Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't do anything on my computer


  • Please log in to reply
27 replies to this topic

#1 fonytony

fonytony

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:01:02 AM

Posted 26 April 2010 - 04:46 PM

Recently, I turned on my computer (XP SP3) and it was fine. Later the volume stopped working so I restarted. When i logged on (which took a long time) and when I started up, my taskbar was frozen and I couldn't do anything w/o my computer freezing. Now I can log on, and when I click on an icon on my desktop, it says, "the file does not have a program associated with it, you can associate one in the Folder Options control panel(Which freezes BTW)". (I can open Run) If I click on anything else, my computer will freeze, so I usually only have 1 chance to do things. And if I start up in safe mode, my taskbar is usually frozen, and I cant do much.

P.S. I put this in Am I infected because i heard some virus attack exe's

P.S.S Im on a friends computer.

Edited by fonytony, 26 April 2010 - 05:33 PM.


BC AdBot (Login to Remove)

 


#2 trollocks

trollocks

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:05:02 AM

Posted 26 April 2010 - 05:49 PM

See if you can get this to run


Please download exeHelper to your desktop.
If your AV program throws up a warning about the program, ignore the warning. Some AV's flag this program because of how it works... that's all.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of exehelperlog.txt ( Will be created in the directory where you ran exeHelper.com and should open at the end of the scan)
Note : If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together ( they will both be in the one file ).

#3 fonytony

fonytony
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:01:02 AM

Posted 26 April 2010 - 05:52 PM

I can't get on the Internet (Or I don't think I can) on that computer. Could I download it to a Flash drive and try that?

#4 trollocks

trollocks

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:05:02 AM

Posted 26 April 2010 - 05:56 PM

yes just transfer it over

#5 fonytony

fonytony
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:01:02 AM

Posted 26 April 2010 - 06:07 PM

My computer is going very slow so this might take a while.

#6 fonytony

fonytony
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:01:02 AM

Posted 26 April 2010 - 07:19 PM

OK here's the log:
____________________
exeHelper by Raktor
Build 20100414
Run at 19:42:41 on 04/26/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Removing HKCR\secfile
Resetting filetype association for .com
Removing HKCR\secfile
Resetting userinit and shell values...
Resetting policies...
--Finished--

#7 trollocks

trollocks

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:05:02 AM

Posted 26 April 2010 - 07:20 PM

Can you get your programs to run now

#8 fonytony

fonytony
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:01:02 AM

Posted 26 April 2010 - 07:37 PM

Malwarebytes' is working, let me try others.

#9 fonytony

fonytony
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:01:02 AM

Posted 26 April 2010 - 07:48 PM

Well, Malwarebytes was working, but it stopped responding, so i closed and reopened it and it shows a process for it in Task Manager, but I don't see anything on the screen. Same seems to go for other programs.

#10 trollocks

trollocks

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:05:02 AM

Posted 26 April 2010 - 07:58 PM

Try rkill from here

Run it as you did with exhelper and try MBAM again

#11 fonytony

fonytony
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:01:02 AM

Posted 26 April 2010 - 08:24 PM

A Windows dialog box appeared and said this before it did anything(I think): The NTVDM CPU has encountered an illegal instruction. CS:05a2 IP:010a OP: 63 20 4f 53 20 Choose close to terminate the application.

P.S. It was titled 16 bit MS-DOS Subsystem

P.S.S. 2 choices were ignore and close

Edited by fonytony, 26 April 2010 - 08:32 PM.


#12 fonytony

fonytony
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:01:02 AM

Posted 26 April 2010 - 08:46 PM

Oh, forgot to mention that winlongon.exe is using 225,000 kb's of CPU.

#13 trollocks

trollocks

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:05:02 AM

Posted 26 April 2010 - 11:41 PM

See if you can get malwarebytes to run in safe mode

#14 fonytony

fonytony
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S.A.
  • Local time:01:02 AM

Posted 27 April 2010 - 04:20 PM

I've been in safe mode the entire time, it seems to work on my other account. Anyways back to the message:(It popped up before it scanned)

The NTVDM CPU has encountered an illegal instruction. CS:05a2 IP:010a OP: 63 20 4f 53 20 Choose close to terminate the application.

The choices were ignore and close
and it was titled 16 bit MS-DOS Subsystem

#15 trollocks

trollocks

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:05:02 AM

Posted 27 April 2010 - 06:28 PM

The message may be part of the infection,will try to find more info on it

See if this will run.


Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):[list]
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
[*]Click the "Close" button to leave the control center screen and exit the program.

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
[*]Click Close to exit the program.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users