Icon in Tool Bar Indicating Infection - But Now Can't Access Desktop

By lawtyger
Jan 3, 2008
Topic Status:
Not open for further replies.
  1. Hello,

    Last night when I started/reboot my computer I got an icon in the system tray that is red with an explanation mark indicating my computer may be infected. After running my basic Norton Antivirus and the icon still there I did some internet searches and found this site and a few posts that mentioned the same problem.

    One post said to follow the steps here first [NOTE I TRIED TO PUT THE LINK TO THE STICKY WITH THE STEPS BUT IT SAID I CAN'T POST A URL UNTIL I HAVE 3 POSTS] , so I attempted to do this by starting with a scan of my computer using Trend Micro Housecall. The scan finally stopped around midnight so I thought I'd pick up with trying to fix the issues this evening after work. When I started my computer I noticed while it was starting that Nortin Antivirus popped up two boxes in the bottom right of the screan. Each box mentioned blocking a trojan but they didn't say up longer enough for me to grab something to write with.

    Thus, I grabbed a pen, came back, and restarted the computer with the intent of writing exactly what it said. BUT, now when the computer starts, it just goes to my desktop with NO icons, task bar, etc. All I see is my background picture and the mouse cursor. I've waited over thirty minutes a few different time but the icons never appear (and actually the screen saver that is set for 30 minutes actually comes on).

    Point being, I wanted to follow the steps in the thread with the intent of posting a log as others have done but I can't access anything now. I'm am sorry about this, and unfortunately, I a beginner when it comes to this level of computer knowlege. Fortunately I have a desktop and can access the forum via it.

    Does anyone know how I can get the computer back to a state where I can troubleshoot it as listed in the thread sited above and/or post logs for review?

    I'm running windows XP and it is a Gateway Notebook. Unfortuantely I can't access it to tell you what service pack (the desktop I'm typing on now is Service Pack 2 but I guess that is pointless knowlege for the notebook with the problem).

    Thank you.
  2. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Hi lawtyger and welcome TechSpot

    Firstly, we need to get your desktop back !

    Here's the first option
    Press Ctrl + Alt + Del keys together from your keyboard
    Hopefully Task Manager Opens
    If so click on File -> New Task Run and type in
    explorer.exe
    Ok
    I hope that you can now see all your Desktop
    If Not Read On

    Here's the second option
    You will need to Start your computer with the last known good configuration
    This can be done by repeatedly pressing the F8 key during Windows startup
    Then selecting last known good configuration (you should also notice Safe Mode)

    How did the innitial steps go ?
  3. lawtyger

    lawtyger Newcomer, in training Topic Starter Posts: 60

    First, thanks for responding so quickly.

    Actually, I had already tried your second option without success.

    I just tried your first option typing explorer.exe and the icons popped back up BUT oddly enough the icons (everything previously on my desktop) appears but only stays up for 12 seconds. Then, they disappear again for 5 seconds. This happens over and over again.

    The next odd thing is if I open a folder on my desktop (i.e. with some pictures in it) or Windows Explorer it will open but when the icons all disappear again, and then reappear, the folder or Windows Explorere is no longer open.

    BUT, I opened Notepad and Outlook (tyring to open a "program" instead) both of these stay open. The icons disappear and then reappear, but Notepad and Outlook both stay on the screen until I actually close them.
  4. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Using your Xp CD

    You have three choices !

    Check Disk
    chkdsk c: /R

    Restore
    c:\windows\system\restore\rstrui.exe
    Reference Here:
    http://support.microsoft.com/kb/279736

    Repair
    Microsoft's Windows XP Professional Repair Install step by step
    http://www.windowsxpprofessional.windowsreinstall.com/installxpcdrepair/part3.htm
    Microsoft's Windows XP Home Repair Install step by step
    http://www.windowsxphome.windowsreinstall.com/installxpcdrepair/part3.htm

    I must step out for a while (about 7Hrs !)
    Goodluck !
  5. lawtyger

    lawtyger Newcomer, in training Topic Starter Posts: 60

    I'm sure you already stepped out, but just in case. . . .

    do any of the 3 result in loss of all data? I'd like to avoid that option first.

