|
Donations |
|
|
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
View previous topic :: View next topic |
Author |
Message |
sevenworlds
Cadet
Joined: May 16, 2004
Posts: 1
Location: UK
|
Posted: Sun May 16, 2004 7:53 pm Post subject: Serious trouble...think its a trojan/virus? |
|
|
Hi all
A few days ago while my brother was browsing the net he got an error message and then the PC automatically shutdown. I booted up the next morning not knowing anything about this and during boot-up (just before the user profile selection screen appears) the following message appeared:
==============================================
Microsoft Visual C++ Runtime Library
Runtime Error!
Program C:\WINDOWS\system32\svchost.exe
This application has requested the Runtime to terminate it in an unusual way. Please contact the applications support team for more information.
==============================================
I continued to my desktop profile anyway (which was very slow to load) and the message appeared again along with this shutdown message which closed the PC down after 60 secs:
==============================================
System Shutdown
This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM
Time before shutdown: 00:00:60 (counting down to 0)
Message
Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly.
==============================================
Since then we've been unable to access the internet, many programs (including Norton Antivirus) aren't working properly and the whole system is really slow. Everytime we boot up we get the two messages above and also sometimes the following messages appear at the desktop stage:
==============================================
Error
The service has not been started.
==============================================
==============================================
Settings Alert
symantec
Integrity of Symantec product settings cannot be verified at this time. If you notice unintended product behaviour, this can indicate an attacker or virus is attempting to disable your protection. In this situation please uninstall and reinstall all Symantec security products to correct the problem.
==============================================
==============================================
Symantec CCApp
A necessary component for this function is missing or damaged (NAVProd)
==============================================
Norton Antivirus won't run anymore and it won't uninstall nor can we reinstall it. I did get the Stinger virus checker and ran it but it found nothing. I've looked up the net desperately trying to find out what's going on. Some of the symptoms seem to match certain viruses I've come across (Sasser, MSBlast, various trojans) but nothing matches exactly and none of the remedies for these viruses work. It actually appears that if a hacker has been in our system they've done a hell of a good job of disabling all the things that could get us out of the mess.
Basically, I'm stuffed and don't know what to do! We were considering backing up our data and reformatting but the file copy function won't even work. When I right click a file, select copy and then try and paste it somewhere else the paste function is greyed out. So we can't burn any files to CD.
In case its of any help, the following processes are running as soon as it has reached the desktop point (though it can change slightly):
WZQKPICK.EXE
WinCinemaMgr.exe
ctfmon.exe
iTouch.exe
qttask.exe
LMonitor.exe
InCD.exe
point32.exe
realsched.exe
atiptaxx.exe
sstray.exe
explorer.exe
ati2evxx.exe
incdsrv.exe
svchost.exe
svchost.exe
taskmgr.exe
ati2evxx.exe
svchost.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
System
System Idle Process SYSTEM
I apologise for such a long e-mail but since I've come across similar symptoms with no sucessful remedy I wanted to be specific here. If anyone has any idea what this is and more importantly how to fix it I'd be extremely grateful!
Cheers,
Dave |
|
Back to top |
|
|
lost_dude
Cadet
Joined: May 22, 2004
Posts: 3
Location: Australia
|
Posted: Sat May 22, 2004 6:09 am Post subject: |
|
|
Well dave unfortunately I’m a week late, so you've most likely already performed a new install, I have the same problem except i don't get any error dialogs apart from norton's "Setting Alert" dialog and the following:
* cannot perform any copy functions
* nor drag or drop actions
* my custom toolbars in the taskbar disappear along with taskbar settings resetting
* language bar in taskbar locks up
* desktop icons also lockup
* all network connections disapear
* cannot install/uninstall,
* cannot view properties for "System Viewer" and "Services" consoles etc, etc,
I have searched everywhere and found nothing regarding this problem! so was I glad to see your post but the shock came when no one actually gave you fix, so you can see just became a member to post this.
Well heres a temporary solution (i say temp as I have had to performed this 3 or 4 times on my machine), I cant believe this isn’t a common problem as my brother has the same problem on a totally different machine, wonder if it's norton related? or possibly those pesky windows updates?
Anyway type this at a command prompt "SFC /SCANNOW" without the quotes. Follow instruction may require windows installation cd. Finally REBOOT.
(if you’re not familiar with CMD then goto START->RUN->"type CMD and press ok")
Now everything should be back to normal, except the taskbar will most likely be empty so reconfigure it, and you will need to re-download all the windows updates (well I did). Like I said it isn’t a fix but rather a work around.
Hope someone comes up with a permanent fix, this is getting really annoying!
BTW just upgraded to XP! "I new I should of stuck with W2K". |
|
Back to top |
|
|
lost_dude
Cadet
Joined: May 22, 2004
Posts: 3
Location: Australia
|
Posted: Sat May 22, 2004 6:16 am Post subject: |
|
|
Oh forgot to add, using LAST_KNOWN_GOOD_CONFIGURATION in startup menu also worked on my machine but still had to download windows updates. |
|
Back to top |
|
|
lost_dude
Cadet
Joined: May 22, 2004
Posts: 3
Location: Australia
|
Posted: Sun May 23, 2004 10:56 pm Post subject: |
|
|
update...
damn thing locked up again last night... this time last_known_good DIDN'T work had to run SFC again.
heres more things that stop working when this occurs:
* Help and Support NOT available
* System Information NOT available nor can I get a report through dos
* pretty much the whole system is locked (screwed)!!!!
Attempted "Diagnostics Startup" through MSConfig with no results.
Starting to thing its a corrupt system file, my reason for thinking this is:
* system still does not work in diagnostic startup (hardly anything is loaded, except necessary system services!)
* after running SFC and rebooting everything is ok (sfc only repairs system files!).
My Question is why does it keep reoccurring?, what could be corrupting the system? Could it be a new strain of virus, ran Norton but didn't find anything on my machine, nor has any spyware showed up!
Does anybody have any suggestions? |
|
Back to top |
|
|
Scotian
Cadet
Joined: May 28, 2004
Posts: 1
Location: Canada
|
Posted: Fri May 28, 2004 9:51 am Post subject: |
|
|
I am having the exact same problem on a friends computer....did you find any solution because I am stumped..... |
|
Back to top |
|
|
Bulldog
Site Moderator
Joined: Nov 16, 2003
Posts: 3656
Location: Canada
|
Posted: Sat May 29, 2004 10:58 am Post subject: |
|
|
http://forum.tweakxp.com/forum/forum_po...tdown+%2Da
_________________
Cheers |
|
Back to top |
|
|
FrostHele
Cadet
Joined: Jun 03, 2004
Posts: 2
Location: New_Zealand
|
Posted: Thu Jun 03, 2004 9:15 pm Post subject: |
|
|
Hey i am having the same problem and i tried doing what it said on the site last posted but that didnt do anything and i still have the same problem.
What can i do next?
Here is my log.
Logfile of HijackThis v1.97.7
Scan saved at 7:51:36 PM, on 6/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Media\Software\hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = inet101
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://estore.sonic.com/upgrades/purcha...=ENU&id=40
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc...tor/sw.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/sh...wflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne...tector.cab |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|