Weirdly Weird Windows Problem, Possibly Malware
Weirdly Weird Windows Problem, Possibly Malware - WinXP
If someone feels to move this to the malware forum, please do so.
There's this xp pc at one of the places that I work at, it's used for a basic library catalog system and nothing else really, little bit of internet browsing. I was trying to run windows update on it the other day and the page wouldn't load. So then I tried to dl ccleaner which downloaded fine but when it came to running it I got an NSIS error saying the download could be damaged or unverified and it wouldn't run. I then discovered that it did this for every single download bar none.
So I found this about NSIS errors:
Why do I get NSIS Error - NSIS
I then managed to get ccleaner and malware bytes on to the box and ran them, ccleaner found amvo.exe in startup, which is a well known malware, so I killed that and deleted the exe and ran malwarebytes which found 4 items. After a couple of reboots and more scans, nothing more was found but the error continued! I looked though the certificates and saw that there were 2 certificates for untrusted publishers for microsoft.com! I removed them and windows update page would now load but when it came to running the active x scripts I got an "publisher could not be verified" error every time. No other downloads would run, including things that were copied through from the local network, still nsis error. Software on external media like usb's and cd's ran fine though.
Since I'd found the viruses I thought I'd just reinstall windows with a full format, so I did from an xp sp3 cd, straight away the nsis errors happened again! The 2 microsoft certificates were back in the untrsuted section (is this normal?) and windows update would not work. Just as if I hadn't formatted and reinstalled windows. All I can think of is that it's a virus through the network, but I've since installed avira and malware bytes and both now find nothing, or the NIC is messed up in some way... ?
Can anyone help? I installed sightspeed which came up with an error while loading although it did load and appears to work. However since then i have been unable to install or uninstall any programs. The error i get is an NSIS error. I have attached a file showing the screen shot of the errors when i loaded the program and the NSIS error when i try to uninstall. Can anyone help sort this out?
If i download installation files on this network, when i try to install software i get:
Installer integrity check has failed. Common causes include
incomplete download and damaged media. Contact the
installer's author to obtain a new copy.
More information at:
I can download the files on my home network, and i am using the same machine.
Also alot of flash, windows updates and bbc iplayer doesnt work.
Could blocked faults be at fault? I have found the ports for bbc,
If so does anyone know the ports that NSIS uses?
I am using Windows XP sp2, getting NSIS error when I try to install any software, I have reinstalled windows xp twice, still getting the same error, checked no Nvidia firewall is installed in my pc. tried to install the software through "/NCRC" command line, I have followed the steps from Why do I get NSIS Error - NSIS but still don't have luck.
Any help would be greatly appreciated
I have this weird problem i suspect it might be a virus. First of all i got the autorun virus. But avira deleted it from drives(still i cant open drives without left clicking &explore). I searched about this in a techguy article there was a file about that and again when i tried to install it it gave an nsis error.
When i try to install windows installer etc. it gives extraction error("windows cant find path speficied")
Third and solved last problem was gpu related. When i installed nvidia drivers my gpu was stuck @ 4 bit & 640x480 i figured out it was ram related issuie and i removed one of my ram. And strangely computer got to its proper speed. i found out one of my ram was not working well(bios gives parity error if i put it back). I told those so you can analyze my problem easily.
shortly my question is
How can i fix nsis error and the virus? I reformatted my system 5 6times(one for gpu,one after ram(windows had missing dlls because of ram,nsis-> tried my luck,and one for virus)
but still i got this virus and cant do nothing. I use avira antivirus btw.
I hope i didn't write too long and unnecessary just triede to model the situation.
Best wishes and thanks for your help
I installed Malwarebytes Anti-Malware and removed over 900 infections, then installed AVG, before I could scan with AVG the pc crashed and rebooted, now after desktop loads the only thing that works is the mouse moves, no buttons or keys work.
It won't start in safe mode, just goes back to options screen after trying.
Before I did the malware scan I uninstalled CCleaner and numerous programs but most gave an error that couldn't uninstall, NSIS I think.
Ctrl/Alt/Del or Tweak UI didn't work before scans also, said was disabled by administrator, which is why I started the scanning, now all I can do is move the mouse.
so i have a dell inspiron 8500 and ive been having a NSIS error. it started friday. i dont know much about it sorry. help!
