Post by W***@Cowboy.net Post by W***@Cowboy.net Post by Paul Post by David E. Ross Post by W***@Cowboy.net
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
Your new installation might include malware. There are some malware
that will crash a system if an anti-virus application is detected.
This, of course, is often part of malware design: kill the anti-virus
before the anti-virus kills the virus.
Where did you get the Windows 7 that you installed?
Got a suspicious looking disk with the machine. which by the way, I
did not find. It and the machine came from an acquaintance at an old
folks group I joined. Hmmmm.
Post by Paul
If you did an upgrade install, migrating installed programs
from Vista to Win7, then the malware might have already been
Upgrade/Repair installs (i.e. run Setup.exe off the inserted
Win7 DVD, while Vista is booted), they can take care of trivial
forms of malware (like an adware perhaps, or clean out a few
left over registry entries that the adware used). But generally
an Upgrade install cannot fix everything.
For peace of mind, if the status of the machine was unknown
and you found it sitting on the curb, you'd do a "Clean" install
by booting the Win7 DVD and doing the install from there.
Hi Paul -
The Vista is gone, but I shud redo the W7 install without preserving
the Vista data etc. I shuda thought of that. I had not experienced
anything like this before.
Post by Paul
The install process generally gives you some information
about what it is going to keep. A clean install will tell you
that user data will be lost, and all programs will need to be
re-installed. But that process also cleans house of any
malware that might have been there.
If I want to be absolutely certain about a hard drive,
I boot the installer DVD and select the option to use
Command Prompt (instead of installing). From there,
select disk 2
You have to be careful, to identify the disks and only
erase the desired disk. In my example, disk 2 would be
the third disk down in the Disk Management table. You
can list the partitions on the disk, for confirmation
of what partitions are on there.
The "clean all" command writes every sector on the disk
with zeros. The only way it's going to miss any area of
the disk, is if a Host Protected Area (HPA) is present.
Working with HPAs is a PITA, due to hardware restrictions.
My current machine is a lucky one, in that the IDE cable
is HPA-capable, and I can follow the recipe here to
check or remove stuff like this. All my SATA ports are
locked. I use an IDE to SATA adapter (dongle), to do HPA work
on SATA drives. Some OEM computing products, use an HPA
and a special boot loader, to multiplex five partitions
into a four slot partition table, and a crafty individual
could hide malware in the maintenance partition (so it
gets muxed in when a special key is pressed at startup).
But that's a pretty obscure straw-man.
Well, I still have a problem. As I said, I wiped the hard drive
(format) and re-did the W7 install. As soon as I then installed Avira
, and then undid it and installed Avast, the PC went into crash mode.
IE, it powered off both times..
I re-did the same W7 install, and tried free AVG, and lo. it has not
crashed yet after 24 hours. Task Manager says AVG is indeed running.
What do you think now?
That's pretty good proof of an AV problem.
However, that's not absolute proof.
Any time you get a computer in hand, whether it's
fresh from the production line, or it's been sitting
in the garage for ten years... you test it.
And, you run the same tests in both cases.
This is called "acceptance testing". It's your
way of proving "yes, this is a computer, it's not
Not only must you do such a test when a computer
arrives on your bench. You must also test it
yearly (at least do a memory test). When memory fails
here, it might be every 1.5 years or so when I see
trouble. So once a year, you could give it a test
overnight and see whether anything has changed.
Good memory can go bad. I had a stick of Crucial
Ballistix blow out on me, and one chip went completely
nuts. And it wasn't overvolted or abused either.
When tested with memtest86+, the errors scrolled
off the screen, because each and every long-word
was bad. (One byte lane, coming out of one completely-nuts
chip, ensured a never ending scroll of errors.)
So there I had one good branded RAM (before Micron
ran into trouble), just blow up on me one day. Kablooie.
One of my first problems, was finding a DIMM pattern
in the sockets, so the machine would stay up long
enough to load memtest :-) For that problem, I
needed a GOOD DIMM in low memory, so the memtest86+
floppy could boot. Then if the BAD DIMM was up high,
after a few seconds, the test would hit that bad chip.
I had to keep flipping stuff around in the slots,
until I could get the test to start.
Let's take my current machine.
One year, I put 4x2GB DDR2 in it. Tested it, all is fine.
Much later, I'm seeing problems. The problem seems to
"move" from one day to the next, as if something is loading
in a different place in RAM, with respect to a problem area.
The computer went from healthy, to almost unusable.
I finally manage to catch a memory error with memtest86+.
Adjusting Vnb this time is not helping.
Now, normally I test the sticks one at a time, so I know
exactly which one to replace. When tested individually,
or in pairs, I *cannot* detect a problem with this set of
sticks. I can only see a memory error when all four sticks
are plugged in (power or bus loading makes a difference).
I ended up replacing all four sticks, so I could be
sure of fixing it. Ran another memory test. It's clean
Chancea are, your analysis is sufficient, and this is
just an AV problem. But you should also run memtest86+
for peace of mind. Even letting it run for one full pass
is enough. That might take a couple hours.
When tested that way, without additional work, around
1MB of RAM is not tested. This is the E810 reserved
region. Memtest86+ asks the BIOS for info about reserved
areas, and then it's not supposed to trample on stuff
the BIOS is using. And that amounts to around 1MB or
If you really want to know whether every byte is good,
you put two sticks in single channel mode (put the sticks
on the same channel), run memtest86+. Then, if it passes,
you shut down, and swap the two DIMMs in single channel
mode. This causes the high memory DIMM to become the
low memory DIMM and vice versa. The low memory DIMM
is the one that isn't fully tested. But when swapped as
the high memory DIMM, the test on that run covers everything.
You must use two sticks, to guarantee the high memory DIMM
has no reservations on it. If you insert just one stick
in the computer, and run memtest86+, then the bottom
1MB is reserved and testing is not 100% complete.
While memtest86+ comes pretty close to testing all RAM,
you have to do a little extra work if you expect complete
test coverage. I think you can see, how memory in the BIOS
area that was defective, would be a wee bit difficult