I have a serious comp problem and wondered if anyone can help. Basically I think one of the kids got me a trojan/virus. It prevented me getting updates on my corp AV so I downloaded AVG. It found a trojan and asked if I wanted to repair it which I did. Now after a restart, I cannot run hardly any of my programs, only firefox and a few others. I think it must be a system file that has gone. Do you have any ideas? Can't even open system restore.

I cannot open AVG in order to do another scan. I am thinking that I might have to do a reinstall of windows or even a format. When I try to open progs in the control panel (add/remove for example) I get the box pop up asking me what I want to use to open it with.

Cannot open IE, or any Office progs, msn is off, and many others (file not found or pop up box asking me to choose a prog to open it with)

Need help pretty quick as I am supposed to be working and I aint getting anything done atm :(

can you remember what file you "repaired"
could you post a hijackthis log - dwnload here - http://www.majorgeeks.com/download3155.html
i will look to see if there is another way to see which file you deleted via avg

Just tried it and it wont let me run it. Seems there is a problem with executing .exe files.

any chance you could show which processes are running in task manager (ctrl alt delete)?

Cpu usage 2-5% applications running - FST and thats it. In processes it all looks pretty normal.(from what little I know)

I cannot open notepad, paint or anything. I cannot even print screen as I cant print it to anything.

I am surprised that FF and the internet is working though :blink:

Can you remember the name of the trojan?

It sounds like possibly a problem with rundll32.exe

How good are you at reverting to a previous system restore point?

do you remember the name of the file(s) you repaired?

Can you remember the name of the trojan?

It sounds like possibly a problem with rundll32.exe

How good are you at reverting to a previous system restore point?


It would be fine if I could actually open system restore, that was one of the first things I tried. ;)

Can't remember the name of the trojan or file, sorry.

edit. I sort of remember that it was inside a system 32 file which makes me think.....but I don't know how to fix it.

could you atleast manually type in and post which processes are running in task manager?

eg.
csrss.exe
ctfmon.exe
explorer.exe
lsass.exe
services.exe
smss.exe
svchost.exe (x4)
spoolsv.exe
System
System Idle Process
Winlogon.exe

if you know which file you deleted it is possible to fix - if it is crucial which it probably was...
im still looking for a damn manual "log" of activities in avg - anybody know where tf it is?

taskmgr.exe
firefox.exe
wdfmgr.exe
svchost.exe
nvsvc32.exe
KkService.exe
avgupsvc.exe
avgamsvr.exe
LEXPPS.EXE
spoolsv.exe
LEXBCES.EXE
svchost.exe (local)
svchost.exe (network service)
svchost.exe (system)
alg.exe
svchost.exe (network service)
svchost.exe (system)
lsass.exe
services.exe
explorer.exe
winlogon.exe
csrss.exe
smss.exe
System
System Idle Process

And that is it

KkService.exe? :huh: wassat?

KkService.exe? :huh: wassat?

Sorry, mistype....

should be

DKService.exe

Found this:



How to Start the System Restore Tool from the Command Prompt

System Restore is a great feature in XP, but if you aren't able to boot into the Windows GUI normally or in Safe Mode, how can you use it? Here are the instructions for starting System Restore from the command prompt:

1. Start your computer by selecting Safe Mode with Command Prompt from the startup menu.
2. When the command prompt is displayed, type the following: [systemroot]\system32\restore\rstrui.exe (the system root folder is the folder to which you installed the XP operating system files, usually c:\windows).
3. Press Enter.
4. Now you can follow the instructions on the screen to use System Restore to restore your computer to a previous functional state.


Any use? :unsure:

your processes are ok
still looking but in the meantime
try this
in explorer (it works yes?)
goto Tools | Folder Options | File Types Tab
then click "new" - then "advanced"
type in exe
tell me does "application" turn up in the empty field below?
like this?
http://filext.com/images/associateexe.gif
if so - click cancel - close

your processes are ok
still looking but in the meantime
try this
in explorer (it works yes?)
goto Tools | Folder Options | File Types Tab
then click "new" - then "advanced"
type in exe
tell me does "application" turn up in the empty field below?
like this?
http://filext.com/images/associateexe.gif
if so - click cancel - close


ok...done that.....still not able to open anything though. :(

@ barbarossa....will give it a go and come back

could you look in
C:\Documents and Settings\USERNAME\Application Data\AVG7\
and see if you have a .log file?

