Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows File Protection Error & CFServ.exe crashing


  • Please log in to reply

#1
eXecute

eXecute

    New Member

  • Member
  • Pip
  • 6 posts
Hello all,
I wanted to list some of my problems and it all happened within 3 days (most of them). I think it was after I got some sort of malware possibly from IE. Although I usually use Firefox. I also posted a hijack this log which I proved a link below, just in case you wanna take a better look.
http://www.geekstogo...on-t156324.html

PROBLEMS (in order of occurrence):
1) iTunes and QuickTime stopped running... you turn it on, it quickly removes itself from process list, and doesn't show an inch of GUI. Uninstalling causes errors, Installing causes errors, I tried manually removing everything, and it didn't help, it still gives an error in installation ("setup failed to install because of configuration problems"). I hadn't updated it or done anything to it. I used Filemon and Regmon to see what was wrong, and it seems to be related to CFSserv.exe(system process) which would have a bunch of problems.
2) After hours of using the computer, a message will pop up randomly saying "Windows File Protection" "[Please insert Windows XP CD as there are some files that need to be replaced for your windows system to run stabely.]"
The message will pop up 3 times, each cancel I press it warns me that my system may be unstable.
Also, I don't have a Windows XP cd, so I have not been able to try this solution (it is way back home).
3) Before you know it, after each restart CFSserv.exe will usually but not always crash. So will tabuserw.exe (wacom tablet process).
4) At the same time, explorer.exe will freeze, and stay that way, until I close it through task manager and run explorer.exe again.
5) Latest error, Unable to connect, errors show up on ALL 3 browsers (Opera, Firefox, IE) randomly, but not often. But this may be unrelated.

SOLUTIONS TESTED:
1) Manual uninstall reinstall of iTunes.
2) Adaware for possible VX infections... Only detected 30 cookies, and refuses to update.
3) Spybot S&D.. only detected a few cookies.
4) Attempted to install nod32, after installation and restart, no program will work except startup programs, every double click on a program says "Access to drive/file is not permitted. Access denied".
So I uninstalled nod32, and the error disappeared.
5) Attempted to install Kaspersky 6.0...At installation when selecting location to install... I get an error: "You selected an invalid target folder or drive. Application must be installed on the local hard drive. It is not recommended to install the application into the root or system folder. The installation folder name should not exceed 200 symbols and cannot contain any special characters."
It is the default folder, I tried several different folder names, didn't work, obviously a problem with my windows.

Any ideas? As a C++ programmer, this probable infection, is probably the worst I've ever seen. A very smart virus indeed (unless its some weird microsoft problem... or a side effect of something I may have installed).
Thanks for any help!!! (IF i have posted in wrong section please move my post, sorry)

Edited by eXecute, 23 April 2007 - 08:42 PM.

  • 0

Advertisements


#2
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
You can borrow a same version XP CD

As to the other errors, better to wait for the HJT Log to be looked at
  • 0

#3
eXecute

eXecute

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
No one in my dorm room has a Win XP CD... seriously weird, neither does my brother.
  • 0

#4
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
See if you can get hold of one as it is about the only way to stop that particular pop up
  • 0

#5
diabillic

diabillic

    Member 1K

  • Member
  • PipPipPipPip
  • 1,370 posts
Ok, first off are you using wireless internet? That cfsserv.exe is a Toshiba utility for managing wireless connections, which would explain why you cannot connect to the internet and why spybot wont update. If you are wireless, use Windows to manage your connection and try plugging into a land line.

As for the WFP error, that sounds like something is trying to edit critical Windows files without your knowledge, please post a HJT log in the forum so the malware experts can analyze it and give you proper instructions on how to remove whatever is there.
  • 0

#6
eXecute

eXecute

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
http://www.geekstogo...on-t156324.html
I had already posted my HJT log. Which hasn't been analyzed yet.

And also I am able to connect to the internet. Specifically with ethernet. I can also connect with wireless.

I don't want to get rid of the pop up, I want to fix whats wrong, because this obviously looks like an infection or windows went totally insane. How can 3-6 errors occur in the same week? They have to be related.

I analyzed the HJT log myself, I haven't noticed anything out of the ordinary except the few files that are supposedly missing which is quite odd. But I do not know what every abbreviation is in the log.

hmm, i dont think anyone is gonna be looking at my HJT log, its been days now.

Edited by eXecute, 24 April 2007 - 03:36 PM.

  • 0

#7
eXecute

eXecute

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok, I installed AVG Anti-Virus... and suddenly, it detected every single exe in my computers (well at least 60 that I counted), as Win32/Parite? Could this be possible, or is the virus tricking AVG into thinking everything is infected? I had to move firefox, opera, Visual Studio .NET 2003, MSn messenger, AIM, and a bunch of other programs into AVG Virus Vault... Any ideas??

Ok so far its not a mistake, AVG detected about 350+ threats (all exe files and some tmp files), because Win32/Parite or PINF does infect all local harddrives' exe files. So basically I'm screwed beyond repair. and I guess my only solution is to reinstall windows, but I dont have a windows CD, so I'm really screwed.

Edited by eXecute, 25 April 2007 - 01:03 AM.

  • 0

#8
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
See what the verdict is from the Malware Team

However, it is likely you will need an XP CD at some point because it is the only source for replacing system files which have become corrupt or been removed
  • 0

#9
eXecute

eXecute

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
The "malware team" isn't responding to my post ever... I want to know if the infection has stopped I removed the registry key from Explorer folder in Windows.. Im so tired of clicking "move to vault" on AVG resident shield, I can't take it anymore, I musta clicked it 1000 times.

Edited by eXecute, 25 April 2007 - 08:43 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP