Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DEP and /idlist error after login


  • Please log in to reply
7 replies to this topic

#1 ragnarokk

ragnarokk

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 04 April 2009 - 09:28 PM

Okay, I keep getting a Data Execution Prevention error on the program Microsoft FrontPage Server Administrator. After this popup, it says it's encountered an error and needs to close. Upon closing that dialog, I can see my PC background but no start bar and no desktop icons pop up. I manually get them to pop up by going to Task Manager, going to run, and typing c:\. I'm assuming the IDLIST error is because of how I'm forcing the desktop to pop up. I don't know.

My desktop background is also replaced with the "Active Desktop Recovery" error.

I've scanned with Kaspersky, Dr. Web, Malwarebytes, Superantispyware, AVZ, Ccleaner, Combofix.. All sorts of stuff. I'm ready to try anything again. Each time I run a scan something new pops up so I have no idea what the hell is going on, but trojans/rootkits/whatever have been removed.

I'm close to reformatting. Any ideas?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:36 AM

Posted 04 April 2009 - 11:19 PM

Hello please post a Malwarebytes log for review.

This seems like explorer.exe isn't loading and is corrupted.

To check it..
Press CTRL+SHIFT+ESC
Task Manager should appear
Click the Processes tab
Look for an entry called explorer.exe

If you re-installed Windows while removing the viruses, DO NOT follow the following lines (until ===)

If it exists, left-click it once and choose End Process
Choose Yes to confirm

Click File select New Task (Run)
In the box that appears, type C:\windows\explorer.exe (Assuming that windows is installed to C:\windows)
Click OK

Post what you find.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ragnarokk

ragnarokk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 05 April 2009 - 02:04 AM

Malwarebytes' Anti-Malware 1.35
Database version: 1939
Windows 5.1.2600 Service Pack 3

4/5/2009 1:53:27 AM
mbam-log-2009-04-05 (01-53-27).txt

Scan type: Full Scan (C:\|)
Objects scanned: 329961
Time elapsed: 1 hour(s), 13 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\rapture\DoctorWeb\Quarantine\A0076083.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.


Killing explorer and restarting it like that yields no errors. Also, I just noticed this but WMP will no longer load, nor will Photoshop and a few other programs. I also can't seem to successfully update Windows.

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:36 AM

Posted 05 April 2009 - 06:12 AM

AVZ and ComboFix are extremely complicated and powerful tools best left to expert/trained supervision

Something broke and all we have to go on is a symptom or two and a DNS changer found in dr web quaratine.

As an advanced user surely you could give us a few more clues, no AVZ or Combofix logs allowed here

Do you have the option to run windows as a repair disk?

http://www.michaelstevenstech.com/XPrepairinstall.htm

There's a good chance you are still infected
Chewy

No. Try not. Do... or do not. There is no try.

#5 ragnarokk

ragnarokk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 05 April 2009 - 01:36 PM

Yeah, I do.

I don't really know what else to offer you. My friend torrented some things while I Was away and this is what I came back to. After running ComboFix and AVZ, the only difference in my PC was that it didn't hang after login. Otherwise all the symptoms are exactly the same, so I'm fairly certain they didn't mess anything up. Combofix found a lot of stuff though.

#6 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:36 AM

Posted 05 April 2009 - 05:58 PM

Post the AVZ log

Edited by DaChew, 05 April 2009 - 06:00 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#7 ragnarokk

ragnarokk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 06 April 2009 - 12:57 AM

I don't have the log from the first time and running it a second time shows nothing. I suppose I'll just end up reformatting.

#8 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:36 AM

Posted 06 April 2009 - 01:00 AM

http://www.michaelstevenstech.com/XPrepairinstall.htm

You might try a repair
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users