8 steps problems, Java won't update

By phys
Feb 20, 2009
  1. I went through the 8 steps and things didn't get better. I was only able to run SuperAntiSpyware in Safe Mode. Otherwise my computer crashed part way through the scan every time. After this step I could not access any webpages unless I boot in Safe Mode. I tried to upgrade Java and it told me Administrator had set restrictions that prevent completing the installation. I was logged on as Administrator. Now I get an error that it can't update with current network settings.

    I got into all of this to try to fix a problem I had on startup. It repeatedly gave me a message of "logonui.exe Application error" and something about memory could not be written. Now I don't get that but I get a similar one about svchost.exe and memory can't be written. After I get logged in I continue to get Data Execution Prevention errors that force Logon UI to close.

    Help please!

    PS Upload fails on both the mbam-log and the SUPERAntiSpy logs. Should I copy them into this thread?
  2. mflynn

    mflynn TS Rookie Posts: 2,655

    In trouble again huh!

    OK do you not have MBAM and SAS installed from your other thread?

    IF so then update and post the logs. If you have the programs but can't update then run what you have.

    Let me know otherwise post the logs.

  3. phys

    phys TS Rookie Topic Starter Posts: 34

    I don't have another thread. This was my first ever post.

    I figured out why my uploads were failing so here are the two other logs.

    Thanks for the help.
  4. mflynn

    mflynn TS Rookie Posts: 2,655

    OK confused you with someone with a similar name and problem.

    Another run indicated!
    OK there were found/removed items in both MBAM and SAS so we need to run again as the first run likely exposed things that were not even seen the first time.

    So another run Quick Scan will likely find more. So UPDATE and run both again. Attach logs.

    Go into Control panel Add/remove programs and uninstall all Java. All!

  5. phys

    phys TS Rookie Topic Starter Posts: 34

    I'm working on removing Java. I get a message that "The Windows Installer Service could not be accessed..." I downloaded and installed WindowsXP-KB942288-v3-x86.exe to install Windows Installer 4.5. I still get the same error when trying to remove Java.
  6. mflynn

    mflynn TS Rookie Posts: 2,655

    OK so i know why you have a problem with Java. We will fix it later for now proceed with the Malware cleanup.

    Do the posts in the order presented so..

  7. phys

    phys TS Rookie Topic Starter Posts: 34

    I finally had a chance to redo the scans. Both still found things.

    SAS crashes my computer during a scan unless I'm in safe mode.

    I still get multiple svchost.exe memory errors before I can login unless I'm in safe mode.

    Previously I could only access the internet in safe mode and now I can't even do that. I moved these log files onto another computer to upload and post this.
  8. mflynn

    mflynn TS Rookie Posts: 2,655

    Well are you doing Step 3 of the Steps disabling other protections so they will not interfere with these scans?

    Disable protections for malware scans
    From the 8 Steps #3

    Turn off what you can if still problems continue in Safe mode.

    Another run indicated!
    OK there were found/removed items in MBAM so we need to run again as the first run likely exposed things that were not even seen the first time.

    So another run Quick Scan will likely find more. So UPDATE MBAM run again. Attach logs.

  9. phys

    phys TS Rookie Topic Starter Posts: 34

    Scans found nothing this time.

    I removed all live monitoring programs and SAS scans still crash unless I'm in safe mode.

    Still no internet access.

    Still can't remove Java.
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Please run HJT scan only, and then place a tick next to the following Malware entries
    Then select FIX

    I notice that you have Symantec installed (ie Norton)
    Norton is very heavy on system resource and usually faults under Virus infection (ironically)
    It is certainly the worst antivirus in my opinion.

    Here's what you should do (plus the above of course ;) )

    Uninstall Symantec (Norton) Antivirus
    Run the Norton Removal tool

    Install the much better Avira free AntiVirus. Then run a full antivirus scan

    Pretty sure your problems will be solved
    Note you can use Safe Mode with networking (by pressing F8 key before Windows startup)
    If Normal mode cannot be presently accessed (probably due to Norton)

    Let us know what Viruses Avira found and removed (actually a log would be good)
    And also how your system is performing from doing the above :grinthumb
  11. mflynn

    mflynn TS Rookie Posts: 2,655

    I agree!

  12. phys

    phys TS Rookie Topic Starter Posts: 34

    I ran HJT and fixed the two entries that you indicated.

    I tried to remove Symantec and I got the same Windows Installer error that prevented me from removing Java.

    NRT says it can't run until Symantec is removed.
  13. mflynn

    mflynn TS Rookie Posts: 2,655

    OK then this ought to do the job!

    Download Dial-A-Fix (DAF)

    Have XP CD available in case DAF needs a file.

    Check all boxes on the Opening screen (clear any restrictions if it shows any)
    Then click GO!

    When the entire page is finished click the HammerHead at bottom to go to the Second DAF page.

    Here 1 at a time do the below

    Flush DNS
    Flush Icons
    Process Idle Tasks
    Reinstall BITS
    Reinstall Windows Firewall
    Repair Permissions
    Watch for any File not found or other errors and make note as this may lead to the fix!

    Reboot retest first on NRT!

