Solved

Data Recovery Window in Windows XP

Posted on 2011-09-16
8
504 Views
Last Modified: 2012-06-22
I have a Windows XP PC which started displaying the popup below

WIndows - Delayed Write Failed
Failed to save all the components for the file \system32\0000039c.  Thie file is corrupted or unreadable.  This error may be caused by a PC hardware problem.  

After several of these pop up  another window pops up labeled Data Recovery.  It looks like an official program but I have not seen it before.  If I look under the start menu there is an installed program called Data Recovery but this is the only computer I see it installed on.    

The application windows says it has found problems with the hard drive, and RAM.

There is no information or help option to find out more about the application.    On the bottom it says to click here to activate full-functional version.

Does anyone have any experience with this?  Is it a valid application?  or is it something I need to be worried about?
0
Comment
Question by:qvfps
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 36551845
Sounds like a variation of many rogues....

Autoruns
http://live.sysinternals.com/autoruns.exe

Check the startups for this, and once you find it, you might be able to delete it. If not, see if you can disable it, and reboot....

After reboot (or if that doesn't help, I would go straight to MBAM, and run a good scan once it is updated....

Malwarebytes
http://www.malwarebytes.org

0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36551854
Alternatively.....

Perform a clean startup to determine whether background programs are interfering with your game or program
http://support.microsoft.com/kb/331796

0
 

Author Comment

by:qvfps
ID: 36551981
Thanks for the suggestions.   The error is appearing shortly after startup.  Unlike some of the other fake applications I could still access items from the start menu but i could not get rid of the popup.     I was able to boot into safe mode without seeing the error which made me suspicious.

 I am currently running a full disk scan to check for bad sectors.   I will look into removing the application once it has finished.  
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36552438
K, I am sure the disk is fine. Take a look in the Event Viewer, System log, and sort by the source column. Look for.....

Disk,NTFS,atapi,ftdisk

Those would be REAL disk errors.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 38

Expert Comment

by:BillDL
ID: 36553375
Right-Click on your Start Menu shortcut to "Data Recovery" and choose "Properties".  Copy the full path that displays in the "Start In" field and paste it here, and include any other details as they appear in the other fileds unless they just say "none" and "normal window".  Click "Cancel" to close the Properties dialog.

Open Windows Explorer and navigate to the folder given in the "Start In" field of the properties dialog above.  Locate the program file it showed and Right-Click on it.  Choose "Properties".  For each of the items under the "Version" tab of the Properties dialog, take a note of what they say and post them here.  Click "Cancel" to close the Properties dialog.

Open a Command ("DOS") Window.  Start Menu > Run > and type   CMD   click OK or press Enter.  Type in the following command, replacing the "C:\Path_To\Prog_Folder" part with the path shown in the first Properties dialog you looked at, ie. the one for the Start menu shortcut.

dir /a /on /b /s "C:\Path_To\Prog_Folder" > C:\Suspicious.txt

When it stops, close the Command window, locate the file "C:\Suspicious.txt", and attach it here.  DON'T copy and paste the contents of the file here, just click the "File" link below your comment here and then browse to the text file.

Now look in your "Control Panel > Add/Remove Programs" and see if there is a listing that looks like the program named in the 2nd properties dialog you looked at, ie. the one for the program EXE file.  If so, take an accurate note of what the display name is in that list.  DON'T uninstall it at the moment as it could be a legitimate application installed by the vendor of your computer and may yield some diagnostics IF your hard drive is showing genuine problems.  Just tell us the display name in Add/Remove Programs.

A good way to provide a report about listings in your Add/Remove Programs is using Nir Sofer's free and standalone "MyUninstaller" program:
http://www.nirsoft.net/utils/myuninst.html
http://www.nirsoft.net/utils/myuninst.zip

Just unzip the contents of "myuninst.zip" to any folder.
Save the following batch file to the same folder where you unzipped the files and double-click on it.  Follow the instructions that display and attach the report with details ONLY of the program entry in question.
 Make-Report.cmd

From these intitial reports we should be able to make a reasonable assessment as to whether this program is a genuine one or a rogue and provide further instructions for its removal (if required), and about your hard drive IF the program has detected genuine issues and is prompting you legitimately for some kind of action.
0
 
LVL 62

Accepted Solution

by:
☠ MASQ ☠ earned 500 total points
ID: 36554216
Data Recovery is malware, it tries to "extort" payment to fix a non existent problem on your PC.

Quickest fix is to fool it into thinking you've already paid, then using malwarebytes antimalware to remove the debris.

Chances are there's nothing at all wrong with your computer other than your ability to pick up malware installers.

Removal instructions here
http://deletemalware.blogspot.com/2011/09/how-to-remove-data-recovery-uninstall.html
0
 

Author Comment

by:qvfps
ID: 36554317
Masqueraid, this is exactly what I see when i start the computer normally.  I will follow the removal instructions and post the results back here.   THanks for the link.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 36554604
That's good that Masqueraid knew of this one so that you could get cracking on its removal without trying to find out if it was legit of rogue first.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Gmail Account risks 4 73
SSL RA VPN 7 102
cloning computer 13 61
security string in a noisy bar 5 71
How important is it to take extra precautions to protect your online business? These are some steps you can take to make sure you're free of any cyber crime.
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now