Though I sorted out the initial problem of ' MEMORY_MANAGEMENT' with the help of this forum. And again my PC making me trouble.
Yes now a days it is not allowing any software to install, even I downloaded a fresh copy.
Previously I re-installed my OS, (xp sp2) any try to install the additional softwares like Adobe reader, Anti virus, skype etc., but it is still showing NSIS error when I am trying to install it from .exe file.
I already searched in net and tried those solutions but negative response. Even I re-installed again my OS but no change.
Can anyone sort out this?
I have this error on my computer since last month and I can't find what causes this problem. Well it started when my friend brought a flash disk that has a virus (since my antivirus is not yet updated) and it infects my computer. I tried installing new updated antivirus form my flash disk and the NSIS error pop up on my screen. Also other installer (e.g video, optimizer, etc.) also had the error. This happens only on my flash disk because installer that is already on my Hard Drive and CD are not having this kind of error and it installs the program automatically, unlike in my Flash Disk NSIS error appears.
My question is could it be on the USB port causing the trouble or my BIOS is already corrupted due to virus infection. Thanks a lot in advance.
By the way heres my spec:
Intel P4 1.80 Ghz proc
ASUS P4S133 mobo
2x 128mb PC133 SDRAM
40gb Western Digital IDE HDD
64mb Nvidia MX400 Vcard
A while ago, I found a problem with my PSU and it resolved the auto restart problem:
Now it starts again, but It has nothing to do with the PSU. It also freezes sometimes.
It should give me a blue screen, because that's how the system is configured, but it doesn't.
I think there are corrupted files. Now when I want to check for corrupted files with Start-->run--> sfc /scannow then I get:
Windows File Protection could not be initiate a scan of protected system files. The specific code is 0x000006ba [The RPC Server is unavailable.]
I have tried this fix: http://support.microsoft.com/kb/296241
No luck at all, please help, I'm thinking of throwing this computer out of the window
I see in the antivirus event viewer from 2 days ago that:
Sign of "NSIS:StartPage-B [Trj]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0ZJY4Z3M\windows-washer-6-02-466i.exe\nsis.hdr" file.
I downloaded the demo of windows washer, its been deleted.
I get a strange error in the Applications log:
Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
User: user name
Computer: computer name
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
Here is what I have found out already:According to eventid.net, "The error can occur if the auto-update feature is disabled and the root certificate auto-update feature in Add/Remove Programs is not removed". But I have had automatic updates disabled for two years, and this error never occurred before February 24th. So I find it unlikely. Interestingly, February 24th 2009 is also the day Microsoft published this Update for Root Certificates. I installed it but it didn't help. A Microsoft support article tells me to connect to the internet. I am connected, and I can reach the Microsoft update server without a problem. There's no strange behavior, everything works fine otherwise. But things like security certificates should be up-to-date. Any ideas?
Several weeks ago I did something that completely corrupted every setup file on my HDD. They give different errors when I attempt to open them (mostly NSIS errors), but not a single one works. All newly downloaded setup files work just fine. At the time of the crash I had Windows XP x64, though I've been using it for years and such a thing never happened.What can it be? Thanks in advance!
Hi all. I have been trying to work through a few problems mainly pertaining to viruses.
I have Avira and MalwareBytes Anti Malware Installed and also CCleaner.
I ended up with a something that was effecting my google searches. Whenever I clicked on a link it would send me to the wrong page! I think I have fixed that however:
I also tried to cleanup my Registry and now get errors C_SpURsDll not found.
Can anyone help me fix these?
Any help would be great and also help me keep learning
I've been using Windows XP - Service Pack 3 for quite a while now. About a week ago i started getting some "Generic Host Process for Win32 Services" errors every time I boot regularly (though it may take from 1 - 30 minutes). At first, I thought it was some form of malware that Norton wasn't able to find. So I got Antivir, it found a few rootkits, and they were fixed. But even afterward, I still received the error. Now, whenever it comes up, the theme reverts back to classic style. Also, svchost.exe crashes multiple times, intermittently, causing whatever I'm doing to minimize for me to close the window (sorry, forgot the error code). When I try to boot in safe mode (any type), it gives me a BSOD. So in regular mode, I've done virus and malware scans with Norton Antivirus, Avira Antivir, and Spybot, along with registry cleaning from CCleaner and FreeWindowsRegistryRepair, to no avail.
