Start up problem. Hangs. No entry in sys tray except time

[Guest]

Hi All,
Whenever I start my XP, most of the time (not always) windows (sort of)
hangs. No entry except time is display in system tray. I cant open anything
thogh I can move my mouse. If I long off and login generally problem gets
resolved.
Note that this problem started after my PC got addwares like Torjan horse
and Trojan.favadd.
Though later I removed these addwares using norten anti virus. But this
problem is still continued.

Please help me to resolve this problem.

 

[Thota Umesh]

Hii, you are still infected use a good antivirus and antispyware scan
www.windowsonecare.com or www.freeav.com both are very good! antivirus
softwares & get windows defender here
[www.microsoft.com/athome/security/spyware/software/default.mspx] if you
have installed windows onecare it shd install defender automatically.

 

[Guest]

Well u r in concluding that my laptop still infacted. I installed
windowsonecare first which removed 2 trojans. But I could not connect with
internet anymore. I tried many times. Checked all the setting but could not
make out anything. Finally I uninstalled it and I could get the internet
access again. Then I installed "Avira Antivir" from www.freeav.com. This anti
virus looks prett y good. It detected 36 trojans, while other antivirus could
detect only 1 or two or none. Thanks for suggesting this.

My problem is still same. sometime when I startup the system I face same
problem as I mentioned melow.
Thank you for the response anyway.
--
Sushil Kumar

Hii, you are still infected use a good antivirus and antispyware scan
www.windowsonecare.com or www.freeav.com both are very good! antivirus
softwares & get windows defender here
[www.microsoft.com/athome/security/spyware/software/default.mspx] if you
have installed windows onecare it shd install defender automatically.

Hi All,
Whenever I start my XP, most of the time (not always) windows (sort of)
hangs. No entry except time is display in system tray. I cant open
anything
thogh I can move my mouse. If I long off and login generally problem gets
resolved.
Note that this problem started after my PC got addwares like Torjan horse
and Trojan.favadd.
Though later I removed these addwares using norten anti virus. But this
problem is still continued.

Please help me to resolve this problem.

 

[Thota Umesh]

Thanks, you are welcome, when using onecare you were not able to connect
internet probably due to firewall settings if u are going to use antivir i
suggest u to have windows defender installed. regarding ur startup issue i
suggest to check the processes that are running using process explorer that
way u can analize which application or process is causing the delay. here's
the url : www.sysinternals.com/Utilities/ProcessExplorer.html
ps: the process using most of cpu are marked with red background.
Hope this helps...,

Happy Easter
Umesh Thota
www.windowsworkshop.com.

Well u r in concluding that my laptop still infacted. I installed
windowsonecare first which removed 2 trojans. But I could not connect with
internet anymore. I tried many times. Checked all the setting but could
not
make out anything. Finally I uninstalled it and I could get the internet
access again. Then I installed "Avira Antivir" from www.freeav.com. This
anti
virus looks prett y good. It detected 36 trojans, while other antivirus
could
detect only 1 or two or none. Thanks for suggesting this.

My problem is still same. sometime when I startup the system I face same
problem as I mentioned melow.
Thank you for the response anyway.
--
Sushil Kumar

Hii, you are still infected use a good antivirus and antispyware scan
www.windowsonecare.com or www.freeav.com both are very good! antivirus
softwares & get windows defender here
[www.microsoft.com/athome/security/spyware/software/default.mspx] if you
have installed windows onecare it shd install defender automatically.

Hi All,
Whenever I start my XP, most of the time (not always) windows (sort of)
hangs. No entry except time is display in system tray. I cant open
anything
thogh I can move my mouse. If I long off and login generally problem
gets
resolved.
Note that this problem started after my PC got addwares like Torjan
horse
and Trojan.favadd.
Though later I removed these addwares using norten anti virus. But this
problem is still continued.

Please help me to resolve this problem.

