Virus or malware or both? Please help me!!!

  Valleys boy 12:13 04 Jan 2005

Upon switching on my PC yesterday (running XP Home) I received this message:

Adp module; bargains.exe-app-error
The instruction at 0x77f51e3f referenced memory at 0x32017800. The memory could not be written. Click OK to terminate the program.

When I clicked OK, internet explorer tried to open up several times, each time displaying the above message. I also noticed 2 shortcut icons linking to some dodgy adult websites which I deleted. My user account screen has also changed to show an advert saying you are in danger and I cannot get rid of it. My initial thoughts were I had been infected with a virus or malware or both, so I went out and bought a copy of Nortons Internet Security 2005.

Before installing it I was given the option to run a virus check, which I did, and it did indeed detect 3 viruses. I was then given the option to restore these files but not delete
them, which I did. The installation process then seemed to work fine but when I tried to restart, it just locked up on the 'windows shutting down' screen, and I had no option but to switch off using the on/off switch. When I switched back on, the 'checking disc' screen detected no errors. This is where the major problems started!!!

The NIS configuration process started up and seemed OK but everything was running EXTREMELY slowly. The dodgy shortcuts had reappeared. When clicking on the internet explorer button nothing happened. When I clicked on the Norton button to open that up nothing happened, and when I clicked the My Computer icon I got the 'torch' graphic which seemed to last forever so I closed the window down and tried to shut down the computer using the start menu. I then got 3 messages that the following programs were not responding:

def_alert_window-29DABAC8-AB93.... (the rest would not fit in the window)

I selected 'End Now' to the first 2, but cancelled the last one because it sounded important, and everything just completely locked up! I left the computer for about an hour and a half but nothing at all happened so I had to switch off at the computer again and I haven't turned back on until I asked you guys for some advice.

I bought the PC from Tiny which came with a 'Reload' backup CD, the contents of which I'm not sure of. Having only recently bought the PC, there's nothing on there worth keeping, and anything I have installed I have the CDs for.

Not being a computer expert at all, I'm worried that something fatal has happened. I've heard about restore points, but is there any way to restore without opening up Windows (because thats when the problems seem to start, and if windows locks up again its not much
use is it!). Any advice would be very welcome!

  mark2 12:20 04 Jan 2005

Start up in safe mode, (press f8 while booting), then use system restore to return to a previous problem free date.

Do you have Adaware or Spybot S & D installed, if so run them once windows is running.

  GANDALF <|:-)> 12:28 04 Jan 2005

click here and IIRC Adaware click here gets rid of it

  Valleys boy 12:57 04 Jan 2005

Many thanks for the super-quick response guys!
I don't have Adaware or spybot installed but I'll do that straight away!
Will this software get rid of those dodgy shortcuts aswell? They reappear upon startup even though I deleted them.
I'll let you know how things went when I get home!

  Valleys boy 21:49 04 Jan 2005

Used system restore as advised and everything seems fine.
I installed adaware as advised but when I try to run a system scan I get:

Windows needs to restart:
Shutdown was initiated by NT AUTHORITY\SYSTEM
Remote procedure call service terminated unexpectedly.

I then get 60 seconds to save anything I've been working on. Any ideas what this could be?

  AndySD 21:57 04 Jan 2005

Boot into Safe mode (tap away at F* after the initial boot screen, you may have o do this a few times to get the safe mome options screen) Ten in safe mode run you antivirus program.

  gudgulf 22:12 04 Jan 2005

One thing that used to cause that alert was the "Blaster" worm.Download and run Stinger click here which should deal with it if thats what you have.

Is your windows installation up to date? If you have SP2 on it you should be protected against most of the windows exploits around.If not you should update to SP2 as soon as possible.

  Valleys boy 09:53 05 Jan 2005

Thanks guys, I'll give those a try later.
Gudgulf - Is there really any need to update to SP2 now that I have NIS 2005 installed? Don't they do pretty much the same thing? I'm a bit concerned about SP2 after hearing all the horror stories from people trying to install it!

  curlylad 09:59 05 Jan 2005

You could also try a² free click here this gets rid of malware , diallers etc.

  gudgulf 12:07 05 Jan 2005

You don't *need* to update to SP2 but it contains many fixes and security updates that NIS2005 wont deal with.I also use NIS2005 and have SP2 on both my own pc's at home.It is far better to prevent rather than have to cure a problem.Bear in mind that there should be few problems updating a newish pc but it would be wise to make sure your system is clear of malware and any other problems first as this is known to be a factor in a lot of SP2 installation problems.

  Valleys boy 10:52 06 Jan 2005

The saga continues!
I managed to run Adaware in safe mode and it located over 500 dodgy files, which I quarantined and deleted.
Everything was running really well last night and I thought I'd sorted it, but when I tried to shut down I got the message:

1Eomxl not responding

so I let windows try to close it numerous times but I had to 'end now'. It then seemed to take a really long time to shut down so I left it for about half hour and when I returned the screen had turned black but the cursor was still there and the computer still running! In the end I just turned off at the computer. Any ideas?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Samsung Galaxy S9 review

Explore Milton Glaser's iconic poster designs from the 1960s to present, including Bob Dylan, I…

What to expect at Apple's 27 March education event

Idées cadeaux pour geeks et tech addicts