lufthansen

Bios virus?

Recommended Posts

It has been running for 3 days without major hickups. Trendmicro back in. Ran sfc, and it replaced a bunch of drivers. Roxio EMC 9 keeps trying to install media experience, but can't find the installer. Chkdsk then went ahead "replacing invalid security id with default security id for file %filename%" on all files that were placed back onto the raid.

Interestingly enough, I haven't found any corrupted files rescued from the raid so far...

I'm going ahead and restoring the pc with caution. The toaster option is still open...

Usually this is caused by bad ram, or a bad cd-rom.

good luck

Share this post


Link to post
Share on other sites

I wouuld try running MemTest86 first to see if there is any sort of RAM issue. Let it run overnight.

Thank's for the tip. I'll let it run overnight.

...

I'll let the memtest run overnight. If nothing wrong I'll convert the computer into a toaster...

Did you ever run memtest overnight?

Share this post


Link to post
Share on other sites

I had something similar happen to me. I have a P4 board with 845P/PE chipset, 2.0Ghz CPU, and one 512MB DIMM.

After upgrading with another 512MB DIMM, I had trouble installing XP SP2 from the CD. It would freeze on nearly the same file every time.

I went through several DIMMs, and finally came to an interesting conclusion.

If I only had one DIMM (of a specific brand), then I could run the CPU @ 2Ghz. But if I installed more RAM, in order to be stable, I had to underclock the CPU to 1.6Ghz.

I came to the conclusion that the mobo was flaky, and that there was an issue with the voltage regulators onboard.

I think that perhaps your situation is the same - that there is a power issue causing hardware instability, and that it was triggered by installing a new video card that draws a lot more power.

I've never seen a BIOS virus in the wild, even though it is theoretically possible to write one.

Share this post


Link to post
Share on other sites
If I only had one DIMM (of a specific brand), then I could run the CPU @ 2Ghz. But if I installed more RAM, in order to be stable, I had to underclock the CPU to 1.6Ghz.

I came to the conclusion that the mobo was flaky, and that there was an issue with the voltage regulators onboard.

I think that perhaps your situation is the same - that there is a power issue causing hardware instability, and that it was triggered by installing a new video card that draws a lot more power.

Sounds like a lead. I did run the memtest for 26 hours w/o any errors.

I've suspected power issues. The 550w psu should be sufficient? Are there any issues underclocking the xeons? They are 3ghz each (nocona).

Unfortunately there are few diagnostic tools for the ASUS ncch-dl. Are there any diagnostic tools out there that let me monitor the voltage while os is running?

Share this post


Link to post
Share on other sites
I had something similar happen to me. I have a P4 board with 845P/PE chipset, 2.0Ghz CPU, and one 512MB DIMM.

After upgrading with another 512MB DIMM, I had trouble installing XP SP2 from the CD. It would freeze on nearly the same file every time.

I went through several DIMMs, and finally came to an interesting conclusion.

If I only had one DIMM (of a specific brand), then I could run the CPU @ 2Ghz. But if I installed more RAM, in order to be stable, I had to underclock the CPU to 1.6Ghz.

I came to the conclusion that the mobo was flaky, and that there was an issue with the voltage regulators onboard.

I think that perhaps your situation is the same - that there is a power issue causing hardware instability, and that it was triggered by installing a new video card that draws a lot more power.

I've never seen a BIOS virus in the wild, even though it is theoretically possible to write one.

Not sure if that board took DDR, but if it did, were you trying to run two DIMMs of DDR400 on the same channel, at DDR400?

Share this post


Link to post
Share on other sites
Not sure if that board took DDR, but if it did, were you trying to run two DIMMs of DDR400 on the same channel, at DDR400?

Well, the 845PE chipset doesn't support more than single-channel DRAM. It also doesn't support a 200Mhz FSB officially either. (Although this board has it as an option to overclock.) The P4 CPU is actually a mobile chip, with 12x and 20x multipliers, of which only 12x is supported in a desktop mobo. So I can run the ram @100Mhz, CPU @ 1.2Ghz, or ram @133Mhz, CPU @ 1.6Ghz, or ram @166Mhz, CPU @ 2.0Ghz, or (ideally, but unfortunately impossible) ram @200Mhz, CPU @ 2.4Ghz.

The only way that the CPU will "boot" @ 200Mhz FSB is without any DRAM installed. At 166MHz FSB, I can run with only one DIMM, and at 133MHz FSB, I can run stably with both DIMM slots filled.

Conclusion? Crappy board. I bought the cheapest one that I could find online at the time...

