed it happened after i got trojan, i got rid of it manually, lemme try your procedure, thnks

 

since its hidden it probably wont show up in windows search am i right?

 

this is the trojan i removed

===

WIN32.TROJAN.DOWNLOADER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[49]=Process : C:\Program Files\Common Files\{08E2C5FC-0965-1033-0714-060306060002}\Update.exe



===


i deleted some update.exe resgistry keys as well, especailly the startup ones

 

http://www.eset.com/pedia/cervy/baglebi.htm
http://www.castlecops.com/t149372-False_Positives_Win32_Trojan_Downloader.html
http://aumha.net/viewtopic.php?p=110113&
http://forums.spybot.info/archive/index.php/t-3160.html
http://www.lavasoftsupport.com/index.php?showtopic=4594

 

this should help, someone has the same problem


http://www.help2go.com/component/option,com_forum/Itemid,32/page,viewtopic/p,105884/

 

no rootkits found

 

corruptted file maybe?

 

That file is part of a Vundo infection. You should start a thread in the Malware Removal Forum and we will get you fixed right up.

 

Guess I'll move the thread.

 

i doubt theres anything wrong with my ram (2 gb), besides i just bought my HP MCE pc in sept 2006

 

i manually removed the trojan, deleted the files and registry keys, over a week ago

 

im scanning my pc right now, it found so many associations with that virus

 

check out this logs

 

ok all the infected files have been removed

 

BitDefender only shows part of the infection. Complete the steps in the Read Me first and post the needed logs.

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

• CounterSpy
• AVG Antispyware Log - ONLY IF NEEDED you were not able to run CounterSpy
• Bitdefender - from step 6
• Panda Scan - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis