I'm not sure what I am dealing with...HELP!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by krhdmv, May 5, 2005.

  1. krhdmv

    krhdmv Private E-2

    First thing today I logged onto the internet. When visiting website computer shut down with Stop: c000021a Fatal System Error. After several reboot sand the same error I went into Safe Mode.

    In Safe Mode I removed escan virus software as this had only been added two weeks prior. After reboot I was able to access the system in normal mode. However I still have the following problems.

    1. I am unable to start up task manager.
    2. I am unable to run any virus scan software or adware when in normal mode.
    3. When I exit XP - window pops up with title of "End program - b" with a [cancel] button and [end now] button. Unless I select [end now] I can't exit.

    I have followed you entire post on "How to Spyware, Trojan and Virus Removal" - but I had these problems:
    1. I could not run Trendmicro or Symantec in safe mode with networking as I could not access my dial up networking.
    2. When I tried to run Trendmicro it hung when it started scanning system files.
    3. All other virus software hangs in normal mode.
    4. I ran all other programs that were suggested for down load in safe mode and discovered no problems.

    I have now been at this for some eight hours and I am very frustrated...

    Any help at all would be greatly appreciated.

    Regards
    krhdmv
     
  2. Oldman

    Oldman Private First Class

    Sounds viral. Have you tried running the alternative virus scans in the sticky? (Bitdefender & RavAntivirus)
     
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    In addition to what Oldman suggested. Please note the sticky thread states if you cannot run the online scans in safe mode that you should try running them in normal boot mode.

    If none of this helps, follow the steps below.

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
  4. krhdmv

    krhdmv Private E-2

    Hi and thanks for your advise.

    I ran both BitDefender and RavAntivirus in normal mode - and both found nothing. Strange thing is - I started to get the feeling that my laptop was behaving normally - I tried accessing TaskManager and up it popped. I then shutdown the system and no error message. It was like something miraculous had happened over night. Do you think it might have been hardware / XP related??

    Anyway, I ran HijackThis and I have attached the log for perusal just in case.
    Can you please tell me if there appears to be anything wrong. I'm now very confused and very frustrated.
     
  5. Oldman

    Oldman Private First Class

    attached log?...
     
  6. krhdmv

    krhdmv Private E-2

    Ooopssss - I'm sorry.... Must not have clicked upload.
     

    Attached Files:

  7. Oldman

    Oldman Private First Class

    krhdmv,
    Your active processes look ok so, lets start by putting a check by the following lines:

    R3 - Default URLSearchHook is missing

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll

    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: SmartUI.lnk = ?
    ----------------------------------------------------
    Now see if you can delete the NPUPano.dll file, if not, reboot to safe mode (F8 key when booting up), and delete the file. Reboot normal, see if the problem still exists, and post back. ;)
     
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member


    Why do you want the user to delete a plugin for Ulead Photo Express? It is not a problem and may be needed.
     
  9. Oldman

    Oldman Private First Class

    my bad, couldn't find any info on it... :eek:

    krhdmv, disregard my instuctions for it. :)
     
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please do not ask some one to remove items unless you are sure. Most items are pretty easy to find information on (this was too) and when there is no info available do not assume that it is bad. Always check with the user first. If they do not know then you should check file properties and version information to see if you can determine who the file belongs to.
     
    Last edited: May 7, 2005
  11. Oldman

    Oldman Private First Class

    live and learn, thanks much! :)
     
  12. krhdmv

    krhdmv Private E-2

    Ok - I gather from the responses as the problem seems to have disappeared and that there seems to be nothing major that can be picked up out of the Hijackthis log that for the moment I should wait and see if the problem represents itself.

    Thanks for the assistance / support.

    Do I need to close this thread somehow - or is it sone automatically.

    Cheers
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If the problem comes back post a new HJT log in this thread (we do not normally close them).
    If the problem comes back and it has been more the two weeks, run the READ ME FIRST steps and then post a new HJT log in this thread.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds