PDA

Просмотр полной версии : Problem with the services.exe with the status code 1073741790 -



MadSheep
03.06.2007, 01:43
Hello! After the start of the Computer a window appears telling me that services.exe is facing a problem with mentioned above status code. After accepting this message another window appears telling me that the system is going to be shut down in a minute after that the system freeces. I have avoided that by the cmd shutdown -a at the moment. After scanning the Computer with escan several viruses have been detected. However I cannot formate the harddisk due to several license keys kept on this harddisk, therefore I hope you will be able to get rid of the infections without the re-formation of my harddisk.

Bratez
03.06.2007, 03:09
Execute the following script in AVZ:


begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\dla\tfswctrl.e xe','');
DeleteFile('C:\WINDOWS\Downloaded Program Files\popcaploader.dll');
BC_ImportQuarantineList;
BC_DeleteFile('C:\WINDOWS\Downloaded Program Files\popcaploader.dll');
BC_DeleteSvc('xpdt');
BC_DeleteFile('C:\WINDOWS\system32:xpdt.sys');
BC_Activate;
RebootWindows(true);
end.
Your system will reboot.
Then upload quarantined files (http://virusinfo.info/upload_virus_eng.php?tid=10142), according to appendix #3 of Rules.

P.S. Do you install post-SP2 updates from Microsoft?
They often help solving similar problems.

MadSheep
03.06.2007, 07:49
thank you for your fast response!

Yes, usually I do all the updates for SP2 via the automatic updating function

Bratez
03.06.2007, 11:12
OK, nothing bad was found in the quarantine.
Now please make new logfiles (according to steps #8-13 of Rules) to be sure we've really deleted malware from your PC.

MadSheep
03.06.2007, 15:59
OK, nothing bad was found in the quarantine.
Now please make new logfiles (according to steps #8-13 of Rules) to be sure we've really deleted malware from your PC.

So here again my log files. I reallised that he had two more infected files detected also yesterday but I performed the 1st scan around midnight so that the computer saved the first log file under a different date

Bratez
03.06.2007, 16:25
I'd say it's all OK, just fix these lines in HijackThis:


O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab

but AVZ quarantined two more suspicious files during log creation:
C:\Programme\Microsoft Games\Flight Simulator 9\Addon Scenery\Pfsloww\MSFSInst.exe
C:\Programme\MP3 Player Utilities 3.61\DelDrv.exe
Please upload only these two files as described in appendix #3 of Rules.

MadSheep
03.06.2007, 16:38
[quote=Bratez;113745]I'd say it's all OK, just fix these lines in HijackThis:


O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab


I have uploaded the new archive. But can you tell me how can I fix the lines from Hijack This?

Bratez
03.06.2007, 16:53
How to "Fix in HijackThis" (http://virusinfo.info/showthread.php?t=9206)

As for last two files - looks like "false positive" :)
(no detection at virustotal.com).

MadSheep
03.06.2007, 17:23
Ok so this is done! Большои спасибо за Ваше Времия!