PCbanter

PCbanter (http://www.pcbanter.net/index.php)
-   Windows XP Help and Support (http://www.pcbanter.net/forumdisplay.php?f=15)
-   -   Infection messages? (http://www.pcbanter.net/showthread.php?t=1062903)

Robin Bignall November 22nd 09 02:53 PM

Infection messages?
 
XP Pro SP3
During the past few weeks, immediately after the initial Windows
screen with the blue bar running left right, and before the logon
screen, I get a blue screen with white messages. There are dozens of
them, all identical, which say something like:
Infection: docs and settings my name cookies/index.dat does not exist
and cannot be removed. (Pause is inoperative and the normal logon
screen appears immediately after.)

If I reboot at the logon screen instead of logging on, they have all
disappeared. CHKDSK on system disk shows a healthy disk.

I have Kaspersky 9 and have run MBAM SAS Asquared etc., nothing found.
What is causing these? (There's no anti-virus in my BIOS, BTW.)
--
Robin
(BrE)
Herts, England

Gerry November 22nd 09 05:31 PM

Infection messages?
 
Robin

They could be ophaned start up items. Perhaps an infection only partly
removed.

To identify what loads when you boot use Autoruns (freeware) from
Microsoft.
http://www.microsoft.com/technet/sys.../Autoruns.mspx

With Autoruns you can uncheck an item, which disables it from
starting,or you can right click an item and then delete it. If you
uncheck you can recheck to re-enable the item. It is a much safer
approach than editing the Registry and better than using msconfig..
Another useful feature of the programme is that you can right click an
item and select Search Online to get information about the item
selected.

When booting an automatic virus scan can impact significantly on
performance. The extent varies according to the anti-virus software, the
availability of RAM and the CPU capacity.

Is your system error free?

Have a look in the System and Application logs in Event Viewer for
Errors and Warnings and post copies here. Don't post any more than 48
hours ago.

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the meaning
of the error, information regarding Event ID, Source and Description
are important.

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.

--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Robin Bignall wrote:
XP Pro SP3
During the past few weeks, immediately after the initial Windows
screen with the blue bar running left right, and before the logon
screen, I get a blue screen with white messages. There are dozens of
them, all identical, which say something like:
Infection: docs and settings my name cookies/index.dat does not exist
and cannot be removed. (Pause is inoperative and the normal logon
screen appears immediately after.)

If I reboot at the logon screen instead of logging on, they have all
disappeared. CHKDSK on system disk shows a healthy disk.

I have Kaspersky 9 and have run MBAM SAS Asquared etc., nothing found.
What is causing these? (There's no anti-virus in my BIOS, BTW.)



Daave[_8_] November 22nd 09 05:36 PM

Infection messages?
 
Robin Bignall wrote:
XP Pro SP3
During the past few weeks, immediately after the initial Windows
screen with the blue bar running left right, and before the logon
screen, I get a blue screen with white messages. There are dozens of
them, all identical, which say something like:
Infection: docs and settings my name cookies/index.dat does not exist
and cannot be removed. (Pause is inoperative and the normal logon
screen appears immediately after.)


It is very important that you post back with the exact, complete
message! It's hard to tell at this moment, but it's possible you have a
variation of what is described he

http://www.bleepingcomputer.com/viru...irus-1-removal

Please post back with the complete message.



Peter Foldes November 22nd 09 07:26 PM

Infection messages?
 
Robin

What is the exact error message as per verbatim that shows up on the Blue screen .
We need that for a proper answer

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"Robin Bignall" wrote in message
...
XP Pro SP3
During the past few weeks, immediately after the initial Windows
screen with the blue bar running left right, and before the logon
screen, I get a blue screen with white messages. There are dozens of
them, all identical, which say something like:
Infection: docs and settings my name cookies/index.dat does not exist
and cannot be removed. (Pause is inoperative and the normal logon
screen appears immediately after.)

If I reboot at the logon screen instead of logging on, they have all
disappeared. CHKDSK on system disk shows a healthy disk.

I have Kaspersky 9 and have run MBAM SAS Asquared etc., nothing found.
What is causing these? (There's no anti-virus in my BIOS, BTW.)
--
Robin
(BrE)
Herts, England


Robin Bignall November 22nd 09 11:34 PM

Infection messages?
 
On Sun, 22 Nov 2009 11:36:50 -0500, "Daave" wrote:

Robin Bignall wrote:
XP Pro SP3
During the past few weeks, immediately after the initial Windows
screen with the blue bar running left right, and before the logon
screen, I get a blue screen with white messages. There are dozens of
them, all identical, which say something like:
Infection: docs and settings my name cookies/index.dat does not exist
and cannot be removed. (Pause is inoperative and the normal logon
screen appears immediately after.)