This is a pretty long story. My PC (Windows XP) was infected by the System Security 2009 virus. I found instructions to remove it and did so by booting my computer into safe mode, disabling my wireless adapter, installing the latest version of Malwarebytes' Anti-Malware, running a full scan, and removing the problems it found. This resulted in my computer being almost back to normal except for a few things:
I cannot access the wireless network properties (it gives me an "unexpected error occurred" error). My wireless settings were set manually so that my wireless internet connects through a specific IP address. But even without any other devices connected to the router that could cause an IP conflict, my computer will not connect to the internet wirelessly.
I cannot use a file called xp_taskbar_desktop_fixall.vbs that I used to fix my taskbar which regularly messed up and did not show applications. Now it gives me an error message which says
Line:51 Char:1 Error: The specified module could not be found. Code 8007007E Source:(null)
I cannot connect to the internet with Firefox or Internet Explorer wirelessly but I can connect to the internet fine when it is wired. I tested uTorrent and it seems to download and upload fine wirelessly and wired.
I have run full scans with the most up-to-date versions of Malwarebytes' Anti-Malware and Spybot Search & Destroy and neither have fixed my problems. I read that the "unexpected error occurred" error when opening wireless network properties was a result of a damaged registry so I typed the following in Start->Run:
Each told me that the installation was completed successfully and I rebooted but I still received the same error when opening network properties. So I tried a different method. I opened a command line and typed
then typed "regsvr32 netshell.dll", clicked OK in the dialog box that came up,
then typed "regsvr32 ole32.dll", clicked OK in the dialog box that came up,
rebooted, and I still had the same problem opening wireless network properties...
Then I decided to use a registry fixer called Free Window Registry Repair. I still had the same problems.
I would really appreciate help because I've run out of ideas. Thank you for reading.
I often fix computers for my friends and family, and this one is a friend of a friend, so I have never worked on this computer before. The problem it is having is the internet. The system has both Internet Explorer and Firefox. Both browsers crash on the same pages...
So for example, on Google. Google search works on both, as does Google shopping and most web pages. But on BOTH browsers, if you click on Google news, both browsers will crash. I attempted to download Spybot S&D. Both browsers crash when I go to the safer-networking page (SpyBpt S&D page). But other pages I tested worked fine. So I am at a loss. System restore fails on any restore point.
The system has Avira AV, Malware Bytes, and now Spybot S&D. Avira finds nothing. MalwareBytes found a couple things but nothing serious. Same with Spybot S&D, no serious threats found. I did take the step of getting a HijackThis log, but I don't think it's a malware issue. At least, it isn't behaving like any I have ever seen. I'm not sure what IE and FF have in common that would account for this. Any direction appreciated!!!
IF it makes a difference, this log was aquired in safe mode. I was running the scans a second time in safe mode, so I got the log at the same time.
Hello all this is my first post on the forums. Ive recently started having issues with my windows xp pc. To start Internet explorer is saying it cant connect to the internet so i am posting this from firefox because it works, Next my mcafee will not update and neither will my malware bytes and the itunes store will also not connect i thought i had malware so i ran malware bytes and nothing was found. any help will be GREATLY appreciated thankyou.
Windows XP Pro SP3
I keep getting a pop up error stating that "Microsoft Feeds Synchronization has encountered an problem and needs to close." Another website said that it had to do with IE but I've seen the problem pop up when IE wasn't even open. I cannot upgrade to IE 8 because of software compatibility issues. I have run CCleaner and Malware Bytes hoping it was a registry error or caused by malware, yet it still remains. Any help would be appreciated.
I am new to this Forum and find it very usefull (thank you all) but I have not found my solution yet.
I am at lost on this one.
I have been at this for the most part of the past 3 days.
Any help would be appreciated.
I am trying to help a friend via remote assistance...so the process is long and frustrating.
She's running XP SP2 and IE7.
It all started last week when my friend used a computer in a foreign language to access her gmail account. Afterwards when she tried to access Gmail from her own computer it would keep redirecting without loading.
I managed to resolve that by clearing the IE browsing history, cookies and temp files but I had to use the secure connection option (on Gmail) to get it to work.
I don't know if there is any connection with the Gmail issue but a few days later her hotmail and another web based email were no longer working.
Hotmail does not log on. The address bar keeps changing from secure to unsecure without coming out of the loop and without loading.
The account works from other computers but other accounts don't work from her computer.
So I cleared the SSL.
Then I tried the IE Secure fix from GO THE POWER post (thank you!).
the regserv32 returns an error on SHDOCVW.DLL (0x8002801c) and on the following line MSHTML is loaded but DLLRegister Server entry point was not found.
Then I tried to run a complete scan with the installed AV (NOD32) and it returned nothing.
I then tried to do some online scan (housecall, Panda Active scan, Kapersky etc) but none work. Tried adding them to trusted sites and allowing all java and activex operations.
Windows update will not connect either.
I kept searching forums and ran malware bytes . It listed 1 trojan, 1 adware and 1 spyware all quarantined and deleted.
Rebooted and the situation is still the same with hotmail, windows update and online scanners and malware bytes returns a clean log.
I tried installing Firefox . It works fine but does behaves the same as IE, it seems for anything with a secure connection except for Gmail(??) that is still working with both .
I managed to get Gmer running (still running) and also managed to download DSS but have not ran it yet.
Am I on the right track ?
Am I chasing some kind of malware?
Any help would be greatly appreciated.
So I'm having some problems. I'm fixing my parents' computer that was in storage for a year, set aside after it had become nearly unusable due to malware and virus infections. I fired it up and the symptoms were extreme slowness and cascading popups within Internet Explorer windows that would appear without any user input.
I managed to install Avira and Spybot, clear the computer of the 100-some instances of malware that they found (not counting cookies), get them updated, clear out some more that the updates found, and then had to restart in safe mode to remove the last one that would load at startup before anything else. After everything was removed and both programs presented a clean bill of health, I proceeded to due a standard clean up / update procedure.
Everything went fine; I uninstalled a bunch of outdate / useless software, ran CCleaner and Defraggler, did my usual XP optimizations (turning off unnecessary startup programs and services, optimized control panel settings, etc), and started going through the process of getting everything updated. First the big Win XP update to SP3, then the rest of Microsoft Updates. Which got me to this point:
1.0 and 1.1 install and update fully via Microsoft Update
Further Microsoft Updates break with generic error code (0x643).
2.0, 3.0, and 3.5 will install via their installers without reported errors, but updates break.
Software that requires them claim that they're installed improperly or missing.
I've tried complete tedious step-by-step removal, clean-up with tool, and reinstallation
No go, same exact symptoms.
After the tedious troubleshooting, I gave up on that noise for the time being and continued onward to the software updating. Some of which went smoothly, others of which caused me issues:
ATi Radeon drivers:
Warning occurred during installation about .NET Framework
Seemed to install fine, seems to work fine regardless
Updated from 3.something to current, required update
Update refuses to install, error code 0x80040905, says try again.
Trying again yields same results.
iTunes / QuickTime:
Updated from some old version to current.
Update claimed to install properly, no errors.
Neither iTunes nor QuickTime player will load; say to reinstall (no error codes).
Neither repairing nor reinstalling changes anything.
Adobe Acrobat Reader:
Updated from 7 to current.
Update claimed to install properly, no errors.
Reader refuses to load, asks to reinstall (no error codes).
Reinstalling changes nothing.
What's going on, and why is so much stuff not working? Any ideas how to get these things installed and working and the system running properly?
