[JpMcd1982]

At startup i was getting this message as soon as i log into windows -
C:\windows\system32\desot.exe in like the black command box, and it was giving me the option to close or ignore, and there we're around 20 of them i had to close each time i start up, and around every few mins one would pop up and i would have to keep closing it.....

And there are sometimes when i start it up and this might happen 5 or 6 times in a row -
as soon as i would click close, it would pop this up - SYSTEM SHUTDOWN - C:\windows\system\services.exe' terminated unexpectedly with status code 1073741819 THE SYSTEM WILL NOW SHUTDOWN AND RESTART.....it would restart and log in and do the same thing like i said around 5 or 6 time.....

this popped up a few times.....
Warning - system detected a potential hazard (TrojanSPM/LX) that may infect executable files

Startup Error: - 16 bit MS-DOS Subsystem C:\windows\system32\desot.exe
the NTVDM CPU has encountered an illegal instruction
CS:0000IP:0077 OP:FO 37 05 14 02
choose close to terminate application


ok this is a chat log microsoft got me to do, they deleted some things and got me to use command and ended up telling me i got to wait 3 to 5 days to get a more experienced person to call me.

Hi Josh,
This is Chris with PC Safety.
I am following up regarding your case 1109494365 . Here is an outline of the steps that we agreed upon during our call:
Problem Description:
Popups and Fake Alerts
Troubleshooting Performed:
Action: perform system restore
Result: error c:\windows\system32\desot.exe(click close or ignore)
Action: manual system restore
Result: system restore is disable by administrator policy
Action: enter windows in safemode with networking
Result: successfully done
Action: perform easyassist in safemode package with session id 9SW3DR
Result: error c:\windows\system32\desot.exe(click close or ignore button)
Action: show hidden files and folder
Result: no option to show hidden files and folder
Action: check system32 folder
Result: delete cru
delete braviax
delete urhtps
delete post01mutex
delete krncode
delete nsysw
delete shifld2.old
delete critical_warning
delete msxml71.dll
delete avr09
rename winhelper to winhelperold
delete srvblck2.tmp
delete sysw.tmp
delete sysp.tmp
delete sysk.tmp
delete kdsinterface
delete desot
delete bincd32
delete bennuar.old

Action: check C:\Documents and Settings\All Users\Application Data.
Result: delete 13981404 folder
Action: check program files folder
Result: delete advance virus remover folder

Action: check addremove program
Result: no malicious program found

Action: check startup on msconfig
Result: open with error received
Action: empty the recycle bin
Result: successfully done
Action: restart and enter windows in normal mode
Result: successfully done

Action: optimize browser
Result: open with error received
Action: check for service pack number
Result: c:\windows\system32\rundll32.exe application not found
Action: open command prompt in run command
Result: open with error received
Action: enter window in safemode with command prompt
Result: successfully done
Action: command prompt
C:\> assoc .exe=exefile
Result: open with error appear
Action: call consult
Result: successfully done

[Advertisements]

Hi,
Welcome to the site.
I'll be helping to clean your computer.
I shall post back with more instructions in a moment.

Edited by sarahw, 14 August 2009 - 01:00 AM.

[sarahw]

Hi,
Welcome to the site.
I'll be helping to clean your computer.
I shall post back with more instructions in a moment.

Edited by sarahw, 14 August 2009 - 01:00 AM.

[sarahw]

1.Download the following onto a flash drive or memory stick and transfer them to the infected computers desktop:
http://www.geekstogo...h...load&id=170
http://www.geekstogo...h...load&id=113

2.Double-click erunt_setup.exe to run.
3.Follow the prompts and install using the default configuration (setup language, install location, shortcuts...).
4.Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
5.Start ERUNT
6.Choose a location for the backup
The default location C:\WINDOWS\ERDNT\[today's date] is preferred
7.The first two check boxes are ticked by default (System registry and Current user registry).
8.Press OK
9.When prompted, click YES to create a new folder.
10.Progress bars will show backup status.
11.A confirmation window will popup when complete. Click OK to close.

12. Double click SysRestorePoint.exe to create a new system restore point.
13.A box will pop up as it's creating the restore point, and provide notification when complete. When finished, close that window and exit the program.



Tell me when you have done that and we can continue.

[JpMcd1982]

ok, fixing to try, you are very nice to be doing this sarah

[JpMcd1982]

single click restore point
encountered a prob. and needs to close sorry for the inconvinence

Contents Of Error:
error report includes, info regarding the condition of single click restore pointwhen the problem occurred; the operating system ver. and computer hardware in use; your digital product ID; which could be used to identify your license; and the internet protocol (IP) address of your computer.....

ERROR SIGNATURE:
event type:clr20r3
pl:sysrestorepoint.exe
p2:1.3.0.0
p3:485da791
and theres more if you need any of this? i didn't know if you even needed this at all.....

[sarahw]

Download this and transfer it to your infected computer:
http://www.malwareby.../mbam-setup.exe

1.Double-click mbam-setup.exe and follow the prompts to install the program.
2.At the end, confirm a check mark is placed next to the following:

◦Update Malwarebytes' Anti-Malware
◦Launch Malwarebytes' Anti-Malware

3.Then click Finish.
4.If an update is found, it will download and install the latest version.
5.Once the program has loaded, select Perform quick scan, then click Scan.
6.When the scan is complete, click OK, then Show Results to view the results.
7.Be sure that everything is checked, and click Remove Selected.
8.When completed, a log will open in Notepad. The rogue application should now be gone.
When completed, a log will open in Notepad. If you need to create a new topic, please paste this log with it.

[JpMcd1982]

ok i did everything you told me to with the mbam-setup.exe
then ran it, it found tons of stuff, when it was done, everything was checked
i deleted all. then it said some couldn't be delted til i restart
so i did and when it started up i had a new error message:
dmaupd32.exe has encountered a problem and needs to close, please tell microsoft about your problem.....
anyway when i restarted it didn't come up and start removing anything else, so im running it again now to hopefully finish the rest.....
i'll check back with you tomorrow.....