Windows 7 keeps suddenly crashing/freezing, really slow and won't load some programs RRS feed

  • Question

  • Hi all,

    My windows 7 is really slow and keeps freezing to the point where I have to turn it off from the on button. It's now virtually unusable. Certain programs won't load, namely Firefox and Norton anti-virus. It started yesterday when I was watching a video on redlettermedia.com when the computer just suddenly froze. So I rebooted and it hasn't been functioning since.

    I can't load certain programs like my anti virus and Firefox except in safe mode. From safe mode I ran my Anti virus (Norton) and it appears that everything is fine.

    System restore doesn't work. It keeps staying in the initialising part. I've tried repairing the disk but that doesn't seem to have an effect. I scanned the system for errors with command prompt and whilst it claims to have found errors it says some of them can't be resolved.

    I then booted into my mac hard drive (I use boot camp on Mac) which runs fine. I scanned windows with my clam x. It claims to have found 3 infected files but I don't know how true that is as clam x is known to flag false positives when it comes to windows. The so-called infected is as follows:

    uninst.exe. - Win.Worm.Chir-336

    SELFCERT.EXE - Win.Worm.Chir-769

    QuickTimeUpdateHelper.exe - Win.Worm.Chir-554

    Is there anything I'm missing here? I really, really don't want to reinstall windows. Please help.
    Sunday, October 12, 2014 1:10 AM


  • Try at answers.microsoft.com for a better response - this forum is for Windows Home Server.

    Phil P.S. If you find my comment helpful or if it answers your question, please mark it as such.

    Sunday, October 12, 2014 1:15 AM

All replies

  • Try at answers.microsoft.com for a better response - this forum is for Windows Home Server.

    Phil P.S. If you find my comment helpful or if it answers your question, please mark it as such.

    Sunday, October 12, 2014 1:15 AM
  • ok thanks, just done so :)
    Sunday, October 12, 2014 1:27 AM
  • Thy are viruses  yes 

    one of my servers i use clam win  or clamTK     works very well  on linux  and  os x

    www .symantec. com/security_response/writeup.jsp?docid=2002-072920-3942-99    I had to put in spaces  as it will not let me post links  hop this helps you

    July 29, 2002
    July 30, 2002 7:47:41 PM
    Also Known As:
    Win32.Chir.B [Computer Associates], W32/Chir-B [Sophos], Runouce [F-Secure], PE_CHIR.B [Trend]
    Systems Affected:
    Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
    W32.Chir.B@mm is a mass mailing worm that sends itself to all email addresses in a compromised user's Microsoft Outlook address book. It typically arrives as an email message with the following properties:
    (One of the following)
      • [USER NAME]@yahoo.com
      • imissyou@btamail.net.cn
      Subject: [USER NAME] is coming!
      Attachments: PP.exe

      The email message attempts to exploit the following vulnerabilities in order to automatically execute the message attachment:
      • Microsoft Virtual Machine com.ms.activeX.ActiveXComponent Arbitrary Program Execution Vulnerability
      • Microsoft IE MIME Header Attachment Execution Vulnerability
      Once executed, the worm will copy itself as the following file with the Hidden, System, and Read-Only file attributes set:

      It then creates the following registry entry so that it is executed every time Windows starts:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Runonce" = "C:\WINDOWS\SYSTEM\runouce.exe"

      The worm then enumerates network resources and attempts to access and modify files.

      The worm utilizes its own SMTP engine through a single static SMTP relay (btamail.net.cn). It gathers email addresses by searching the Windows Address Book and the following file extensions:
    • .adc
    • r.db
    • .doc
    • .xls
    On the first of every month upon startup, the worm will attempt to overwrite the first 1,234 bytes of files with the above-referenced extensions.

    The worm searches through all local and mapped drives to infect files with the following extensions:
    • .htm
    • .html
    • .exe
    • .scr

    It creates the following file which is a MIME encoded version of the virus to infect HTML files:
    Readme.eml file

    It creates The Readme.eml in the same folder in which the HTML file is located. The HTML file is modified to open Readme.eml when the HTML file is viewed, if JavaScript execution is enabled.

    The worm will also attempt to infect PE file by appending itself to the last section of the host file. Executing any infected file will cause the virus to load itself into memory and start its mass-mailing routine.

    The worm creates the following mutex so only one instance of the worm is running:
    Writeup By: Yana Liu

    Friday, October 17, 2014 5:11 AM