[dvprao]

I am running Symantec AV 8.0 client ( Corp Edition) wiht Definitions dated 18.1.2006.
All of a sudden in teh morning of 20.1.06 couple of trojans were intercepted by the real time protector.
I have deleted the quarantined files but I get the follwoing error after some time.

instruction at 0X0067BC70 could not be written. the referenced memory 0X00000000. Please click OK to close or something like that. After I click OK/Close, I get this pminous message box saying the the Windows is shutting down in 30 seconds and actually shutdown and reboots. The error message is Services.exe is shutting down wiht service specific error -1073741674

If the computer is not conncted I get a different kind of error ( some kind of execution protecition)

I suspect that it is something ot do with either Bit torrent software which is used by my son or MSN Messenger.

Any help or hint is appreciated. ( of course, please do not advise me to re-install and I will upgrade my AV to Version 10.0 today it self

Thanks - DVP

[Advertisements]

do you remember the name of the trojan found?

[dsenette]

do you remember the name of the trojan found?

[dvprao]

Hi thanks for hte reply.
Yes I tried to copy and paste the list but could not.
The list is quite big the one remember are
download.trojan
downlaoder.trojan
and trhere were couple more.

I realized that agains tht rules , I posted hte hijack this logs to another thres on the same topic.
I also see one more by a person named TARGET and he seemd to be pretty frustrated abut this issue.

I remmeber at least two years aog seeing the same problem on a Win98 machine ( that dreded RPC error) that wa linked ot a very mailicious virus ( I think it was called Bug bear) . This one has almost similar behaviour.

This partucular pice of crap was picked up while getting shady software for shady means !!!! I got my lesson !!!

For a while i was thinking it it something to do wiht the ROOT KIT issue that is making rounds ????

In any case, I can not find any help in Micorsoft.com or Symantec.com and I do not know if there is help availbale anywhere else.

But certainly I would like otget to the bottom of this , if possible.

For now, I have bought a new HD and installed a fresh XP Pro on it and by passsed the bootable partion o n thi shard drive. I am saving it till I hear from you as to how to tackle this thing. I am really keen to understand how this thing is able to evade the top of hte line Anti-Virus and Anti-spy software given issued by Micorsoft and Symantec.

Any help is appreciated.
Thnaks

[dsenette]

wewll...number 1 symantec is nowhere near top o the line...nor is the microsoft jazz...much better and more...freee stuff...but...that's for later...

so you bought a new hd...installed xp....and then moved the virus infected one over to the slave drive?...at this point...(unless you have some programs that you can't replace) copy all your data off the old drive onto the new....and format the old on....or smash it with a hammer...whichever makes you happier hehe

[dvprao]

Yes I agree with you that I should not have used "top of the line" adjective....

But, can you help ?
Thanks

[dsenette]

so you bought a new hd...installed xp....and then moved the virus infected one over to the slave drive?...

is this correct?

[dvprao]

Yes. The mother board supports up to 4 SATA drives and the priority can be switched at BIOS level.
Booting form the new drive, I scanned the entire drive ( the infected one) with no threats identified...

But when I switch back to this drive to boot, the same probelm appears.
( like others who have experienced this issue, if I keep that memory address errro dialog box in the back ground, I can continue ot wrk wihtout any problem. But teh reboot occurs when I acknowledge the dailog.)
( I get exactly 60 seconds before reboot after that...)

Thank you...

[dsenette]

ok...so you basically have a brand new fresh primary drive with xp on it....is there a reason that you want to keep the other drive as the primary? or would backing up your data off of it then formatting and using it as a slave drive be...not what you want?

[dvprao]

Data is safe...
I got the new drive only to get to the bottom of this issue..
I will be keepting the infected drive as such without any modificaitons and keep on looking for help at fora like these.

I am looking for a solution to this problem.

[dsenette]

that's cool...we can accomplish trying to get to the root of the infection...unfortunatly..you have to be able to boot to the drive to do such a thing...

if you can boot to the drive you can post in the malware forum...and they will get to the bottom of any infections...

[coachwife6]

dvprao:

I did a search on the error you were having when I was working on another log. Are you still having problems?

[dvprao]

Yes. Like mentioned before, I bought a new Hard drive and installed OS on that. I am accessgint ehdata on teh infected direv as a slave....

I installed Symanted Anti Virus (Enterprise) 10.00 version and scanned the infected drive fully , and nothing is reported.

But the probelm is still there becasue, when I switch to htis infected drive and boot, the problem starts again.

I have sseend this similar behavious when a Pc was affected wiht a virus known as bugbear, couple of years ago. BUt this seems very persistent.


The probelm started with my son downloadinga Crack file ( some kind of key genrator routine - for CD key for a stupid game) . He does not evenmknwo this guy. I am sure he must have had a good laugh at my expense. Becasue fo this reason, I do not want ot go to Microsoft for resolution if this issue.


Any help is appreciated.

[coachwife6]

Not sure if I have all the answers yet, but let's try.

Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"