Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP repair virus


  • Please log in to reply
13 replies to this topic

#1 Shellody

Shellody

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 24 June 2011 - 09:19 AM

Thanks to your site, I was able to recover from the Windows XP repair virus. My only problem now is that when I restart, I get the following:

error loading htetsdmn.dll. The specified module could not be found.
Unable to locate ?'box' (but it's an actual box)
and then notebook pops up with this: localizedresourcename=@%systemroot%\system32\shell32.dll, -21787

Other than the error messages, everything is functioning normally.

Thank you!

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:29 AM

Posted 24 June 2011 - 09:38 AM

See http://support.microsoft.com/default.aspx?scid=330132 .

<<error loading htetsdmn.dll.>>

No Google reference to such, probably a remnant for removed malware, IMO.

<<Unable to locate ?'box'...>>

Not sure what you mean...is there an actual box with nothing but 7 on it?

Louis

#3 Shellody

Shellody
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 24 June 2011 - 10:52 AM

So, I have posted a couple of replies but they aren't showing up...

The microsoft fix did not work.

How do I delete those items? I think they are leftovers as well, but am actually quite uninformed when it comes to computers. I was only able to remove this virus because I am quite adept at following directions :)

#4 Shellody

Shellody
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 24 June 2011 - 10:53 AM

Ok, so that time it worked...

one additional note: those items (desktop.ini, htetsdmn.dll, and the ?square (which is a square, like if you used webdings font or something, not the word square) all show up in start up in msconfig. But, if I follow the path to the start up folder, they are not there.

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:29 AM

Posted 24 June 2011 - 11:24 AM

OK...the simple thing to do is to remove the items from startup reflected by msconfig.

Uncheck them, hit the Apply button, click Close, Restart.

The better way (IMO) is to use a tool to see your startups and then delete those two items.

http://www.mlin.net/StartupCPL.shtml, look on each tab for the items we've discussed...delete related entries. This will eliminate the entries from your system.

Louis

#6 Shellody

Shellody
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 24 June 2011 - 11:35 AM

I tried the simple solution before I posted originally, and it just comes back upon restart. I tried downloading the app you suggested, and it won't load. Just says installation failed :(

#7 Shellody

Shellody
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 24 June 2011 - 11:43 AM

Well, I tried again, and I was able to install the app. None of those things we've discussed are in the tabs.

Startup user--nothing listed
startup common--nothing listed
HKLM/Run--(it wouldn't let me copy and paste, so I typed these quickly, there may be some errors)Acronis Scheduluer, Adobe reader, AESTFltr, BCMSMMSG, ccApp, GrooveMonitor, ISTray, Language Shortcut, lxdxamon, lxdxamon.exe, NeroFilterCheck, NVCPlDaemon, NvCPlDaemon, NvMediaCenter, nwiz, QuickTime Task, Remote Control, SunJavaUpdate, TkBellExe, TrueImageMonitor.exe, VirtualClone Drive

HKCU/Run--ctfmon.exe, MSMSGS
RunOnce--nothing listed
Deleted--nothing listed

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 56,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:29 AM

Posted 24 June 2011 - 01:21 PM

Download/install AutoRuns for Windows - http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx . Default show will be the Everything tab.

Review the list for the items in question.

If it's not on the Everything tab...then it's not a startup item...and I have no idea what's going on with your system.

Louis

#9 Shellody

Shellody
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 24 June 2011 - 01:46 PM

Sadly, none of the culprits are listed under the everything tab.

There are several items that say 'file not found' but none of them appear to have anything to do with the error messages I get. For example: igfxcui File not found: C:\WINDOWS\system32\igfxpph.dll, i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys, Rts516xIR File not found: system32\DRIVERS\Rts516xIR.sys, and a few others.

I'm glad I'm not the only one that has no idea what's going on with my system :) I guess I will wait until a problem arises, and then regret not researching it further. Thank you for all of your help; I sincerely appreciate it!

#10 Shellody

Shellody
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 24 June 2011 - 02:04 PM

Well, I restarted and did the Autoruns again and did find the square thing...but not the htetsmdn thing. I am going to attempt the microsoft fix again and restart again and see what happens :)

#11 hamluis

hamluis

    Moderator


  • Moderator
  • 56,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:29 AM

Posted 24 June 2011 - 02:54 PM

Keep us posted :).

Louis

#12 Shellody

Shellody
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 24 June 2011 - 03:03 PM

I'm feeling like a rock star :)

Ok, so I restarted, attempted to run the Microsoft thing again, and it was a fail. I still got the htetsdmn error as well. So, I ran the start up thing again, and a random set of letters caught my eye. It wasn't the htet, but another set (I did not jot them down). I took a look at the file path, and it ended with htetsdmn.dll! So, I deleted that.

Upon restart, no htet error :) I tried the Microsoft thing again, and still a fail. So, I did a weird thing, and searched for desktop.ini. It came up with approximately a million of them, but even so I started opening all of them (as instructed on the Microsoft page) I found three with the -21787 in it, and deleted them. So, I restarted yet again, and no error messages!

Just in case anyone is reading this thread in hopes of solving their own xp repair virus nightmare, at no point was I able to do a system restore. I tried at several different points in the battle, and I tried several different dates. It's a very frustrating virus!

Louis, again, I can't thank you enough! THANK YOU!

#13 hamluis

hamluis

    Moderator


  • Moderator
  • 56,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:29 AM

Posted 24 June 2011 - 03:11 PM

You did all the hard work, well done...happy computing :).

Louis

#14 Shellody

Shellody
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 24 June 2011 - 03:15 PM

I wouldn't have been able to do the work without your direction! Trust me, I'm much happier in general now! I couldn't rest until I beat that thing. I've read several posts in a variety of forums about people who rebuilt their entire system. I feel very lucky I didn't have to do that.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users