    Also, the system restore link you provided seemed to apply to ME. Does it work for XP also?
  6. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  7. lawtyger

    lawtyger Newcomer, in training Topic Starter Posts: 60

    I am trying the XP Home Repair Option.

    All went fine until it rebooted to the installing XP screen that has the five dots (collecting information, dynamic update, preparing installation, installing windows, and finalizing installation).

    I looks like the screen when into the safe mode view (you know where the boxes look big and the icom larger) and a gray box says:

    Fatal Error

    An error has been encountered that prevents Setup from continuing.

    One of the components that Windows needs to continue setup could not be installed.

    Data error (cyclic redunndancy check).

    If you are installing from a CD, there might be a problem with he disc; try cleaning the disc or using another disc.

    If you are installing from the network, it is possible that not all of the files were copied correctly to your disk drive. Run the disk checking utility on your instlallation drive from the Recovery Console and start setup again.

    Press OK to view the Setup log file.

    ____________________________________

    The log indicates:

    Warning: Setup failed to GerUserProfileDirFromSid. (Get UserProvileFirFromSid failed 2)

    Warning: Setup failed to get user profile directory. (SystemMyGer UserProfileDirectory failed 2)

    Warning:
    Setup failed to update server profile directory.

    Warning:
    Setup failed to update user(s) profiles. (Update ServerProfileDirectory failed 2)

    Error:
    Installation Failed: E:\I386\asms. Error Mesage : Data error 9cyclic redundancy check)

    _____________________________________________________

    Then the first message above I typed appears. It tells me to close, I did and the computer reboots and it says setup is being restarted. . . .

    and now it is back to the window I got the error on before with "installing windows" in red and the green dots blinking on the bottom right. It appears to be continuing the setup and is now down to 36 minutes and says 'installing devices."
  8. lawtyger

    lawtyger Newcomer, in training Topic Starter Posts: 60

    Just finihsed the repair but the problem still exists. I can only get the icons to show when I type explorer.exe as you previously advised me to do. Now however, the icons only come up once for about 12 seconds. After that they disappear. If I want to see them again, I have to retype the explorer.exe command again.

    I also seem to age an error message that says:

    explorer.exe - Entry Point Not Found The procedure entry point EncodePointer could not be located in th edynamic link library Kerne32.dll

    Actually, now when it turns off after 12 seconds, the above error appears. If I hit o.k., the icons disappear and come back on 5 seconds later with the error message again.
  9. lawtyger

    lawtyger Newcomer, in training Topic Starter Posts: 60

    I've also now tried the above restore fix, but it indicates "There are no restore points available." Earlier I had tried to restore from safe mode and the only restore point was today at around 6:00 and which didn't change anything.
  10. lawtyger

    lawtyger Newcomer, in training Topic Starter Posts: 60

    I'm running the chkdsk c:/R you mentioned.

    In the meantime, I did a google search and found some other descriptions of what I'm experiencing. Here's what it said:

    ________________

    Symptom: At every boot the desktop is empty, and the only way to launch a program is through the task manager window.
    The infection is detected as 'Adware.Dynamic', published by Dynamic Desktop Media.
    Its an 'adware' prg requirin manual installation.

    Heard of its contractions via trinsic.org, cracks.am & cerials.net (they belong to the same ring i think)
    (Sheesh! risky biz :p )

    Symantec has identified it, but liveupdate (presently) doesnt detect sysu.exe, it detects as yet only Msbb.exe (Adware.Ncase) Optimize.exe (Adware.NetOptimizer) Winpup.exe (Adware.Winpup)

    Adaware doesnt detect it yet either.


    Anyways, so to get rid of it nicks' manual method is to b done.
    But have to be careful to also clean the comps registry as well.

    To get the os to continue boot upon the suspension...
    a)hit ctrl+alt+del, check the processes running
    b)end the process sysu.exe

    Thats the easy part, now for gettin rid of it permanently (& >>safely<<),
    i found a neat summary for that at one site...

