Wed 26 Dec 2007
Computer rebooting 20-25 seconds after showing Welcome Screen
Posted by azhad under Computers[7] Comments
This is a difficult to solve problem I faced when trying to fix my home desktop. As mentioned in the title, the computer reboots, provided no username is clicked to login. If a username is clicked before the time period, the system will run Explorer and it would work fine.
It took a lot of work to find out the cause, using “msconfig”, disabling all services and enabling one by one to find the culprit.
It was due to a program in the Services named as Automated Surfer (C:\Windows\system32\srvany.exe). On doing a scan from Jotti’s Malware Scanner site some antivirus programs showed that it was a trojan. The results are posted below.
So deleted it from the services using regedit.exe and deleted the srvany.exe file. Now the system is fine. A file with the same name does appear in some other computers (I think it is part of some Resource Kit) so be sure to check the MD5 before deleting it.
Please write a comment if you face the same problem.
File: srvany.exe
Status: INFECTED/MALWARE
MD5: c9b18abe9063a33e77f6be81cc8df0c5
Packers detected: -
Bit9 reports: No threat detected
Scanner results
A-Squared Found Riskware.NetTool.Win32.Calc-SETI@Home.b
Dr.Web Found Program.SrvAny
Operating System: Windows xp SP2
December 26th, 2007 at 12:56 pm
Nice troubleshooting work man!! must have taken hell lot of time….
Haven’t seen that happening yet.. would let ya know… cheers!
December 26th, 2007 at 4:38 pm
i guess i had a similar prob…. are you using folder lock?
December 27th, 2007 at 7:56 am
@ano,
No, I’m not using Folder Lock.
But I do use a program called Unlocker – it helps to delete files which are in use by programs (the stubborn ones that you can’t delete using Windows xp). Deleting the srvany.exe file did not result in any deterioration of the Unlocker program, so I don’t think it is part of Unlocker.
December 29th, 2007 at 7:14 pm
Ping
January 10th, 2008 at 6:05 am
I have the exact same problem spent 3 days fixing…. can you see your devices in device manager or network connections…
srvany.exe is a legitimate windows file…
= service any
I think the problem is a microsoft security patch….for xp sp2
January 11th, 2008 at 9:58 pm
Hi Same Here,
Could you post the MD5 value for the legitimate srvany.exe file please. That way we can be sure whether we are talking about the same file or not.
You can get the MD5 using a program like RapidCRC.
It would be really helpful to find out the cause. By the way, the procedure I mentioned above worked for me. The problem is fixed.
I use Windows XP SP2.
February 20th, 2008 at 2:08 am
helpful post