I have a log.idx but no .log

Found this:



How to Start the System Restore Tool from the Command Prompt

System Restore is a great feature in XP, but if you aren't able to boot into the Windows GUI normally or in Safe Mode, how can you use it? Here are the instructions for starting System Restore from the command prompt:

1. Start your computer by selecting Safe Mode with Command Prompt from the startup menu.
2. When the command prompt is displayed, type the following: [systemroot]\system32\restore\rstrui.exe (the system root folder is the folder to which you installed the XP operating system files, usually c:\windows).
3. Press Enter.
4. Now you can follow the instructions on the screen to use System Restore to restore your computer to a previous functional state.


Any use? :unsure:


Nope....says that it is not a recognised command or somat.....bollox


This is looking more and more like AVG has deleted a critical windows system file and the only reason I can come here is because FF is not a ms prog.....I dunno I am only guessing.......

Can you run things in Safemode?

I have a log.idx but no .log
can you open it in notepad and see if it says which file it repaired?
if you cant open notepad - post attach it here

I have a log.idx but no .log
can you open it in notepad and see if it says which file it repaired?
if you cant open notepad - post attach it here
Or open with firefox :01:

cant open with ff :(

@ 100% not sure how to attach it here. Its only 1k though

@VB.....I am going to have another go in safe mode without command prompt, will get back to you.

Running in safe mode now, still can't access my other programs :(


I am tempted to put in my winxp disk and try for a repair. What do you all think cos I don't want to make things worse

cant open with ff :(

@ 100% not sure how to attach it here. Its only 1k though


change the extension to .txt
at bottom of fst reply box its says
"manage attachments"
browse the file then upload - reply

I am tempted to put in my winxp disk and try for a repair. What do you all think cos I don't want to make things worse

it wont make things worse - as long as you do a system repair not total - have you backed up?
but upload that log first
once you know which file was fuxord - everything will be fixed in a jiffy
this problem is solvable - since you can boot it isnt that serious - if you do a total reinstall it feels like wasted energy.

I just found this......

17.10.2005 23:34:49 AVG for E-mail [7.0.286] started
17.10.2005 23:34:50 Using AVG Kernel: 7.0.289 [265.0.0]
17.10.2005 23:34:50 Config: C:\Documents and Settings\Sara\Application Data\AVG7\avgemc.cfg
17.10.2005 23:34:51 Using Cyrus SASL 2.1.13
17.10.2005 23:34:51 Starting the main loop
17.10.2005 23:34:51 Queue processing started
17.10.2005 23:34:51 [9c0] AutoPOP3(10110): Starting server
17.10.2005 23:34:51 [9b4] AutoSMTP(10025): Starting server
18.10.2005 08:09:50 AVG for E-mail [7.0.338] started
18.10.2005 08:09:51 Using AVG Kernel: 7.0.344 [267.12.2]
18.10.2005 08:09:51 Config: C:\Documents and Settings\Sara\Application Data\AVG7\avgemc.cfg
18.10.2005 08:09:54 Using Cyrus SASL 2.1.13
18.10.2005 08:09:55 Starting the main loop
18.10.2005 08:09:55 Redirector version 70004
18.10.2005 08:09:55 [20c] AutoPOP3(10110): Starting server
18.10.2005 08:09:55 Queue processing started
18.10.2005 21:24:43 [20c] AutoPOP3(10110): Connection from process 1980
18.10.2005 21:24:43 [20c] AutoPOP3(10110): Connection from 12#####
18.10.2005 21:24:44 [7ac] AutoPOP3(10110): Client connected
18.10.2005 21:24:44 [7ac] AutoPOP3(10110): Connected to mail.virgin.net:110
18.10.2005 21:24:47 Received mail from: "bk sales" <[email protected]>
18.10.2005 21:24:47 [7ac] AutoPOP3(10110): Received 4281 bytes in 0.219 s, scanned in 1.188 s.
18.10.2005 21:24:48 [7ac] AutoPOP3(10110): Client disconnected
18.10.2005 21:48:07 [20c] AutoPOP3(10110): Connection from process 2128
18.10.2005 21:48:07 [20c] AutoPOP3(10110): Connection from 127.0#####
18.10.2005 21:48:07 [59c] AutoPOP3(10110): Client connected
18.10.2005 21:48:07 [59c] AutoPOP3(10110): Connected to mail.virgin.net:110
18.10.2005 21:48:08 [59c] AutoPOP3(10110): Client disconnected