    1) Ctrl+alt+delete and identify sysu.exe in the processes list.
    2) Close it, and go to C:\Program Files.
    3) Locate the folder ddm and delete it.
    4) Click on start > run and type in regedit.
    5) Under HKEY_LOCAL_MACHINE > SOFTWARE remove the folder ddm.
    6) Click on start > run and type in msconfig.
    7) Click on the right-most tab labeled startup.
    8) Scroll down and locate an entry with no command line.
    9) Uncheck the box and apply all changes.
    10) Reset your computer, check the checkbox for a window that comes up
    saying you changed startup settings.
    11) Enjoy, and spread the word.

    IMP: dont forget to backup ur registry first, just in case!!

    This shud do the trick, till ofcourse there is a patch released to deal with it.

    I think sysu.exe particularly is a mistake, cos by not lettin the comp boot, it itself overtakes the primary function of a adware. Well atleast thats wat it seems to be.

    Anyways, hope all this proves somewat useful

    ||CheTaN||

    eof()

    __________________________

    There also appears to be discussion here:

    http://geekatwork.net/blog/index.php?p=126

    As soon as disk check gets done I'll see if I can see any processes running to stop.
  11. lawtyger

    lawtyger Newcomer, in training Topic Starter Posts: 60

    Disk Check is finally done.

    I do not see an sysu.exe in my Window Task Manager processes, unfortuantely.
     
  12. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Ram faulty ?
  13. lawtyger

    lawtyger Newcomer, in training Topic Starter Posts: 60

    I'm not sure what that means.

    It definitely sounds like the issue that the others were having I posted above and at that link. If I could just get the desktop to stay on long enough for me to copy a few important folders I wouldn't mind just completely reinstalling windows.

    Here's what is in my Windows Task Manager "Processes":

    taskmagr.exe
    alg.exe
    WgaTray.exe
    spoolsv.exe
    symlcsvc.exe
    svchost.exe (there one saying local service, one saying network service and three saying system)
    msiexec.exe
    AppSvc32.exe
    lsass.exe
    services.exe
    winlogon.exe
    csrss.exe
    smss.exe
    PRISMXL.SYS
    LxrSii1s.exe
    AluSchedulerSvc.exe
    System
    System Idle Process (this is the only one that has an number under CPU - it says 99. The others say 0)

    Again, the above supposed fix seems to indicate there is something in the processes that if stopped, will fix this for enough time to try to solve any other issues. But, I don't see the "sysu.exe" that is mentioned.

    Anything else look suspcious or look like something I should "end process" on?
  14. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    All tasks Ok
    You had a USB (flash drive I think) loaded as well, but still OK

    The "Ram" issue I was mentioning because Windows wouldn't repair but now has.

    As I'm concerned about Virus / Malware present, I feel it would be ideal if you happened to have another computer. So as to plug your Hard Drive in as Slave, to run a full updated scan.
    Or even a full backup !

    Is that an option for you ?
  15. lawtyger

    lawtyger Newcomer, in training Topic Starter Posts: 60

    I actually brought the computer and retore disc to work today.

    The problem I am having is on my laptop but I do have a desktop at home. Is it even possible to hook the laptop harddrive to the desktop?
  16. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  17. lawtyger

    lawtyger Newcomer, in training Topic Starter Posts: 60

    I take it that to do this I have to buy this adapter. While my laptop does have some information that I would rather not lose, I'm not sure it is of such importance that I need to buy the adapter and wait for it's arrival.

    Assuming that I do not want to make the purchase, do you feel my next option is a clean install? I assume that is also the one method that will make sure my system is clean?
  18. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Well a clean istall cures all ! Except for hardware faults

    At least you will know if it is hardware or software

    By the way that converter is a good idea (and cheap) for future backups
    There are thousands on the web and ebay - also different types, but I like that one.