 

[Galen]

In Sushil had this to say:

My reply is at the bottom of your sent message:

Hi All,
Whenever I start my XP, most of the time (not always) windows (sort
of) hangs. No entry except time is display in system tray. I cant
open anything thogh I can move my mouse. If I long off and login
generally problem gets resolved.
Note that this problem started after my PC got addwares like Torjan
horse and Trojan.favadd.
Though later I removed these addwares using norten anti virus. But
this problem is still continued.

Please help me to resolve this problem.

As stated - you're still likely infected.

Malware Cleaners and Repair:
http://kgiii.info/windows/all/general/malwarefix.html

But, in the meantime, see if this is applicable:

Missing Icons and Taskbar:
http://kgiii.info/windows/XP/general/missing_desktop-icons_taskbar.html

(You may need to restore some and then continue cleaning from there.)

If it's really really bad a good idea MIGHT be to just flatten the system
and re-install that OS from scratch. It's a pain but you'll be better armed
to prevent the infestations next time.


--
Galen - MS MVP - Windows (Shell/User & IE)
http://dts-l.org/
http://kgiii.info/

"At present I am, as you know, fairly busy, but I propose to devote my
declining years to the composition of a textbook which shall focus the
whole art of detection into one volume." - Sherlock Holmes

 

[Guest]

Hi,
Thanks again for the response.
I tried ProcessExplorer. Its really a good software but it didnt not solve
my problem. I Meanwhile observered something very strage.
I tried cleaning again using Avira Antivir. it detected 9 more torajans.!!
I restarted my sytem 4-5 times cleanly but again i got the same problem (now
it shows some icons in systray though). I again ran AntiVir it again detected
and deleted some more tojans. (This time 7). Same procedures I followed 4-5
times. I am able to start system cleanly for for 4-5 times. Then again
missing icons in system tray. I log off and logg in again , run Antvir it
again detects 7-8 trojans.
It appears that these trojan appear again after some reboots. Hows that
possible?
Is it some self reproducing virus or something? These are detected in
C:\System Volume Information directory.
(In last scan I chose to move them to quarantine rather deleting them)

Follwoing is part of the AntiVir scan report.
C:\System Volume Information\MountPointManagerRemoteDatabase
[WARNING] The file could not be opened!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027802.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '44730505.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027821.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '40a3ec5e.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027840.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '44730506.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027859.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '44730507.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027878.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '40a3ec50.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027897.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '44730508.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027916.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '44730509.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027935.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '40a3ec52.qua'!

Thanks, you are welcome, when using onecare you were not able to connect
internet probably due to firewall settings if u are going to use antivir i
suggest u to have windows defender installed. regarding ur startup issue i
suggest to check the processes that are running using process explorer that
way u can analize which application or process is causing the delay. here's
the url : www.sysinternals.com/Utilities/ProcessExplorer.html
ps: the process using most of cpu are marked with red background.
Hope this helps...,

Happy Easter
Umesh Thota
www.windowsworkshop.com.

Well u r in concluding that my laptop still infacted. I installed
windowsonecare first which removed 2 trojans. But I could not connect with
internet anymore. I tried many times. Checked all the setting but could
not
make out anything. Finally I uninstalled it and I could get the internet
access again. Then I installed "Avira Antivir" from www.freeav.com. This
anti
virus looks prett y good. It detected 36 trojans, while other antivirus
could
detect only 1 or two or none. Thanks for suggesting this.

My problem is still same. sometime when I startup the system I face same
problem as I mentioned melow.
Thank you for the response anyway.
--
Sushil Kumar

Hii, you are still infected use a good antivirus and antispyware scan
www.windowsonecare.com or www.freeav.com both are very good! antivirus
softwares & get windows defender here
[www.microsoft.com/athome/security/spyware/software/default.mspx] if you
have installed windows onecare it shd install defender automatically.


Hi All,
Whenever I start my XP, most of the time (not always) windows (sort of)
hangs. No entry except time is display in system tray. I cant open
anything
thogh I can move my mouse. If I long off and login generally problem
gets
resolved.
Note that this problem started after my PC got addwares like Torjan
horse
and Trojan.favadd.
Though later I removed these addwares using norten anti virus. But this
problem is still continued.

Please help me to resolve this problem.

