I was hit by a trojan/worm/virus in early December 2008. The result was that most of the files on my pc turned into files which displayed “FileError_22001” in the upper left hand corner of the file window. I’ve been unable to find out much about this particular malware online. I read a post about “FileError_22001” in your forum (http://www.bleepingcomputer.com/forums/topic184882.html
). My pc is a Dell Inspiron -- a desktop, running XP Home with Office 2007 and McAfee antivirus provided through Comcast cable (continual updates).
Here’s what happened to me on December 6. “System Shutdown, The system process C:\WINDOWS\System32\services.exe terminated unexpectedly with status code 1073741819. The system will shut down and restart.” The system did shut down and restart, and then once restarted, a McAfee alert window (yellow !) along with a second window opened for a few seconds with messages containing this info (difficult to copy precisely bec they appeared only for a few seconds each) Trojan Removed C:WINDOWS\9129837.exe. The system is shutting down, save work, initiated by NT Authority\system.
The McAfee window would close and then the Windows system shutdown error would reappear followed by the McAfee windows. It would cycle over and over and over (taking about 3 minutes). I powered down, let the pc sit for a while, and then turned it on with the same results. I decided to turn off the screen saver and manually scan with McAfee and as soon as I exited control panel, noticed “FileError_22001” in the upper left hand corner of my desktop in place of a photo that had been used as wallpaper. Knowing that the wallpaper was a photo of mine, I opened folders and discovered most files on the pc had been transformed into “FileError_22001.”
The files affected were jpgs, doc, docx, xls (not pdf, not xlsx and not tff, if I remember correctly and unsure about html files) and appeared with the same file sizes. “FileError_22001” appeared in pale red text and looked like it was a scanned image of a small, torn piece of paper positioned in the upper left-hand corner of the open window (doc files, image files).
I restored the computer to an earlier date thinking it might be enough. The pc seemed to work okay for internet access, of course I did not trust the system. It was generating services.exe errors and svchost.exe errors (event log). I found in the McAfee log that on 12/6 a start up item was allowed (Temp\9a6c0bhp6coba.exe). After trying to find out what had happened and not finding info online, I restored the system to the factory setting (the restore to factory settings ability is built into Dell systems). I, of course, still do not trust the system -- any sort of malware could be on the hard drive, right? I’ve since swapped the Dell pc for my old Sony and have been using it instead.
I realize that by restoring the system to the Dell factory settings, I probably wiped out valuable clues that might have been useful to the Bleeping investigators. I hope that providing the info above on the event will prove helpful in some way. I back up my files so the loss of the files on the pc is not my concern.
I would like to know whether I can trust the hard drive on the Dell pc? I understand that some malware (back door trojans) gets written to the OS and stays there, hidden, so that the system can be accessed remotely by others hoping to gain access to passwords and such. What is the next step I need to take with the Dell pc? I will appreciate your direction and guidance concerning this matter.