Icon in Tool Bar Indicating Infection - But Now Can't Access Desktop

Status
Not open for further replies.

lawtyger

Posts: 51   +0
Hello,

Last night when I started/reboot my computer I got an icon in the system tray that is red with an explanation mark indicating my computer may be infected. After running my basic Norton Antivirus and the icon still there I did some internet searches and found this site and a few posts that mentioned the same problem.

One post said to follow the steps here first [NOTE I TRIED TO PUT THE LINK TO THE STICKY WITH THE STEPS BUT IT SAID I CAN'T POST A URL UNTIL I HAVE 3 POSTS] , so I attempted to do this by starting with a scan of my computer using Trend Micro Housecall. The scan finally stopped around midnight so I thought I'd pick up with trying to fix the issues this evening after work. When I started my computer I noticed while it was starting that Nortin Antivirus popped up two boxes in the bottom right of the screan. Each box mentioned blocking a trojan but they didn't say up longer enough for me to grab something to write with.

Thus, I grabbed a pen, came back, and restarted the computer with the intent of writing exactly what it said. BUT, now when the computer starts, it just goes to my desktop with NO icons, task bar, etc. All I see is my background picture and the mouse cursor. I've waited over thirty minutes a few different time but the icons never appear (and actually the screen saver that is set for 30 minutes actually comes on).

Point being, I wanted to follow the steps in the thread with the intent of posting a log as others have done but I can't access anything now. I'm am sorry about this, and unfortunately, I a beginner when it comes to this level of computer knowlege. Fortunately I have a desktop and can access the forum via it.

Does anyone know how I can get the computer back to a state where I can troubleshoot it as listed in the thread sited above and/or post logs for review?

I'm running windows XP and it is a Gateway Notebook. Unfortuantely I can't access it to tell you what service pack (the desktop I'm typing on now is Service Pack 2 but I guess that is pointless knowlege for the notebook with the problem).

Thank you.
 
Hi lawtyger and welcome TechSpot

Firstly, we need to get your desktop back !

Here's the first option
Press Ctrl + Alt + Del keys together from your keyboard
Hopefully Task Manager Opens
If so click on File -> New Task Run and type in
explorer.exe
Ok
I hope that you can now see all your Desktop
If Not Read On

Here's the second option
You will need to Start your computer with the last known good configuration
This can be done by repeatedly pressing the F8 key during Windows startup
Then selecting last known good configuration (you should also notice Safe Mode)

How did the innitial steps go ?
 
First, thanks for responding so quickly.

Actually, I had already tried your second option without success.

I just tried your first option typing explorer.exe and the icons popped back up BUT oddly enough the icons (everything previously on my desktop) appears but only stays up for 12 seconds. Then, they disappear again for 5 seconds. This happens over and over again.

The next odd thing is if I open a folder on my desktop (i.e. with some pictures in it) or Windows Explorer it will open but when the icons all disappear again, and then reappear, the folder or Windows Explorere is no longer open.

BUT, I opened Notepad and Outlook (tyring to open a "program" instead) both of these stay open. The icons disappear and then reappear, but Notepad and Outlook both stay on the screen until I actually close them.
 
Using your Xp CD

You have three choices !

Check Disk
chkdsk c: /R

Restore
c:\windows\system\restore\rstrui.exe
Reference Here:
http://support.microsoft.com/kb/279736

Repair
Microsoft's Windows XP Professional Repair Install step by step
http://www.windowsxpprofessional.windowsreinstall.com/installxpcdrepair/part3.htm
Microsoft's Windows XP Home Repair Install step by step
http://www.windowsxphome.windowsreinstall.com/installxpcdrepair/part3.htm

I must step out for a while (about 7Hrs !)
Goodluck !
 
I'm sure you already stepped out, but just in case. . . .

do any of the 3 result in loss of all data? I'd like to avoid that option first.

Also, the system restore link you provided seemed to apply to ME. Does it work for XP also?
 
I am trying the XP Home Repair Option.

All went fine until it rebooted to the installing XP screen that has the five dots (collecting information, dynamic update, preparing installation, installing windows, and finalizing installation).

I looks like the screen when into the safe mode view (you know where the boxes look big and the icom larger) and a gray box says:

Fatal Error

An error has been encountered that prevents Setup from continuing.

One of the components that Windows needs to continue setup could not be installed.

Data error (cyclic redunndancy check).

If you are installing from a CD, there might be a problem with he disc; try cleaning the disc or using another disc.

If you are installing from the network, it is possible that not all of the files were copied correctly to your disk drive. Run the disk checking utility on your instlallation drive from the Recovery Console and start setup again.

Press OK to view the Setup log file.

