Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Corrupt Windows File


  • Please log in to reply
35 replies to this topic

#1 SuzanneJ

SuzanneJ

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Danbury, Conn
  • Local time:08:15 PM

Posted 13 November 2005 - 01:24 PM

Recently my nephew was using my computer and now I have a problem with the computer. I have a dialog box (that you can't minimize or delete) with the following message on it:

C:\WINDOWS\SYSTEMS\WINCTRL64.EXE.F6 appears to be corrupt. Reinstall file and try again.


I have researched and found that this is a Trojan, but don't know how to remove from my computer. Last night I ran Ad-Ware and when finished rebooted my computer. This message is still there. Any suggestions on how to get rid of this??

Thanks
Suzanne

BC AdBot (Login to Remove)

 


#2 IsMe

IsMe

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Location:Tampa, Florida
  • Local time:08:15 PM

Posted 13 November 2005 - 01:35 PM

Ad-Ware (do you mean Ad-Aware?) is a spyware cleaner. You need an Anti-virus program to get rid of the trojan.

#3 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:06:15 PM

Posted 13 November 2005 - 01:36 PM

Download AVG Free Edition. It's a full featured antivirus for home use.
"2007 & 2008 Windows Shell/User Award"

#4 SuzanneJ

SuzanneJ
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Danbury, Conn
  • Local time:08:15 PM

Posted 13 November 2005 - 02:19 PM

Ad-Ware (do you mean Ad-Aware?) is a spyware cleaner. You need an Anti-virus program to get rid of the trojan.



Yes, I meant Ad-Aware. Sometimes my brain gets ahead of my fingers.

Thanks for the info. Will try that

#5 SuzanneJ

SuzanneJ
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Danbury, Conn
  • Local time:08:15 PM

Posted 13 November 2005 - 02:24 PM

Download AVG Free Edition. It's a full featured antivirus for home use.



Thanks! Will download it when I get home from work this evening.

Last night I downloaded Xoftspy and ran the function. It located numerous items, some were a threat and some were not. However, in order for it to clean the files I was redirected to a site to order & pay for the download. Didn't do this, because I wasn't sure what kind of trojan this might be and didn't want to give out any financial info.

Will send you an update after I use the link you supplied above.

Thanks for your help

#6 IsMe

IsMe

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Location:Tampa, Florida
  • Local time:08:15 PM

Posted 13 November 2005 - 05:19 PM

Here's another good FREE cleaner for spyware (not virus or trojans): www.ccleaner.com

#7 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:10:15 AM

Posted 13 November 2005 - 10:17 PM

Do some online scans to double-check:
Here are some links to free online Anti-Virus scans. They do take some time to load and run and in some cases you can only use Internet Explorer, with ActiveX enabled, to access them but they are an excellent support for your existing anti-virus program.

Trend Micro online scan "housecall" - http://housecall.antivirus.com/

Panda Active Scan online - http://www.pandasoftware.com/activescan/
Internet Explorer only. Requires email address. Requires Active-X components to be installed. Approx 12MB download.

BitDefender online scan - http://www.bitdefender.com/scan/licence.php
Internet Explorer only. Must agree to a EULA. Need to allow installation of an Active X component.Some of the options are not clearly explained.

McAfee online scan - http://www.pcpitstop.com/freescan/

Security Advisor (?) - http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Trend Micro Housecall - http://uk.trendmicro-europe.com/enterprise...call_launch.php
(European version, supports Netscape, Mozilla, Firefox and Opera)

hth :thumbsup:

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#8 SuzanneJ

SuzanneJ
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Danbury, Conn
  • Local time:08:15 PM

Posted 14 November 2005 - 09:42 PM

Download AVG Free Edition. It's a full featured antivirus for home use.


Hi - downloaded AVG last night. While creating the rescue disk the system shut down. When it rebooted, I had a dialog box (with a cartoon Boar ) stating that a virus had been found. Selected the button to heal - process never responded. Shut down computer and went to sleep.

Just ran the AVG scan again. 1st scan found 10 virus/trojans. Never given choice to heal. Ran scan a second time. 9 items had been removed. 1 still remains. Software doesn't give choice to heal or quarantine this item. This is the infected file that remains:

C:\WINDOWS\TEMP\alchem.cab:\alchem.exe
Trojan Horse Downloader.Alchemic.A
status: Infected, Embedded object.

