Solved

security center issue

Posted on 2008-06-13
20
1,030 Views
Last Modified: 2011-10-19
upon booting up get the error message userinit failed to load.....have no task bar or start menu. also windows security center gives the error message "rundll32.exe application error.
0
Comment
Question by:DRAHannah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 8
20 Comments
 
LVL 1

Expert Comment

by:Sureshbharathy
ID: 21783841
Click Start, click Run, type eventvwr.msc in the Open box, and then press Enter.
Click the Application category.

Look For Recent Errors > Double Click on them > Another Windows Will open > On the Right Side use the Double Notepad icon to copy the error paste them here
0
 

Author Comment

by:DRAHannah
ID: 21783927
Event Type:      Warning
Event Source:      WinDefend
Event Category:      None
Event ID:      3004
Date:            14/06/2008
Time:            10:42:05 AM
User:            N/A
Computer:      DEANO
Description:
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
 For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409
       Scan ID: {C56E8616-B8C2-4611-8D2C-04ED1CB08230}
       User: DEANO\Default
       Name: Unknown
       ID:
       Severity: Not Yet Classified
       Category: Not Yet Classified
       Path Found: clsid:HKLM\SOFTWARE\CLASSES\CLSID\{047B6F67-A3D4-4245-BE45-F409B0B76F09};regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{047B6F67-A3D4-4245-BE45-F409B0B76F09};regkey:HKLM\SOFTWARE\CLASSES\CLSID\{047B6F67-A3D4-4245-BE45-F409B0B76F09};bho:HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{047B6F67-A3D4-4245-BE45-F409B0B76F09};file:C:\WINDOWS\system32\bpevupov.dll
       Alert Type: Unclassified software
       Detection Type:

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 

Author Comment

by:DRAHannah
ID: 21783961
here is an entry from the event viewer .........also there is a virus trojan preventing me from turning automatic updates on; it has disabled the  automatic services update tab.....in the window i have noted this (path to executable)
C:\WINDOWS\system32\svchost.exe -k netsvcs
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 32

Expert Comment

by:r-k
ID: 21785482
(1) Download Autoruns from: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

(2) Run the program. It lists a bunch of things that start when Windows starts.

(3) From the menu bar, select Options, and uncheck "Include Empty Locations" and "check" "Hide Microsoft Entries"
    Important -> Then click the Refresh button in the toolbar.

(4) This will give you a shorter, more meaningful list.

(5) Examine that list and disable anything suspicious by un-checking it. Then reboot and see if it helped.

(6) If not, or if not sure, you can use the File -> Save as.. option in Autoruns to save the list to a text file and then copy and paste it here.

0
 

Author Comment

by:DRAHannah
ID: 21788559
Ok here is the autoruns text file....Also windows one care is frequently finding this trojan when i use the internet
0
 

Author Comment

by:DRAHannah
ID: 21788563
the trojan is
AutoRunsDrahannah.txt
0
 

Author Comment

by:DRAHannah
ID: 21788571
win32/boaxxe.b
0
 
LVL 32

Expert Comment

by:r-k
ID: 21788868
OK, The following are the Autoruns entries that are causing your problems:

+ {047B6F67-A3D4-4245-BE45-F409B0B76F09}                  c:\windows\system32\bpevupov.dll
+ {752F6141-87AF-4A97-B34B-22475F519348}                  File not found: C:\WINDOWS\system32\iifddcYR.dll

+ C:\WINDOWS\system32\iifddcYR                  File not found: C:\WINDOWS\system32\iifddcYR

Run Autoruns again as before and un-check these three entries. Then exit Autoruns and restart your computer. Run Autoruns again as before and make sure these entries are still un-checked. If they are then hopefully the symptoms will be cleared up. Do post back in any case.
0
 

Author Comment

by:DRAHannah
ID: 21792537
Thanks very much. I have unchecked these and they have stayed unchecked. The trojan hasn't popped back up again YET tonight! Do we delete these unchecked files or do we leave them there??
drahannah-AutoRuns2.txt
0
 
