Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Services Problem


  • Please log in to reply
3 replies to this topic

#1 Kevin17

Kevin17

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 14 June 2007 - 10:00 AM

Can you help ? Any advice gratefully received.....

I'm running a Dell Dimension XP Pro SP2
I was hit the other day by a variant of the Nurech virus, but believe I have removed the infection. HJT logs, etc, seem to show no problems, and clean up procedures recommended by anti-virus software forums have been followed, that is, all registry keys known to have been effected have been dealt with.

However, I have been left with a problem, and the symptoms are :

Drag and Drop doesn't work, Cut and Paste doesn't work
Print spooler won't start (1068 dependency error)
System restore : says it can't and please reboot, but reboot has no effect.
System denies I have a sound card, video card (presumably because the hardware detection service hasn't run)
Java doesn't work, IE6 can follow web links, etc

Cmd:services.msc list a number of services that seem to be not running (the failure of which generates the symptoms I am getting). They seem to need RPC running, but net start gives errors, saying it needs the RPC server running. Other services say access denied. I am suspicious about the DCOM launch service, but the registry entries seem to match recommended values. Is this a permissions problem I wonder ?

Others seem to have had a problem with a given service not running, and net start resolves it, but not in my case.

Any ideas ?

Thanks

BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:33 PM

Posted 14 June 2007 - 07:22 PM

Sometimes the cure will seem to be worse than the infection. What I suspect (if the viruses are completely gone) is that the repair has corrupted your Windows installation.

I'd suggest a couple of free double checks to ensure the infection is gone:
http://safety.live.com/
http://housecall.trendmicro.com/

Once that's done, then I'd suggest a repair install of XP: http://www.michaelstevenstech.com/XPrepairinstall.htm
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 Kevin17

Kevin17
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 15 June 2007 - 04:05 AM

Thanks for the advice. Tried what you suggested, no errors reported.

You were supposed to say "easy, just press the red fixit button on the back of the machine", but I can't seem to find that button !

However, I have now found that the virus modified a file called windows/inf/syssetup.pnf

Interestingly, this modification is not mentioned an any of the major anti-virus vendor sites, so I'm thinking that although these sites correctly identify which registry keys are affected, and correctly identify the components of the payload, they haven't found the full nature of the attack. A Google search on syssetup.pnf comes up with a few links, virus connected, and often on French pages, so perhaps this is a very recent variant of the virus. Any ideas on why the virus was messing with that file ? And if so, any ideas on why ? Would modifications to that file give me my symptoms ? I'm still interested in getting to the bottom of this....

I have already thought that a repair/reinstall is the solution, but ironically, I was intending to buy a new machine anyway, it has been on my to-do-list for a while, and this attack has forced my hand and made me buy a big huge powerful new one. Is this an example of a malicious virus having a beneficial effect ?

Regards

Kevin

#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:33 PM

Posted 15 June 2007 - 06:11 AM

The red fixit button on your system must've fallen off during shipment!

If you're not infected (those 2 scans would've told you) then the syssetup.pnf may not be infected. There's a site named jotti (or something similar) that you can submit the file to for scanning. Or, you can be bold and open the file with a text editor to see what's in it.

A new machine is good - now you've got 2! One to work with and one that you can play around with, without fear of breaking something and being without one. I'd suggest the repair install to see if that will fix the problem - and now that you've got a new system, you can just restore the old one to factory state and that'll remove the issue.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users