Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help My Computer Is A Mess


  • Please log in to reply
5 replies to this topic

#1 aafitzer

aafitzer

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 11 March 2008 - 03:00 PM

Hi!

last week I started receiving the following error message after start up.

hysysdrv.exe-entry point not found
The procedure entry point WahEnableNonIFSHandleSupport could not be located in the dynamic link library WS2HELP.dll.

on sunday my husband ran ADWARE and SPYBOT. there were 96 critical items that came up on ADWARE which were "fixed". When spybot ran it also found the following and could not fix them.

c:\\WINDOWS\System32\wsnpoem
c:\\WINDOWS\System32\Ntos.exe

then my husband ran the registry mechanic on my computer. after that ran on restart the only thing that came up was a black desktop with my background picture. No icons. we restarted in safe mode and the same thing happened.

then my husband went into task manager and pressed new task.
Under create new task we pushed enter with
c:\
and they icons showed up again. with the following error message

/idlist,:0:3008,C:\
Windows cannot find '/idlist,:0:3008,C:\'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.



yikes! help!
oh about 3 months ago my computer started to randomly lock me out of files saying I was not permitted to use them and that the administrator would hae to grant me access...I am the administrator...is my computer hijacked? if so what does that mean?

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 AM

Posted 11 March 2008 - 04:02 PM

Welcome to Bleeping Computer.

Could I first ask what operating system you are using, and under which service pack? This will make sure that we use the right tools.

Please check the spelling of the file name "hysysdrv.exe". I think you may mean "hpsysdrv.exe" .
If you had indeed meant "hpsysdrv.exe", then it is not malware of any kind. That was probably caused by a corrupt file in your system files. We can run a scan after.

You icons had disappeared because the process "explorer.exe" was terminated or did not start. This is very common with malware infections. The ID error you recieved was caused by starting "explorer.exe" (by trying to open the c:), without any parameters. So the computer input the /idlist parameter in for you. This should be a one time occurence. The next time you need to restore your icons type "explorer.exe" into the task manager run box.

"Ntos.exe" and wsnpoem are a trojan viruses.

Edited by PropagandaPanda, 11 March 2008 - 04:05 PM.


#3 aafitzer

aafitzer
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 11 March 2008 - 07:05 PM

hi!! thanks for replying!!

windows XP home edition version 2002 service pack 2

i will try inputing explorer.exe once i send this out and restart.

you are right it is hpsysdrv.exe ..SORRY! :thumbsup:

a

#4 aafitzer

aafitzer
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 11 March 2008 - 07:14 PM

I put in the explorer.exe and the error message stopped coming up, however, I still have no icons when I start. I think that is supposed to still be the case, since you think it might be a malware issue. What do we do now? :thumbsup:

#5 aafitzer

aafitzer
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 12 March 2008 - 07:26 AM

bump-
help? :thumbsup:

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:14 AM

Posted 12 March 2008 - 12:37 PM

One or more of the identified infections is a backdoor Trojan. Backdoor Trojans, IRCBots and Infostealers are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge. Read the Danger: Remote Access Trojans.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

Although the backdoor Trojan has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the backdoor Trojan has been removed the computer is now secure. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. Please read "When should I re-format?" and "Reformatting the computer or troubleshooting; which is best?".

Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, please do the following.

Please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix".
-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"
When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users