Share this post


Link to post
Share on other sites

Raid crashed again after long shutdown, and now the highpoint raid management software wouldn't show the array. Since this happened after a complete rebuild of the raid, I started to backtrack events that could have caused it. As it turned out, I had updated my AV to Trendmicro PC-cillin 2007. When contacting Trendmicro support, they tell me that their AV does not support raid5.

NOW YOU TELL ME?

I am not 100% that this is what have caused the issues, but it is plausible, as I've had Trendmicro all the time on the struggling Raid5 server.

Does anyone else have similar experiences?

What AV and/or firewall is compatible w raid5?

( I never knew there were any compability issues at all regarding raid and av/fw)

Share this post


Link to post
Share on other sites

I never knew there were any compability issues at all regarding raid and av/fw

There isn't, at least not in my experience.

I'm all confused here. Uninstalled the av, still no raid visible in the highpoint raid management software (tried both the win version and the web). Uninstalled the raid management software and will now try to install norton first (NIS and system works, 2007).

Could there be something obvious that I am missing here? I don't understand how I now no longer can see any raid in the management software. The drive is there, mounted and seemingly ok, but nothing shows up when I log on the managent software...

Share this post


Link to post
Share on other sites

I've reread through the entire thread, and seriously dude you either have a problem with the mobo, ram or that RAID controller. It could be a hardware compatibility problem between all the components. I am extremely doubtful that your issue is software related (unless it's driver related).

My advise, ditch the Highpoint and get a 3ware, LSI or Adaptec controller.

The PSU shouldn't be a problem, but I had a Antec TruePower 550W crap out (low voltage/amps on one of the rails intermittently), The TruePower II series reportedly fixed that issue with low volts/amps... (I'm now running a TruePower II-550W EPS).

Share this post


Link to post
Share on other sites
I've reread through the entire thread, and seriously dude you either have a problem with the mobo, ram or that RAID controller. It could be a hardware compatibility problem between all the components. I am extremely doubtful that your issue is software related (unless it's driver related).

My advise, ditch the Highpoint and get a 3ware, LSI or Adaptec controller.

The PSU shouldn't be a problem, but I had a Antec TruePower 550W crap out (low voltage/amps on one of the rails intermittently), The TruePower II series reportedly fixed that issue with low volts/amps... (I'm now running a TruePower II-550W EPS).

I'm starting to agree with you on ditching the card - that there is a hardware issue. I've tested the ram ok. I've got a spare mobo, but I'm dreading the dismantling (watercooled). Which one of the controllers you recommend compare to the highpoint 1820a?

Share this post


Link to post
Share on other sites
Which one of the controllers you recommend compare to the highpoint 1820a?

Adaptec 2820a - PCI-X - SATA II - 8 ports (NOT PCI compatible, PCI-X ONLY)

3ware® 9550SX - same as above

LSI MegaRAID SATA - http://www.lsilogic.com/storage_home/produ...sata/index.html - Heaps of different models.

Are you connecting to a real PCI-X slot (eg 64bit 100/133Mhz) or just a regular 32/33 PCI slot? (None of the above will work in a regular 32/33 PCI slot, you'll need to look for a previous generation controller).

As for which one, I'm not going to recommend an exact model, as which the correct controller for you is dependent entirely on your requirements and budget.

Share this post


Link to post
Share on other sites

The best thing you could do is take your computer to a level headed, impartial PC technician. You do not understand enough about software and hardware to troubleshoot this problem. The first tip off was your insistance that a virus is the cause of all computer problems.

You need to think logically about problems and don't believe everything you've been told by people you don't know. For example, how does your raid 5 card work? It takes 5 hard drives and make Windows think it is one hard drive. If Windows see's one hard drive and TrendMicro is running on Windows, how will TrendMicro even know that you have a raid5? So there is no way TrendMicro can be incompatible with raid 5.

Now, the original problem was failing to copy files from a CD. You did the right thing and got a new CD. (granted, you got it by spending way too much money. Maybe it would have been cheaper right here to hire someone to fix the problem.) When the new CD failed in the same way as the old CD, you should have continued along the path of swapping parts. This time swap the CD drive. If you don't have an old drive, you can buy one and return it if it doesn't solve the problem. Same with the power supply if you suspect that is the problem. Next is the IDE cable that connects to the motherboard. Once you get to the motherboard you are getting to more expensive and/or difficult parts to replace.

Here is where we start unplugging stuff and running tests. Test your memory with memtest and scan your hard drives for bad spots. Look at your motherboard for buldging/leaking capaciors. If you still haven't found the problem, unplug all cards, including the raid card and try to install Windows again. If you still have trouble, try with one cpu and one stick of ram. By process of elimination you should be able to narrow down where the problem lies.

