Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Problem

  • 16-08-2010 2:37pm
    #1
    Registered Users, Registered Users 2 Posts: 412 ✭✭


    Hi all, I read through the stickys and some other threads but this seems to be a different problem. When I turn on my laptop loads of programs open trying to install something and disable the firewall. Then a message appears saying something along the lines of "windows has encountered a critical problem and will log off in one min" then it restarts, very frustrating. A friend told me to restart in safe mode, however when I start in safe mode with networking the same thing happens so i can only start in safe mode without internet and can't download anything to help.

    Any advise??
    Cheers in advance


Comments

  • Registered Users, Registered Users 2 Posts: 81,220 ✭✭✭✭biko


    Download scanners using another computer and put them on a USB stick.
    Then restart in safe mode without networking, install from stick and scan.

    Alternatively, try to go to an old restore point.


  • Registered Users, Registered Users 2 Posts: 412 ✭✭IsThisIt???


    Thanks for the reply, I ran the TFC and antimalware bytes scan and removed what came up but am still having the same problem.Is there anything else I should do?


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    you need to post the logs


  • Registered Users, Registered Users 2 Posts: 412 ✭✭IsThisIt???


    ASJ112 wrote: »
    you need to post the logs

    Where do I find these?


  • Registered Users, Registered Users 2 Posts: 81,220 ✭✭✭✭biko


    Use Hijackthis from here
    Post log in this thread.
    I think ASJ means to post the logs you get from the tools run in the sticky.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 412 ✭✭IsThisIt???


    Think this is what u mean, this one is from the AntiMalware one earlier:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    Database version: 4052
    Windows 6.0.6002 Service Pack 2 (Safe Mode)
    Internet Explorer 7.0.6002.18005
    16/08/2010 16:35:27
    mbam-log-2010-08-16 (16-35-27).txt
    Scan type: Quick scan
    Objects scanned: 117362
    Time elapsed: 4 minute(s), 45 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 9
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 7
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6972804b-26b8-4a3c-832b-333e8738d3a8} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6972804b-26b8-4a3c-832b-333e8738d3a8} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.
    Files Infected:
    C:\Windows\System32\xycsp.dll (Adware.EZlife) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
    C:\Windows\Temp\TMP00000004F232196981A4EE62 (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\Sean\downloads\SetupPoker_14c9.exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
    C:\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.


  • Registered Users, Registered Users 2 Posts: 412 ✭✭IsThisIt???


    And this is what came up for HijackThis:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    Database version: 4052
    Windows 6.0.6002 Service Pack 2 (Safe Mode)
    Internet Explorer 7.0.6002.18005
    16/08/2010 16:35:27
    mbam-log-2010-08-16 (16-35-27).txt
    Scan type: Quick scan
    Objects scanned: 117362
    Time elapsed: 4 minute(s), 45 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 9
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 7
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6972804b-26b8-4a3c-832b-333e8738d3a8} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6972804b-26b8-4a3c-832b-333e8738d3a8} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.
    Files Infected:
    C:\Windows\System32\xycsp.dll (Adware.EZlife) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
    C:\Windows\Temp\TMP00000004F232196981A4EE62 (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\Sean\downloads\SetupPoker_14c9.exe (Adware.Casino) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
    C:\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    Download ComboFix here :

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

      Click me

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


  • Registered Users, Registered Users 2 Posts: 412 ✭✭IsThisIt???


    Thanks very much for the help. Did what u said and it got seems to have got rid of the malware doctor virus. However still getting the "Windows has encountered a critical error" message followed by a shutdown everytime I connect to wifi. Any other advise would be great, i've tried a few things from other sites but they haven't worked yet


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    you need to post the log from it, its in C:\


  • Advertisement
  • Closed Accounts Posts: 1 DamienC1


    I'm having the exact same problem, was watching a movie online and clicked into a few different sites, my eset nod32 antivirus can't pick it up, so I would be happy if you could keep this updated so I can see where the problem lies, when I disable my wifi, it won't shut itself down. But keeps making a folder called recycler in my c drive. Folder has the vsbntlo.exe app in it but it won't show me it in the folder, it comes up as a empty folder at 21kb.. Found a bit about it on websites but they wer all looking for purchases for there antivirus that apparently deletes it, from what I've learned, it just mulitplys and is a very dangerous virus, credit cards and personal info are at risk. Hope I can be a help to cracking this virus, any info you need just ask :) thanks guys


  • Closed Accounts Posts: 16 sjacob


    Also, go to,

    Start, Run, type "msconfig" (no quotes) and hit enter.

    Now to Services tab check the box "Hide All Microsoft Services" and then look to see if any service from there is relevant to your error, if it is, make sure the box next to it is un-checked

    Then also go to the Startup tab and uncheck the useless stuff + also check to see if anything relevant to your error is there. Again if something is relevant, uncheck the box next to it.

    After this, click Apply, Ok, and Restart.
    ;)


  • Registered Users, Registered Users 2 Posts: 412 ✭✭IsThisIt???


    Ended up doing a clean install of windows and everything is now working fine. I didn't have much stuff to lose and backed up anything important. This mightn't be an option for everyone though


Advertisement