Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP locking when running iTunes after an infection removal


  • Please log in to reply
8 replies to this topic

#1 River18

River18

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 27 August 2011 - 10:01 AM

Hi,

I got some help on the malware board to remove what was believed to be a virtumonde infection. While we've successfully removed that, I now find that my computer locks every time I try to run iTunes. We don't think anything that has been done should prevent it from working, however... Suggestion was to see if anyone here has any ideas.

Here's a few details:

Windows XP Home with SP 3.
Other programs appear to be running OK.
The malware removal involved Combofix and other tools - thread is under "Potential Virtumonde infection" on the malware board with more details.
ITunes freezes the computer completely, with no error messages, blue screen or opportunity to use Task Manager to close it down. It's not consistent; sometimes it will lock after a couple of minutes, sometimes within seconds. It does lock each time - 8 times running so far!
So far I've tried uninstalling iTunes (both using control panel and a specialist program) and reinstalling - both the latest version and an older version I know worked. I've been including associated programs such as bonjour and itunes helper in this. I've also deleted library files left after an uninstall.

Any help/suggestions appreciated!

R

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,435 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:56 PM

Posted 27 August 2011 - 04:41 PM

If iTunes is the only problem, not just the scene of the crime...uninstalling it completely, running the chkdsk /r command on your Windows partition...then reinstalling iTunes should overcome what is wrong.

Files of all sorts (Windows and programs) may become damaged at any time. If there is only particular program impacted adversely...it's a reasonable assumption to guess that file damage/corruption has occurred. Uninstalling/reinstalling takes care of that often.

Running the chkdsk /r command is a good way of checking the Windows file system for problems.

If the Windows files upon which iTunes depends...are damaged, there should be errors reflected in Event Viewer concerning problems with iTunes. If such exist, you need to doubleclick each such line item and read the detail for clues...and post the detail.

Louis

#3 River18

River18
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 28 August 2011 - 03:54 PM

Hi Louis,

Thanks for your suggestions. The chkdsk /r review came up with what appear to be minor issues. iTunes crashed as usual after doing this. The event log doesn't show up errors, just information. This ipod service information is the same text each time it crashes, and doesn't shed any more light on this to me...



Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 28/08/2011
Time: 19:52:02
User: N/A
Computer: OLYMPIAN
Description:
Checking file system on C:
The type of the file system is NTFS.
Volume label is Maindrive.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 1635 unused index entries from index $SII of file 0x9.
Cleaning up 1635 unused index entries from index $SDH of file 0x9.
Cleaning up 1635 unused security descriptors.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.

78011639 KB total disk space.
68797648 KB in 113977 files.
67364 KB in 12630 indexes.
0 KB in bad sectors.
247967 KB in use by the system.
65536 KB occupied by the log file.
8898660 KB available on disk.

4096 bytes in each allocation unit.
19502909 total allocation units on disk.
2224665 allocation units available on disk.

Internal Info:
20 b1 02 00 9a ee 01 00 5b df 02 00 00 00 00 00 .......[.......
78 25 01 00 02 00 00 00 20 11 00 00 00 00 00 00 x%...... .......
c0 aa 3c 2a 00 00 00 00 20 2c 2f 68 01 00 00 00 ..<*.... ,/h....
00 2c af 7d 00 00 00 00 f0 d8 57 cc 38 00 00 00 .,.}......W.8...
e0 ac a8 d6 00 00 00 00 90 56 c0 c8 3b 00 00 00 .........V..;...
99 9e 36 00 00 00 00 00 d8 39 07 00 39 bd 01 00 ..6......9..9...
00 00 00 00 00 40 13 67 10 00 00 00 56 31 00 00 .....@.g....V1..

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Information
Event Source: iPod Service
Event Category: None
Event ID: 0
Date: 28/08/2011
Time: 20:51:35
User: N/A
Computer: OLYMPIAN
Description:
The description for Event ID ( 0 ) in Source ( iPod Service ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.



Is there anything else you would suggest?

Thanks,

R

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,435 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:56 PM

Posted 30 August 2011 - 07:07 AM

Well...I'd be concerned that chkdsk /r tried to correct problems with the MFT.

I'm no tech of any sort, just a user like you...but that attempt at correction could well indicate a damaged file system or damaged hard drive.

I would run the appropriate diagnostic from the website of the respective hard drive manufacturer...the long test...on the drive, just to allay my concerns about the drive itself.

Free Hard Drive Testing Tools - Hard Drive Diagnostics - http://pcsupport.about.com/od/toolsofthetrade/tp/tophddiag.htm

Chkdsk /r cannot be relied upon to repair a possibly damaged MFT, IMO...it's just not the right tool.

http://forums.techarena.in/windows-xp-support/1067772.htm

Louis

#5 River18

River18
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 31 August 2011 - 04:19 PM

Hi,

Good point on the MFT! I had already re-run chkdsk again by the time I read your reply, and this came back without the MFT problems:

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 29/08/2011
Time: 07:04:06
User: N/A
Computer: OLYMPIAN
Description:
Checking file system on C:
The type of the file system is NTFS.
Volume label is Maindrive.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 4 unused index entries from index $SII of file 0x9.
Cleaning up 4 unused index entries from index $SDH of file 0x9.
Cleaning up 4 unused security descriptors.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

78011639 KB total disk space.
68708540 KB in 114233 files.
67452 KB in 12622 indexes.
0 KB in bad sectors.
247967 KB in use by the system.
65536 KB occupied by the log file.
8987680 KB available on disk.