It is very important that you post back with the exact, complete
message! It's hard to tell at this moment, but it's possible you have a
variation of what is described he

http://www.bleepingcomputer.com/viru...irus-1-removal

Please post back with the complete message.

Difficult. Pause/break stops the screen for a second and then it goes
straight to the logon. I just rebooted and all those messages have
vanished. None of the virus/malware programs finds anything.
I'll post again if those messages reappear. There's nothing in the
event log that looks suspicious.
--
Robin
(BrE)
Herts, England

Daave[_8_] November 23rd 09 01:05 AM

Infection messages?
 
Robin Bignall wrote:
On Sun, 22 Nov 2009 11:36:50 -0500, "Daave" wrote:

Robin Bignall wrote:
XP Pro SP3
During the past few weeks, immediately after the initial Windows
screen with the blue bar running left right, and before the logon
screen, I get a blue screen with white messages. There are dozens
of them, all identical, which say something like:
Infection: docs and settings my name cookies/index.dat does not
exist and cannot be removed. (Pause is inoperative and the normal
logon screen appears immediately after.)


It is very important that you post back with the exact, complete
message! It's hard to tell at this moment, but it's possible you
have a variation of what is described he

http://www.bleepingcomputer.com/viru...irus-1-removal

Please post back with the complete message.

Difficult. Pause/break stops the screen for a second and then it goes
straight to the logon. I just rebooted and all those messages have
vanished. None of the virus/malware programs finds anything.
I'll post again if those messages reappear. There's nothing in the
event log that looks suspicious.


In the menu you get after hitting F8, do you see an option called
"Disable automatic restart on system failure"? If so, choose it. Another
way to do this:

http://pcsupport.about.com/od/tipstr...utorestart.htm

This way, you will be able to write down these messages.



Robin Bignall November 23rd 09 11:30 PM

Infection messages?
 
On Sun, 22 Nov 2009 19:05:42 -0500, "Daave" wrote:

Robin Bignall wrote:
On Sun, 22 Nov 2009 11:36:50 -0500, "Daave" wrote:

Robin Bignall wrote:
XP Pro SP3
During the past few weeks, immediately after the initial Windows
screen with the blue bar running left right, and before the logon
screen, I get a blue screen with white messages. There are dozens
of them, all identical, which say something like:
Infection: docs and settings my name cookies/index.dat does not
exist and cannot be removed. (Pause is inoperative and the normal
logon screen appears immediately after.)

It is very important that you post back with the exact, complete
message! It's hard to tell at this moment, but it's possible you
have a variation of what is described he

http://www.bleepingcomputer.com/viru...irus-1-removal

Please post back with the complete message.

Difficult. Pause/break stops the screen for a second and then it goes
straight to the logon. I just rebooted and all those messages have
vanished. None of the virus/malware programs finds anything.
I'll post again if those messages reappear. There's nothing in the
event log that looks suspicious.


In the menu you get after hitting F8, do you see an option called
"Disable automatic restart on system failure"? If so, choose it. Another
way to do this:

http://pcsupport.about.com/od/tipstr...utorestart.htm

This way, you will be able to write down these messages.

The message is:
infection:documents and settings\robin bignall\cookies\index.dat could
not be removed. file is no longer existent.
--
Robin
(BrE)
Herts, England

Daave[_8_] November 24th 09 12:40 AM

Infection messages?
 
Robin Bignall wrote:
On Sun, 22 Nov 2009 19:05:42 -0500, "Daave" wrote:

Robin Bignall wrote:
On Sun, 22 Nov 2009 11:36:50 -0500, "Daave"
wrote:

Robin Bignall wrote:
XP Pro SP3
During the past few weeks, immediately after the initial Windows
screen with the blue bar running left right, and before the logon
screen, I get a blue screen with white messages. There are dozens
of them, all identical, which say something like:
Infection: docs and settings my name cookies/index.dat does not
exist and cannot be removed. (Pause is inoperative and the normal
logon screen appears immediately after.)

It is very important that you post back with the exact, complete
message! It's hard to tell at this moment, but it's possible you
have a variation of what is described he

http://www.bleepingcomputer.com/viru...irus-1-removal

Please post back with the complete message.

Difficult. Pause/break stops the screen for a second and then it
goes straight to the logon. I just rebooted and all those messages
have vanished. None of the virus/malware programs finds anything.
I'll post again if those messages reappear. There's nothing in the
event log that looks suspicious.