edit. bah....don't think this is helpful either... :(

all that is in the renamed .txt is

¤†

I am tempted to put in my winxp disk and try for a repair. What do you all think cos I don't want to make things worse

At this stage, I would do that too. ;)

doesn't help
it doesnt show file repaired just interactions.

its definetly one of the system32 .dll files which got raped - if only we knew which one.
i would love to fix this
i have to go - sorry

if you are going to do a repair
a-if you have backed up all your vip files then i suggest doing a total reinstall
b- if you havent backedup, try to copy paste drag drop onto external hardrive if you have one, if not do a basic system reinstall(keeps personal files) and then backup and after that do a total reinstall to get a clean system - fresh new.

ciao

Guess what.....

It wont run setup from my winxp disk.

wtf!


@100% thanks for your help anyway :)

Guess what.....

It wont run setup from my winxp disk.

wtf!


Even when you use it on startup as a boot disk? :o

Guess what.....

It wont run setup from my winxp disk.

wtf!


Even when you use it on startup as a boot disk? :o

Nope...

pressed f12, booted by disk and just opens my desktop as normal but will not run by autorun or by the xp menu. If I can't reinstall/repair I am not sure what to do next.

I do find it odd that I can still post here and stuff. perhaps a registry repair prog? Of course, it will need to be one that runs from the location as winrar wont open.


edit....This is really starting to piss me off, I am at a complete loss what to do if I can't even reinstall windows. It has to be something to do with .exe files but I am not techie enough (damn my non tech brain)

Oh...I just noticed in explorer that if I go to tools/Folder options/filetypes

When I look at the first 20 or so they have [NONE] next to them as if they are not associated with anything. Is this significant?

We are really snookered unless we can find out either:

1. The name of the virus/trojan

or

2. The name of the file that was deleted by AVG.

Oh...I just noticed in explorer that if I go to tools/Folder options/filetypes

When I look at the first 20 or so they have [NONE] next to them as if they are not associated with anything. Is this significant?

No, I have that too ;)

Oh...I just noticed in explorer that if I go to tools/Folder options/filetypes

When I look at the first 20 or so they have [NONE] next to them as if they are not associated with anything. Is this significant?

that's normal

ok...well that's something I guess.

I have also tried to open office progs like word, excel etc and it comes up with error message application not found.

But.....if I go to an actual file that has been saved in say excel....then it opens :unsure:


edit....this makes me wonder if its something to do with all my shortcuts on the desktop and in my start menu programs.....

edit 2... When I go to the control panel, I can't open anything that is windows based and it comes up with C:\WINDOWS\system32\rundll32.exe Application not found.

do a search in
C:\WINDOWS\system32\

1.see if you can find rundll32.exe

is this it? oooh... maybe getting hotter

2. what are you using xp pro or home?

could someone be prepared to donate an original rundll32.exe to sara (as i have tweaked mine mac style + more) if she seems to be missing it.
it is only 31kb

hope this is the missing link

I have 9 files

5 are .pg

one is rundll32 application 33kb

3 are highlighted blue...one is servicepack unistall 31kb, one is servicepackfiles i386 33kb and the other is software distribution download or somat also 33kb. (these are all applications apparently)

I can't print screen into paint so cant show you.....


Running XP pro btw.

i give up
sorry
windows wins

ok thanks for trying.