____________________________________

The log indicates:

Warning: Setup failed to GerUserProfileDirFromSid. (Get UserProvileFirFromSid failed 2)

Warning: Setup failed to get user profile directory. (SystemMyGer UserProfileDirectory failed 2)

Warning:
Setup failed to update server profile directory.

Warning:
Setup failed to update user(s) profiles. (Update ServerProfileDirectory failed 2)

Error:
Installation Failed: E:\I386\asms. Error Mesage : Data error 9cyclic redundancy check)

_____________________________________________________

Then the first message above I typed appears. It tells me to close, I did and the computer reboots and it says setup is being restarted. . . .

and now it is back to the window I got the error on before with "installing windows" in red and the green dots blinking on the bottom right. It appears to be continuing the setup and is now down to 36 minutes and says 'installing devices."
 
Just finihsed the repair but the problem still exists. I can only get the icons to show when I type explorer.exe as you previously advised me to do. Now however, the icons only come up once for about 12 seconds. After that they disappear. If I want to see them again, I have to retype the explorer.exe command again.

I also seem to age an error message that says:

explorer.exe - Entry Point Not Found The procedure entry point EncodePointer could not be located in th edynamic link library Kerne32.dll

Actually, now when it turns off after 12 seconds, the above error appears. If I hit o.k., the icons disappear and come back on 5 seconds later with the error message again.
 
kimsland said:
The data will be intact

The ME link: Damn must have given that out lots of times without noticing that
Here's the real link
http://support.microsoft.com/kb/304449/en-us

I've also now tried the above restore fix, but it indicates "There are no restore points available." Earlier I had tried to restore from safe mode and the only restore point was today at around 6:00 and which didn't change anything.
 
I'm running the chkdsk c:/R you mentioned.

In the meantime, I did a google search and found some other descriptions of what I'm experiencing. Here's what it said:

________________

Symptom: At every boot the desktop is empty, and the only way to launch a program is through the task manager window.
The infection is detected as 'Adware.Dynamic', published by Dynamic Desktop Media.
Its an 'adware' prg requirin manual installation.

Heard of its contractions via trinsic.org, cracks.am & cerials.net (they belong to the same ring i think)
(Sheesh! risky biz :p )

Symantec has identified it, but liveupdate (presently) doesnt detect sysu.exe, it detects as yet only Msbb.exe (Adware.Ncase) Optimize.exe (Adware.NetOptimizer) Winpup.exe (Adware.Winpup)

Adaware doesnt detect it yet either.


Anyways, so to get rid of it nicks' manual method is to b done.
But have to be careful to also clean the comps registry as well.

To get the os to continue boot upon the suspension...
a)hit ctrl+alt+del, check the processes running
b)end the process sysu.exe

Thats the easy part, now for gettin rid of it permanently (& >>safely<<),
i found a neat summary for that at one site...

1) Ctrl+alt+delete and identify sysu.exe in the processes list.
2) Close it, and go to C:\Program Files.
3) Locate the folder ddm and delete it.
4) Click on start > run and type in regedit.
5) Under HKEY_LOCAL_MACHINE > SOFTWARE remove the folder ddm.
6) Click on start > run and type in msconfig.
7) Click on the right-most tab labeled startup.
8) Scroll down and locate an entry with no command line.
9) Uncheck the box and apply all changes.
10) Reset your computer, check the checkbox for a window that comes up
saying you changed startup settings.
11) Enjoy, and spread the word.

IMP: dont forget to backup ur registry first, just in case!!

This shud do the trick, till ofcourse there is a patch released to deal with it.

I think sysu.exe particularly is a mistake, cos by not lettin the comp boot, it itself overtakes the primary function of a adware. Well atleast thats wat it seems to be.

Anyways, hope all this proves somewat useful

||CheTaN||

eof()

__________________________

There also appears to be discussion here:

http://geekatwork.net/blog/index.php?p=126

As soon as disk check gets done I'll see if I can see any processes running to stop.
 
Disk Check is finally done.

I do not see an sysu.exe in my Window Task Manager processes, unfortuantely.
 
I'm not sure what that means.

It definitely sounds like the issue that the others were having I posted above and at that link. If I could just get the desktop to stay on long enough for me to copy a few important folders I wouldn't mind just completely reinstalling windows.

Here's what is in my Windows Task Manager "Processes":

taskmagr.exe
alg.exe
WgaTray.exe
spoolsv.exe
symlcsvc.exe
svchost.exe (there one saying local service, one saying network service and three saying system)
msiexec.exe
AppSvc32.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
PRISMXL.SYS
LxrSii1s.exe
AluSchedulerSvc.exe
System
System Idle Process (this is the only one that has an number under CPU - it says 99. The others say 0)

Again, the above supposed fix seems to indicate there is something in the processes that if stopped, will fix this for enough time to try to solve any other issues. But, I don't see the "sysu.exe" that is mentioned.

