Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Infection??


  • Please log in to reply
12 replies to this topic

#1 finadar

finadar

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 21 April 2010 - 01:26 PM

We have just started experiencing a problem with the computers at work. So far we have 9 machines doing the same thing.

When we boot the computers they are slow in bringing up the desktop icons. When the do appear we have no taskbar and even using the Windows key does not bring up the list. The network connection is also unavailable. Using the Windows - R we were able to install malwarebytes and came up with no infections. We also ran Mcafee with 0 infections. On some computer they pop up the message NT authority - shuting down.


Any suggestions?

Thanks

BC AdBot (Login to Remove)

 


#2 donkeyshow

donkeyshow

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 21 April 2010 - 01:53 PM

McAfee may be the problem:

http://news.yahoo.com/s/ap/20100421/ap_on_...WZlZWFudGl2aQ--


I'm having the same issue and looking to see if fixing this works.

Edited by donkeyshow, 21 April 2010 - 01:53 PM.


#3 donkeyshow

donkeyshow

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 21 April 2010 - 02:41 PM

This is definitely the problem, found the file in the Quarantine. Working on a better solution than McAfee has posted.

#4 finadar

finadar
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 21 April 2010 - 03:25 PM

Yep, That was it. Unfortunatly I didn't have a file in Quarantine so I had to expand the svchost.exe file from the CD and that fixed the problem.


Thanks

#5 deanrdj

deanrdj

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 21 April 2010 - 03:27 PM

im getting the same problem, sorry im a bit of a beginner when it comes to computers, what did you have to do to put it right?

#6 finadar

finadar
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 21 April 2010 - 03:36 PM

There are a couple of ways I was able to fix it.

First way is run Window repair. This requires the Windows XP CD that you will boot from.

Second way is to restore the svchost.exe file from the windows XP CD. Boot from the XP CD and go to recovery console
Then you can expand svchost.ex_ and put it in the windows\system32 directory.

Donkeyshow found the file in the mcafee quarantine folder so that may also be there for you also.

#7 deanrdj

deanrdj

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 21 April 2010 - 04:15 PM

cant for the life of me find my discs, have an i dea of where they could be but are not accessable atm, had a go at what mcafee have on there http://us.mcafee.com/root/fix.html but still no luck, not sure all of the mcafee programs are closed when im trying there solution 2 as i cant see the task bar to see if its open.
and couldnt run solution 1 as it wont connect to the internet.
i fear i have now part mcafee files running and made the problem worse:(

#8 deanrdj

deanrdj

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 21 April 2010 - 04:20 PM

right i have found the xp discs, do i just put it in and there will be something that says repair?
sorry about all the stupid questions only im not very good at this sort of thing and dont want to make it anyworse than i may have already done so

#9 deanrdj

deanrdj

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 21 April 2010 - 04:53 PM

ergh... it was the office discs!

#10 donkeyshow

donkeyshow

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 21 April 2010 - 05:20 PM

This might help some people.

http://vil.nai.com/vil/5958_false.htm

It's close to what I did.
I pulled the drives from infected machines and hooked it to a good machine and:
1. copy svhost.exe from c:\WINDOWS\ServicePackFiles to C:\WINDOWS\System32
2. put the drive back in the original machine, boot and run the 5959 dat release as soon as you're up http://www.mcafee.com/apps/downloads/secur...ment=enterprise
If the shutdown comes up and you need more time go to Start>Run and type "shutdown -a" to buy you some time
3. then you have to repeat the 1st step and the machine will be fine.

Edited by donkeyshow, 21 April 2010 - 05:28 PM.


#11 deanrdj

deanrdj

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 21 April 2010 - 06:49 PM

Wow that actually made sense to me so I can copy the svchost.exe file
from my laptop And put it on my pc? Them just reinstall mcafee?
As nothing is never always simple for me I have one more question, will the host file from a vista machine be the same as a xp or will I need to find a xp machine to copy from?
Thanks for all help so far guys

#12 finadar

finadar
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 21 April 2010 - 10:33 PM

No you can't use a vista svchost.exe. It has to be exact same version of windows and Service pack level. Mine was SP 3- svchost.exe 14,336 bytes with a date of 4/14/08.


You also need to update your Mcafee Dat files before you reboot or it will happen again. You can get the latest Dat file from http://www.mcafee.com/apps/downloads/secur...updates/dat.asp

When you put your computer in Safe Mode Command prompt you can copy the svchost.exe and the run the Dat file update before you reboot.

#13 deanrdj

deanrdj

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 22 April 2010 - 04:53 AM

Great..... First of all how do I find out what sp it is And then is it possible to saefly download the file from anywhere




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users