Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probable Infection


  • Please log in to reply
6 replies to this topic

#1 DeadheadDuke

DeadheadDuke

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA, Arizona
  • Local time:11:43 AM

Posted 17 August 2008 - 05:59 AM

I took on a repair job on a friend's XP Home laptop yesterday and already I'm regretting it. The computer will not boot, it crashes with a Stop 21a error. First I went into Safe Mode and ran chkdsk /f and that didn't do anything at all. Next I plugged in a USB thumb drive and ran the latest version of McAfee's Stinger virus scanner. It scanned for almost 3 hours and didn't find anything. Next I tried to install Ad Aware to check for malware and was greeted with a message that the Administrator hat set policies to prevent this action. That's when it became pretty clear that the computer has some kind of trojan infection on it. Since XP Home doesn't have a Group Policy editor I can't check to see if a policy has actually been set to stop the installation and I don't really know that any such policy even exists in Home edition. If there is such an entry in the registry I don't know how to find it. And finally, I seriously doubt that any such administrative policy has been set at all. My friend only has one account on the computer and that is an Administrator's account and he certainly does not know enough to set any policies like this one.

I could install the Group Policy editor files on the computer but I don't think it is going to be worth the effort. So I came here to see if perhaps anyone here can suggest a better solution to my problem. I imagine that many of you have seen system hijacks of this type before.

TIA for any help with this one.

DD

BC AdBot (Login to Remove)

 


#2 possumbarnes

possumbarnes

  • Members
  • 333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee, USA
  • Local time:12:43 PM

Posted 17 August 2008 - 07:48 AM

I had the same problem not so long ago with a customer's computer. I just wish I could remember exactly what I did to resolve it.
There's lots of Google stuff on a stop: c000021a error. Try one of these:
http://support.microsoft.com/?kbid=318666&sd=RMVP
If he has Norton System Works installed, this one may help:
http://support.microsoft.com/?kbid=316503&sd=RMVP

Post back if either of these works or not.

Good luck!
What's more irrational--a guy who believes in a God he cannot see or a guy who is offended by a God he doesn't believe in?

#3 DeadheadDuke

DeadheadDuke
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA, Arizona
  • Local time:11:43 AM

Posted 17 August 2008 - 08:48 AM

Thanks for the reply Possum. Actually I have searched Google until I'm cross eyed to no avail. The computer I'm working on has IE 7 installed so that eliminates one of the MS articles and he isn't using any Norton products so that takes care of the second one.

I will keep digging and maybe I will run a HijackThis session just to see if it shows anything unusual. This is the second time this guy has let this happen to his computer, it is the last time I will be bailing him out. :thumbsup: :flowers:

#4 possumbarnes

possumbarnes

  • Members
  • 333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee, USA
  • Local time:12:43 PM

Posted 17 August 2008 - 09:08 AM

If I remember right, my customer had been upgrading to XP SP2 when one of her kids pulled the power cord out. I had to use her recovery disk and do a Windows repair installation. That cleared up the C000021a error and let me in Windows. Not sure if that will help or not.

Edited by possumbarnes, 17 August 2008 - 09:30 AM.

What's more irrational--a guy who believes in a God he cannot see or a guy who is offended by a God he doesn't believe in?

#5 DeadheadDuke

DeadheadDuke
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA, Arizona
  • Local time:11:43 AM

Posted 17 August 2008 - 04:56 PM

Hi Possum. I tried running a couple of boot disks with anti malware on them (Bit Defender and Antivir) the first one ran and told me NTFS had a problem and I should run "fixntfs." I did it and it told me there was no problem. The second disk would not even boot.

Now thinking that maybe I did really have a disk problem I went back into Safe Mode and ran Chkdsk /R. I got the same result as before, a clean disk. I'm now back in Safe Mode attempting to defragment the disk and it appears to be stuck at about 45%. I don't expect this to do anything and my next step is the long process of eliminating the driver or whatever is causing the computer to not re-boot normally.

#6 possumbarnes

possumbarnes

  • Members
  • 333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee, USA
  • Local time:12:43 PM

Posted 17 August 2008 - 05:42 PM

Now thinking that maybe I did really have a disk problem I went back into Safe Mode and ran Chkdsk /R. I got the same result as before, a clean disk. I'm now back in Safe Mode attempting to defragment the disk and it appears to be stuck at about 45%. I don't expect this to do anything and my next step is the long process of eliminating the driver or whatever is causing the computer to not re-boot normally.

You can try this: Get the manufacturer of the hard drive, go to their website and download their drive diagnostics tool. Run their own diagnostics software on the hard drive. That will tell you if it is a physical problem with the drive. I don't think its a physical problem though, from what you've described.
I hate to say it but you may have to wipe the drive and reinstall. I had a drive last week giving me a 24 stop error. The only way I could wipe it and start from scratch was to use Seagate's SeaTools diags program to do a full erase. Nothing else would work. I still don't know what caused it either.

I am definitely no expert and do NOT know all the tricks, so wait a day or two and see if someone else posts on here with another idea. Otherwise, I'd do a reformat/reinstall.

Sorry I couldn't help more.
What's more irrational--a guy who believes in a God he cannot see or a guy who is offended by a God he doesn't believe in?

#7 DeadheadDuke

DeadheadDuke
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA, Arizona
  • Local time:11:43 AM

Posted 22 August 2008 - 02:23 PM

Thought I would let everyone know that my problem is finally resolved. I never could get a disk diagnostic to boot the computer at all and every time I tried to run something like AdAware I would get a phony message that the Admin. had blocked such actions. I tried everything I could think of and finally decided to just give up and wipe the hard drive. I then re-formatted and reinstalled XP. It took a while to get all the applications reloaded but now the computer runs beautifully and my friend is a happy camper.

I hope the lowlife who caused this problem is not very happy or healthy right now.

CB :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users