Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected with multiple items, need help getting back up

  • Please log in to reply
1 reply to this topic

#1 Rogue Wolfe

Rogue Wolfe

  • Members
  • 2 posts
  • Local time:05:22 PM

Posted 08 April 2009 - 11:11 PM

Okay, here's the deal:

I was doing my usual run of the show online scan from Panda Security. After it got done, I looked up the file locations for the crap it found (3 trojans, yay.) and deleted the files, one was reader_s.exe (I later found out was a worm) and the other (don't remember the third) was my user32.dll file.

No need to tell me I'm stupid, I've learned my lesson. I deleted it, not realizing the importance of this file.

Next startup, it won't run, bluescreen telling me it needs the user32.dll file. I research, find out my stupidity, copy over user32.dll file from XP service pack 1a disc. Starts up.

When it starts up, I either get a "Memory too low" message, or an "Object name not found." lsass.exe message. Another time I startup, I get the W32.Blaster worm message
"System Shutdown
This shutdown was initiated by NT AUTHORITY/SYSTEM Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly."

I look that up, another worm. Great.

THE HELP I NEED IS HOW TO GET THE PATCHES/REMOVALS to get these things out of there. When I start up, Windows will NOT come up at ALL, no icons, no start bar, no Win+E no CTRL+ALT+DEL, nothing. Could a professional take care of it? Can I possibly have some kind of thorough advice on ways to solve this problem without trashing the computer? I already had most files backed up (as to keep my computer running smooth, since it's 3+ years old, I kept everything on external drives) so I'm not TOO worried about loss of files, but the problem is that I had some important emails and a handful of application files that weren't backed up. If possible, I'd like to take the route of saving those first. If not, then I'll willingly wipe.

Information to keep in mind:
During my adventure trying to figure out where the path to user32.dll was on the restore disc, I came across terrible instructions which caused me to create a second boot log, so when I start, there's two "Operating Systems" to choose from. Bleh. I'm not all computer savvy, so please keep responses straight to the point without much special wording, much appreciated.

More info:
I do not have the ability to reinstall Windows XP, as the disc is lost. (All 3 of them... we aren't sure what happened, as there's a specific location we usually kept them and they aren't there.) Unless I can use someone else's disc/key as a way to simply get INTO my computer to get those files, I'd be fine with that completely. I know that's illegal though, lol. Either way, the loss of those discs has caused me problems now.

FYI, safe mode is no different than regular bootup.

Thanks for helping! (Hope the post wasn't too long, but I don't have time to read posts telling me what I can't do/have already tried.)

EDIT: I meant to post my computer information, here:
Dell Inspiron 6000 (Laptop)
Windows XP (Originally service pack 2, but the disc I'm having to use is a service pack 1a)
was bought in about 2005? so it's kind of old lol
computer is NOT shared with anyone, I am the sole owner/user of the computer (which has now cause the problem lol)

Not sure what else anyone might want to know about the system...

Edited by Rogue Wolfe, 08 April 2009 - 11:23 PM.

BC AdBot (Login to Remove)


#2 Rogue Wolfe

Rogue Wolfe
  • Topic Starter

  • Members
  • 2 posts
  • Local time:05:22 PM

Posted 09 April 2009 - 12:27 AM

okay, before anyone posts... I started up in safe mode with command prompt.. used "start explorer.exe" and got it up!!! YAY!!! That's all I needed to access file locations and get to my removal tools for the problems i'm having.. I'll post later/tomorrow whenever I get more updates on the matter, but for now, it scans.. and then it's bedtime.. :thumbsup:

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users