Resolved First a weird program error, than a memory error-now computer won't start

[gilbeady]

I'm completely inept when it comes to computers. I happened to be visiting my parents this past weekend and from the other room heard the sound of an error. When I went inside to look, there were a bunch of error messages on the screen. The first one was telling me that kjoria.exe has crashed- whatever that is. Then I got two errors for a program called dwm.exe. Then I started getting errors about my hard drive needing a defrag, then memory errors, and some peculiar scan started on my screen. Right away I shut it off, and rebooted in safemode.

I immediately assumed this was a virus, and started a virus scan. A few minutes into it, I happened to notice a folder in one of the hard drives that my parents had never seen before- full of numbers and a file cal
led something like mrstub, or mrtstub. After doing some research on that, I found that it was was something that placed itself in my system32 file, and was a virus. After deleting it from system32, and the other file it was in, I waited for the virus scan to finish. When it did over 75 objects which were infected were quarantined, but when I went to remove it told me some couldn't be removed. The ones that couldn't be removed were things that started with HKEY... and something else that i can not remember. After I removed, malware (my antivirus) told me to restart to make the changes permanent, and I haven't been able to start it up since (safe-mode or otherwise).

It will load up until the windows xp screen starts, and then just starts all over again. I wish I could include some of the specific numbers and letters involved in the memory errors, but when the weird scan started, I turned the computer off immediately before i could actually write anything down. Like I said I'm not really good with computers, but my parents are older and would be lost without their lottery numbers and bejeweled.

Any suggestions? Again- no one had been near this computer in over an hour when all hell broke loose. I was told to follow the eight-step sticky thing, but at this point in time the computer doesn't boot up at all, so downloading things wouldn't help. I saved all of the logs from the scan, but I can't get into the computer to access them or post them.

Thanks to anyone who can help me.

 

[Bobbye]

Welcome to TechSpot! I'll help you sort this out: It always makes me wonder why someone who readily admits he/she doesn't know what they're doing, starts deleting files or folders!

1. The process mrstub is for the Malicious Software Removal Tool Update Stub or mrtstub.exe or mrtstub.exe or Adobe AIR by Microsoft Corporation (www.microsoft.com).
   
2. dwm.exe is a Desktop Window Manager from Microsoft Corporation belonging to Microsoft® Windows® Operating System. It is responsible for the graphical effects in Microsoft Windows Vista operating system such as 3D effects, live windows previews and windows transparencies.
   
3. You mentioned Windows XP. But dwm.exe belongs to Vista.
   
4. These need to be specific:
   [o]"errors about my hard drive needing a defrag"> specifically what did the error say?
   [o]" then memory errors"> specifically what did the errors say?
   [o]"some peculiar scan started on my screen." Like what?
   
5. You ran some virus scan that said there were " 75 objects which were infected were quarantined, but when I went to remove it told me some couldn't be removed."
   [o] If it was quarantined, why were you trying to remove it?
   [o] "The ones that couldn't be removed were things that started with HKEY" These are Registry entries. Please stay out of the Registry!
   [o]" and something else that i can not remember." ????

Specifically, what happens when you try to do this now?
Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

I would caution you not to do anything else to the system. I will try to help you if I can get enough information to know what the problem is.
================================
For your information: There are several rogue error fix malware programs active now. The program gives 'alerts' to errors that do no actually exist. The scam of it is to get the user to click on a site to get the program to fix these 'non-existent' problems.($$$)

Sometimes, it's much better to do nothing until you know what the real problem is!

 

[gilbeady]

I realize it seemed ridiculous that I removed the mrtstub program, but I only did so after I read about what it probably was online, and then scanned it individually with my malware anti-malware program, to find that it was a malicious threat (can't remember exact term). In addition, the computer was exhibiting a lot of the symptoms that other people with a similar issue with this trojan were experiencing. For instance, the last time I visited, I noticed the malware anti-malware wasn't opening with start-up, and every time I opened it, it'd close immediately. Most importantly, it was the fact that this mrtstub was installed into a hard drive that my parents barely used, in a folder that was created on April 27th. The folder name was random letters and numbers. When I asked about it, both who are even more computer illiterate than myself, had no idea.