 

[Thota Umesh]

hii some trojans drop multiple signatures (core virus files) on to ur system
and active, so that when one is deleted the other detects and creates it
back. Many single trojan file also are protected by its memory image (virus
running in memory) in the same manner. One out of the box solution for this
is if this is repeating again and again what u can do is to notedown the
file name use cmd to go to dos create a garbage file in same directory and
rename it to the trojan file name as soon as the antivirus quarntines it or
deletes it. so if any trojan in memory detects missing file before it
generates it back u can create the file with r a s h attributes which wud
make editing or replacing the file so far difficult for many trojans so once
u reboot u will becompletely free from that trojan. to do this process u
need to have a bit of synchronising between ur antivirus actions and ur dos
actions just keep the command ready and hit enter once u delete or
quarentine. that should fix the problem! Do Note: it rearly happens that
even after cleaning the trojan pops back. caz the antivirus also kills the
trojan resident in the memory. so other reason may be that you dont use a
firewall and these trojans are able to get into your system again and again.
do use windows defender and firewall (inc. in sp2) for additional
protection.

Hope this helps...,
Umesh Thota.
www.windowsworkshop.com

Hi,
Thanks again for the response.
I tried ProcessExplorer. Its really a good software but it didnt not
solve
my problem. I Meanwhile observered something very strage.
I tried cleaning again using Avira Antivir. it detected 9 more
torajans.!!
I restarted my sytem 4-5 times cleanly but again i got the same problem
(now
it shows some icons in systray though). I again ran AntiVir it again
detected
and deleted some more tojans. (This time 7). Same procedures I followed
4-5
times. I am able to start system cleanly for for 4-5 times. Then again
missing icons in system tray. I log off and logg in again , run Antvir it
again detects 7-8 trojans.
It appears that these trojan appear again after some reboots. Hows that
possible?
Is it some self reproducing virus or something? These are detected in
C:\System Volume Information directory.
(In last scan I chose to move them to quarantine rather deleting them)

Follwoing is part of the AntiVir scan report.
C:\System Volume Information\MountPointManagerRemoteDatabase
[WARNING] The file could not be opened!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027802.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '44730505.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027821.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '40a3ec5e.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027840.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '44730506.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027859.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '44730507.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027878.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '40a3ec50.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027897.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '44730508.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027916.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '44730509.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027935.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '40a3ec52.qua'!

Thanks, you are welcome, when using onecare you were not able to connect
internet probably due to firewall settings if u are going to use antivir
i
suggest u to have windows defender installed. regarding ur startup issue
i
suggest to check the processes that are running using process explorer
that
way u can analize which application or process is causing the delay.
here's
the url : www.sysinternals.com/Utilities/ProcessExplorer.html
ps: the process using most of cpu are marked with red background.
Hope this helps...,

Happy Easter
Umesh Thota
www.windowsworkshop.com.

Well u r in concluding that my laptop still infacted. I installed
windowsonecare first which removed 2 trojans. But I could not connect
with
internet anymore. I tried many times. Checked all the setting but could
not
make out anything. Finally I uninstalled it and I could get the
internet
access again. Then I installed "Avira Antivir" from www.freeav.com.
This
anti
virus looks prett y good. It detected 36 trojans, while other antivirus
could
detect only 1 or two or none. Thanks for suggesting this.

My problem is still same. sometime when I startup the system I face
same
problem as I mentioned melow.
Thank you for the response anyway.
--
Sushil Kumar


:

Hii, you are still infected use a good antivirus and antispyware scan
www.windowsonecare.com or www.freeav.com both are very good! antivirus
softwares & get windows defender here
[www.microsoft.com/athome/security/spyware/software/default.mspx] if
you
have installed windows onecare it shd install defender automatically.


Hi All,
Whenever I start my XP, most of the time (not always) windows (sort
of)
hangs. No entry except time is display in system tray. I cant open
anything
thogh I can move my mouse. If I long off and login generally problem
gets
resolved.
Note that this problem started after my PC got addwares like Torjan
horse
and Trojan.favadd.
Though later I removed these addwares using norten anti virus. But
this
problem is still continued.