4096 bytes in each allocation unit.
19502909 total allocation units on disk.
2246920 allocation units available on disk.

Internal Info:
20 b1 02 00 92 ef 01 00 de e0 02 00 00 00 00 00 ...............
7c 25 01 00 02 00 00 00 c0 0a 00 00 00 00 00 00 |%..............
80 15 b0 29 00 00 00 00 00 f7 b2 60 01 00 00 00 ...).......`....
40 b5 10 53 00 00 00 00 40 0f 2a 06 37 00 00 00 @..S....@.*.7...
70 28 de d6 00 00 00 00 50 49 2c cf 39 00 00 00 p(......PI,.9...
99 9e 36 00 00 00 00 00 d8 39 07 00 39 be 01 00 ..6......9..9...
00 00 00 00 00 f0 a2 61 10 00 00 00 4e 31 00 00 .......a....N1..

Windows has finished checking your disk.
Please wait while your computer restarts.


-------------------
I also ran the manufacturer's scans as you suggested. I have run two hard disks. On the main one (Excelstor) when I've run the diagnostic a DOS screen will flash up for a split second and then disappear. Almost certainly not working correctly, but it's too quick to be able to read what the issue is. My secondary drive (Hitachi) came back clean with their specialist check. I ran this on the Excelstor also, and that was clean.

Meanwhile I've also discovered the same freezing issue with Skype. There's a variety of event log information being produced, but I've not been able to find one linked to this.

Curiouser and curiouser..!

R

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,435 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:56 PM

Posted 31 August 2011 - 05:05 PM

I would run the following on the ExcelStor drive, http://www.excelstor.com/eng/support.php?sub_id=3 .

Louis

#7 River18

River18
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 04 September 2011 - 07:20 AM

Hi, yes, that was the diagnostic I was trying to run. I eventually got it to work*, and unfortunately it did report a fail. 14 bad sectors were identified. Unfortunately I can't locate the log - the program may have tried but failed to write it to the CD RW I ran it from.

So... a couple of thoughts:

- I ran the diagnostic as a read-only - i.e. I didn't ask it to attempt to correct any bad sectors. Should my next step be to try this? Or would I be better of backing up everything I have on this drive beforehand?

- If I do have a failing hard disk, then it makes sense to move everything off it onto my other one. It's my boot hard disk, and also has Windows XP on it. I don't have experience of transferring these, and I also only have a Windows recovery CD, rather than a Windows installation disk. I searched around and saw you suggested in another forum discussion to use EaseUS to copy a drive across, so I can use that. I suspect that there's a bit more too it if I'm going to switch over from using one to boot up to another however..?

I'm aware that these aren't Windows XP questions now, so if I'd be best off in another forum then I'm happy to do that!

Thanks,

R



* Anyone reading this who was also having problems running the Excelstor hard disk diagnostic, I managed by using CD burner software to put the CD image onto a CD-RW, then booting up and selecting option 2 (load without CD drivers). Change drive to the hard disk you'd like to scan (e.g. type c:\) and then run estest.exe with whichever parameters you want after it. You can read about these in the help information (where you download the file form). Option 1 just stalled for me.

#8 hamluis

hamluis

    Moderator


  • Moderator
  • 56,435 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:56 PM

Posted 04 September 2011 - 07:46 AM

<<I ran the diagnostic as a read-only - i.e. I didn't ask it to attempt to correct any bad sectors. Should my next step be to try this? Or would I be better of backing up everything I have on this drive beforehand>>

IMO...anytime a user suspects problems...it's already too late to backup then...since the severity, nature, and extent of the problem are not known. Backups are most useful when conducted/made when the system dieplays no problems.

I've never seen any benefit in running a repair tool...be it chkdsk or some 3d-party app...in anything other than a mode designed to try to repair alleviate whatever it can.

<<If I do have a failing hard disk, then it makes sense to move everything off it onto my other one. It's my boot hard disk, and also has Windows XP on it. I don't have experience of transferring these, and I also only have a Windows recovery CD, rather than a Windows installation disk. I searched around and saw you suggested in another forum discussion to use EaseUS to copy a drive across, so I can use that. I suspect that there's a bit more too it if I'm going to switch over from using one to boot up to another however.>>

As I said...I believe in backing when the system exhihits no problems. If that hasn't been done...I keep most of my data files on other drives and I don't mind reinstalling applications. Again...there is nothing to guarantee that files/hard drives/partitions will be accessible when problems appear.

Others follow dissimilar procedures, but those are the ones that I follow.

I don't have systems that employ recovery disks...so I can't tell you anything about how they work...there is no standard. Best thing I can suggest is to consult your system documentation re use of such disks.

You can try a backup/image of your partition now...nothing ventured, nothing gained. There are many programs that can be used for such...I suggested Easeus only because I am familiar with it. The instructions for use will cover all that a user needs to know concerning proper use.

Louis

#9 River18

River18
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 07 September 2011 - 06:12 PM

Well, I've now got a 3rd hard disk and have made images of the other two hard disks on it. Key files I already had backed up, but not system settings or XP itself. Next step will then be to try and convert my 2nd hard disk into a boot disk. I seem to have the options to restore an image, or I could clone the 1st disk onto the second one. I'm not sure however if one has the advantage over the other...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users