re: frozen start menu and icons
Wednesday, October 26, 2005 at 7:47 am
Windows XP Annoyances Discussion Forum
Posted by Darko
(13 messages posted)
After a few hours of trying yesterday afternoon I was able to “unfreeze” my icons
and start menu.
1. Started Windows XP in normal mode, icons and start menu frozen.
2. Restarted computer in Safe Mode. The same problems with frozen icons and start
menu. Ctrl-Alt-Del to start Windows Task Manager. It opens but could not browse.
Had to restart computer because I could not close Windows Task Manager (computer
was “busy thinking” and when tried to move Task Manager I got that effect like numerous
Task Managers were open behind the front one).
3. Restarted computer in Safe Mode with Command Prompt (CP). Tried to run Spybot
– Search & Destroy, could not do it. Tried to run Ad-Aware SE personal and was able
to do it. Ad-Aware SE found 13 critical objects (2 registry keys, 10 registry values
and 1 file identified: tracking cookie, type IE cache entry, category data miner,
object @kazaa.cjt1.net/htm/500/0. Twelve registry entries were related to Alexa.
Ad-Aware deleted all 13 objects.
4. Found and deleted (run regedit through CP to open Registry):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify|style2.
Also found and deleted HKEY_CURRENT_USER\Software\Microsoft\Style2.
5. Could not find any of those files that were recommended to be deleted: TROJ_DLOADER.AHD,
TROJ_SMALL.ATP, Win32.DlStwoyle.G, Project.dll, Q178937.DLL, Win32/SillyDl.14336.Dll,
Win32/SillyDl.69632!DLL or any other Stwoyle virus. The chance is that I could miss
some of those files on my computer. Of course, I already had virus Q50502281_disk.dll
which could not be accessed (deletion denied).
6. Rebooted computer in normal mode and immediately those 2 deleted files from #4
were back.
7. Went back to CP mode.
8. Deleted all files that start with Q then have 7,8 or 9 numbers behind Q (under
WINNT) with extensions .dll, .log and .exe. Tried to delete file Q50502281_disk.dll
(after I deleted all other files that start with Q) and surprisingly was able to
delete it this time. One file remains undeleted Q3683875.dll which, I suspect, is
another virus that could be triggered somehow (I have feeling that those are triggered
when AV recognizes them as viurses) .
9. Run start taksmgr.exe from CP successfully and even was able to browse. Once I
was able to browse it and had access through some windows screens I did the following:
deleted all files from C:\WINNT\Prefetch; deleted all Temp and Temporary Internet
Files; reduced the space for Temporary Internet Files to 10 Mb (Internet Options-General-Temporary
Internet Files-Settings); emptied Recycle Bin; disabled WinXP system restore feature
(Control Panel-System-System Restore-check Turn off System Restore-click Apply and
OK-answered Yes to follow-up information).
10. Made all copies of important files from C drive to removable media in the case
I have to format C drive.
11. Run Ad-Aware SE and Spybot – Search & Destroy and those two programs did not
find anything (looks like the system is clean of spyware). Could not run my AV because
it can’t be launched in Safe Mode.
12. All this time my computer was disconnected from Internet and I am still not connected
hoping that I could get some additional information today how to finally solve this
problem.
JCW, I hope you can send me some info now how to pursue other cleaning procedures
off and on line (I believe I should have access now to Internet once I got my icons
“unfrozen” because I can access any other programs now) in Windows environment. I
did not go to Internet because I was afraid I might get all that was cleaned back.
I even did not want to shut down computer because I was also afraid that reboot could
ruin everything again. Thanks for all your help. It is greatly appreciated. I am
also trying to explain in details what I have done so far to unfreeze my computer
because, I believe, it will be useful to Diane and probably some other people who
might have the same problem.
On Tuesday, October 25, 2005 at 11:19 am, jcw wrote:
>Further to my earlier post today at 10:12 am, and in reply to your 10:30 am post:
>
-- Where on your HD is that "C:\WINNT\Q50502281_disk.dll" ? Do you have a WINNT
>directory? If so, what else is in it? You get the access denied message when you
>try to delete it via the safe mode CP window?
>
-- Also check in your registry editor, and in the following folders, for the
>files listed below or any variant thereof:
>
Folders: Windows, Windows\system, Windows\system32, Program Files\Windows NT
>
Files:
>TROJ_DLOADER.AHD
>TROJ_SMALL.ATP
>Win32.DlStwoyle.G
>Project1.dll
>Q178937.DLL
>Q50502281.dll
>Q50502281_disk.dll
>Win32/SillyDl.14336.Dll
>Win32/SillyDL.69632!DLL
>Stwoyle {any variant}
>
These file-names came from the Trend Micro website, and are to be viewed as
bad
>and to be deleted, but if in doubt, post back with what you find.
>As to your last question, I believe that Symantec's Norton AV CD could be placed
>in the CD drive and run to clean vires (useful e.g. when boot sector was dirty and
>Windows wouldn't boot). Don't know if it would work here - might. Don't know if
>any other AV vendors' CDs would similarly work here - you would need to investigate.
> If cost not a big factor and can't solve problem otherwise, may be another alternative
>to the "copy data - clean reinstall WXP & programs" alternative if the CD were up-to-date
>enough to detect and delete whatever malicious critter(s) you have. That's part
>of the problem: we're not sure what all you have, because the freezing problem
>you and Diane are having is the first I'm seeing as a result of the "Stwoyle" infection.
> On the other hand, if such a CD could clean at least enough to "unlock" your system,
>you would be able to pursue other cleaning procedures off and on line in a Windows
>environment. Symantec discovered "Stwoyle" June 15, 2005; see:
> --> http://securityresponse.symantec.com/avcenter/venc/data/trojan.stwoyle.html
>
so I am less than optimistic that a CD would yet be updated to include it.
>I have come across a purported fix for "Stwoyle" available on the net. You would
>need to download it from the net, copy it onto removable media (e.g. a diskette),
>copy it onto your machine, and then run it. I was hoping that we could get your
>system unfrozen first as it would be easier to do that in Windows, but your system
>re-froze before I got back to you today. I can't vouch for this fix, as I've never
>had to use it.
>
>
>
>
|
All messages in this thread [show all]
 | | | | | | |  | | | |  | re: frozen start menu and icons (Darko: Wed, Oct 26, 2005, 7:47 am) |
| |
| |
| |
Return to the Windows XP Discussion Forum
|
|