Please help me to resolve this problem.

 

[Thota Umesh]

Restructuring:

hii some trojans drop multiple signatures (core virus files) on to ur system
and active, so that when one is deleted the other detects and creates it
back. Many single trojan file also are protected by its memory image (virus
running in memory) in the same manner.

One out of the box solution for this is if this is repeating again and again
what u can do is to notedown the file name use cmd to go to dos create a
garbage file in same directory and rename it to the trojan file name as soon
as the antivirus quarntines it or deletes it. so if any trojan in memory
detects missing file before it
generates it back u can create the file with r a s h attributes which wud
make editing or replacing the file so far difficult for many trojans so once
u reboot u will becompletely free from that trojan.

to do this process u need to have a bit of synchronising between ur
antivirus actions and ur dos actions just keep the command ready and hit
enter once u delete or
quarentine. that should fix the problem! Do Note: it rearly happens that
even after cleaning the trojan pops back. caz the antivirus also kills the
trojan resident in the memory. so other reason may be that you dont use a
firewall and these trojans are able to get into your system again and again.
do use windows defender and firewall (inc. in sp2) for additional
protection.

Hope this helps...,
Umesh Thota.
www.windowsworkshop.com

hii some trojans drop multiple signatures (core virus files) on to ur
system and active, so that when one is deleted the other detects and
creates it back. Many single trojan file also are protected by its memory
image (virus running in memory) in the same manner. One out of the box
solution for this is if this is repeating again and again what u can do is
to notedown the file name use cmd to go to dos create a garbage file in
same directory and rename it to the trojan file name as soon as the
antivirus quarntines it or deletes it. so if any trojan in memory detects
missing file before it generates it back u can create the file with r a s
h attributes which wud make editing or replacing the file so far difficult
for many trojans so once u reboot u will becompletely free from that
trojan. to do this process u need to have a bit of synchronising between
ur antivirus actions and ur dos actions just keep the command ready and
hit enter once u delete or quarentine. that should fix the problem! Do
Note: it rearly happens that even after cleaning the trojan pops back. caz
the antivirus also kills the trojan resident in the memory. so other
reason may be that you dont use a firewall and these trojans are able to
get into your system again and again. do use windows defender and firewall
(inc. in sp2) for additional protection.

Hope this helps...,
Umesh Thota.
www.windowsworkshop.com

Hi,
Thanks again for the response.
I tried ProcessExplorer. Its really a good software but it didnt not
solve
my problem. I Meanwhile observered something very strage.
I tried cleaning again using Avira Antivir. it detected 9 more
torajans.!!
I restarted my sytem 4-5 times cleanly but again i got the same problem
(now
it shows some icons in systray though). I again ran AntiVir it again
detected
and deleted some more tojans. (This time 7). Same procedures I followed
4-5
times. I am able to start system cleanly for for 4-5 times. Then again
missing icons in system tray. I log off and logg in again , run Antvir it
again detects 7-8 trojans.
It appears that these trojan appear again after some reboots. Hows that
possible?
Is it some self reproducing virus or something? These are detected in
C:\System Volume Information directory.
(In last scan I chose to move them to quarantine rather deleting them)

Follwoing is part of the AntiVir scan report.
C:\System Volume Information\MountPointManagerRemoteDatabase
[WARNING] The file could not be opened!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027802.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '44730505.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027821.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '40a3ec5e.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027840.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '44730506.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027859.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '44730507.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027878.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '40a3ec50.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027897.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '44730508.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027916.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '44730509.qua'!
C:\System Volume
Information\_restore{8C459B98-89AA-45F6-A5B9-323014416103}\RP90\A0027935.exe
[DETECTION] Is the Trojan horse TR/Dldr.FFZ.33
[INFO] The file was moved to '40a3ec52.qua'!

Thanks, you are welcome, when using onecare you were not able to connect
internet probably due to firewall settings if u are going to use antivir
i
suggest u to have windows defender installed. regarding ur startup issue
i
suggest to check the processes that are running using process explorer
that
way u can analize which application or process is causing the delay.
here's
the url : www.sysinternals.com/Utilities/ProcessExplorer.html
ps: the process using most of cpu are marked with red background.
Hope this helps...,

Happy Easter
Umesh Thota
www.windowsworkshop.com.