Any suggestions on how to remove??

Thanks for your help. :thumbsup:

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:15 PM

Posted 15 November 2005 - 01:49 AM


Download AVG Free Edition. It's a full featured antivirus for home use.


Hi - downloaded AVG last night. While creating the rescue disk the system shut down. When it rebooted, I had a dialog box (with a cartoon Boar ) stating that a virus had been found. Selected the button to heal - process never responded. Shut down computer and went to sleep.

Just ran the AVG scan again. 1st scan found 10 virus/trojans. Never given choice to heal. Ran scan a second time. 9 items had been removed. 1 still remains. Software doesn't give choice to heal or quarantine this item. This is the infected file that remains:

C:\WINDOWS\TEMP\alchem.cab:\alchem.exe
Trojan Horse Downloader.Alchemic.A
status: Infcected, Embedded object.

Any suggestions on how to remove??

Thanks for your help. :thumbsup:




Hi This file may be in your recycle bin. Right clik on the recycle bin icon and empty it. Run the scan once again.

If the files are found again, there is a link to download the removal tool here - http://securityresponse.symantec.com/av...chemy.html

Disable System Restore - there are instructions for Windows ME and XP here - http://www.pchell.com/virus/systemrestore.shtml .

Run the removal tool to be sure you are not infected.

Re-enable System Restore and set a new Restore Point. Your system should now be clean.

Let us know if it worked..

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 SuzanneJ

SuzanneJ
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Danbury, Conn
  • Local time:08:15 PM

Posted 16 November 2005 - 04:52 PM



Download AVG Free Edition. It's a full featured antivirus for home use.


Hi - downloaded AVG last night. While creating the rescue disk the system shut down. When it rebooted, I had a dialog box (with a cartoon Boar ) stating that a virus had been found. Selected the button to heal - process never responded. Shut down computer and went to sleep.

Just ran the AVG scan again. 1st scan found 10 virus/trojans. Never given choice to heal. Ran scan a second time. 9 items had been removed. 1 still remains. Software doesn't give choice to heal or quarantine this item. This is the infected file that remains:

C:\WINDOWS\TEMP\alchem.cab:\alchem.exe
Trojan Horse Downloader.Alchemic.A
status: Infcected, Embedded object.

Any suggestions on how to remove??



Thanks for your help. :thumbsup:




Hi This file may be in your recycle bin. Right clik on the recycle bin icon and empty it. Run the scan once again.

If the files are found again, there is a link to download the removal tool here - http://securityresponse.symantec.com/av...chemy.html

Disable System Restore - there are instructions for Windows ME and XP here - http://www.pchell.com/virus/systemrestore.shtml .

Run the removal tool to be sure you are not infected.

Re-enable System Restore and set a new Restore Point. Your system should now be clean.

Let us know if it worked..


Hi - I emptied the recycle bin and ran the AVG scan again. The Trojan Horse Downloader.Alchemic.A is still there. On the scan log I now have this message: Boot sector of disk C - reading error. I see that Grisoft is aware of this boot sector message - so I'm not too concerned with it right now. The symantec link that you provided above does not work, it returns "Page not found". I am very apprehensive about using my credit card to download anything as I don't know what this Trojan is doing. On my way home tonight I'm going to stop and see what kind of removal software I can buy.

Thanks
Suzanne
:flowers:

#11 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:10:15 AM

Posted 16 November 2005 - 05:44 PM

Please use the Add Reply not the "Reply button, unless you need to quote a specific post.

So far as I know all of the anti-malware tools that are used here at BC are free so you should not need to use your credit card to purchase anything online and I would suggest, from personal experience, you will get a better outcome letting the people here assist you rather than buying an off-the-shelf software package. Sometimes getting the right solution will take a little while since everyone here is a volunteer and cannot always spend their time at BC.

Different packages specialise in removing different things, that is why we recommend "layered protection" on your PC. One firewall, one anti-virus program, many anti-spyware programs. Supplemented by occassional online scans. (And if you do get infected we have the HJT Team to help you!)

Before we point you in the direction of the HJT team though there are other simple things to try:
Download Ewido and A-Squared Free:

Ewido Security Suite complements anti-virus software by detecting Trojans, Dialers and Spyware and lots of other stuff. It is free for private use.
Ewido download
When installing it untick 'Install Background Guard' and 'Install Scan via Context Menu'.