    If that works do the below to Install Java.
    1. Download and run the full offline java installer (watch and uncheck any toolbars offered):

    2. only after above ( I am assuming you had left overs from before and they need to be cleaned)

    Cleanup old Java and update to newest version this program will do it all for you.

    Download JavaRa

    Unzip it, run it, to update chose Jucheck (Suns updater)

    After update chose Cleanup old versions. Give it a minute and after it pops up the log file you will see what it removed.

    Then click "Additional tasks" and check "remove Useless JRE files and Remove JavaRa log files.

    After that run Search for Updates again to confirm you are up to date.
    After that run remove older versions again. This time the Log file should be empty.

  14. phys

    phys TS Rookie Topic Starter Posts: 34

    OK. I ran DAF and rebooted. I still got Windows Installer error.

    I reran DAF Windows Installer fix and didn't reboot.
    Now I was able to remove Symantec and run the NRT successfully.

    I ran the offline Java installer and used JavaRa to remove older versions.
    I now only have Java 6 update 11.

    I can't search for updates in JavaRa because I still can't access the internet.

    I also still get svchost.exe memory errors before login.
  15. mflynn

    mflynn TS Rookie Posts: 2,655

    Do this hopefully to repair Internet!

    Open SAS Click Preferences-Repairs
    Then counting down from top do the following entries

    Numbers 6, 8, 11, 12, 13, 15,18, 19, 20, 21, 22, 24, 25, 26 and 27!


    I am sorry Phys I thought we had already run the below.

    So do this..

    Download SDFix to Desktop.

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Attach the Report.txt file to your next post.
    Download ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here:
    Or here:

    Double click combofix.exe follow the prompts.

    Install Recovery Console if connected to the Internet!

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

  16. phys

    phys TS Rookie Topic Starter Posts: 34

    Done. Still no internet.

    IE prompts me to Diagnose Connection Problems.
    I get "Windows cannot troubleshoot your network connection because an error has occurred. Please try again."

    I tried to install Avira and got this message:

    The CRC sum of
    has been changed! This could be due to a virus!
    Do you want to shut down Setup?

    My only option seems to be click "OK."

    Sorry I hadn't seen all the stuff below "Sorry Phys"

    I'll try that now.
  17. mflynn

    mflynn TS Rookie Posts: 2,655

    OK continue with SDfix and ComboFix on my last post!

  18. phys

    phys TS Rookie Topic Starter Posts: 34

    I double click RunThis.bat and while "Checking Running Process.." I get a blue screen crash.
    (I think that's it, it is off screen to the left a bit.)

    Good news: I got no svchost.exe memory errors on startup.

    Bad news: I got a Data Execution Prevention error and it terminated
    Userinit Logon Application.
    I can't login. When I Cntrl/Alt/Del I get the same message about Task Manager.
    I power off with the button and get logonui.exe memory errors (10x).

    I was able to start up after this (with svchost.exe errors again).

    When I go into SDFix folder there are a lot of new files that weren't there before.
    I assume this is due to the partial run.
  19. mflynn

    mflynn TS Rookie Posts: 2,655

    Skip to ComboFix and run it.

    After attaching log do the below.

    Delete the SDFix folder containing the RunThis.

    Run the SDFix on the Desktop to reinstall that folder.

    Boot to safe Mode as it says and open SDFix folder and rename RunThis.bat to 12rt34.bat and execute that instead of RunThis.

  20. phys

    phys TS Rookie Topic Starter Posts: 34

    Ran Combofix. After Completed Stage_50 I get a blinking cursor.
    No log file that I can see. I swear I didn't click on the window!

    Ahh. Waited long enough and it rebooted.

    Here's the ComboFix log.

    SDFix still crashed after reinstalling and renaming RunThis.

    I'll be gone till later tonight. Thanks for the help.
  21. mflynn

    mflynn TS Rookie Posts: 2,655


    ComboFix usually don't do that.

    Run it again in Safe Mode!


    EDIT: Oh yes run it again it was loaded!

  22. phys

    phys TS Rookie Topic Starter Posts: 34

    ComboFix behaved exactly the same but with fewer deletions.
    It still rebooted after stage 50 and then gave me the log.

    I tried running SDFix again and it still crashed the same way.

    I'm going to be away from this machine until Monday. Thanks for the help so far.
  23. mflynn

    mflynn TS Rookie Posts: 2,655

  24. phys

    phys TS Rookie Topic Starter Posts: 34

    I'm running NMC and it is deleting dozens (thousands!) of *.exe that it says are infected with W32/Virut.BV.

    Some of these are programs that I need to keep. (Ones I've written for research.)
    Some of these programs have not been run in years.
    It looks like it is finding every *.exe.
    Is this really something that needs to be removed?
    It doesn't look like there is going to be anything left to run!

    It is even deleting a bunch of *.exe files for SAS and SDFix. Is that right?

    Finally. Number of infected files repaired/deleted: 2844

    This worries me. I didn't get any say on whether these files were deleted. Are they gone?

    I haven't clicked anything since the scan began. I'll wait for some feedback here first.
  25. mflynn

    mflynn TS Rookie Posts: 2,655

    Stop it!

    Have recently found out DrWeb can cure these!

    Go back to same place and get DrWeb.

    Then run from Safe Mode!

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...