Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xp Crash


  • Please log in to reply
6 replies to this topic

#1 Zelpo

Zelpo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 18 January 2006 - 05:39 PM

Howdy all,

Was running SpySweeper and decided to check compressed files. SpySweeper found the following trojans:
  • Komforochka SMPT Relay
  • PCSentinels Smoking Gun
  • Trojan-Backdoor-Keylog-Sters
  • CAS
  • Trojan-Backdoor-Sapilayr
I set up SS to 'fix' the problems and then left it while I went to work. Upon returning, it appeared that SS was about half-way through the process and now a windows message was up saying that a windows file was corrupt. Acknowledging this message only lead right back to the message, endless loop I could not get out of. Only option was a hard reboot.

Upon reboot I get the following message:

Windows could not start because the following file is missing or corrupt:
<Windows Root>\System32\hal.dll
Please re-install a copy of the above file.


The computer is an old Dell 4550 (bought in 2001), P4 2.0GHz (northwood), XP home ed.

My biggest concern at this point is not wiping the drive due to about 3 years of digital photos being on it (& not backed up, shame on me).

I'm not familiar with the bios or the recovery console, but I have fished around there a bit trying to figure out how to replace this file. I stopped in hopes of not doing further damage.

If I reinstall the OS, will that wipe out the entire contents of the hard drive, or just the files under the windows directories?

Any help with resolving this issue would be appreciated. My main goal is saving my photos from oblivion.

Thanks,

Matt

BC AdBot (Login to Remove)

 


#2 nologic

nologic

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 18 January 2006 - 09:02 PM

I have the identical situation. Only SpySweeper seems to detect this. I have Ad-Aware (paid version) as well, and have tried Search & Destroy and a bunch of other programs. The only program that detects these is SpySweeper, but it gets stuck trying to remove them. I am afraid to use my computer or any sites that require a password, like my POP3 mail, becuase it says they control my computer remotely. SpySweeper support has been 3 days without any response all they say is:"You're only paying $29.95, what do you expect?"

Komforochka SMPT Relay
PCSentinels Smoking Gun
Trojan-Backdoor-Keylog-Sters
CAS
Trojan-Backdoor-Sapilayr


Edited by nologic, 18 January 2006 - 09:03 PM.


#3 Zelpo

Zelpo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 18 January 2006 - 10:36 PM

I was on tech support with WebRoot today, and was pretty much told too bad so sad. Money well spent eh?

#4 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:02:43 AM

Posted 19 January 2006 - 01:41 AM

Zelpo:

Run both Adaware and Spybot Search and Destroy using safe mode, updating each program before you scan and setting both to fix what they find.

If you don’t already have these anti-malware freeware applications, you can download them at the following links:

*AdAware SE: http://www.lavasoftusa.com/software/adaware/

*Spybot S&D: http://www.safer-networking.org/en/index.html

Following that, if your problem is not completely resolved, I suggest you post a “HijackThis” log for expert assistance with your problem following the instructions below.

Please read the pinned post in our “HijackThis” forum, here
Carefully read and follow all directions explicitly.

Following instructions, run a HJT log and post it in our HJT forum, at this link.

Do not as yet attempt to fix anything by yourself using Hijack This.

A member of our HJT Team will analyze your log, make recommendations and offer assistance.

It may take a short period of time to get a response to the log you posted because the members of our HJT Team are kept very busy.
Please be patient as this team is manned by volunteers. They will help you as soon as possible.

NOTE
Once you have posted your HJT log, please DO NOT make any additional posts in the HJT thread in which you posted your log until you get a response from a member of our HJT expert team.

The first criteria they have when looking for logs that need replies are posts showing 0 replies. If you make an additional post, it will show as having 1 reply.

A team member, looking to see if a reply has been made might well assume another HJT Team member is already assisting you and might not open the thread to respond.

So, make your post and wait for a response from a team member.

Edited by Enthusiast, 19 January 2006 - 01:44 AM.


#5 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:02:43 AM

Posted 19 January 2006 - 01:43 AM

Howdy all,

Was running SpySweeper and decided to check compressed files. SpySweeper found the following trojans:

  • Komforochka SMPT Relay

  • PCSentinels Smoking Gun

  • Trojan-Backdoor-Keylog-Sters

  • CAS

  • Trojan-Backdoor-Sapilayr
I set up SS to 'fix' the problems and then left it while I went to work. Upon returning, it appeared that SS was about half-way through the process and now a windows message was up saying that a windows file was corrupt. Acknowledging this message only lead right back to the message, endless loop I could not get out of. Only option was a hard reboot.