In the menu you get after hitting F8, do you see an option called
"Disable automatic restart on system failure"? If so, choose it.
Another way to do this:

http://pcsupport.about.com/od/tipstr...utorestart.htm

This way, you will be able to write down these messages.

The message is:
infection:documents and settings\robin bignall\cookies\index.dat could
not be removed. file is no longer existent.


Googling the above didn't turn up many hits, which already points to
malware. I did manage to find a very similar message (with "available"
replacing "existent") he

http://translate.google.com/translat...tent%26hl%3Den

Another possibly relevant hit:

http://forums.techguy.org/malware-re...lp-please.html

I'm 99.9999999999999% sure you have malware. :-(

This page should help:

http://www.elephantboycomputers.com/...moving_Malware

(also cross-posting to microsoft.public.security.virus )



Robin Bignall November 24th 09 10:57 AM

Infection messages?
 
On Mon, 23 Nov 2009 18:40:34 -0500, "Daave" wrote:

Robin Bignall wrote:
On Sun, 22 Nov 2009 19:05:42 -0500, "Daave" wrote:

Robin Bignall wrote:
On Sun, 22 Nov 2009 11:36:50 -0500, "Daave"
wrote:

Robin Bignall wrote:
XP Pro SP3
During the past few weeks, immediately after the initial Windows
screen with the blue bar running left right, and before the logon
screen, I get a blue screen with white messages. There are dozens
of them, all identical, which say something like:
Infection: docs and settings my name cookies/index.dat does not
exist and cannot be removed. (Pause is inoperative and the normal
logon screen appears immediately after.)

It is very important that you post back with the exact, complete
message! It's hard to tell at this moment, but it's possible you
have a variation of what is described he

http://www.bleepingcomputer.com/viru...irus-1-removal

Please post back with the complete message.

Difficult. Pause/break stops the screen for a second and then it
goes straight to the logon. I just rebooted and all those messages
have vanished. None of the virus/malware programs finds anything.
I'll post again if those messages reappear. There's nothing in the
event log that looks suspicious.

In the menu you get after hitting F8, do you see an option called
"Disable automatic restart on system failure"? If so, choose it.
Another way to do this:

http://pcsupport.about.com/od/tipstr...utorestart.htm

This way, you will be able to write down these messages.

The message is:
infection:documents and settings\robin bignall\cookies\index.dat could
not be removed. file is no longer existent.


Googling the above didn't turn up many hits, which already points to
malware. I did manage to find a very similar message (with "available"
replacing "existent") he

http://translate.google.com/translat...tent%26hl%3Den

Another possibly relevant hit:

http://forums.techguy.org/malware-re...lp-please.html

I'm 99.9999999999999% sure you have malware. :-(

This page should help:

http://www.elephantboycomputers.com/...moving_Malware

(also cross-posting to microsoft.public.security.virus )

Thanks for your help. I spent lots of time last night doing full/deep
scans using Kaspersky 9, SAS, Asquared and Activescan2. Nothing
found. Am now starting MBAM...
Will look at your links after breakfast.
--
Robin
(BrE)
Herts, England

Daave[_8_] November 24th 09 02:53 PM

Infection messages?
 
Robin Bignall wrote:
On Mon, 23 Nov 2009 18:40:34 -0500, "Daave" wrote:

Robin Bignall wrote:


The message is:
infection:documents and settings\robin bignall\cookies\index.dat
could not be removed. file is no longer existent.


Googling the above didn't turn up many hits, which already points to
malware. I did manage to find a very similar message (with
"available" replacing "existent") he

http://translate.google.com/translat...tent%26hl%3Den

Another possibly relevant hit:

http://forums.techguy.org/malware-re...lp-please.html

I'm 99.9999999999999% sure you have malware. :-(

This page should help:

http://www.elephantboycomputers.com/...moving_Malware

(also cross-posting to microsoft.public.security.virus )

Thanks for your help. I spent lots of time last night doing full/deep
scans using Kaspersky 9, SAS, Asquared and Activescan2. Nothing
found. Am now starting MBAM...
Will look at your links after breakfast.


Sounds like you're on the right track. MBAM is quite good.

Sometimes, one needs to boot off a rescue CD. Check out these links for
more info:

http://www.free-av.com/en/tools/12/a...ue_system.html

http://www.techmixer.com/free-bootab...download-list/

(This way, the OS is entirely bypassed. Another method is to physically
remove your hard drive and slave it to another PC and use the
uncompromised PC to perform the scan.)



