Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Won't Load


  • Please log in to reply
6 replies to this topic

#1 nikkisixx13

nikkisixx13

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 22 February 2006 - 08:32 PM

All of a sudden yesterday my computer went hay-wire on my. I wasn't even doing anything out of the ordinary.

My first intial reaction was to run Hijack This, but it won't load for some reason. It'll pop up in my task manager under tasks and processes, but it shows up as not responding, but the program itself never shows up. Firefox, my usual browser of choice, continues to crash constantly now as well. Also, no online virus scans will work for me either, as something is preventing Active X (or anything) from downloading, both on IE and FFox. I luckily already had Ewido, ran that, and that only showed up with a bunch of cookies, which I removed. NAV ran, and I removed everything that it came up with as well (A0113183.exe A0113181.exe, bnedkmla.exe, and dmfte.exe) Spybot ran, nothing out of the ordinary was found there. CWShredder only found Msconfig (?) and I managed to download and run the Pepi coolwebsearch smartkiller, which said I didn't have the file on my comp in the first place.

I noticed a few wierd things in the processes tab...I'm not sure how many SVCHOST's there are supposed to be running at any time, I always thought it was three, one for system, one for user, and one for local network...I have 4, two system ones, and one eats up A LOT of memory compared to the other one. THe other odd thing I noticed is something called dumprep.exe, which seems to spawn itself as it shows up more than once, I killed it and the host program before, but to no avail.

Also, upon start up (and this may have NOTHING to do with anything else) I get an error message reading cslaf.exe The NTVDM CPU has encounterd and illegal instruction. CS:0549 IP:037f OP:2e 63 6f 6d 22 choose close to terminate the application. IF I choose ignore instead, I get quite a few of the same error message popping up, but with the CS: etc. numbers changing. On this current restart, I've just left the window alone and haven't clicked on anything else, so if for some reason this IS relevant, I can give the additional error messages in a reply post.

Lastly, I tried to just restart windows in safe mode, but it would always reboot it self before completing the job. It's say at the bottom of the DOS prompt while loading "press ESC to not load d347bus.sys" I ignored this the first time, and the computer rebooted before going any farther...thought it was a fluke, so I tried it again...still nothing...lastly I hit ESC went prompted, and it still rebooted on me.

I've had nasty things get on my comp before, but nothing at all like this, and I'm completely stumped at the moment. Thanks in advance for the help!

BC AdBot (Login to Remove)

 


m

#2 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 23 February 2006 - 03:29 AM

Try running the following from safe mode, these are standalone scanners which can be downloaded, (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip remember to extract the contents of the zip file into the same folder as Sysclean.com

or

DrWeb CureIT

or

KASFX which is powered by the Kaspersky AV engine, you will need internet access to update it. If you haven't got net access in safe mode, update it before you use it.

If your good with the command line also try Sophos Command Line scanner this command will scan all of your hdd's SAV32CLI.EXE -F -di -remove -dn -mbr -all -zip -p=avscanlog.txt and give you a log file to review afterwards.

Also try installing and running A2 Free and Ewido again run from safe mode.

I'd also run Spybot(Spybot Tutorial) and Adaware

If your using Win2K/XP run adaware/spybot from "safe mode with command prompt" If your using Win9x just run it from safe mode the command line options aren't needed..

At the C:\ prompt type the following:-

cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe

#3 nikkisixx13

nikkisixx13
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 23 February 2006 - 10:32 AM

Thanks for the advice, but I CAN'T run from safe mode, as I can't GET INTO safe mode as I mentioned in my lengthy post. I did download and run Trends sysscan which found one virus here's the log

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Adam\Desktop\tsc.ptn" (version 710) [success]
WORM_RBOT.AAS[virus found]
-->delete registry data("n/a","SOFTWARE\Microsoft\OLE","EXPLORER.EXE") success




of course, removing this did absolutely nothing to help out the fact that I still can't open most programs, a "send error" report never pops up when said programs crash, and I still can't start windows in safe mode.

thanks for the help though

#4 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:04:04 PM

Posted 23 February 2006 - 12:39 PM

Hi nikkisixx13 and welcome to BC.

One of our Hijack This team suggests you try renaming Hijackthis.exe to something else. It doesn't really matter what as long as the .exe remains. If you are able to generate a log then it will become evident what is wrong (hopefully).

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#5 nikkisixx13

nikkisixx13
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 23 February 2006 - 05:55 PM

thanks for the advice, I thought of renaming the file earlier today, I ended up just restarting my computer, yanking my cable connection before hand, and hi jack this worked....and with the connection back on it doesn...so that's kindda scary. Renaming it didn't change anything. Thanks for the help though, this thread is all but dead, as I put my log in that HJ forum.

#6 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:04:04 PM

Posted 23 February 2006 - 09:32 PM

Thanks for posting back with that info. That may help others in the future with the same problem. Glad you were able to get a log. Good luck with the fix.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#7 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:04:04 PM

Posted 27 February 2006 - 10:11 AM

I see that OldTimer has found your log to be clean.

You mentioned d347bus.sys. Look at File.Net's How to remove d347bus error. It seems to describe your problem.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users