Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check Virus Removal Problem


  • This topic is locked This topic is locked
83 replies to this topic

#1 durandir

durandir

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 16 January 2012 - 03:50 PM

Hello,

I'm going through the Remove System Check (Uninstall Guide)and have a problem getting TDSSKiller.exe to run (step 6 in the guide).

I believe I have the system check virus/malware because of the following symptoms:

1.Redirection of google search results: when I click on a site in google it redirects to an advertisement site or similar site that is unrelated to my search..

2.system check is on my computer and runs a scan (or a fake scan) everytime I start the computer

3.system check tells me that my hard drive has problems ie.
"hard drive rotational speed decreased by 20%"
"disk drive C:\ is unreadable"
"system files are damaged. System is unstable"
and other similar messages

4.a popup error message is titled "Windows - Delayed Write Failed" and says "Failed to save all the components for the file \\system32\\000030ee. The file is corrupted or unreadable. This error may be caused by a PC hardware problem"

According to the Remove System Check (Uninstall Guide), these are fake alerts, errors etc. caused by system check. I've begun to go through the Remove System Check (Uninstall Guide), and have completed up to step 5 without major issue.

Step 6 asks me to run TDSSKiller, but I have been unable to do so. I've renamed the TDSSKiller.exe file several times using different names (terrible.com, that.com etc) without luck. I click on the desktop icon to run the file TDSSKiller.exe (renamed of course) and my mouse icon adds an hourglass for a second and then goes away. No program was run (as far as I can tell).

Let me know if I should post any logs.

I apologize if this topic is in the incorrect place, if it is please let me know so I can change it.

Thank You

Edited by Budapest, 16 January 2012 - 04:21 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:18 PM

Posted 16 January 2012 - 11:19 PM

Download

FixTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot you may be asked to repair MBR ,click on repair.

Run tdsskiller now

Download

http://public.avast.com/~gmerek/aswMBR.exe

Launch it, allow it to download latest Avast! virus definitions

Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Good luck

Edited by narenxp, 16 January 2012 - 11:19 PM.


#3 durandir

durandir
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 17 January 2012 - 03:47 PM

I installed FixTDDS and it said it would restart the computer. The computer shutdown, but upon starting backup again I get the blue screen of death.I've restarted and am able to get to the startup selection screen and tried starting in safe mode and last known good configuration.
Both attempts ended at the blue screen.

The exact phrase on the blue screen is:

"A problem has been detected and windows has been shut down to prevent damage to your computer.

The problem seems to be caused by the following file: ACPI.sys

PAGE_FAULT_IN_NONPAGED_AREA

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.

Technical information:

***STOP: 0x00000050 (0xCC43548E, 0xF75B9DDC, 0x00000000)

*** ACPI.sys - Address F75B9DDC base at F75A8000, DateStamp 480252b1"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:18 PM

Posted 17 January 2012 - 04:55 PM

In advance startup menu select Repair your computer


Are you able to do a system restore ?

Can you select command prompt option atleast?

#5 durandir

durandir
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 17 January 2012 - 05:05 PM

I tried safe mode with command prompt, it resulted in the same blue screen.
The advance startup menu has these choices:

"
Safe Mode
Safe Mode with Networking
Safe Mode with Command Prompt

Enable Boot Logging
Enable VGA Mode
Last Known Good Configuration (your most recent settings that worked)
Directory Services Restore Mode (windows domain controllers only)
Debugging Mode
Disable automatic restart on system failure

Start Windows Normally
Reboot
Return to OS Choices Menu
"

A thought, can I restart and tell the bios to boot using the Windows XP cd? And would that help?

#6 durandir

durandir
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 17 January 2012 - 05:06 PM

Also, to set your mind at ease, this is not a critical computer. Its a Pentium 4 Windows XP home edition computer that I used through school. It would be nice to get the virus off it and use it around home. Loosing it would be regretable, but ok.

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:18 PM

Posted 17 January 2012 - 05:14 PM

A thought, can I restart and tell the bios to boot using the Windows XP cd? And would that help? //

You should have two options

One is to install and other is to get into recovery console.

Select recovery console and let me know

Edited by narenxp, 17 January 2012 - 05:14 PM.


#8 durandir

durandir
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 17 January 2012 - 05:24 PM

I set the BIOS Boot sequence to use the CD ROM.

Upon starting the computer I get a screen saying this:

"
Windows XP Home Edition Setup

Welcome to Setup.

This portion of the Setup program prepares Microsoft ® Windows® XP to run on your computer.

.To set up Windows XP now, press ENTER.

.To repair a Windows XP installation using Recovery Console, press R.

.To quit Setup without installing Windows XP, press F3
"
At the bottom there is a white strip telling what certain keystrokes will do
"
ENTER=Continue R=Repair F3=Quit
"

Shall I press R for recovery console then? (note: I haven't touched anything yet)

#9 durandir

durandir
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 17 January 2012 - 05:43 PM

Sorry, I misread your message.


I've entered the Recovery console. I've told it to log into the windows installation and I'm at a command prompt.

"C:\WINDOWS>"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:18 PM

Posted 17 January 2012 - 06:15 PM

Thats ok type this command


expand D:\i386\acpi.sy_ C:\windows\system32\drivers

where D refers to your drive letter

Replace it with respect to letter assigned

Let me know

Edited by narenxp, 17 January 2012 - 06:16 PM.


#11 durandir

durandir
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 18 January 2012 - 12:38 AM

Reads:

"
C:\WINDOWS>expand D:\i386\acpi.sy_C:\windows\system32\drivers
The system cannot find the file or directory specified

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:18 PM

Posted 18 January 2012 - 02:50 AM

Try this command

copy D:\i386\acpi.sys c:\windows\system32\drivers

If that doesnt work try this

copy c:\windows\system32\dllcache c:\windows\system32\drivers

If you still receive file doesnt exist error,run these commands one by one and press ENTER

C:

dir acpi.sys

let me know what it finds

Edited by narenxp, 18 January 2012 - 02:50 AM.


#13 durandir

durandir
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 18 January 2012 - 01:19 PM

Neither worked. copy C:\windows\system32\dllcache c:\windows\system32\drivers said "COPY does not support wildcards or directory copies."

c:
dir acpi.sys

said

"THe volume in drive C has no label
The volume Serial Number is ec05-cce3

Directory of C:\windows\acpi.sys

No matching files were found.
"

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:18 PM

Posted 18 January 2012 - 01:27 PM

If you have a XP CD,i would request you to go through this tutorial to repair your OS

http://en.kioskea.net/faq/516-repairing-windows-xp-using-cd-installation

This should be a much easier way other than using live LINUX cd to troubleshoot the actual issue

#15 durandir

durandir
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 31 January 2012 - 02:48 PM

Sorry, I've unsuccessfully replied to this about 3 times. Not sure why.

I tried to repair with the OS, but it still loads the blue screen upon startup (I can get to the bios options before it gives the blue screen)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users