Gateway E-4600 running Win XP Pro SP3
Intel D850GB Motherboard
Intel Pentium 4 1.3GHz
1GB RAM (4x 256MB Rambus RIMMs, PC800)
ATi All-In-Wonder Radeon AGP Graphics Card / 32MB DDR SGRAM / 164MHz
Creative Sound Blaster Audigy Multi-Channel Audio Card
Western Digital Caviar WD400BB 40GB 7200RPM Hard Drive (OS / Programs)
Maxtor DiamondMax Plus D740X 80GB 7200RPM Hard Drive (Files)
HP DVD Writer DVD200i Optical Drive
LG CD-RW CED-8080B Optical Drive
Panasonic 3.5" Floppy Drive
Linksys LNE100TX v4 Ethernet Card
Dell Wireless Keyboard
Dell Wireless Optical 3-button WheelMouse
(both hooked up via a USB hub thing)
Dell Photo 966 All-In-One Printer (via USB)
There's also a modem installed; it's not hooked up to anything. GVC "Red Owl" 56K.
Let me know any thoughts or ideas, or if there's any other information I could give that might help. I'd like to get this thing up to speed and running again.
I'm posting this here instead of the malware and virus forum because I want an opinion before putting more work on those guys. I am getting an email from my ISP (Bellsouth) saying a malware attachment is being detected in my email when I download new mail. But no mail has any attachment with it.
I got a few of these a while back. I ran 2-3 malware detector/removers, anti-virus, Malwarebytes and the like. They found some medium risk malware, removed it and problem solved.
Now I am getting the notice again and it says something about Yahoo! which I do not use in any form. I again ran the malware removers, Malwarebytes, anti-virus, etc. and all I get in results is some tracking cookies and other no big deal stuff. I remove them but the notices persist.
My computer is not acting up in any way and is running about the same as it always has so are some kind of false positives or similar be the cause? Looking for opinions and advice here. Thanks for any input! I appreciate your opinions.
I need some help, and I'll pretty much take anything atm!
I don't consider myself an expert, far from it, but I'm pretty good at figuring out a computer problem and getting back up and running again...until now.
Motherboard - http://www.msi.com/index.php?func=pr...d_no=1570#menu
120g HDD Western Digital WD1200BB
80g SATA HDD Samsung HD082GJ
320g HDD Seagate
DVD burner - LG GH20NS10
OS - XP SP2
Audio hardware disappeared out of Device Manager, a pci.sys error when I tried to repair XP. BSOD won't let me past first set up, BSOD shows up just before going into the Recovery Console, so any fix to do with Recovery Console is out the window.
Since then, found 7 Trojans with Malware Bytes, no idea of names now, last one I do remember was DisabledSecurity???? something. Even had to change name of Malware Bytes to get it running.
Firewall (Comodo) and AVG both get closed down, or just stopped working/loading on boot up, or within an hour of being installed.
Thought it only affected one HDD, but have swapped between 3 drives ( 1 x SATA, 2 x IDE) and they all come up with the same pci.sys error.
Booted up into DOS with win98 boot disk and it wouldn't allow fixmbr command and gave me the VIRUS! alert.
Have formatted two of the drives on another computer, (one with XP cd, other fdisk) and as soon as I load them back onto this computer, the pci.sys error comes up, which led me to believe the virus was in the mbr, or BIOS. Went to mobo home site (MSI) and downloaded BIOS update, but directions don't match with files :S.
Programs I've so far tried, SpyBot, GMER, Avira mbr CD boot up, expanded the pci.sys file from XP CD, Nod32, etc, etc, etc, etc.
Any suggestions at the moment would be more than appreciated!!!
Just recently I tried to get rid of the google virus on my pc using Malware Bytes, after the scan it found 6 threats to my computer, after I removed them Malware Bytes asked me to restart my pc, and even since the computer has been restarting at start up, I have tried to go into safe mode but it still reboots it self from there. Can someone explain to me what is going o with my pc?
I am not sure iif this helps but, right before the pc reboots the theme chaanges to the classic windows theme.
Thank You in advance.
i am running win XP PRO V2002 SP3 on intel pentium 4 1.80GHz with 512MB ram 80G hd and a secondary 30G HD running slave for extra storage.
