Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop Is F.u.b.a.r.


  • Please log in to reply
6 replies to this topic

#1 Raker

Raker

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 25 September 2007 - 10:05 PM

My brother's laptop is having problems. When it boots it ALWAYS runs msinstaller followed by a netframework 1.1 error then it tries to open photo gallery. I ran Adaware and found win32/trojandownloader.zlob removed it. Also ran spybot and found many many wonderful gifts :thumbsup: and promptly removed those as well. None of these steps has changed the behavior of bro's computer. Help please.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:01 AM

Posted 26 September 2007 - 09:28 AM

If your brother is using Win XP or 2000, have him please print out and follow the generic instructions for using SmitfraudFix in BC's self-help tutorial "How to remove the Smitfraud/Generic Zlob".
(scroll down to where it says Removal Instructions)
If you have downloaded SmitfraudFix previously please delete that version and download it again as the tool is frequently updated!

Next, download RogueRemover and save to you Desktop. (This program is for Win XP, 2000, NT only)
  • Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover.
  • During the installation an icon will automatically be created on your Desktop.
  • Double-click on the RogueRemover icon to launch the program and select Check for Updates.
  • If prompted, click Download to receive the latest updates.
  • When completed, close the update window.
  • Select "Scan" and the program will walk you through the remaining steps.
Then download and scan with SUPERAntiSpyware Free.


As for the msinstaller issue, do this:

Download and install the Windows Installer CleanUp Utility
  • Double-click on msicuu2.exe and click "Next".
  • Accept the license agreement, click "Next", then click "Next" again.
  • Click "Finish" when done.
  • Go to Start > Programs and click on Windows Install CleanUp to launch the program.
  • In the list of Install Products, check to see if the program for which you are getting the Windows Installation pop up is present.
  • If so, highlight that entry, then click on the "Remove" button.
    Reboot when done and then reinstall the programs if you still want to use it.
Note: The Remove button does not remove the program. It removes the install configuration.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Raker

Raker
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 26 September 2007 - 11:15 PM

Hi Quietman7

I followed the steps you provided me ( thank you). I removed photogallery with windows installer cleanup utility and rebooted. Now the Windows installer is trying to install "document viewer" and coming up with the same error. I was not very detailed in the error I had stated (Sorry).

Microsoft .Net Framework
An unhandled exception has occurred in a component in your application. Click continue and application will ignore this error and attempt to continue.

Object reference not set to an instance of an object

Now I have used same utility and removed document viewer.
This seems to have rectified the situation.

There seems to be several problems with the stability of the system (intermittent). If I try to launch MS Word or other programs and they appear non responsive.

Not real sure where to go from here.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:01 AM

Posted 27 September 2007 - 09:59 AM

I ran Adaware and found win32/trojandownloader.zlob

There seems to be several problems with the stability of the system (intermittent).

Usually there are other malware related files with trojandownloader.zlob infection that can cause problems. That's why you should follow the instructions I previously provided for using smitfraudfix, RogueRemover and SuperAntispyware.

Also it would be helpful if you could provide more specific information about the stability problems.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Raker

Raker
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 27 September 2007 - 08:14 PM

Hi quietman7

I ran Smitfraudfix, Rougeremover, and Superantispyware (that scan took about an 1. 45 minutes). I also used the windows cleanup utility as stated before.
Sorry I was not clear on what tasks I had performed, been working long days in the field and trying to get my brother's pc fixed on my free time among other tasks..

What I had stated about system instability maybe a product of to much stuff running on startup. I just downloaded autoruns a few minutes ago and will see if I can sort out what is unnecessary.

On startup it takes several minutes to boot up. Everything loads slowly.Opening some applications, Word, Outlook etc... is somewhat slugish.

The Laptop is a:

Toshiba Satellite
Windows XP Home Edition sp2
Intel ® Pentium® M processor 1.60 ghz
.99 GB of Ram

I will let you know what the outcome is.

Thank you for your time and effort very much appreciated. :thumbsup:

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:01 AM

Posted 28 September 2007 - 10:20 AM

If your computer seems to be slow, read Slow Computer/Browser? Check here first; it may not be malware. There are reasons for slowness besides malware - i.e. disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, not enough RAM, dirty hardware components, etc. As your system gets older it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:01 AM

Posted 03 October 2007 - 08:12 AM

In reference to your questions here, the System Volume Information Folder (SVI) is a part of System Restore - the feature that allows you to set points in time to roll back your computer to a clean working state. System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points. When you scan your system with anti-virus or anti-malware tools, you may receive a message that a virus was found in this folder (System Restore points).

When a program quarantines a file or moves it into a virus vault, that file is safely held there (and no longer a threat) until you take action to delete it. One reason for doing this is to prevent deletion of an essential file that may have been flagged as a "False Positive". If that is the case, then you can restore the file. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure.

When the file in the vault is known to be bad, you can delete it at any time.

If your not finding any malware on your system other than this, then you are not reinfected.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users