Anyone else? I am still fucked up here....cant reinstall from the disk, anyone know any rescue progs or anything?

damn you
ok
get 6 clean floppies
download this and (oh shit ) run it (if it lets you - http://www.microsoft.com/downloads/details.aspx?FamilyID=55820edb-5039-4955-bcb7-4fed408ea73f&displaylang=en
follow instruction
load into floppies
then reboot - with floppy 1
proceed until 6
it will enter you into reinstall choices via dos

if you cant run the microsoft exe im going to kill you (+ your virus)
it means manually inserting the files into the floppy

tell me if you get the

WinXP_EN_PRO_BF.EXE

to run?

try start -> run -> type 'sfc /scannow'
Insert your xp disc so it can copy back the files it needs to.

If that doesn't work then u can try 100%'s floppy idea, or try looking in the bios for boot order and see if maybe cd was taken off it.

http://www.michaelstevenstech.com/XPrepairinstall.htm

Go there and follow the directions so you can get back up and running.

After that get an anti-virus and download all the updates pref in safe mode if the program allows.

you might also want to go through your startup menu and see whats there
CLick start
CLick run and type msconfig then click start up and basicly unclick everything and restart.

If all else fails do a full low level reformat "not quick" go into bios and boot off a cd with your xp disk in the drive. If you have SATA disks then you will need the floppy they came with. When you get to the part with the drives showing delete your system drive your going to have to hit delete then press l then press enter.

Then select the unpartioned drive you just deleted and hit enter "do not create a new part and select format the drive with the ntfs part "not the quick one" and let it fly.

If you have any questions please ask I am a cert pc tech

Hi guys.....I am back :)

What a game!

So...I change the sequence of boot up in the bios to CD and it worked...sorta :blink:

At least it allowed me to enter the WinXP setup from CD....so....having done a bit of Googling, came to the conclusion that I should not use the restore console function and wait until I am given the option later. I assumed that this was some kind of overwrite function.

Anyway, all seems well, until about 20 mins into the reinstall when I am suddenly asked for sound drivers...theeeen the fun really started. :wacko:

About 10 mins later, error boxes started popping up...naming that bloody rundll.exe and variants as the problem...Finally, all done and at reboot....blue screen of death!!!!! :angry:

It also won't boot from the hard drive soo...tried it again...as ya do... :rolleyes: and of course....same blue screen.

I was left with no alternative but to go for a full reinstall of windows without having backed up a few things that would have been a good idea to...but....meh...


I am back...bruised and battered and an awful lot skimpier than before... :dry: Its taken me over 12 hours, I got no work done and the house is a mess....I still don't really know what caused it...

ok thanks for trying.

Anyone else? I am still fucked up here....cant reinstall from the disk, anyone know any rescue progs or anything?

Sara, Ross has a good idea, if it is a windows file problem,
his suggestion will work.
here is some info on it....you should have a good hidden copy of window
files on your pc....don't panic , we will keep giving you ideas.
WINDOWS FILE PROTECTION-SFC /SCANNOW (http://www.compphix.com/windowsfileprotection.html)
scannow sfc - LEARN how to use SFC.EXE (system file checker) in this article! (http://www.updatexp.com/scannow-sfc.html)

happyish ending

Sara- what you're going thru is the perfect advertisement for Norton Ghost. I was
lucky, I installed it and copied my HD (on 18 cd's- took over an hour). Then I changed
the boot priority in the BIOS to CD.
As luck would have it my grandson downloaded some crap that f-upped everything.
I popped in the Ghost CD's (now 3 months old) and like magic I was back up, only
lacking the windows updates that were installed after I used Ghost.
I used a bit torrent download of Ghost but was so impressed I went out and bought
a copy. Now I copy the HD every 3 or 4 months, saving a lot of potential aggrivation
and frustration (as you experienced).

Sara- what you're going thru is the perfect advertisement for Norton Ghost. I was
lucky, I installed it and copied my HD (on 18 cd's- took over an hour). Then I changed
the boot priority in the BIOS to CD.
As luck would have it my grandson downloaded some crap that f-upped everything.
I popped in the Ghost CD's (now 3 months old) and like magic I was back up, only
lacking the windows updates that were installed after I used Ghost.
I used a bit torrent download of Ghost but was so impressed I went out and bought
a copy. Now I copy the HD every 3 or 4 months, saving a lot of potential aggrivation
and frustration (as you experienced).