Anything else look suspcious or look like something I should "end process" on?
 
All tasks Ok
You had a USB (flash drive I think) loaded as well, but still OK

The "Ram" issue I was mentioning because Windows wouldn't repair but now has.

As I'm concerned about Virus / Malware present, I feel it would be ideal if you happened to have another computer. So as to plug your Hard Drive in as Slave, to run a full updated scan.
Or even a full backup !

Is that an option for you ?
 
I actually brought the computer and retore disc to work today.

The problem I am having is on my laptop but I do have a desktop at home. Is it even possible to hook the laptop harddrive to the desktop?
 
I take it that to do this I have to buy this adapter. While my laptop does have some information that I would rather not lose, I'm not sure it is of such importance that I need to buy the adapter and wait for it's arrival.

Assuming that I do not want to make the purchase, do you feel my next option is a clean install? I assume that is also the one method that will make sure my system is clean?
 
Well a clean istall cures all ! Except for hardware faults

At least you will know if it is hardware or software

By the way that converter is a good idea (and cheap) for future backups
There are thousands on the web and ebay - also different types, but I like that one.

Your choice if you want to go Clean that is fully blow away your current partition and Restore completely.
Are you sure nothing requires backing up ?
 
I guess my thinking is this. . . it definitely sounds like a good idea to reinstall because even if I get the icons back I have no clue how infected my computer really is. Thus, the reinstall could be a welcomed fresh start.

I didn't realize how cheap the adapter was. What I'm wondering is my desktop already has to harddrives in it. I know there was a third plug on the ribbon though. Would that third plug be what I would plug into or would I have to remove one of my desktop's hard drives temporarily?
 
Do you mind if I ask you one other question related to avoiding a loss of data problem in the future?

As I said, I have both a laptop and a desktop. The desktop has two hard drives (a Seagate 160 GB and a Seagate 200 GB).

Regarding the Desktop:
- One of the Seagate hard drives came with "Bounceback Express." When my desktop harddrive recently was damaged and the reinstall of XP wouldn't even reformat it, I bought the new Seagate hard drive to replace it. But, I had to reinstall XP from scratch and then ended up having to pull files, pictures, etc. from the backup drive and put them on the new hard drive where Windows XP was reinstalled. Of course, I lost a lot of programs which had to be reinstalled and I'm still working the bugs out on.
- I guess my question is, it seemed liked Bounceback Express. . . well kind of sucked. I thought when I ran it it would create an image of my XP and I could just access the backup and get my old XP and programs back running. But, unless I missed it, Bounceback Express doesn't have this option.

So, what is the best way for me to not only backup my data but also my XP configuration, etc. so that if in the future my master drive fails completely again, all I have to do is access the backup drive and somehow get XP back on the new hard drive exactly how it was before the hard drive failure.

Regarding the laptop:
- I guess the same question applies. I would just need to get the adapter you mentioned (or buy and external harddrive for backup purposes). Then, if the hard drive failed on the laptop, I could just buy another hard drive and then access the backup I made of XP and its settings and programs before the crash and be immediately back in business without having to reinstall all the programs from scratch.

I hope this makes sense. I guess I'm saying is there a way I can restore not only my files, but XP and my OS as it was based on the last backup?
 
I use Ghost to image all my harddrives onto external DVD.

Once your Windows is installed, including all drivers
All MS security updates are complete
Adobe Reader; Flash Reader; and possibly Office is fully installed
The computer has been optimized (in startups; registry; Windows)
Defrag has been fully complete
I then Ghost image the entire Hard Drive to a bootable DVD

Returning from DVD to the HardDrive takes about 20mins

There are others, other than Ghost
Acronis True Image
Drive Image
PartImage

Actually lots more, there may be more replies to Drive imaging software
But this is what you need to do - create a backup drive image
 
Just to update you, I was able to get all my data off the laptop. Strangely enough, leaving the box up that asks if you want to continue working offline actually left all the icons up. I then sent things to my flash drive and also send larger items (music) to be burned on a DVD. I was very happy I left that box open. When you close that box, then its back to the icons appearing and disappearing and not being able to transfer anything.
 
Before returning the backup, make sure you fully scan for Virus and spyware

Please continue to supply updates as you progress along
 
this may sound odd, but is it possible to cancel a reinstall when you are still at the "installing windows" screen and it still says 39 minutes left.

I just realized I used my Desktop's recovery disc from my older computer. I have in my hand now the System Recovery disc for the laptop.

Update - Alright, the setup actually stopped on its own saying it could not continue due to an I/O error? I thought I'd be able to start over but when the computer restarts (even with the new XP startup disc in there) it trying to start the installation again and asks for the first disc I had stuck in.
 
Status
Not open for further replies.
Back