Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Xp Application Failed To Initialize (0xc0000005); Then C:\windows\temp\setup.exe Running Forever


  • Please log in to reply
18 replies to this topic

#1 chenue

chenue

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 01 April 2006 - 08:22 AM

Houston, I have a problem. It started yesterday when attempting to log on to a user account, McAffee states that it detected a virus and recommends a scan. I click 'ok' once or twice and the following message appears: application failed to initialize (0xc0000005).

After reading through some of your posted solutions, I had to C-A-D to get task manager up so I could run Microsoft Anti-Spyware. It detected one and I removed it. I then started a McAffee scan and it found another one (maybe more, but I fell asleep waiting for it to finish). When I logged back in, McAffee was saying the same thing, I C-A-D and a c:\ window appears saying c:\WINDOWS\temp\setup.exe

It has been like this for 45+ minutes. I can attempt to shut it down, and it asks if you're sure (which I am not) so I cancelled out to let it run. The cursor inside the c:\ box appears to be moving around every 30 to 90 seconds. . . leading me to believe that it is doing something.

When I fire McAffee backup, I cannot find the one file it found before I fell asleep (not in quarentine anyway).

Any recommendations?

BC AdBot (Login to Remove)

 


m

#2 chenue

chenue
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 01 April 2006 - 08:28 AM

PS Earlier this week I had to install NAV fixabwiz to rid my self of a trojan virus. After running following its instructions to disable windows auto-restore and running it, the laptop did behave okay for a day or two.

#3 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:06:02 AM

Posted 01 April 2006 - 09:12 AM

Welcome to BC! :thumbsup:

Run your anti virus program in safe mode by hitting the F8 key during bootup and selecting "Safe Mode" when presented the oportunity. This is the first thing to try.

Much malware will try to run from the temp file. Sometimes you can delete these files, sometimes not, but when you reboot you will find that they recreate themselves sometimes with different random names. Also it is important to know that it is tough to remove a file if it is being used. So by booting into safe mode hopefully this virus will not be running and chances of success in it's removal will be higher.

Once infected, installing Anti Virus software is often problematic. It may not install, update or run correctly.

Run your A/V in safe mode first and see if you make progress.

Next I would recommend following the Preparation Guide to posting a High Jack This log. You may not need to actually post a log, however. If you follow the instuctions in the Prepatory Guide faithfully then this little bugger might to be removed. However, rarely is a computer infected with only one thing.

If after completing all of the steps in the Preparation Guide you continue to have issues, post a HJT log as instructed in the Preparation Guide.

PREPARATION GUIDE


Edited by Albert Frankenstein, 01 April 2006 - 09:13 AM.

ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#4 chenue

chenue
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 01 April 2006 - 09:54 AM

Thanks, I will give it a whirl in SAFE MODE. In the meantime I ran another complete McAffee scan in normal mode and it found c:\windows\system2\wininet.dll Virus nameL W2/Alemod.f.dll

I cannot clean it, I cannot quarantine it, and when I go to delete it, I run scared. I will probabl download the fix for it, then run it in safe mode . . . Agree?

#5 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:06:02 AM

Posted 01 April 2006 - 10:20 AM

While you're in Safe Mode, delete your temp files. Go to Start -> Run and type:
%temp%
and hit enter. This will bring up your temp folder. Go to Tools -> Folder Options and the View tab and click on "Show hidden files and folders" and uncheck "Hide protected operating system files" and click Apply. Select all the items in temp and hit your delete key.

This will prevent some reinfection, since malware is often installed from the temp folder.

Edited by Herk, 01 April 2006 - 10:22 AM.


#6 pascor22234

pascor22234

  • Members
  • 403 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 01 April 2006 - 03:27 PM

Herk probably meant to state: Go into safe mode, open a command prompt and type "cd %temp%", then type del *.* and answer yes.

#7 chenue

chenue
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 01 April 2006 - 05:09 PM

Okay, after running the AdAware s/w about 7 times, it will not remove the following . . AlfaCleaner. It says it removes it, then I reboot and re-run AdAware, it just keeps coming back. I have moved on to install the SpyBot s/w and get current updates. I won't do anything for awhile.

#8 chenue

chenue
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 01 April 2006 - 07:06 PM

Spybot runs, cleans up alot, but can't seem to get rid of teslaplus.com, it says it does, but doesn't. The laptop has all the same symptoms in which I started off with. It also cannot get out to the internet in SAFE MODE ("Cannot allocate socket" message appears). I will continue on the list of recommendations.

#9 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:06:02 AM

Posted 01 April 2006 - 07:52 PM

I will re-recommend following the advice in post #3.
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#10 chenue

chenue
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 01 April 2006 - 09:06 PM

Step 5) HouseCall came up 100% clean and I am onto Stinger.

Step 6) Stinger when I execute it, states it is not current (searching for 55 viruses). It refers to go the same web-page as where I got this verison; yet it doesn't show a method to update to a more current version. I am running it anyway. . . It is quite the cpu hog, I will post the results in a little bit.

Step 7) Also I have the McAfee firewall installed and enabled

Step 8) Since I already have SP-2 installed, I will check for add'l updates. They have been on Auto-update forever, hope they have been working. I will post these results in a little bit as well

#11 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:05:02 AM

Posted 01 April 2006 - 09:09 PM

Are you selecting "Safe Mode with Networking"?

How long exactly have you been having this problem? Can you pinpoint the day it started?

If you can, try using system restore to return your system to a date before the problem began. That is exactly what it is designed to do.

programs or all programs (depending on which view you have selected), then accessories/system tools/system restore

Allow the System Restore Wizard to walk you through the procedure. Hopefully you will have a date that precedes the day the problem first began.

Save the Windows Updating until after the problem is resolved. Malware can seriously interact with Critical Updates and create additional problems.

Edited by Enthusiast, 01 April 2006 - 09:11 PM.


#12 chenue

chenue
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 01 April 2006 - 10:05 PM

I'll try SAFE MODE for Networks and the restore for an earlier date . . .

The problem has been around since 4:00 pm cst yesterday . . . I will try a windows restore.
For the record, Step 6) Stinger came up clean . . . Step 8) Failed on installing a windows security update KB905915 A cumalative Security update.

If it works, update McAfee, Windows and run the same spyware/adware/spybot all over again??

#13 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:05:02 AM

Posted 01 April 2006 - 10:22 PM

Try doing a System Restore from before the onset of the first problem you noticed if possible.

Then run all av and anti-malware scans again.

#14 chenue

chenue
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 01 April 2006 - 10:29 PM

The restore to the prior Sunday has the same problems. I guess I will move onto the High Jack log stuff.

#15 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:05:02 AM

Posted 01 April 2006 - 10:44 PM

Try the earliest restore date you have.

be aware though that it will reverse all updates and program modifications or additions.

Update all your anti-malware again if this is successful in resolving your problem and get Windows Updates you did during the period after the date on the system restore again - same for av ap and other antimalware aps.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users