Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection Type & Unable To Provide Logs...


  • Please log in to reply
8 replies to this topic

#1 Ajay Handa

Ajay Handa

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 11 June 2008 - 09:51 AM

Hello,

I believe I am posting in the correct forum...if not, I apologize, in advance...

The first sign that something must be wrong with my PC (Dell Dimension 8400 running Win XP) was when booting up I got the message "The TmProxy module experienced a critical error. Please reinstall the program. Internal Error: [-5/PHO/ENG00000001]"...I believe that this is related to my copy of (a non-up-to-date) Trend Micro Anti-Virus.

Now, a week later, I'm also getting the following message a few minutes after I boot up..."One of the files containing the systems registry data had to be recovered by use of a log or alternate copy. The recovery was successful." This is soon followed by the warning (from Spybot Search and Destroy) that a change in my registry is being requested. I deny the change.

My initial attempts (I am a moderate novice in all of these issues...if it was not already apparent) to diagnosis & correct these issues involved downloading SUPERAnti-Spyware and Malwarebytes Anti-Malware. I attempt to run each of the programs (separately) in Safe Mode. After a few minutes, I am faced with the BS of D....

In discovering your website, I have attempted to follow "the Preparation Guide for use before posting about your potential Malware problem". Unfortunately, in trying to download Kaspersky's Online Scanner, I get the message "The Java applet will not load. Please run the scanner online (I forget the exact quote, sorry)". I then downloaded DSS. The program begins with "Backing up Registry Hives" and then...BS of D...

I am at a loss of where to proceed now...any advice will be greatly appreciated.

Thank you, in advance, Ajay

Edited by Orange Blossom, 11 June 2008 - 05:19 PM.
Move to more appropriate forum. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:06 AM

Posted 12 June 2008 - 10:09 PM

This situation may well be easiest fixed by a full format and reinstall of your Operating system from your CD.
Malware bytes is actually better run fro m normal mode.
What is the BSOD error message.
Ifd you can't read it as it passses by too fast,then
Stop the cycling Blue screen of Death and write down the complete error mesage...

Please do this

To stop the reboot process go to
}Start
}Right click My Computer
}Properties
}Advanced
}Startup and Recovery and untick automatically restart

The screen will now stop so you can copy it All.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Ajay Handa

Ajay Handa
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 13 June 2008 - 07:48 PM

boopme,

First-of-all, thanks for your help...

I just booted up my computer...

Get message related to inability to open ZoneAlarm Firewall...forgot to write down exact message

I tried to open MWBAW...initially I got the message that "Windows has detected a problem...notify Microsoft?" (I suspect that this was a problem related to booting up and not opening MWBAW)

Then Spybot S&D notification:

Category: System Startup global
Change Value Delete Entry
Entry kernelFaultCheck

Old Data: %systemroot%\system32\dumprep 0 -1C

I denied the registry change

Ultimately MWBAW started up...I did a full system scan...only scanned for appx 5-6 minutes, before...wait for it...

BSOD...
A problem has been detected and windows has been shut down to prevent damage to your computer.

The problem seems to be caused by the following files: ntfs.sys

PAGE_FAULT-IN-NONPAGED-AREA

If this is you first time seeing this window…etc

Technical information:

*** STOP: 0x00000050 (0xA75072B0, 0x00000001, 0xF741110DA, 0x000000000)

*** Ntfs.sys – ADDRESS F74110DA base at F73ED000, DateStamp 4 5cc56a7

Beginning dump of physical memory
Physical memory dump complete.
Contact your system administrator….etc


Should I activate the Windows XP Firewall? I have unplugged this PC from the internet....but I suspect that this is too little, too late...

I am hoping that I don't have to reinstall my OS...Most everything has already been backed up, but there is a little bit left that would be lost...MOre importantly, having just moved 2 to 3 times in the last 3 years, I don't have a clue where my Win XP CD is...

Thanks, again,
Ajay

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:06 AM

Posted 13 June 2008 - 09:33 PM

OK Ajay, I am moving this from the "Infected" to the "XP" forum as you will be better served with this issue there. Good Luck.

Edited by boopme, 13 June 2008 - 09:34 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Xene

Xene

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 13 June 2008 - 10:18 PM

To fix the TmProxy problem you should:
1. Click Start
2. Click Run

3. Type

services.msc


4. Look for Trend Micro Proxy Service
5. Right click on it. Then click Properties
6. Click on Log On tab. Uncheck the "Allow service to interact with desktop"
7. Click Apply
8. Click OK
9. Close the Services window.
10. Restart your computer for the changes to take effect.

#6 Ajay Handa

Ajay Handa
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 13 June 2008 - 10:41 PM

Xene,

I followed your instructions...but "Allow service to interact with desktop" was already unclicked...

Any other recommendations?

Based on my recent reading, I was planning to just erase Trend Micro AV and just keep MWBAM and AntiVira on my computer...is this something you would recommend?

Thank you, in advance, for all of your help.

Cheers,
Ajay

#7 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:06 AM

Posted 14 June 2008 - 06:25 AM

In the Trend Micro console there's a "controls" link on the left side. If you click that, you'll get to a window that says something like "prevent unauthorized changes" - turn that OFF. For some reason that setting seems to interfere with other anti-malware programs, so turning it off will usually help.

As for the
*** STOP: 0x00000050 (0xA75072B0, 0x00000001, 0xF741110DA, 0x000000000)

*** Ntfs.sys – ADDRESS F74110DA base at F73ED000, DateStamp 4 5cc56a7

Since the error occurred in NTFS.SYS - I'd suggest running chkdsk /r just to be sure you don't have file system corruption. To do this, go to Start...Run...and type in "cmd.exe" (without the quotes) and press Enter.

In the black window that comes up, type "chkdsk /r" (without the quotes) and press Enter. It'll tell you that it can't do it right now, and will ask if you want to run it at the next reboot. Press "Y" and then Enter to accept this - then reboot and let the scan run (it'll boot into Windows when done).

As a remote possibility, the NTFS.SYS error can also be caused by a failing hard drive. If the symptoms persist, try running a diagnostic utility that's available for free from the manufacturer of your hard drive.

Good luck!
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#8 Ajay Handa

Ajay Handa
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 22 June 2008 - 04:41 PM

usasma,

Well, now my computer won't even bootup...goes straight to the BSOD...so I am unable to run chkdsk /r

I did manage to run the Dell Self Test Hard Drive Diagnostics tool from the Bios...it said that "Drive 0: WDC WB800JD-75HKA1 - Pass"

Does it mean the HD is good? I do suspect that you are correct that the HD is failing though...

I am currently looking for my Win XP Boot CD...in the meantime, is there anything else you recommend I try?

Thanks, in advance,
Ajay

#9 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:06 AM

Posted 23 June 2008 - 09:04 AM

You'll have to run chkdsk /r from the Recovery Console. As long as you're in there, run "fixmbr" and "fixboot" (without the quotes) also.
Here's a link on how to use the recovery console: http://www.bleepingcomputer.com/tutorials/how-to-install-the-windows-xp-recovery-console/

If you don't have an installation disk, here's a link to an ISO file of the recovery portion of the disk (this is a direct download link): http://www.thecomputerparamedic.com/files/rc.iso
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users