I have absolutely no idea why that dwm.exe error came up, it's Windows XP w/ Service Pack 2. I'd never seen it before, I'd never seen the error for kjoria.exe either, and have no clue what it could be.


4.These need to be specific:

As far as specifics, I mentioned before that I wasn't able to write down much because the computer started going haywire suddenly, so I shut it off immediately to restart in safe mode. I did manage with a pen to write down two random things.


[o]"errors about my hard drive needing a defrag"> specifically what did the error say? : There were so many errors that I was only able to write a bit of what was there. The system has detected a problem with one or more hard drives (There are three in the computer). On this paper with my crazy notes I see that I wrote system diagnostic utility, and I think it may have applied to the hard drive error (I believe it told me to run it, which I planned to do after the virus scan).

[o]" then memory errors"> specifically what did the errors say?
I received more than one memory error, but the only one that I was actually aple to write down was 0x85d7ee9c referenced memory could not be read.

[o]"some peculiar scan started on my screen." Like what? The scan was not something I recogized. In the past, I've gotten virus' that redirected me to places that scan my computer for free- but this popped up while nothing was opened, and I was in the process of trying to write down the errors I was getting so that I could look it all up on my laptop. It said something like scanning for spyware- but it wasn't a program that had previously existed in the computer.

5.You ran some virus scan that said there were " 75 objects which were infected were quarantined, but when I went to remove it told me some couldn't be removed."
[o] If it was quarantined, why were you trying to remove it? My malware quarantine's and then gives me the option to ignore or delete. I tried to delete, that is when it told me it coudln't remove it.

[o] "The ones that couldn't be removed were things that started with HKEY" These are Registry entries. Please stay out of the Registry! I don't even know where the registry to even try to get into it.

[o]" and something else that i can not remember." Another quarantined virus that it coudln't remove- I can't remember what it was. I restarted thinking that I could access the logs that I saved, but it never started again.

Specifically, what happens when you try to do this now?
Boot into Safe Mode
•Restart your computer and start pressing the F8 key on your keyboard.
•Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

I have tried to boot into safe mode. When I do, the computer starts to boot, then once the Windows XP logo comes up, it just takes me back to the first boot screen again and starts all over again. After the second time it asks me if I want to reboot in safe mode w/ or w/out networking, or last known windows comfiguration. No matter what option I pick, it never gets passed the Windows XP logo before it begins to reboot.

In the mean time I've set them up with a different computer and will be taking this one home to work on- though I won't do anything else, so I don't make anything even worse.

I would caution you not to do anything else to the system. I will try to help you if I can get enough information to know what the problem is.
================================
For your information: There are several rogue error fix malware programs active now. The program gives 'alerts' to errors that do no actually exist. The scam of it is to get the user to click on a site to get the program to fix these 'non-existent' problems.($$$)

Sometimes, it's much better to do nothing until you know what the real problem is!

 

[Bobbye]

As I mentioned, you may be another victim of one of the rogue error malware programs.

As far as I know, all antivirus programs have the option to delete an entry after it has been quarantined. But if an entry has actually been quarantined, then it should not be active in the system any longer. You have indicated that there was a Registry entry involved. A known problem for almost any AV program is finding a False Positive> if the user deletes it before making sure it is really not malware, then the situation has been compounded.

Do you have the operating system CD? You my have to boot from the recovery console to get in.
1. Boot from XP CD
2. Enter 'R for the Recovery Console
3. In the recovery console> type bootcfg /rebuild. Note space after bootcfg before the /
4. At the C:WINDOWS prompt, enter Y (yes,no,all) for
5.For Load identifier> Enter XP SP3
6. Enter load options: /fastdetect /NoExecute=OptIn
7. Enter: exit

Hopefully, the system will reboot without the 'Safe Mode loop'. Repairs can continue if needed.
=============================
When going in to Safe Mode, are you doing that the way I gave you? Some users try a different way using safeboot instead and then get stuck in it.

What antivirus program did you use?

 

[gilbeady]

I'm going to see about finding the recovery cd. Honestly, this computer is so old don't even know if they'd know where to look.

Thank you for all your help!

 

[Bobbye]

Okay- let me know. IF you can't find it, I may be able to have you burn a boot disc. Please tell me how old is so old!