Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware corrupted Vista


  • Please log in to reply
10 replies to this topic

#1 nicki227

nicki227

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 21 July 2011 - 04:17 PM

I had a problem with files and favorites being hidden so I posted my issue in the "Am I Infected?" forum. After a few tests, cryptodan said he did not see anything malicious.

I then did a SFC test with boopme and got the following message: "Windows Resources Protection found corrupt files but was unable to fix some of them."

boopme said the malware could have hurt the Vista and that this is a system file issue. He mentioned that you could possibly help me replace them.

This is a link to my original posting: http://www.bleepingcomputer.com/forums/topic403429.html

Do you think you could help me with this?

Thanks so much.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:51 PM

Posted 21 July 2011 - 05:38 PM

If you ran sfc /scannow with the appropriate CD inserted...and the files could not be replaced/repaired...I doubt if anything short of a clean install will solve this (if it is a Windows problem).

http://answers.microsoft.com/en-us/windows/forum/windows_vista-windows_programs/windows-resource-protection-found-corrupt-files/93a05f7d-3b46-49a1-b469-f14d23a456cc

There is also the possibility that the files cannot be repaired/replaced because of partition/file system/hard drive problems...but let's not get into that yet.

Louis

#3 nicki227

nicki227
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 21 July 2011 - 06:22 PM

Thanks for such a quick reply!

I ran the SFC and never got an instruction to insert a disk. Does that change anything?

Thanks again.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:51 PM

Posted 22 July 2011 - 11:49 AM

Typically...running sfc /scannow posts a notice that the Windows CD may be needed.

I've never run that command without having to insert the Windows CD.

How To Use Sfc.exe To Repair System Files - http://www.bleepingcomputer.com/forums/topic43051.html

<<I then did a SFC test with boopme and got the following message: "Windows Resources Protection found corrupt files but was unable to fix some of them.">>

I would interpret that message as being indicative of a serious problem with your file system...your hard drive...or Windows. Beyond that, I cannot interpret it.

If the system was mine, I would first run the appropriate hard drive diagnostic...then just do a clean install of Windows (if no hard drive problems come to light).

Louis

#5 nicki227

nicki227
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 24 July 2011 - 06:45 PM

I went to that link you sent and, hate to admit it, but I got confused. It was mentioning XP rather than Vista.

Also, when you say to run a hard drive diagnostic, is that the SFC.

Sorry, this is all new to me.

Thanks.

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:51 PM

Posted 24 July 2011 - 07:01 PM

The sfc /scannow command...applies to any version of Windows (XP, Vista, Win 7) you have installed.

You can use Google to verify this.

If you read the link about the sfc /scannow command...you will see that it is not a hard drive tool, it'a a file system tool.

If you have any questions about anything concerning computers that you don't understand...try using Google for general information. You get a variety of opinions/views, rather than just one.

Free Hard Drive Testing Tools - Hard Drive Diagnostics - http://pcsupport.about.com/od/toolsofthetrade/tp/tophddiag.htm

Louis

#7 nicki227

nicki227
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 29 July 2011 - 04:55 PM

Hi Louis,

I went to the link you sent to me, thanks. Then I clicked on the Microsoft Windows Built-In Error Checking. It showed me how to run a chkdsk. I did that and got the following log.


Checking file system on C:

The type of the file system is NTFS.

Volume label is HP.

 

A disk check has been scheduled.

Windows will now check the disk.

179712 file records processed. 1967 large file records processed.
0 bad file records processed.
0 EA records processed.
44 reparse records processed.
232806 index entries processed.
0 unindexed files processed.
179712 security descriptors processed.
Cleaning up 16 unused index entries from index $SII of file 0x9.

Cleaning up 16 unused index entries from index $SDH of file 0x9.

Cleaning up 16 unused security descriptors.

26548 data files processed. CHKDSK is verifying Usn Journal...

33966416 USN bytes processed. Usn Journal verification completed.

Windows has checked the file system and found no problems.

144737585 KB total disk space.

50970024 KB in 138713 files.

101744 KB in 26549 indexes.

0 KB in bad sectors.

294173 KB in use by the system.

65536 KB occupied by the log file.

93371644 KB available on disk.

4096 bytes in each allocation unit.

36184396 total allocation units on disk.

23342911 allocation units available on disk.

Internal Info:

00 be 02 00 9a 85 02 00 54 77 04 00 00 00 00 00 ........Tw......

08 6f 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 .o..,...........

42 00 00 00 52 73 30 77 88 83 1e 00 88 7b 1e 00 B...Rs0w.....{..

Windows has finished checking your disk.

Please wait while your computer restarts.



Does that seem ok? Thanks again for helping me.

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 55,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:51 PM

Posted 18 August 2011 - 08:29 AM

My apologies for the delay in response.

Chkdsk is not a hard drive diagnostic, although many will speak of it as if it is. It's a tool that checks the file system which is installed on the hard drive...not the same as actually checking the hard drive itself.

Each hard drive manufacturer typically has a diagnostic tool, as explained in the link I previously provided regarding hard drive diagnostics.

I would go to the website of the respective manufacturer of your hard drive (manufacturer's name typically is on the drive itself or you can go Start/Run...type devmgmt.msc and hit Enter...then double-click on Disk Drives. It will reflect the manufacturer/model of the hard drive installed.

Run the diagnostic, following the directions provided by the hard drive manufacturer.

Louis

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:51 PM

Posted 19 August 2011 - 12:30 AM

Just an FYI:

Running SFC doesn't always require the install disk. That depends on 4 things:

Whether system files are missing or corrupted

Whether the setup and service pack files are stored in a backup on the computer, in XP this is the i386 folder.

Whether those files have been corrupted. If they have, the install disc is required.

and if SFC is pointed to the i386 folder.

In my case, SFC has never asked me for the disc.

nicki227, by any chance, is your computer a Dell?

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#10 nicki227

nicki227
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 21 August 2011 - 07:06 PM

Louis,

Thanks for the info on the disk drives. I just found the mft. and model of the hard drive and will run the diagnostic. I'll let you know what it says!

Orange Blossom,

Thanks for letting me know about the disc. I'm glad I'm not the only one who ran the SFC and did not get a request for a disc. And no, sorry, I do not have a Dell.

Edited by hamluis, 22 August 2011 - 09:59 AM.
Corrected typo.


#11 nicki227

nicki227
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 21 August 2011 - 07:17 PM

Louis, Please excuse that extra "E". Sorry.

No problem, I have no identity crisis/confusion...I removed the "e" :) ~ Louis.

Edited by hamluis, 22 August 2011 - 10:01 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users