I recently was testing out some freeware trying to find the best one for what i was trying to do, i must have installed and uninstalled 3-4 programs untill i found the one i want. but as i said it was all freeware and alot of that stuff that you find out there is garbage and comes loaded with malware and waht-not. i encountered one such program and quuickly removed all of the malicious material with hijackthis v2.0.2. then uninstalled the program, ran Ccleaner to clean any registry trash left over, and then ran malwarebytes and AVGfree, no reports. continued my hunt for the right software for what i was trying to do. eventually found the perfect one and since the night that i spent forever messing with these different programs, everytime i try to navigate through the windows explorer (look through the hard drives, locate files etc.) it works just fine for a few seconds and then i get the microsoft send error report window (send dont send) and then the window shuts itself down. the problem is limited to windows explorer, ie explorer works just fine. and if i have iexp running while windows explorer crashes, iexp is fine. all of my programs are running just fine, and computer give absolutely no reports of any virus or suspicious files, or malware or spyware or add ware or anything. completely clean. makes me think that possibly the first program i installed corrupted a critical WINDOWS file somewhere or something. but i am not the thechie and that is why i am here. i do not want to have to restore windows if at all possible. if anyone can help me out or has an idea please let me know, and thank you.
oh yeah the error report signature of the windows error report is this:
AppName: explorer.exe AppVer: 6.0.2900.5634 ModName: xvid.ax
ModVer: 0.0.0.0 Offset: 0003dd11
My dad owns an internet cafe, and i maintain it for him as regards to OS, and basic networking stuff. I do have a little background with tech support work.
I've received no special training (apart from the usual training with OS, and basic stuff when i used to work for dell tec support), most of the things i do to fix computers have come from years of experience doing self help, and self research.
Recently I've had problems with the usual malware effects on our cafe server (other computers arent affected so i'm pretty sure it's local to the server), Task manager disabled, regedit disallowed, but i was able to figure that out and it was caused by a startup entry wscript.exe, auto.vbs, which i promptly disabled, and deleted in the registry.
However, a couple of days later, new symptoms have appeared. I don't really know whether it's related to the earlier issue, but this time, I'm stuck. I'm posting this using my home computer and it's far from where our cafe is located. Allow me to give an overview:
1. noticed that when browsing on any website, while data is being loaded on the browser, it freezes intermittently. This is on firefox. On IE7, it's worse, it won't display any webpage. I fixed this by flushing the dns, and doing a winsock reset and rebooted the system.
2. In order to check further problems, i decided to download latest versions of smitfraudfix, combofix, and update spybot. No go. When i use google and search for smitfraudfix siri.geekstogo website comes up as a result, but clicking on the link does not do anything. Opening same link in a new tab gives a blank page with "Untitled" on it. Same with combofix, and spybot. Seems this thing has done something to my network setup or browsers (same issue on IE) that it blocks any access to any of the known websites that can help me with the problem (techsupportforum is blocked too).
Even downloads.microsoft.com is blocked, as well as support.microsoft.com, even malwarebytes, or superantispyware is blocked. Castlecops, and pretty much every website that are well known to be helpful with malware problems has been blocked. I can browse other websites and if google has a cached page of the above websites that are blocked, that's the only time i can check.
3. Ran Ccleaner, which did ok. Was able to download combofix and smitfraudfix from alternate sites that were not blocked. Combofix and smitfraudfix will not run at all when double clicked, will instead return a "has encountered an error" prompt. Looks like this thing is also disallowing installs or running of any program that can help me in killing the infection. Managed to run smitfraudfix by using winrar's extract function, and extracting smitfraudfix in a folder. It ran ok, no errors, but i still have a problem with my browsers. Also cannot run spybot. Right now, im trying to run it under command line.
4. Ran Windows Malicious Software Removal tool v 2.5, it doesn't detect anything. Any installation of anti malware products like super antispyware, windows defender, spybot ends up in a prompt that states the administrator has disallowed installation of those programs
So there it is. Right now, my major problem is the browsers, and the installations of programs that can help.
My system restore points have been cleared previously to prevent the previous problem from recurring so i'm out of ideas. It even seems that system restore has also been tampered because an error occurs when i try to create a restore point.
Any ideas? Is there a place in the registry where the installation restrictions can be disabled? Is there something in my internet/network setting that's been tampered with by the malware that it blocks those certain websites?
Oh, and just tried sfc /scannow, and that won't come up either. Just gives me a command line window, and it disappears.
Any help and idea would be very helpful. Thank you so much!