A-squared Free complements anti-virus software by specializing in detecting Trojans, Dialers and Spyware. It is free for private use but registration via email is required.
A-squared

Install them and update them online. Update AVG as well.

Show hidden and system files:
Open your My Computer icon (Either from your desktop or the Start Menu)
Click the Tools menu and select Folder Options(on older systems it may be in the View menu)
Select the View tab and scroll through the Advanced settings
Enable or disable the following (using a checkmark to enable)

enable - Show hidden files and folders
disable - Hide extentions for known file types
disable - Hide protected operating system files (WinME and WinXP only)

Now click Apply and Ok.

Reboot in Safe Mode and run AVG, Ewido and A-squared Free scans.
Get back to us.

hth :thumbsup:

Edited by Rimmer, 16 November 2005 - 06:10 PM.


Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#12 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:06:15 PM

Posted 16 November 2005 - 08:21 PM

Go to this link and follow the instruction. It is going to walk you thru running AVG from the command line. This may delete (remove) the file before it can start.
Print this article and then boot into safe mode with command prompt. This will put you in DOS mode. I think it would be better to boot from a floppy ('98 start up disk) but safe mode should do it.

http://forum.grisoft.cz/freeforum/read.php?4,40796,sv=

Edited by acklan, 16 November 2005 - 08:21 PM.

"2007 & 2008 Windows Shell/User Award"

#13 SuzanneJ

SuzanneJ
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Danbury, Conn
  • Local time:08:15 PM

Posted 17 November 2005 - 05:27 PM

Thanks for all of the info. Will try your suggestions from yesterday.

I now have a new scenario with this problem. Day before yesterday I emptied the recycle bin as suggested and ran the scan again. Last night I was trying to save a word document to a floppy and the A drive wouldn't work, however, I can open a file that was previously saved on disk. When I ran the scan I received a message for the A drive and the D drive - "not accessible". Does this mean that both of these drives have died?

I really appreciate all of your help, because I'm really illiterate on the technical side of the computer.

Thanks,
Suzanne

#14 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:10:15 AM

Posted 17 November 2005 - 06:35 PM

If you think you have viruses or trojans on your PC then you should not be saving anything to floppy disks because you may well be copying the virus which could then be spread to another PC or come back to your own machine later.

When I ran the scan I received a message for the A drive and the D drive - "not accessible". Does this mean that both of these drives have died?

No. (I'm guessing 'D' is your CDROM or DVD drive?) That most likely means you did not have any discs in those drives and had run a "System" scan. The system scan tries to read every drive - it found drives with nothing in them so reported back they were "not accessible". That's quite normal.

Floppy drives are vulnerable to dust and floppies can be damaged by heat, damp and contact with metal objects (particularly magnetised ones). Your problem could be just a damaged floppy. You could buy a floppy cleaning disk for the drive but its probably cheaper to replace the drive if it's faulty.

I'd suggest when your PC is clean put in all the floppies and virus scan them (select the A: drive only for the scan).

:thumbsup:

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#15 SuzanneJ

SuzanneJ
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Location:Danbury, Conn
  • Local time:08:15 PM

Posted 18 November 2005 - 02:25 PM

Not able to install Ewido, needs Windows 2000, I have 98. Downloaded and installed A-squared, but need to update tonight. Couldn't last night as their instructions said not to use your email address from AOL, Yahoo or Hotmail, so I used my work email. Have my password now, so I can update tonight.

While attempting to loggin into BleepingComputer last night, something tried to download on my computer:

PC BugDoctor from freedownloadtools.com, I din't request it. Cancelled the action, but then couldn't log into BleepingComputer.

When I finished with A-squared I ran AVG again. Test found 8 viruses. 5 were healed, 3 remain. 2 are associated with my original Trojan Horse Dowmloader. Alchemic.A-
Alchem.cab and alchem.exe

New one is: Trojan Horse Downloader.Agent.SH
File: Popcorn72.exe
Path: C:\WINDOWS\SYSTEM\popcorn72

Also, last night when I started up the computer, the original dialog box C:\WINDOWS\SYSTEMS\WINCTRL64.exe.F6 appears to be corrupt was not on my computer.

I'm ready to try the computer out my livingroom window :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users