Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspected Malware [RESOLVED]


  • This topic is locked This topic is locked

#16
minimijon

minimijon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: repairs.dll)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.




its windows explorer that wont open, havent tried to open IE
  • 0

Advertisements


#17
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
OK, ignore the error message and continue with the file fix and deletion.

Also, if you right click on start and choose explore, what happens?
  • 0

#18
minimijon

minimijon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
there is no start button, just a blank backdrop.

also, HJT will not delete the file :tazz:
every time i rescan, it is there

Edited by minimijon, 31 August 2005 - 03:52 AM.

  • 0

#19
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
HJT will only delete the file from registry, you have to manually delete the file. Are you able to do that?

Did you ever get the Smitfraud/PSGuard infection?
  • 0

#20
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Also, please go to ADD/REMOVE in Control Panel and remove "The Best Offers". I do not know that programme and can't find out much about it. The other one you mentioned is legitimate and not a pest.

Edited by Crustyoldbloke, 31 August 2005 - 04:00 AM.

  • 0

#21
minimijon

minimijon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
It says that the file is being used by a different person or program.
  • 0

#22
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
OK, if I understand you you correctly, your system is telling you that Repairs.dll is being used by someone else.

That being the case we can use Killbox to delete it on reboot.

I must assume that the file is where I thought it to be since you haven't told me otherwise.

Please install Killbox by Option^Explicit.

*Extract the programme to your desktop and double-click on its folder, then double-click on Killbox.exe to start the programme.
*In the Killbox programme, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\repairs.dll

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the reboot now prompt..

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click download and run missingfilesetup.exe. Then try TheKillbox again.

Let me know the outcome please and tell me if you have ever had Smitfraud/PSGuard infection.
  • 0

#23
minimijon

minimijon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I deleted the file, but explorer still doesnt run.
  • 0

#24
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
I am attempting to find out if your desktop problem has been created as a result of Smithfraud/PSGuard infection so that I can reinstate it, but you still have not answered my enquiry.
  • 0

#25
minimijon

minimijon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I am not aware of any of the infections, and i am pretty sure i have never had the infections you have asked about.
  • 0

Advertisements


#26
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Give this tool a shot.

http://www.kellys-ko.../desktoptab.reg

Right click on the link, choose "save (link) as" to desktop. Doubleclick on it and allow it to merge with the registry. Then reboot.
  • 0

#27
minimijon

minimijon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
This has not worked. Would re-installing Windows be an option?
  • 0

#28
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
I think it is very probable that your OS is corrupted by the fact that so many parts of it do not function.

I have already suggested SFC, which refused to run effectively. Following that, I suppose the next step in a RECOVERY.

Boot into the Recovery Console by following these steps:
  • Insert the Windows CD and restart your computer. Follow your computer's prompts to boot from the CD. (You might need to adjust settings in the computer's BIOS to enable the option to boot from a CD.)
  • Follow the setup prompts to load the basic Windows startup files. At the Welcome To Setup screen press R to start the Recovery Console.
  • Enter the number of the Windows installation you want to access from the Recovery Console.
  • When prompted, type the Administrator password. If you're using the Recovery Console on a system running Windows XP Home Edition, this password is blank by default, so just press Enter.

  • 0

#29
minimijon

minimijon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
What shall i type in the recovery console?
  • 0

#30
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Sorry but you've lost me there. When going through the recovery console you are prompted by choices.

You let the CD run for Windows setup and go from there.

If I recall correctly, you are initially asked to choose between an install, a removal and format of partitions and a recovery. Choosing the appropriate letter for the recovery (I think it is R), takes you down that route.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP