win32/patched.fm and Windows failure

younggeeza · Sep 1, 2010

I've put this in software problems because that's the main problem even though it is to do with the virus win32/patched.fm.

I'm on XP Home and everything was working fine until i contracted a virus. The virus turned up as win32/patched.fm on AVG free but it refused to clean it.

In the end i got fed up of the constant irritations from avg and restarted the computer in safe mode. I ran a scan and it left me with the impression that it'd cleaned it all out.

When i restarted my computer from safe mode however...would get up to just before booting windows and then the computer would simply restart and this would go on and on and on and on.

I cut the cycle and told the computer to stop restarting on fatal error and the message i got was as quoted.

STOP: c000021a {Fatal System Error}
The Windows Logon Process system process terminated unexpectedly with a status of 0xc0000034 (0x00000000 0x00000000).
The system has been shut down.

Help please I think maybe AVG maybe deleted winlogon or explorer or something like that.

TimW · Sep 1, 2010

You should have posted in the malware forum. But we will try to help with this here for now.

You will need to boot into the Recovery Console to repair this.

Once you are back to the C:\Windows> prompt of the Recovery Console, input the below commands one at a time each followed by the enter key. Read the notes further down which comment on these commands.

cd system32
copy D:\i386\winlogon.ex_ winlogon.exe
exit

NOTES:

* the first command should cause the prompt to change to C:\windows\system32>
* the second command should copy the compressed winlogon.ex_ file ( yes the underscore is the correct file name ) from the i386 folder of your CD into the system32 folder and rename it to winlogon.exe, the file will automatically be uncompressed. Notice the space after the copy and after the ex_
* the third command should reboot your PC. Remove the CD and see if Windows will boot.

If winlogon.exe was deleted, it may have also taken the incorrect action of deleting explorer.exe too and it will have to be replace. If Windows boots up this time but you have no Desktop then explorer.exe was deleted and similar steps to the above can be performed to restore it. However you don't need to run the cd system32 command since explorer.exe belongs in the C:\windows folder. Just skip to the second command and replace each case of winlogon with explorer

Tell me what happens.

younggeeza · Sep 1, 2010

Thanks for such a quick reply.

You've mentioned a CD in your post. What CD do you refer to?

I also already have a D drive in my pc.

I followed your instructions anyway just in case i was being absolutely stupid and was met with 'Access is denied'.

TimW · Sep 1, 2010

younggeeza said: ↑

You've mentioned a CD in your post. What CD do you refer to?
Click to expand...

Your OS CD.....

younggeeza said: ↑

I followed your instructions anyway just in case i was being absolutely stupid and was met with 'Access is denied'.
Click to expand...

You were able to boot into the Recovery console and ran (typed) the commands? Are you now able to boot back into Windows?

younggeeza · Sep 1, 2010

I don't think have any OS CDs as far as i remember (but i'll have a look around the house) :S And when i did type those commands, all i got was 'Access is denied'.

When i typed exit, the computer restarted a few times and then the fatal system error message came up again.

Is having the OS CD vital?

TimW · Sep 2, 2010

You need to tell me exactly what you are doing and what happens. How are you getting into the Recovery Console? And yes, you need your windows CD to do this, unless you already have the Recovery Console installed and it is one of the options when you boot up.

younggeeza · Sep 2, 2010

During startup, i press F8 repeatedly and i'm presented with a number of choices such as safe mode, vga mode, debugging mode, disable auto restart on failure, last known good configuration. The one i select is 'Return to OS Choices Menu'.

I then have two choices. 'Microsoft Windows XP Home Edition' and 'Microsoft Windows Recovery Console'. So it looks like it is already installed on to the computer.

I don't think my computer came with a Windows CD :S I've always just been able to do a system restore back to how it was when i bought it if all goes to hell and windows will be there. Does this mean that a windows install is already inside my D drive maybe?

TimW · Sep 2, 2010

I think you will need to borrow an XP CD in order to fix this. It must be the same version as what you have installed: Home or Pro.

But let;s try this:

Boot up and go into the Recovery console. Once there type in this:
Expand C:\i386\winlogon.ex_ C:\Windows\system32\winlogon.exe
exit.

Reboot and tell me if you can now get into windows.

younggeeza · Sep 2, 2010

I put in what you told me to and 'The system cannot find the file of directory specified.' came up.

I have a question, each time i enter the recovery console, i have the option of logging in to 3 different things. D:\MiniNT, D:\I386 and C:\WINDOWS. You have wanted me to use C:\WINDOWS each time right?

TimW · Sep 3, 2010

Yes, I have wanted you to use C:\windows. However, at this point you will need to have a copy of xp cd. Your system is not finding the file we need and it will only be on the xp cd. That is where you would use the first set of instructions I gave you.

younggeeza · Dec 30, 2010

Just thought i'd say that i've now found an XP home CD.

Log in or Sign up

win32/patched.fm and Windows failure

younggeeza Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

younggeeza Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

younggeeza Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

younggeeza Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

younggeeza Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

younggeeza Private E-2