suspicious pc activity

I need some help with this one. I have an old pc running windows xp
sp3, w/ Webroot desktop firewall and Webroot spy sweeper w/ anti-virus.
I keep it up to date, and run regular scans.

Here is the issue:

Last night I noticed that several minutes after the PC was powered down
the hard drive light started blinking. A closer look revealed that the
case fan was running as well. I opened the case and noticed that the
cpu fan was also running. The only way I can keep the CPU/HD/fan from
running after a power off is to turn off the power at the power strip.

I checked the BIOS settings to ensure that "Wake on LAN", "Wake on
Call" etc. were all disabled. Every auto power on setting that I could
find in the BIOS is disabled.

What should I do next to combat this problem? I am fearful that I am
now playing host to some malicious code, and do not want any of my
personal or financial information to fall into the wrong hands.

Any advice or recommendation you could provide would be greatly
appreciated.

My dinosaur machine:
Asus k7v - bios 1008 beta 001C
Athlon 900MHz
1.5GB PC-133
XP Pro SP3
Webroot Spy Sweeper w/ Anti-Virus
Webroot Desktop Firewall

Thanks in advance for the help!


--
OldPC
------------------------------------------------------------------------
OldPC's Profile: http://forums.techarena.in/members/oldpc.htm
View this thread: http://forums.techarena.in/windows-security/1076039.htm

http://forums.techarena.in

What are your Automatic Update settings in Windows Security Center?
---
Leonard Grey
Errare Humanum Est

Security Tips for Everyone, from PC Magazine
http://www.pcmag.com/article2/0,2817,2334856,00.asp

OldPC wrote:
I need some help with this one. I have an old pc running windows xp
sp3, w/ Webroot desktop firewall and Webroot spy sweeper w/ anti-virus.
I keep it up to date, and run regular scans.

Here is the issue:

Last night I noticed that several minutes after the PC was powered down
the hard drive light started blinking. A closer look revealed that the
case fan was running as well. I opened the case and noticed that the
cpu fan was also running. The only way I can keep the CPU/HD/fan from
running after a power off is to turn off the power at the power strip.

I checked the BIOS settings to ensure that "Wake on LAN", "Wake on
Call" etc. were all disabled. Every auto power on setting that I could
find in the BIOS is disabled.

What should I do next to combat this problem? I am fearful that I am
now playing host to some malicious code, and do not want any of my
personal or financial information to fall into the wrong hands.

Any advice or recommendation you could provide would be greatly
appreciated.

My dinosaur machine:
Asus k7v - bios 1008 beta 001C
Athlon 900MHz
1.5GB PC-133
XP Pro SP3
Webroot Spy Sweeper w/ Anti-Virus
Webroot Desktop Firewall

Thanks in advance for the help!

OldPC wrote:


I need some help with this one. I have an old pc running windows xp
sp3, w/ Webroot desktop firewall and Webroot spy sweeper w/ anti-virus.
I keep it up to date, and run regular scans.

Here is the issue:

Last night I noticed that several minutes after the PC was powered down
the hard drive light started blinking. A closer look revealed that the
case fan was running as well. I opened the case and noticed that the
cpu fan was also running. The only way I can keep the CPU/HD/fan from
running after a power off is to turn off the power at the power strip.

I checked the BIOS settings to ensure that "Wake on LAN", "Wake on
Call" etc. were all disabled. Every auto power on setting that I could
find in the BIOS is disabled.

What should I do next to combat this problem? I am fearful that I am
now playing host to some malicious code, and do not want any of my
personal or financial information to fall into the wrong hands.

Any advice or recommendation you could provide would be greatly
appreciated.

My dinosaur machine:
Asus k7v - bios 1008 beta 001C
Athlon 900MHz
1.5GB PC-133
XP Pro SP3
Webroot Spy Sweeper w/ Anti-Virus
Webroot Desktop Firewall

I wouldn't automatically assume that you have malware. I must say that I'm
not very fond of the Webroot offerings since they do seem to slow clients'
machines down and often cause issues. I certainly wouldn't rule out
hardware failure/flakiness on such an old machine. And of course you should
try and answer The First Question Of Troubleshooting: If the problem is
new, what changed between the time things worked and the time they didn't?
(If hardware is the cause, then you probably won't have made any changes
and Time is the culprit.)

