Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OS Corrupted After Virus Removal


  • Please log in to reply
5 replies to this topic

#1 pizzaandbeer

pizzaandbeer

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 04 August 2009 - 11:55 PM

I started out on the malware forum, got moved along to the hjt forum. Malware removal seems to have succeeded, but now the OS is corrupted and I cannot run the computer in normal mode.

I've got lot's of notes - here are the highlights. More history at rootkit infection

Can run computer OK in safe mode.

In normal mode, sometimes it locks up at or shortly after the login screen. If it makes it far enough I get a popup window titled "Desktop" with the following message

rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxscom.inf,FaxUnInstall.PerUser has been removed from this computer. Do you want to clean up your personalized settings for this program?

It doesn't seem to matter whether I his "yes" or "no", I still get a "cleaning up personal settings" window.

If the system does not lock up, then I get a windows is shutting down bluescreen --

A problem has been detected and windows has been shut down to prevent damage to your computer. . . .


I have tried running the windows XP system file check - sfc /scannow, but it returns

Windows File Protection could not make the requested change.

The specific error code is 0x000006ba [The RPC server is unavailable.]


Many false leads and dead ends later .... most of them ended up at Microsoft KB 296241. This says the cause of "The RPC server is unavailable." is a missing certificate which is not missing on my computer. I've followed a few other threads about problems very similar to mine, but the causes for them are not what's causing them on my computer.

I have looked at event logs and researched problems. There is very little recorded in the event logs when the system crashes. One error code (1000008e) led to posts that indicated this might be a RAM problem, but one of the first things I tried was running the full system diagnotic from Dell and everything checked out.

Oh, yeah, this is a Dell Inspiron E1405 laptop with XP Service Pack 3 (Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1750 [GMT -7:00])

I'm about ready to reinstall Windows, but would like to avoid that if possible. I'll post more detail from my notes or rerun steps to make sure we have fresh data -- just let me know what you need.

Thanks,

P&B

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:24 AM

Posted 05 August 2009 - 12:33 AM

It's a long shot but have you tried reapplying sp3 thru an administrative install

http://www.microsoft.com/downloads/details...08-1e1555d4f3d4

Edited by DaChew, 05 August 2009 - 12:34 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#3 pizzaandbeer

pizzaandbeer
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 05 August 2009 - 12:49 AM

Thanks for the tip. I scanned that topic and I'm not sure it's right for me ... unless that is the only/easiest/best way to get SP 3 onto a computer that cannot connect to the network. I'll take a little more time to read through it when I'm less tired. :thumbsup:

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:24 AM

Posted 05 August 2009 - 12:54 AM

Go to a functional computer with fast broadband, download and save to desktop and burn to cd
Chewy

No. Try not. Do... or do not. There is no try.

#5 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:24 AM

Posted 05 August 2009 - 02:04 AM

I'm about ready to reinstall Windows, but would like to avoid that if possible.


Considering you seem to have had backdoor trojans and a rootkit, I am not sure why you are trying to avoid reformatting and reinstalling. Even if you get rid of the infections, when those infections have been present, there is no way to be sure that your system is truly clean and trustworthy ever again. If you do, or think you ever might in the future, any online banking or even purchase anything online, that computer should not be trusted to do it on.

Edited by Stang777, 05 August 2009 - 02:04 AM.


#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:24 AM

Posted 05 August 2009 - 02:20 AM

I would just reload, SP3 won't install from safe mode
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users