MPNotify.exe Application Error after virus fixes

I was given a laptop with a number of viruses on it. I ran avast on it to start the removal process and it found a load and deleted the files. It also ran a boot time virus check. One of the files was mpnotify.exe which had a virus. It couldn't repair the file so it deleted it.

Now when I try to login to the machine, it comes up with the error "Mpnotify.exe Application Error" and then gives a memory referenced error message below. Once you click ok, it immediately closes the machine down. The only way I can get into the machine is to boot into safe mode with no networking and login to the computer not the domain.

Can anyone help with this please?
LVL 12
GuitarRichAsked:
Who is Participating?
 
warturtleConnect With a Mentor Commented:
Get a blank CD and download Dr Web Cure It Live CD file from: http://www.freedrweb.com/livecd/ . The same webpage contains instructions on how to use it. Download the ISO file and burn it as an image on a CD, then boot the PC using this CD and run the virus scan, it could take sometime, but do let us know what you get.

If Dr Web Scanner finds any viruses, then the best option is to select all and then click on Cure. Anything that can be cured will be, or else will be deleted.

It might also be helpful to burn another CD containing Knoppix Live, its basically a linux installation and will allow you to copy all office documents from this PC to a USB drive for backup purposes. It can be downloaded from www.knoppix.net and has to be burnt as an image as well. Do a backup and re-install XP (although its the last option, but is surely an option).
0
 
JonveeCommented:
Found a similar problem here, see if this helps>

mpnotify.exe - Application Error:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_23141181.html
0
 
JonveeCommented:
Which suggested this>
mpnotify.exe > Multiple Provider Notification application

Has more to do with windows login on a network, rather than windows updates.

http://support.microsoft.com/kb/885423
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_23136305.html
http://km-dev.blogspot.com/2007/05/xpe-tip-37-mpnotifyexe-is-not-held-by.html
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

 
JonveeCommented:
Also i recommend downloading, then updating Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php
When updated, reboot into Safe Mode by selecting F8 at bootup & run a scan.
Tutorial available, if you require >
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t169669.html

Then to be really sure, try the Kaspersky free online virus scanner which is a good way to find out if you have any viruses or spyware without having to uninstall your existing antivirus software>
http://www.kaspersky.co.uk/virusscanner

This scanner is also very good>
 Trend Micro's free online virus scanner:            
http://housecall.trendmicro.com/uk/
Ideal for scanning online, using "Safe Mode with networking".
0
 
GuitarRichAuthor Commented:
yeah - I've looked at that and its not much help unfortunately. I used the XP recovery console to copy mpnotify.exe from the XP disc back over the top and that has changed the message. Now I'm getting an svchost.exe error. But it still logs the user off straight away after logging in. I can't even get into safe mode anymore :(
0
 
JonveeCommented:
Maybe the laptop is still quite infected so an alternative could be to remove the infected HD, connect it as 'slave' in another machine, then run Malware & virus scanners from the new machine.
0
 
JonveeConnect With a Mentor Commented:
Have to ask this .. can you start your computer in Safe mode *with a Command prompt* ?
If yes, type the following command >
%systemroot%\system32\restore\rstrui.exe

Details> http://support.microsoft.com/?kbid=304449

Failing that, if you can access that second machine try running Combofix on the problematic HD.  Download ComboFix and save to Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before using ComboFix it may be necessary to rename it before saving it to your desktop.  
Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log together with a HijackThis log, in a reply for us.
Please do not mouseclick Combofix's window while it is running, because it may stall.  It is absolutely normal for you to see a blue screen with flashing cursor, and this can last for up to 30 mins.  Just let it run.
Try initially to run Combofix in normal mode, although it works well in normal mode or safe mode.
Have to logoff for a few hours , will drop by later ...
0
 
GuitarRichAuthor Commented:
Ran Dr Curit and it seems the PC is infect with the Virut.56 virus - everywhere I look says to format and re-install windows :( oh well. Thank you for your help in getting this far!
0
 
warturtleCommented:
Yes, Virut is going to be difficult to remove. Infected files generally have to be replaced and there could be thousands of them in Windows alone. The only things that you can possibly save are your word, excel and powerpoint documents and that can be done by creating the Knoppix CD as advised in the previous post and taking a backup on USB drive.  

Virut will infect exe files, so don't copy any of those.
0
 
GuitarRichAuthor Commented:
Thanks for the help guys
0
 
warturtleCommented:
Glad to be of assistance :) and thanks for the feedback.
0
 
JonveeCommented:
You're welcome.   Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.