LVL 32

Accepted Solution

by:
r-k earned 250 total points
ID: 21793468
Glad to hear that. If things stay OK I recommend deleting those files (some may be missing already). It's not essential.
0
 

Author Closing Comment

by:DRAHannah
ID: 31467127
Awsome thanks for the fix......
0
 
LVL 32

Expert Comment

by:r-k
ID: 21805250
Thanks and good luck :)
0
 

Author Comment

by:DRAHannah
ID: 21812605
Spoke too soon;it seems that i now have a jpeg virus?Trojan. Every Jpeg i have wont open; i get "windows cant access the specified file....you donr have the correct permisions"...etc I have attached another autoruns below. I noticed in the properties tab that the folder has the read only tab checked despite me unchecking and applying to the folder.  Is this the W32/Perrun-A virus?
AutoRuns180608.txt
0
 
LVL 32

Expert Comment

by:r-k
ID: 21815145
I notice the following bad entries in the new log:

+ {047B6F67-A3D4-4245-BE45-F409B0B76F09}                  c:\windows\system32\bpevupov.dll
+ {752F6141-87AF-4A97-B34B-22475F519348}                  File not found: C:\WINDOWS\system32\iifddcYR.dll

I thought these are ones you disabled before. Can you run Autoruns again, disable them, then reboot and make sure they really stay disabled? Thanks.
0
 

Author Comment

by:DRAHannah
ID: 21817065
these 2 enteries were unchecked......here is the next scan thanks.
190608AutoRuns.txt
0
 
LVL 32

Expert Comment

by:r-k
ID: 21819875
That pesky dll is still there. Locate c:\windows\system32\bpevupov.dll with Windows Explorer, then try the following:

(0) If running XP Home, boot in safe mode, if XP Pro, then start with step (1)

(1) Right click on the file in Windows Explorer or My Computer, select Properties

(2) Click on the Security tab.

(3) Click on the Advanced button.

(4) Uncheck the box labeled "Inherit from Parent...", then click "Remove"

(5) Close all windows.

(6) Reboot (into normal mode)

After reboot the file will be unable to run (because no one can access them any more). The symptoms should be gone.

0
 

Author Comment

by:DRAHannah
ID: 21820085
Hey i am running XP pro but there is no security tab; can i locate it and delete it; should i do it in safe mode?
0
 

Author Comment

by:DRAHannah
ID: 21820112
sorry about the list....my 4gb flash drive has this worm:win32/hamweq!inf infecting the autorun.inf
even though windows live care picks it up is it really gone when windows live care "removes" it?
0
 
LVL 32

Expert Comment

by:r-k
ID: 21826510
"..Hey i am running XP pro but there is no security tab; can i locate it and delete it; should i do it in safe mode? "

If you have XP Pro, then disable "Simple File Sharing" to get the Security tab back.

In Win Explorer (or My Computer), select Tools -> Folder Options.
Click on the View tab
Scroll down and un-check the "Use Simple File sharing.." checkbox.

After that you should be able to use my tip above on disabling the file by changing permissions.

Deleting the file will either not work because it is "in use", or it will come back even if you delete it.
0
 
LVL 32

Expert Comment

by:r-k
ID: 21826596
"..my 4gb flash drive has this worm:win32/hamweq!inf infecting the autorun.inf "

First, I would disable autoplay to prevent the USB drive infecting your computer in the future:

 http://www.howtogeek.com/howto/windows/disable-autoplay-of-audio-cds-and-usb-drives/
 http://www.etalkindia.com/computer_it_tutorials_articles/tiphow_to_disable_usb_cd_dvd_autoplay_autorun_in_windows_xp-t2046.0.html

Next, scan your USB drive with your AV software and see if the virus is detected and cleaned up.
Even if it is, reboot and repeat the scan to be sure it is not detected again.

You may wish to post the question about the USB infection as a new question. That way more people will get to see it and you may get a better answer.

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question