Upon reboot I get the following message:

Windows could not start because the following file is missing or corrupt:
<Windows Root>\System32\hal.dll
Please re-install a copy of the above file.


The computer is an old Dell 4550 (bought in 2001), P4 2.0GHz (northwood), XP home ed.

My biggest concern at this point is not wiping the drive due to about 3 years of digital photos being on it (& not backed up, shame on me).

I'm not familiar with the bios or the recovery console, but I have fished around there a bit trying to figure out how to replace this file. I stopped in hopes of not doing further damage.

If I reinstall the OS, will that wipe out the entire contents of the hard drive, or just the files under the windows directories?

Any help with resolving this issue would be appreciated. My main goal is saving my photos from oblivion.

Thanks,

Matt



If you repair Windows XP you may not have to wipe the drive as you would with a reinstall.

Can you get to a command prompt? Do you have the boot disks for your op system? (If not you can download them at bootdisk.com)

Edited by Enthusiast, 19 January 2006 - 01:46 AM.


#6 Zelpo

Zelpo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 19 January 2006 - 03:36 AM

Enthusiast, thanks for your reply!

PC will not even boot up, not in safe mode either.

Upon reboot I get the following message:

Windows could not start because the following file is missing or corrupt:
<Windows Root>\System32\hal.dll
Please re-install a copy of the above file.


I can reboot and get to the bios, and also the boot screen where I can access my Dell XP recovery disk.

Due to the main mission of preventing the lose of my digital photo's, I am taking the safest route and tonight purchased a new hard drive. I will remove the corrupted drive, install the new one, re-install the OS, and then access the old drive and remove my photo's. I will then reformat the old drive, and put it in a external enclosure to serve as a back up drive. Then I'll copy all my photo's over to it, like I should of did years ago. Then I will buy some high quality CD’s and backup all my photo’s to those too.

My next problem is that all of this is new to me, my first time. I'm not sure how to install a new hard drive much less format & install an OS, but I have been spending many many hours reading up on the process via google. Hopefully I will get through this.

Btw, I was running Spybot, AdAware, MS antivirus beta, and SpySweeper. Also ZoneAlarm, default XP SP2 firewall, AVG, had Norton disabled as I found it almost useless vs. AVG. All for not, it was too late and trojans were apparently already wrapped around my OS files.

I find it hard to believe that individuals put so much effort into creating malicious programs to cause so much grief, but that sadly seems to be the case *sigh* I vow not to be complacent & become a victim again. I think I will be purchasing a suite of anti-malware software and cover all the bases this time around.

#7 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:03:43 AM

Posted 19 January 2006 - 09:59 AM

Wow! Hold off throwing money at the problem! It's actually making your job harder (more on this later)!

First, get a copy of one of the free Linux distributions (like Knoppix, for example). Using it you should be able to recover your files and photos to a CD using the Knoppix disk). You can also use a DOS boot disk (with CD support) along with an NTFS reader to copy these files.

That being said - an additional hard drive is a good idea. Installing them is easy - but you can also pick up an external USB hard drive for a decent price (and it requires almost no installation).

Here's the pitfalls on installing a new hard drive in place of the old one:
1) You'll have to format and install the OS on it - then all the updates are needed. Then you'll have to install all of your programs, etc, etc, etc...
2) Your other hard drive has different security descriptors on the file system than will be on the new hard drive. So, even with the same account names and passwords, you'll have to work hard at getting into the files (it's possible, but it is a great PITA!)

Now, it appears that there's nothing wrong with this hard drive (assuming that you've cleaned all the virus stuff off of it) - so here's what I'd recommend:

1) Save all of your photos and data to CD's using either the Knoppix disk or the DOS boot disk method described above (I can provide more details about them if you need it). This is a precaution in case something happens while repairing the current XP installation.

2) Once everything's backed up - perform a repair install of XP using these instructions (follow ALL of the instructions): http://www.michaelstevenstech.com/XPrepairinstall.htm
A repair install will repair the system files while leaving your drivers, programs, files, and settings intact.

3) Only have one antivirus program in memory at a time. Then, perform a whole bunch of virus scans to ensure that your system is clean (links to free, online scans later). If you still find viruses/spyware - be aware that your photos and data (on the backup media) may be infected also - so scan them to be sure!

Here's the links to free online scans:

http://www.kaspersky.com/scanforvirus
http://housecall.trendmicro.com/
http://www.bitdefender.com/scan8/ie.html
http://www.pandasoftware.com/products/activescan.htm
http://onlinescan.avast.com/
http://support.f-secure.com/ols/start.html
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users