No, I think what you're both going through is the perfect advertisement to not letting kids use your computer... :P

Kids are stupid on computers, I have had to reinstall windows on my father-in-laws and my brother-in-laws PC's twice, because they always let their kids piss about on there :angry:



I'm surprised you had to change the boot priority, I assumed CD was default for everyone.. Oh well.. :ermm:

Thanks for your help guys.

I am definately going to use Ghost once I have everything re-installed. You know, I am so pissed off about it as the comp was working just how I liked it, and now it doesn't feel right anymore. I guess it will take a while to get things back.

As for the kids thing, I'm afraid that I am rather stuck with that one...both of mine use it a lot and we only have the one. My 9 year old son (probably the guilty party) has been extremely sweet about losing all his game saves and installs and I think he will be rather more careful in future. If this experience has shown him the need to be more cautious about what he does and which sites he downloads from, then all's good.

Boot schmoot, the bloody thing was not co-operating at all. I would love to know the name of the beastie that caused this trouble so I can warn you lot, but unfortunately it wasn't until after the reboot that the problems started.

Oh......one more thing....

AVG was the key to the disaster as it deleted the rundll.exe files that stopped me from accessing .exe programs. I rang them up and they were extremely snotty as I had the free version. They refused to help at all and said 'we only supply the free version on the understanding that users are technically savvy' cheeky bastards, I felt rather insulted by their attitude ...what I had to go through to sort it out goes way beyond the average user's ability imo....so be warned the free version could be more trouble than its worth.

I have now reinstalled symantec corp with full updates so all is well.

Sorry, didn't mean to sound harsh ;)

What you could do is create them their own login accounts, that don't have administration rights, and limit their ability to install new programs and modify the registry, etc.. maybe.

But as you say, after this latest scare, they might be more careful in future... :unsure:

Running in safe mode now, still can't access my other programs :(


I am tempted to put in my winxp disk and try for a repair. What do you all think cos I don't want to make things worse

Why cant you just do that? I thought repairing Windows copies all of the system files from the CD and overwrites your old ones. Wouldnt that solve your problem?

Running in safe mode now, still can't access my other programs :(


I am tempted to put in my winxp disk and try for a repair. What do you all think cos I don't want to make things worse

Why cant you just do that? I thought repairing Windows copies all of the system files from the CD and overwrites your old ones. Wouldnt that solve your problem?


Thats right then all she would have to do is update windows again . All the security packs , well worth a try .

it will look for bad files and replace only those that are corrupted the link I put on my last post gives you step by step directions with screenshots on how to do that, if this is a virus problem that is in the mbr or a bootsector virus your in trouble as this will not help.

Since this is a filesharing forum you might want to get your hands on a copy of Winternals it allows you to access an unbootable system by running windows off a cd and gives you all kinds of great tools to work out problems like this. Sad to say price tag is $2500 but like I said this is a file sharing forum. Also know as adminpack

Thats right then all she would have to do is update windows again . All the security packs , well worth a try .


I did, and that was when I got the blue screen of death....the repair also had trouble and kept popping up that it couldn't locate the .dll files so it actually made things worse as I lost a lot of stuff.

Meh.....its almost back to normal except I lost all my bloody favourites unless someone has a clever idea of how I can retrieve them.

I think all my updates are done now....thank fuck for broadband :lol:


Thanks to everyone who tried to help..

Why cant you just do that? I thought repairing Windows copies all of the system files from the CD and overwrites your old ones. Wouldnt that solve your problem?

Sort of. Not all the time...

At any rate, after a user updates their system to any of Microsoft's service packs, their previous install CD, IMO, virtually becomes useless. Or at least, nolonger a "safe" bet when used to repair system files. The system with the service pack installed would be looking for files as they are written for that particular service pack. The install CD, would likely contain older files that are not always or are nolonger useable. For instance, I do not believe you would want to use an XP w/SP1 install CD to repair a system that had service pack 2 installed upon it. In the end, I would try to hunt down or create a new XP install CD that has SP2 slipstreamed onto it. Then attempt repairing again utilizing that.

Just my two-cents on this. So please forgive izzy's ignorance here if I am "off-base" to the actual problem. I admit not reading the entire thread. But I hope this shedds some light. :)