Solved

MPNotify.exe Application Error after virus fixes

Posted on 2009-05-05
12
1,997 Views
Last Modified: 2012-05-06
I was given a laptop with a number of viruses on it. I ran avast on it to start the removal process and it found a load and deleted the files. It also ran a boot time virus check. One of the files was mpnotify.exe which had a virus. It couldn't repair the file so it deleted it.

Now when I try to login to the machine, it comes up with the error "Mpnotify.exe Application Error" and then gives a memory referenced error message below. Once you click ok, it immediately closes the machine down. The only way I can get into the machine is to boot into safe mode with no networking and login to the computer not the domain.

Can anyone help with this please?
0
Comment
Question by:GuitarRich
  • 6
  • 3
  • 3
12 Comments
 
LVL 27

Expert Comment

by:Jonvee
ID: 24303813
Found a similar problem here, see if this helps>

mpnotify.exe - Application Error:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_23141181.html
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24303824
Which suggested this>
mpnotify.exe > Multiple Provider Notification application

Has more to do with windows login on a network, rather than windows updates.

http://support.microsoft.com/kb/885423
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_23136305.html
http://km-dev.blogspot.com/2007/05/xpe-tip-37-mpnotifyexe-is-not-held-by.html
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24303857
Also i recommend downloading, then updating Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php
When updated, reboot into Safe Mode by selecting F8 at bootup & run a scan.
Tutorial available, if you require >
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t169669.html

Then to be really sure, try the Kaspersky free online virus scanner which is a good way to find out if you have any viruses or spyware without having to uninstall your existing antivirus software>
http://www.kaspersky.co.uk/virusscanner

This scanner is also very good>
 Trend Micro's free online virus scanner:            
http://housecall.trendmicro.com/uk/
Ideal for scanning online, using "Safe Mode with networking".
0
 
LVL 12

Author Comment

by:GuitarRich
ID: 24303859
yeah - I've looked at that and its not much help unfortunately. I used the XP recovery console to copy mpnotify.exe from the XP disc back over the top and that has changed the message. Now I'm getting an svchost.exe error. But it still logs the user off straight away after logging in. I can't even get into safe mode anymore :(
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24303895
Maybe the laptop is still quite infected so an alternative could be to remove the infected HD, connect it as 'slave' in another machine, then run Malware & virus scanners from the new machine.
0
 
LVL 16

Accepted Solution

by:
warturtle earned 400 total points
ID: 24303928
Get a blank CD and download Dr Web Cure It Live CD file from: http://www.freedrweb.com/livecd/ . The same webpage contains instructions on how to use it. Download the ISO file and burn it as an image on a CD, then boot the PC using this CD and run the virus scan, it could take sometime, but do let us know what you get.

If Dr Web Scanner finds any viruses, then the best option is to select all and then click on Cure. Anything that can be cured will be, or else will be deleted.

It might also be helpful to burn another CD containing Knoppix Live, its basically a linux installation and will allow you to copy all office documents from this PC to a USB drive for backup purposes. It can be downloaded from www.knoppix.net and has to be burnt as an image as well. Do a backup and re-install XP (although its the last option, but is surely an option).
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 27

Assisted Solution

by:Jonvee
Jonvee earned 100 total points
ID: 24304034
Have to ask this .. can you start your computer in Safe mode *with a Command prompt* ?
If yes, type the following command >
%systemroot%\system32\restore\rstrui.exe

Details> http://support.microsoft.com/?kbid=304449

Failing that, if you can access that second machine try running Combofix on the problematic HD.  Download ComboFix and save to Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before using ComboFix it may be necessary to rename it before saving it to your desktop.  
Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log together with a HijackThis log, in a reply for us.
Please do not mouseclick Combofix's window while it is running, because it may stall.  It is absolutely normal for you to see a blue screen with flashing cursor, and this can last for up to 30 mins.  Just let it run.
Try initially to run Combofix in normal mode, although it works well in normal mode or safe mode.
Have to logoff for a few hours , will drop by later ...
0
 
LVL 12

Author Comment

by:GuitarRich
ID: 24312765
Ran Dr Curit and it seems the PC is infect with the Virut.56 virus - everywhere I look says to format and re-install windows :( oh well. Thank you for your help in getting this far!
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24312805
Yes, Virut is going to be difficult to remove. Infected files generally have to be replaced and there could be thousands of them in Windows alone. The only things that you can possibly save are your word, excel and powerpoint documents and that can be done by creating the Knoppix CD as advised in the previous post and taking a backup on USB drive.  

Virut will infect exe files, so don't copy any of those.
0
 
LVL 12

Author Closing Comment

by:GuitarRich
ID: 31577966
Thanks for the help guys
0
 
LVL 16

Expert Comment

by:warturtle
ID: 24312954
Glad to be of assistance :) and thanks for the feedback.
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 24314424
You're welcome.   Thanks.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Opening .xlsx files in Windows 7 21 194
Where are the paths %systemroot% stored. 5 148
external hard drive and Raidon 3630 5 120
Windows XP image 11 112
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now