Here are general shutdown troubleshooting steps. Not everything may be
applicable to you, of course.

*****
Shutdown issues are generally caused by a program and/or process that is
refusing to exit gracefully. The program and/or process can be from malware
or can be legitimate (such as an invasive antivirus like Norton or McAfee).
If you are using a Norton or McAfee product, uninstall it and replace with
a better program such as NOD32, Kasperksy, or Avast (free). The Windows
Firewall is adequate for most people. With Vista, shutdown issues can also
be caused by old/poorly written drivers so make sure all drivers are
updated. See Step B. below for general driver directions.

A.The first step is always to make sure your computer is virus/malware free.

http://www.elephantboycomputers.com/...moving_Malware

B. Drivers - The First Law of Driver Updates is "if it ain't broke, don't
fix it". Normally if everything is working you want to leave things as they
are. The exception is that heavy-duty gamers will usually want to update
their video and sound drivers to squeeze every last bit of performance out
of the hardware to get the fastest frame rates. If you're not one of those
people, you don't need to update your drivers if there are no problems you
are trying to solve.

Never get drivers from Windows Update. Get them from:

1. The device mftr.'s website; OR
2. The motherboard mftr.'s website if hardware is onboard; OR
3. The OEM's website for your specific machine if you have an OEM computer
(HP, Dell, Sony, etc.).

Read the installation instructions on the website where you get the drivers.

To find out what hardware is in your computer:

1. Read any documentation you got when you bought the computer.
2. If the computer is OEM, go to the OEM's website for your specific model
machine and look at the specs (you'll be there to get the drivers anyway)
3. Download, install and run a free system inventory program like Belarc
Advisor or System Information for Windows.

http://www.belarc.com/free_download.html - Belarc Advisor
http://www.gtopala.com/ - System Information for Windows

C. If the computer is virus/malware-free, drivers are current, and no Norton
or McAfee programs are installed, then do clean-boot troubleshooting to see
which program/process is the culprit:

How to perform a clean boot in Vista and XP -
http://support.microsoft.com/kb/331796

D. If you need more information, here is an excellent shutdown
troubleshooter:

http://www.aumha.org/win5/a/shtdwnxp.htm

Standard caveat: If troubleshooting the issue is too difficult - and there
is absolutely no shame in admitting this isn't your cup of tea - take the
machine to a computer repair shop. This will not be your local
BigComputerStore/GeekSquad type of place. Get recommendations from family,
friends, colleagues.
*****

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ

Leonard Grey - thanks for the reply. Auto Update Settings are set to
notify me when new updates are available.

Malke - Thanks for all of the info. Hardware flakiness is a definite
possibility - this thing is old. Nothing has changed since before this
started happening, other than time. I will have to dig into all of the
info you attached and see what I can find. I will post an update after
I investigate further. Re Webroot - I changed to Webroot from Symantec.
Machine runs at light speed compared to when I had NIS installed. I'll
have to do some investigating before deciding on security software for
the next machine.


--
OldPC
------------------------------------------------------------------------
OldPC's Profile: http://forums.techarena.in/members/oldpc.htm
View this thread: http://forums.techarena.in/windows-security/1076040.htm

http://forums.techarena.in

With your AutoUpdate settings, I would agree with Malkie that you
possibly have hardware problems, especially with your power supply.
However, you can never rule out malware.
---
Leonard Grey
Errare Humanum Est

Security Tips for Everyone, from PC Magazine
http://www.pcmag.com/article2/0,2817,2334856,00.asp

OldPC wrote:
Leonard Grey - thanks for the reply. Auto Update Settings are set to
notify me when new updates are available.

Malke - Thanks for all of the info. Hardware flakiness is a definite
possibility - this thing is old. Nothing has changed since before this
started happening, other than time. I will have to dig into all of the
info you attached and see what I can find. I will post an update after
I investigate further. Re Webroot - I changed to Webroot from Symantec.
Machine runs at light speed compared to when I had NIS installed. I'll
have to do some investigating before deciding on security software for
the next machine.