Robin Bignall November 24th 09 03:42 PM

Infection messages?
 
On Tue, 24 Nov 2009 08:53:29 -0500, "Daave" wrote:


Robin Bignall wrote:
On Mon, 23 Nov 2009 18:40:34 -0500, "Daave" wrote:

Robin Bignall wrote:


The message is:
infection:documents and settings\robin bignall\cookies\index.dat
could not be removed. file is no longer existent.

Googling the above didn't turn up many hits, which already points to
malware. I did manage to find a very similar message (with
"available" replacing "existent") he

http://translate.google.com/translat...tent%26hl%3Den

Another possibly relevant hit:

http://forums.techguy.org/malware-re...lp-please.html

I'm 99.9999999999999% sure you have malware. :-(

This page should help:

http://www.elephantboycomputers.com/...moving_Malware

(also cross-posting to microsoft.public.security.virus )

Thanks for your help. I spent lots of time last night doing full/deep
scans using Kaspersky 9, SAS, Asquared and Activescan2. Nothing
found. Am now starting MBAM...
Will look at your links after breakfast.


Sounds like you're on the right track. MBAM is quite good.

Sometimes, one needs to boot off a rescue CD. Check out these links for
more info:

http://www.free-av.com/en/tools/12/a...ue_system.html

http://www.techmixer.com/free-bootab...download-list/

(This way, the OS is entirely bypassed. Another method is to physically
remove your hard drive and slave it to another PC and use the
uncompromised PC to perform the scan.)

MBAM was clean. I'm now going to run everything in safe mode to
check.
--
Robin
(BrE)
Herts, England

Buffalo[_2_] November 24th 09 04:42 PM

Infection messages?
 


Robin Bignall wrote:
On Sun, 22 Nov 2009 19:05:42 -0500, "Daave" wrote:

Robin Bignall wrote:
On Sun, 22 Nov 2009 11:36:50 -0500, "Daave"
wrote:

Robin Bignall wrote:
XP Pro SP3
During the past few weeks, immediately after the initial Windows
screen with the blue bar running left right, and before the logon
screen, I get a blue screen with white messages. There are dozens
of them, all identical, which say something like:
Infection: docs and settings my name cookies/index.dat does not
exist and cannot be removed. (Pause is inoperative and the normal
logon screen appears immediately after.)

It is very important that you post back with the exact, complete
message! It's hard to tell at this moment, but it's possible you
have a variation of what is described he

http://www.bleepingcomputer.com/viru...irus-1-removal

Please post back with the complete message.

Difficult. Pause/break stops the screen for a second and then it
goes straight to the logon. I just rebooted and all those messages
have vanished. None of the virus/malware programs finds anything.
I'll post again if those messages reappear. There's nothing in the
event log that looks suspicious.


In the menu you get after hitting F8, do you see an option called
"Disable automatic restart on system failure"? If so, choose it.
Another way to do this:

http://pcsupport.about.com/od/tipstr...utorestart.htm

This way, you will be able to write down these messages.

The message is:
infection:documents and settings\robin bignall\cookies\index.dat could
not be removed. file is no longer existent.


Try posting this in :
alt.privacy.spyware



There are some very sharp people in there who could probably help you
quickly.

Just include the exact message, your OS and what you already tried and the
whole story.

Buffalo



Robin Bignall November 24th 09 04:52 PM

Infection messages?
 
On Tue, 24 Nov 2009 14:42:04 +0000, Robin Bignall
wrote:

On Tue, 24 Nov 2009 08:53:29 -0500, "Daave" wrote:


Robin Bignall wrote:
On Mon, 23 Nov 2009 18:40:34 -0500, "Daave" wrote:

Robin Bignall wrote:


The message is:
infection:documents and settings\robin bignall\cookies\index.dat
could not be removed. file is no longer existent.

Googling the above didn't turn up many hits, which already points to
malware. I did manage to find a very similar message (with
"available" replacing "existent") he

http://translate.google.com/translat...tent%26hl%3Den

Another possibly relevant hit:

http://forums.techguy.org/malware-re...lp-please.html

I'm 99.9999999999999% sure you have malware. :-(

This page should help:

http://www.elephantboycomputers.com/...moving_Malware

(also cross-posting to microsoft.public.security.virus )

Thanks for your help. I spent lots of time last night doing full/deep
scans using Kaspersky 9, SAS, Asquared and Activescan2. Nothing
found. Am now starting MBAM...
Will look at your links after breakfast.


Sounds like you're on the right track. MBAM is quite good.

