Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DCOM 1084 error


  • Please log in to reply
9 replies to this topic

#1 Flicker

Flicker

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 09 May 2011 - 10:54 AM

Hi all.

After running Malwarebytes and uncovering a couple of infected items, I quarantined and removed as usual.

On the reboot, my system keeps freezing and the admin history says I am encountering a DCOM 1084 error.

Can anybody help to tell me what this is please? And how to fix

thanks
Simon

Edited by Flicker, 09 May 2011 - 12:54 PM.


BC AdBot (Login to Remove)

 


#2 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:42 AM

Posted 09 May 2011 - 11:08 AM

Let's see if flushing the DNS cache and restoring MS's Hosts file will fix it.

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


Save as flush.bat to your desktop. Right click to run as Administrator. Your computer will reboot itself.

Let us know if this works.

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop


#3 Flicker

Flicker
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 09 May 2011 - 11:44 AM

Ok, that took a little working out but its done, no effect I'm afraid, reboot in normal mode means it works for about 90 secs and then programs go non responsive until the desktop itself goes non responsive.

CPU is very low while RAM very high but not actually doing anything.

Any further thoughts?

Edited by Flicker, 09 May 2011 - 12:56 PM.


#4 Flicker

Flicker
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 09 May 2011 - 12:56 PM

Oh and I ran an integrity test and it came back fine

#5 Flicker

Flicker
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 09 May 2011 - 05:52 PM

These were the files deleted by the scan.

Files Infected:
c:\Users\USER\AppData\Roaming\microsoft\installer\{dd8408e9-9421-484f-979d-db6361e3e828}\icondd8408e95.txt (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\USER\downloads\ourbabymaker.exe (Adware.FunWeb) -> Quarantined and deleted successfully.

#6 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:42 AM

Posted 10 May 2011 - 12:04 PM

What is the service (trying to start with arguments) DCOM error reports?
Have you installed any camera-related software?

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop


#7 Flicker

Flicker
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 10 May 2011 - 08:05 PM

This is the admin history of repeated full boot ups, as well as the usual failure to start browser etc.

DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

I've also had

DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

and

DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-5050545030

I havn't installed any camera related software recently and I'm at a bit of a loss to explain the severe downgrade.

#8 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:42 AM

Posted 11 May 2011 - 02:52 PM

See if you can troubleshoot by doing a 'clean boot'.

Boot into safe mode.
Clean Boot will help you start your computer by using a minimal set of drivers and startup programs so that you can determine whether a background program or any of the third party service is interfering with your program.

please follow the steps below.

1. Click Start on your Desktop

2. Type msconfig in the Start Search box and then press ENTER.

If you are prompted for an administrator password or for a confirmation, type the password, or click Continue.

3. On the General tab, click Selective Startup.

4. Under Selective Startup, click to clear the Load Startup Items check box.

5. Click the Services tab, click to select the Hide All Microsoft Services check box, and then click Disable All.

6. Click OK.

7. When you are prompted, click Restart.

To return your computer back to normal boot:

1. Click Start on your Desktop

2. Type msconfig in the Start Search box and then press ENTER.

If you are prompted for an administrator password or for a confirmation, type the password, or click Continue.

3. Click the General tab.

4. Click Normal Startup - load all device drivers and services, and then click OK.

5. When you are prompted, click Restart to restart the computer.

For information on using “Clean Boot”, see the following Microsoft Article:
http://support.microsoft.com/kb/331796

Step 2:

Once you finish with the clean boot from safe mode, you can try to boot in normal mode. If that doesn’t help then you can do a system restore.


Step 3:

Run a virus scan as well on your computer to check if your computer is infected

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop


#9 Flicker

Flicker
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 12 May 2011 - 08:01 AM

Ok ran another Virus check, all clean.

System seems to be perfectly happy in the selective boot up into normal mode which suggests to me its one of the programs in the full boot up.

Given the trojan was in the windows installer program and this has now been stopped I wonder if this is the issue?

Edited by Flicker, 12 May 2011 - 08:04 AM.


#10 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:42 AM

Posted 12 May 2011 - 12:10 PM

I would suggest you follow instructions at this link http://www.bleepingcomputer.com/forums/forum103.html
Then start a new topic about the found Trojan.

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users