XP Frequent Hang-Ups With Any Program

Received this message last night from ANTIVIR - the new virus proggy I installed (a bunch of techies claim this is the best free AV as far as find/scan goes).

11/27/2005,21:08:30 WARNING: Is the Trojan horse TR/AGGR!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP409\A0057282.EXE
File has been deleted!

Could it be this virus starts up several minutes after boot and was causing my problem? 21:08 is almost an hour after I rebooted my computer. That would time about right as to when I would normall start experiencing the hangs.

 

That trojan is located in your system restore files. Assuming that's the only place you have it, it can't hurt you unless you use system restore. If you did and it used that restore point it would restore the trojan to your system. To get rid of it you need to turn off system restore. Doing this will delete all restore points. You should do this as the restore points are no good anyway when they contain the trojan. To turn off system restore, right click on My Computer>properties>system restore. Put a check in the box by the line that says turn off system restore on all drives. Click apply and then close the window. Then, to make sure the trojan isn't active in your system right now you should do a complete system scan. Once you've done this you can go back and turn system restore back on. Just go back and remove the check that you placed in the box before.

 

Since this was discovered and deleted my computer has not hung up at all. Two days now of heavy graphical and web usage and no problems. I have not yet removed the DIMM 2 memory.

Is it possible that this trojan was a fake sys restore file? The reason I ask is due to the way it was caught -- I was NOT running a virus scan when I got the above message. Rather I had rebooted my computer and left it for the night. When I checked it the following morning, the message above in regard to the trojan was waiting for me. Checking event logs, I see that the computer re-booted around 8:16 PM. The virus was detected at 9:08. There was no other activity going on with the computer at the time.

That leads me to believe that the file was somehow active. The near hour delay corresponds well to the symptoms of my hangs -- meaning that it would appear my computer was ok until it was on for a while - around an hour or so - then it would start hanging again. Also the fact that I was not scanning the computer at the time the virus was detected. I had a resident protection up, but was not running a scan. It's like something had to be accessed in regard to the trojan for the AV to pick up on it... right?

Otherwise, here are the steps that I took from the last hang to the time that the hang ups stopped.

-Ran Windows Memory Diagnostic Tool per Pete C's and others suggestion.
-Ran Defrag
-Installed AntiVir
-Reboot

According to my wife, the system was still hanging after the defrag.

Thanks to everyone for their assistance . This board is always a huge help.

 

a couple of things...

coop,

If your system made a 'restore' point, the trojan could be saved to that restore point. You should probably delete all your restore points just to be safe (turn off SystemRestore, reboot, re-enable SystemRestore). The other thing that I noticed was "the gigs and gigs of DV ", if those are on the same partition with the operating system, move them to another HD or partition. It will be much safer. If any of these files are irreplaceable, burn them to DVD/CD. This goes for any other data files you have that need to be 'safe'.
As to your problem with the mouse 'hanging', maybe check your video drivers. Update if not current, or possibly try re-installing if you have the current ones, or even 'rolling back' to a previous version if you recently installed an updated driver. HTH

B