Well u r in concluding that my laptop still infacted. I installed
windowsonecare first which removed 2 trojans. But I could not connect
with
internet anymore. I tried many times. Checked all the setting but
could
not
make out anything. Finally I uninstalled it and I could get the
internet
access again. Then I installed "Avira Antivir" from www.freeav.com.
This
anti
virus looks prett y good. It detected 36 trojans, while other
antivirus
could
detect only 1 or two or none. Thanks for suggesting this.

My problem is still same. sometime when I startup the system I face
same
problem as I mentioned melow.
Thank you for the response anyway.
--
Sushil Kumar


:

Hii, you are still infected use a good antivirus and antispyware scan
www.windowsonecare.com or www.freeav.com both are very good!
antivirus
softwares & get windows defender here
[www.microsoft.com/athome/security/spyware/software/default.mspx] if
you
have installed windows onecare it shd install defender automatically.


Hi All,
Whenever I start my XP, most of the time (not always) windows (sort
of)
hangs. No entry except time is display in system tray. I cant open
anything
thogh I can move my mouse. If I long off and login generally
problem
gets
resolved.
Note that this problem started after my PC got addwares like Torjan
horse
and Trojan.favadd.
Though later I removed these addwares using norten anti virus. But
this
problem is still continued.

Please help me to resolve this problem.

 

[Guest]

Thank you very much galen.
It solved my problem. I downloaded anti virus , anti spy ware and anti
addware (first option for each in the list) from the link you provided.
I got the torjans cleaned with them. in first pass. Again I scanned the
computer 2nd time with them one by one and got one more trojan and cleaned
that also.

Now I restarted my laptop ay times and scanned again 3-4 time. There is no
more trojan left on my laptop. And I no longer face the problem of system
hanging and missing icons in system tray.

I downloaded Avira antivir before. It was cleaning the system but every
4-5 reboot, my laptop was detecting the same problem. And anti vir was
detecting and cleaning trojans every time. Means trojans were getting
reproduced even after getting deleted.

One possible explanation may be there was some file which was creating
trojans every time I delete them with a different name though. New Anti
virus I downloaded from the link you provided detected that file in the first
pass but that file created one trojan before getting deleted. So in secon
pass I got one trojan deleted and there was nothing which can create them
again. Writing so much with a hope that if somebody else face this problem
can use this reference as a possible solution.

Thanks again.

Regards,
Sushil

 

[Galen]

In Sushil Kumar had this to say:

My reply is at the bottom of your sent message:

Thank you very much galen.
It solved my problem. I downloaded anti virus , anti spy ware and
anti addware (first option for each in the list) from the link you
provided.
I got the torjans cleaned with them. in first pass. Again I scanned
the computer 2nd time with them one by one and got one more trojan
and cleaned that also.

Now I restarted my laptop ay times and scanned again 3-4 time. There
is no more trojan left on my laptop. And I no longer face the
problem of system hanging and missing icons in system tray.

I downloaded Avira antivir before. It was cleaning the system but
every 4-5 reboot, my laptop was detecting the same problem. And
anti vir was detecting and cleaning trojans every time. Means trojans
were getting reproduced even after getting deleted.

One possible explanation may be there was some file which was creating
trojans every time I delete them with a different name though. New
Anti virus I downloaded from the link you provided detected that file
in the first pass but that file created one trojan before getting
deleted. So in secon pass I got one trojan deleted and there was
nothing which can create them again. Writing so much with a hope that
if somebody else face this problem can use this reference as a
possible solution.

Thanks again.

Regards,
Sushil

Not a problem and I'm glad to have been able to help. Enjoy.

--
Galen - MS MVP - Windows (Shell/User & IE)
http://dts-l.org/
http://kgiii.info/

"At present I am, as you know, fairly busy, but I propose to devote my
declining years to the composition of a textbook which shall focus the
whole art of detection into one volume." - Sherlock Holmes