Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Woes


  • Please log in to reply
8 replies to this topic

#1 MFL_peon

MFL_peon

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 15 December 2010 - 06:49 PM

Can I get in on this or should I start another thread?

I have a simular issue with a PC in my office.
Trojan was redirecting search requests.
Then, because user was impatient, she attempted to repair on her own. I'm not sure everything that she did. I'm pretty sure she ran a scan with AVG at some point.
Now, it has the same fatal error. shown above. c000021a.
I cannot boot it Normally or to Safe Mode.
Used Recovery Console to disable services that seemed to hang the system. That just seemed to go on and on.
Here are the services I disabled in order of apperance:
agpcpq.sys
amdagp.sys
alim1541.sys
agp440.sys
avgidseh.sys
avgrkx86.sys
Then the system hung on mup.sys. I did not disable this as I felt it was getting me no where.
Not sure where to go at this point.


System info
Dell Dimension 4700
Windows XP pro sp3
AVG free 2011
not sure what else may be pertinent.

Look forward to a reponse.
Thanks
Ryan

EDIT: Split from XP topic, moved to Am I Infected forum, PM sent ~ Hamluis.

Edited by hamluis, 16 December 2010 - 09:44 AM.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:42 PM

Posted 16 December 2010 - 12:43 AM

Can I get in on this or should I start another thread?


Yes, you should open your own topic. To have two problems running, no matter how similar they are, usually will only result in confusion and frustration with members trying to address both issues in one topic. Not to mention the disservice to the original poster for the disruption of their search for help.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:42 PM

Posted 16 December 2010 - 10:08 AM

I have a simular issue with a PC in my office.



IMPORTANT NOTE: Is this a work computer? If so, have you contacted and advised your IT Department? In most work environments, the IT staff implement specific policies and procedures for the use of computer equipment and related resources. In fact, many companies will require you to read those policies and sign a statement of understanding. These official procedures are designed and implemented to provide security and certain restrictions to protect the network. This allows all users to safely use business resources with minimum risk of malware infection, illegal software, and exposure to inappropriate Internet sites or other prohibited activity. We will not assist with attempts to circumvent those policies or security measures.

Our forums are set up to help the home computer user deal with issues and questions relating to personal computers. At most community security sites like this, we do not have the staff or resources to deal with numerous client machines or the complexities of network disinfection. A lot of helpers are not familiar with Servers and many of the tools we use are restricted to non-commercial use by their creators. Further, we are not equipped to involve ourselves in any legal issues that may arise due to loss of business data and loss of revenue as a result of malware infection or the disinfection process which in some instances require reformatting and reinstallation of the operating system.

A business IT staff generally has established procedures in place to deal with issues and infections on client machines on the network. As such, they may not approve of employees seeking help at an online forum or outside the business office as doing so could interfere or cause problems with their removal methods. The malware you are dealing with may have infected the network. If that's the case, the IT Department needs to be advised right away so they can take the appropriate disinfection measures.

If you're reluctant or embarrassed to inform the IT Team, keep in mind that they can easily trace the source of the infection. It is much better to bring this to their attention than to deal with the consequences of violating security policy once the IT Team and your supervisor finds out.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 MFL_peon

MFL_peon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 16 December 2010 - 12:04 PM

Can I get in on this or should I start another thread?


Yes, you should open your own topic.


I apologize for stepping on anyones toes. Thanks for correcting my misstep.

I have a simular issue with a PC in my office.



Is this a work computer?


As for the question of this being a work computer. It is, but it's in my home office. I run my own business from home, and have an assistant who thought they would try to repair it on their own. I'm not positive all that they tried except running an AVG scan. With that in mind, I'd appreciate any assistance anyone has to offer.

Thanks again
Ryan

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:42 PM

Posted 16 December 2010 - 12:26 PM

Ok Ryan when you start your own topic, try to include exactly what steps have already been taken by your assistant. Just ask him what tools he used.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 MFL_peon

MFL_peon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 16 December 2010 - 02:31 PM

Ok Ryan when you start your own topic, try to include exactly what steps have already been taken by your assistant. Just ask him what tools he used.


I'm sorry. I wish I could tell you more. I have included everything I was able to get out of her, and everything I have done since I took over the repair.

All she can tell me that she definately did was run a virus scan with AVG 2011. She says that after that the fatal error 'c000021a' showed up.

I then attempted the steps I listed earlier.

I cannot boot it Normally or to Safe Mode.
Used Recovery Console to disable services that seemed to hang the system. That just seemed to go on and on.
Here are the services I disabled in order of apperance:
agpcpq.sys
amdagp.sys
alim1541.sys
agp440.sys
avgidseh.sys
avgrkx86.sys
Then the system hung on mup.sys. I did not disable this as I felt it was getting me no where.
Not sure where to go at this point.


System info
Dell Dimension 4700
Windows XP pro sp3
AVG free 2011
not sure what else may be pertinent.


Thanks for your attention to this matter.

Ryan

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:42 PM

Posted 16 December 2010 - 02:46 PM

You need to put that information in your own topic and not keep posting in this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 MFL_peon

MFL_peon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 16 December 2010 - 06:09 PM

I see the issue. I thought this was my own topic. Someone was kind enough to split my comment out of another thread and start this one. Isn't the first comment on this thread mine?

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:42 PM

Posted 16 December 2010 - 08:40 PM

Sorry for the confusion. I read dc3's comment to start your own topic and continued from there not realizing you were the original OP. I thought I saw another member's name here. Anyway this happens from time to time when we split comments out of a thread into another.

...the system hung on mup.sys. I did not disable this as I felt it was getting me no where.


If you do a Google search on mup.sys hangs in safe mode, you will find thousands of similar reports about this issue with various causes (usually hardware related) and possible solutions.

The main reasons for this Windows XP or Win 2000 boot hang or alleged mup.sys issue are:

1. Hard disk failure or corruption
2. A corrupted registry or registry hive
3. New hardware has been installed but not did not completely "Register or re-Register" correctly
4. New hardware has been installed but it is faulty or failing
5. The new hardware's driver or windows itself has been compromised (Disk data corruption or by a virus) or (rare) needs to be updated
6. The power supply is marginal in output or failing (Common per user feedback)
7. BIOS\ESCD\Motherboard chipset driver conflict with a component, its driver, or its registry data
8. Existing hardware including the motherboard may have failed in a specific way but not catastrophically.

How to fix an XP/Win 2000 System that freezes after loading mup.sys while booting

As you can see, malware is not one of the causes, so you may be dealing with multiple issues on this machine.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users