If you just buy new parts without actually knowing that it is the problem you are going to spend way too much money and might as well just buy a new computer or hire someone to do some rational troubleshooting for you. btw, if you ignor my advise, please send me all your old parts that are infected with viruses. Thank you.

Share this post


Link to post
Share on other sites
The best thing you could do is take your computer to a level headed, impartial PC technician. You do not understand enough about software and hardware to troubleshoot this problem. The first tip off was your insistance that a virus is the cause of all computer problems.

Thank's for tipping me off that I don't understand enough to troubleshoot my own PC. That's why I use this forum.

You need to think logically about problems and don't believe everything you've been told by people you don't know. For example, how does your raid 5 card work? It takes 5 hard drives and make Windows think it is one hard drive. If Windows see's one hard drive and TrendMicro is running on Windows, how will TrendMicro even know that you have a raid5? So there is no way TrendMicro can be incompatible with raid 5.

The statement that Trendmicro PCCillin was incompatible came from ... Trendmicro support. Granted, it is not smart to believe everything I'm being told by people I don't know, but it is tempting to pay attention to the support people for the spesific AV software. I hear you when you say it is no way that the Trendmicro can be incompatible with AV. I am only relaying what Trendmicro told me.

Now, the original problem was failing to copy files from a CD. You did the right thing and got a new CD. (granted, you got it by spending way too much money. Maybe it would have been cheaper right here to hire someone to fix the problem.) When the new CD failed in the same way as the old CD, you should have continued along the path of swapping parts. This time swap the CD drive. If you don't have an old drive, you can buy one and return it if it doesn't solve the problem. Same with the power supply if you suspect that is the problem. Next is the IDE cable that connects to the motherboard. Once you get to the motherboard you are getting to more expensive and/or difficult parts to replace.

Are you applying for job here?

Here is where we start unplugging stuff and running tests. Test your memory with memtest and scan your hard drives for bad spots. Look at your motherboard for buldging/leaking capaciors. If you still haven't found the problem, unplug all cards, including the raid card and try to install Windows again. If you still have trouble, try with one cpu and one stick of ram. By process of elimination you should be able to narrow down where the problem lies.

If you just buy new parts without actually knowing that it is the problem you are going to spend way too much money and might as well just buy a new computer or hire someone to do some rational troubleshooting for you. btw, if you ignor my advise, please send me all your old parts that are infected with viruses. Thank you.

I suggest you read the whole thread. If you feel that I still haven't done my troubleshooting in a proper way after reading the whole thread, please feel free to inform me. You seem to be a well of knowledge on the topic. But how do I know if I can trust the advice I get from you? I don't know you, hence logically I should not believe everything you tell me.

It is my hope that my clumsy fingers, dubious hardware and ingorance, with the help of this forum, will find a solution to my raid5 problem. It is after all my server, and I think we can both agree it's a good thing.

Share this post


Link to post
Share on other sites

No really, you should listen to yakwakdo, he has given good advice.

Nobody paid him to write such an extensive analisys of your problem.

Maybe you did a lot of thoughtful investigation of your problem but reading this thread gives the impression like you've randomly tried things without following a logical path.

Take for instance when you start blaming ATI (AMD) for releasing buggy software, maybe it is so but your problem has nothing to do with their drivers.

Remember you've problems installing XP.

Logic is:

1. Bad cdrom media

2. Bad optical drive

3. Bad cable of optical drive or hard disk

4. Bad memory... and so on.

Or you could believe the trendmicro support. They're paid to give you an answer, most of the time not the correct one but the one will get you off the phone as soon as possible.

Not blaming trendmicro specifically, most support desks are like this. Quantity over quality.

Share this post


Link to post
Share on other sites
No really, you should listen to yakwakdo, he has given good advice.

Nobody paid him to write such an extensive analisys of your problem.

Maybe you did a lot of thoughtful investigation of your problem but reading this thread gives the impression like you've randomly tried things without following a logical path.

Yakwakdo may have the key to the solution for that matter. What I don't appreciate is his patronizing and sarcasm.

Apart from rewiring the house I have done all the troubleshooting, using the deduction method, following all advice and logical sequence.

You're right: The thread has the feel of random troubleshooting. It is however not my troubleshooting log.

It is not a matter of me believing Trendmicro or not. As I said: I am just relaying their answer - which pussled me. That's why I rather use this forum when I am looking for answers.

Share this post


Link to post
Share on other sites

Update:

After recommendations I replaced my Antec True 550 PSU w a Corsair 620HX. After two weeks of testruns my problems seems to be solved.