    Your choice if you want to go Clean that is fully blow away your current partition and Restore completely.
    Are you sure nothing requires backing up ?
  19. lawtyger

    lawtyger Newcomer, in training Topic Starter Posts: 60

    I guess my thinking is this. . . it definitely sounds like a good idea to reinstall because even if I get the icons back I have no clue how infected my computer really is. Thus, the reinstall could be a welcomed fresh start.

    I didn't realize how cheap the adapter was. What I'm wondering is my desktop already has to harddrives in it. I know there was a third plug on the ribbon though. Would that third plug be what I would plug into or would I have to remove one of my desktop's hard drives temporarily?
  20. lawtyger

    lawtyger Newcomer, in training Topic Starter Posts: 60

    Do you mind if I ask you one other question related to avoiding a loss of data problem in the future?

    As I said, I have both a laptop and a desktop. The desktop has two hard drives (a Seagate 160 GB and a Seagate 200 GB).

    Regarding the Desktop:
    - One of the Seagate hard drives came with "Bounceback Express." When my desktop harddrive recently was damaged and the reinstall of XP wouldn't even reformat it, I bought the new Seagate hard drive to replace it. But, I had to reinstall XP from scratch and then ended up having to pull files, pictures, etc. from the backup drive and put them on the new hard drive where Windows XP was reinstalled. Of course, I lost a lot of programs which had to be reinstalled and I'm still working the bugs out on.
    - I guess my question is, it seemed liked Bounceback Express. . . well kind of sucked. I thought when I ran it it would create an image of my XP and I could just access the backup and get my old XP and programs back running. But, unless I missed it, Bounceback Express doesn't have this option.

    So, what is the best way for me to not only backup my data but also my XP configuration, etc. so that if in the future my master drive fails completely again, all I have to do is access the backup drive and somehow get XP back on the new hard drive exactly how it was before the hard drive failure.

    Regarding the laptop:
    - I guess the same question applies. I would just need to get the adapter you mentioned (or buy and external harddrive for backup purposes). Then, if the hard drive failed on the laptop, I could just buy another hard drive and then access the backup I made of XP and its settings and programs before the crash and be immediately back in business without having to reinstall all the programs from scratch.

    I hope this makes sense. I guess I'm saying is there a way I can restore not only my files, but XP and my OS as it was based on the last backup?
  21. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    I use Ghost to image all my harddrives onto external DVD.

    Once your Windows is installed, including all drivers
    All MS security updates are complete
    Adobe Reader; Flash Reader; and possibly Office is fully installed
    The computer has been optimized (in startups; registry; Windows)
    Defrag has been fully complete
    I then Ghost image the entire Hard Drive to a bootable DVD

    Returning from DVD to the HardDrive takes about 20mins

    There are others, other than Ghost
    Acronis True Image
    Drive Image
    PartImage

    Actually lots more, there may be more replies to Drive imaging software
    But this is what you need to do - create a backup drive image
  22. lawtyger

    lawtyger Newcomer, in training Topic Starter Posts: 60

    Just to update you, I was able to get all my data off the laptop. Strangely enough, leaving the box up that asks if you want to continue working offline actually left all the icons up. I then sent things to my flash drive and also send larger items (music) to be burned on a DVD. I was very happy I left that box open. When you close that box, then its back to the icons appearing and disappearing and not being able to transfer anything.
  23. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Before returning the backup, make sure you fully scan for Virus and spyware

    Please continue to supply updates as you progress along
  24. lawtyger

    lawtyger Newcomer, in training Topic Starter Posts: 60

    I don't know if I needed to do this, but I went ahead and quick formatted.
  25. lawtyger

    lawtyger Newcomer, in training Topic Starter Posts: 60

    this may sound odd, but is it possible to cancel a reinstall when you are still at the "installing windows" screen and it still says 39 minutes left.

    I just realized I used my Desktop's recovery disc from my older computer. I have in my hand now the System Recovery disc for the laptop.

    Update - Alright, the setup actually stopped on its own saying it could not continue due to an I/O error? I thought I'd be able to start over but when the computer restarts (even with the new XP startup disc in there) it trying to start the installation again and asks for the first disc I had stuck in.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.