Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Viruses, System Thinks It Has 2 Os, Hijacck This Says System Is Fine!

  • Please log in to reply
2 replies to this topic

#1 tomskinner1258


  • Members
  • 10 posts
  • Local time:05:05 AM

Posted 22 July 2007 - 04:22 AM

Okay, I just typed this once and lost it. So, here we go again. Out of the blue one day on a system reboot a black screen pops up and says choose which operating systen you want to use: "Windows XP Professional or Windows XP Media Center",
I arrowed down to the media center edition as that is what I am supposed to have ver. 2005. Then a blue window pops up and says that the system cannot find a cd-rom for this system therefore cannot continue setup hit F3 to quit setup. I never knew I was in setup!! So I called Dell and spent a few hours on the phone with them and find that system is saying in the Boot.Ini file that indeed there are two OS on my system. He takes control of my comp. aand does something where he pulled up the Boot.Ini section at the top and deleted one of the editions and everything seened fine or so we thought! Now, I am getting all kinds of strange things such as the same as above is back, I have ran Hijack this and went to the Hijackthis.De site and they gave me a safe on everything. I ran Bitdefender and founf two Viruses that they could not delete which were TROJAN. DOWNLOADER AGENT. BL & TROJAN . FatObfus . Gen and my wonderful Trend Micro Pc-Cillin Internet 14 did noy catch anything and I called them, they had me download a program of theors called Trend System Cleaner and run the system in safe mode while this did a 2 hour so called deep scan and it found nothing. So, now I decided I had to take action. I start digging in my downloads trying to find out where it came from and started deleting anything I did not need and googled anything I did not recognize and if it was bogus or unnecessary it was deleted. Now, to Program Files, here is where the fun starts there is all kinds of fun stuff here that I have never seen or heard of, none of which shows up in a Hijack This log file. I find WinPatol on my system which I will admit I did try at one time and thought I had deleted it, what a surprise11 The good thing, Maybe??? It has a LogFile that shows everything on my system currently which is how I came to find you, I started Googling again and found over 8 sqmdata0x.sqm files the x meaning #'s of course and also several sqmnoop.sqm , what are these? I know they don't belong! Ok, getting to the end here, on another reboot, hey I am trying here, I get this message:

Svchost.exe Application Error Instruction at "0x7c918fea" referenced memory at "0x00000010" The memory could not be written. Click OK to Terminaate the program or Cancel to Debug I hit Cancel, Hope this was right?

Some final notes, while the Trend scan was running it was too fast to get much and it did not let me copy the error messages that I was seeing but I did get a couple that may help:

NetworkService\NTUSER>DAT-<-94777 Cardspace.db Cardspace.dbshadow?

C:\System Volume Information\ *_ * C:\ Windows \ System32|msmq|mapping\ *

I didn't mean to be such a windbag, but I am from the Windy City!! HA HA!! My Dream is that I don't have to do a complete system reinstall. If someone wants to see a copy of that WinPatrol LogFile and is Tech Saavy maybe , just maybe!!

I should aalso mention that I do have two comp on wireless connections setup along with my main computer so my wild guess is someone even with the password protection and the firewalls has gotten into my system. I hope not. I hope it's something stupis I or one of my two children have done so I do not have to get too frightened since I just made a purchase online without thinking, just shows what an idiot I can be!

I will thank you graciously for your time and be forever grateful for your generosity with your knowledge.



"Remember, No Matter How Bad It Is, It Ain't That Bad"!
Remember No Matter How Bad It Is, It Ain't That Bad!

BC AdBot (Login to Remove)


#2 usasma


    Still visually handicapped (avatar is memory developed by my Dad

  • BSOD Kernel Dump Expert
  • 25,091 posts
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:05 AM

Posted 22 July 2007 - 06:33 AM

A spontaneous appearance of 2 operating systems on your computer suggests (IMO) that someone has attempted to access your system without your knowledge (and that they didn't complete the attempt and subsequent backtracking to cover their tracks). I haven't seen a virus that will do this - so I suspect someone locally tried to install it.

Since you mention that you've password protected things, the easiest way in is that someone has discovered your password. I'd suggest changing all of your passwords immediately!

This could have been an innocent thing, or it could have been malicious. Monitor the traffic on your system to see what's going on with it, and lock it down so that no one can get into it.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 tomskinner1258

  • Topic Starter

  • Members
  • 10 posts
  • Local time:05:05 AM

Posted 22 July 2007 - 08:26 AM

Thank You John, Have Done! Did so immediaty upon discovering the problem originally. I want to also Thank You SIncerely for your Service to our Country.
Remember No Matter How Bad It Is, It Ain't That Bad!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users