Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

gmer error when scanning


  • This topic is locked This topic is locked
4 replies to this topic

#1 kurtunes

kurtunes

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 10 January 2012 - 01:34 PM

I just posted and forgot to preface with my original concern before contacting bleeping computer. here is original concern:

When I start xp before desktop loads completely a small black box pops up quickly then dissapears. Seems to say windows\system32\cmd.exe Happens so quickly hard to read everything. I've tried print screen but to fast for me to catch. When desktop loaded I haven't noticed any problems with PC but am concerned as fear a virus. Have run different virus programs and disc check,etc. It does not happen when booting in safe mode. I forgot to mention that I already tried that and actually unchecked all startup boxes as there was no cmd.exe and it still happened when starting? I did go to run regedit and there are several cmd.exe but didn't alter as afraid it might screw up PC. Not sure if it is a virus as really haven't had any problems with PC running
prgrams,etc..


I followed instruction from Prep guide and attained logs requested dds & attach. Then ran into error after scanning gmer which is where I'm at a standstill. I'll attach dds and attach files.

Have been following instructions and succesfully saved DDS and attach file. I was then to run gmer scan after file. Did disable CD emulation as suggested. Heres what happened with gmer.



(after running gmer scan for 3 hours I could see that it had scanned tons of stuff but then this message came up.)

Windows was unable to save all the data for the file\$Directory.The data has been lost.This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Then this message came up.

The instruction at "0x7c9501b6" referenced memory at "0x6807f864". The required data was not placed in memory because of an i/o error status of "0xc000009a" click on ok to terminate program or cancel to debug.


(I wasn't sure what to do but was scared to terminate so I clicked debug and computer rebooted and the scan program was not up and running. Now what?)

Attached Files



BC AdBot (Login to Remove)

 


#2 kurtunes

kurtunes
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 10 January 2012 - 08:26 PM

I tried disabling internet, antivirus, and windows firewall then running gmer scan again. Had similar results. Seems to work great and scans for

hours - then message came up. the error box had a heading of "lxeecoms.exe-application error" I clicked O.K. and another error "windows delayed write failed" more similar error boxes and after clicking o.k my PC rebooted. I was never able to save what had scanned as wouldn't let me because error boxes.


The errors below are ones I posted from previous scan and same similar content came up even after disabling antivrus,etc.

Windows was unable to save all the data for the file\$Directory.The data has been lost.This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Then this message came up.

The instruction at "0x7c9501b6" referenced memory at "0x6807f864". The required data was not placed in memory because of an i/o error status of "0xc000009a" click on ok to terminate program or cancel to debug.

#3 kurtunes

kurtunes
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 11 January 2012 - 08:11 AM

The problem I originally contacted bleeping computer about was a suspicious black box coming up for a split second on desktop when PC almost booted up. I original was getting help from the "am I infected forum" about my problem of a black box with c:\Windows\system32\cmd.exe flashing open for a second on bootup. I was never able to catch it with print screen but finally did. Not sure if it will help but I attached the saved printscreen of what is popping up.Attached File  Windows system32cmd.exe black box.zip   120.24KB   1 downloads Also when in the "am I infected forum" I was instructed to run several troubleshooting programs which led them to suggest going to this forum. One question I have is that in the autoruns results which I saved after running program, on the 6th line down the following was:
+ "cmd.exe" "" "" "File not found: cmd.exe" ( you will see this on the 6th line down on the autoruns file I attached.Attached File  AutoRuns.txt   104.14KB   1 downloadsBeing as the black box popping up has cmd.exe included in it could this be part of the problem. Anyways, hope this helps in some way. I really have had no issues so far other that the black box flashing up on bootup but it has never done that and am a little nervous it could turn into something undesirable. Thanks in advance for all your help!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:07 AM

Posted 16 January 2012 - 11:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

This may be the culprit.

uRun: [Bomgar_Cleanup_ZD82226874038] cmd.exe /C rd /S /Q "c:\documents and settings\all users\application data\bomgar-scc-4e83292b" & reg delete hkcu\software\microsoft\windows\currentversion\Run /v Bomgar_Cleanup_ZD82226874038 /f

Open your task manager and disable this startup Bomgar_Cleanup_ZD82226874038

Restart the computer normally.

How is it now?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:07 AM

Posted 22 January 2012 - 10:09 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users