Sometimes, one needs to boot off a rescue CD. Check out these links for
more info:

http://www.free-av.com/en/tools/12/a...ue_system.html

http://www.techmixer.com/free-bootab...download-list/

(This way, the OS is entirely bypassed. Another method is to physically
remove your hard drive and slave it to another PC and use the
uncompromised PC to perform the scan.)

MBAM was clean. I'm now going to run everything in safe mode to
check.


Just ran MBAM, SAS and Kaspersky full scans in safe mode. Nothing
reported. On reboot all "infection" messages had vanished. Weird,
huh?
--
Robin
(BrE)
Herts, England

Robin Bignall November 24th 09 04:53 PM

Infection messages?
 
On Tue, 24 Nov 2009 08:42:03 -0700, "Buffalo"
wrote:



Robin Bignall wrote:
On Sun, 22 Nov 2009 19:05:42 -0500, "Daave" wrote:

Robin Bignall wrote:
On Sun, 22 Nov 2009 11:36:50 -0500, "Daave"
wrote:

Robin Bignall wrote:
XP Pro SP3
During the past few weeks, immediately after the initial Windows
screen with the blue bar running left right, and before the logon
screen, I get a blue screen with white messages. There are dozens
of them, all identical, which say something like:
Infection: docs and settings my name cookies/index.dat does not
exist and cannot be removed. (Pause is inoperative and the normal
logon screen appears immediately after.)

It is very important that you post back with the exact, complete
message! It's hard to tell at this moment, but it's possible you
have a variation of what is described he

http://www.bleepingcomputer.com/viru...irus-1-removal

Please post back with the complete message.

Difficult. Pause/break stops the screen for a second and then it
goes straight to the logon. I just rebooted and all those messages
have vanished. None of the virus/malware programs finds anything.
I'll post again if those messages reappear. There's nothing in the
event log that looks suspicious.

In the menu you get after hitting F8, do you see an option called
"Disable automatic restart on system failure"? If so, choose it.
Another way to do this:

http://pcsupport.about.com/od/tipstr...utorestart.htm

This way, you will be able to write down these messages.

The message is:
infection:documents and settings\robin bignall\cookies\index.dat could
not be removed. file is no longer existent.


Try posting this in :
alt.privacy.spyware



There are some very sharp people in there who could probably help you
quickly.

Just include the exact message, your OS and what you already tried and the
whole story.

Buffalo

I'll give that a try later.
--
Robin
(BrE)
Herts, England

Daave[_8_] November 24th 09 05:05 PM

Infection messages?
 
Robin Bignall wrote:
On Tue, 24 Nov 2009 14:42:04 +0000, Robin Bignall
wrote:

On Tue, 24 Nov 2009 08:53:29 -0500, "Daave"
wrote:


Robin Bignall wrote:
On Mon, 23 Nov 2009 18:40:34 -0500, "Daave"
wrote:

Robin Bignall wrote:

The message is:
infection:documents and settings\robin bignall\cookies\index.dat
could not be removed. file is no longer existent.

Googling the above didn't turn up many hits, which already points
to malware. I did manage to find a very similar message (with
"available" replacing "existent") he

http://translate.google.com/translat...tent%26hl%3Den

Another possibly relevant hit:

http://forums.techguy.org/malware-re...lp-please.html

I'm 99.9999999999999% sure you have malware. :-(

This page should help:

http://www.elephantboycomputers.com/...moving_Malware

(also cross-posting to microsoft.public.security.virus )

Thanks for your help. I spent lots of time last night doing
full/deep scans using Kaspersky 9, SAS, Asquared and Activescan2.
Nothing found. Am now starting MBAM...
Will look at your links after breakfast.

Sounds like you're on the right track. MBAM is quite good.

Sometimes, one needs to boot off a rescue CD. Check out these links
for more info:

http://www.free-av.com/en/tools/12/a...ue_system.html

http://www.techmixer.com/free-bootab...download-list/

(This way, the OS is entirely bypassed. Another method is to
physically remove your hard drive and slave it to another PC and
use the uncompromised PC to perform the scan.)

MBAM was clean. I'm now going to run everything in safe mode to
check.


Just ran MBAM, SAS and Kaspersky full scans in safe mode. Nothing
reported. On reboot all "infection" messages had vanished. Weird,
huh?


Yes.

I still smell something rotten. I would still boot off a rescue CD and
scan or use another PC to scan. An alternative to removing the drive and
slaving it is to use a device like this one:

http://www.newegg.com/Product/Produc...82E16812161002




All times are GMT +1. The time now is 01:31 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2004 - 2006 PCbanter
Comments are property of their posters