If the problems are solved (won't trust it until another two weeks), the cause of the problem would be an anemic PSU. My old Antec runs only a single 12v, which means not enough jolt in the start-up, hence the failure of several hdd's in the raid. I'll spare you from me trying to explain it, as the guys in the link http://forums.storagereview.net/index.php?...p;hl=lufthansen are the experts and know how to make sense of it.

But in short: It makes sense from what I've experienced. With the old PSU I would not have any problems when doing an immediate (warm) reboot. The jolt would still be present in the PSU, and enough to get my family of disks up and running. Leaving my system off for a couple of hours would be enough to discarge the PSU, and I would get my issue with faulty raid.

A dual 12v rail seem to be the cure. FYI: The new Antec apparently has that, so it is not a brand issue... although the Corsair is modular, sweet and quiet... :)

Share this post


Link to post
Share on other sites

Hi Every one...

Two days back i got some viruses on my system which restore my window as like new installed. all users removed. I format my C: drive and install new windows XP sp2. now the problem is that whihc i diagnoses ... there are two files irxjett.exe and jqjdsat.exe which are creating problem ... like when i tried to install any antivirus program the message came " are you sure u want to exit " if i said NO. still it exit the program.

other than this mycomputer properties only appear for 1 second. also Msconfig appears for 1 second. task manager also appears for 1 sec so i cannot stop that exe file. if i delete that file i comes again with restart.

I tried different version of windows to install but the problem remain same. another funny thing is that the virus is genious. i can search all other exe file on google. but when i write irxjett.exe on google the explorer closed.

if any body know how to solve this problem .... plzzzz let me know.... i m very upset now.

Thanks

Abdul Mateen

Share this post


Link to post
Share on other sites
Hi Every one...

Two days back i got some viruses on my system which restore my window as like new installed. all users removed. I format my C: drive and install new windows XP sp2. now the problem is that whihc i diagnoses ... there are two files irxjett.exe and jqjdsat.exe which are creating problem ... like when i tried to install any antivirus program the message came " are you sure u want to exit " if i said NO. still it exit the program.

other than this mycomputer properties only appear for 1 second. also Msconfig appears for 1 second. task manager also appears for 1 sec so i cannot stop that exe file. if i delete that file i comes again with restart.

I tried different version of windows to install but the problem remain same. another funny thing is that the virus is genious. i can search all other exe file on google. but when i write irxjett.exe on google the explorer closed.

if any body know how to solve this problem .... plzzzz let me know.... i m very upset now.

Thanks

Abdul Mateen

Share this post


Link to post
Share on other sites

Im also having the same problem. I got the virus from the internet and almost stayed up a whole night trying to deal with it. Mine is not a reply but rather a suggestion on what I want to try.

My main problem is that all my browser windows exit unexpectedly when im in the middle of something.

The virus is a genius, I agree too;

You cannot install any antivirus s/w, though I kind of found a way around this

You cannot run any antivirus s/w, they are closed doen even before they begin

If you google anything with the applics' names, the browser window closes immediately

You cannot open or view the contents of the above mentoined locations where its apps reside

If u go to your Task manager, you find the processes irxjett.exe, jusched.exe, jqjdsat.exe, hkcmd.exe....among other virus/spyware/worm processes. If u end the process trees of these, you might be able to install an antivirus but running it is impossible.

seems to me that the two most important applics for this virus are irxjett.exe and jqjdsat.exe.

Locations: C:\Program Files\Common files\Microsoft shared and

C:\Program Files\Common files\system

respectively. You can search for the locations of the others using avafind

I suuggest that you try this for now: Obtain a Knoppix Linux live CD and run it on the system. Once it lists the devices on its Desktop, Right-click the dev containing your C: and make the files writable and then search for all the .exes assoc with the virus (those that you found in the task manager) and delete them manually.

Im yet to try this so dont kno whether it will work

Share this post


Link to post
Share on other sites

FYI: I erased all partions on a strange behaving notebook today. When i tried to re-install from original cd Windows XP Home setup missed cyycoins.chm, czycoins.chm, digiras.chm and so on. A copy made with nLite failed exactly the same way. The same CD installed fine in a VM on a different computer. Please let me know if anyone has an idea what to do!

Share this post


Link to post
Share on other sites
Assuming you nuked any existing partitions before doing the installation, odds are good you have bad memory or a failing optical drive.

I tried a different RAM and: Windows installed fine! :) But: I don't get into my head why Windows setup allways misses the same files when RAM is broken...

Share this post


Link to post
Share on other sites
Assuming you nuked any existing partitions before doing the installation, odds are good you have bad memory or a failing optical drive.

I tried a different RAM and: Windows installed fine! :) But: I don't get into my head why Windows setup allways misses the same files when RAM is broken...

That's becuase the installer was always loading the same files into the same location in RAM during the installation...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now