Solved

Data Recovery Window in Windows XP

Posted on 2011-09-16
8
514 Views
Last Modified: 2012-06-22
I have a Windows XP PC which started displaying the popup below

WIndows - Delayed Write Failed
Failed to save all the components for the file \system32\0000039c.  Thie file is corrupted or unreadable.  This error may be caused by a PC hardware problem.  

After several of these pop up  another window pops up labeled Data Recovery.  It looks like an official program but I have not seen it before.  If I look under the start menu there is an installed program called Data Recovery but this is the only computer I see it installed on.    

The application windows says it has found problems with the hard drive, and RAM.

There is no information or help option to find out more about the application.    On the bottom it says to click here to activate full-functional version.

Does anyone have any experience with this?  Is it a valid application?  or is it something I need to be worried about?
0
Comment
Question by:qvfps
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 36551845
Sounds like a variation of many rogues....

Autoruns
http://live.sysinternals.com/autoruns.exe

Check the startups for this, and once you find it, you might be able to delete it. If not, see if you can disable it, and reboot....

After reboot (or if that doesn't help, I would go straight to MBAM, and run a good scan once it is updated....

Malwarebytes
http://www.malwarebytes.org

0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36551854
Alternatively.....

Perform a clean startup to determine whether background programs are interfering with your game or program
http://support.microsoft.com/kb/331796

0
 

Author Comment

by:qvfps
ID: 36551981
Thanks for the suggestions.   The error is appearing shortly after startup.  Unlike some of the other fake applications I could still access items from the start menu but i could not get rid of the popup.     I was able to boot into safe mode without seeing the error which made me suspicious.

 I am currently running a full disk scan to check for bad sectors.   I will look into removing the application once it has finished.  
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 66

Expert Comment

by:johnb6767
ID: 36552438
K, I am sure the disk is fine. Take a look in the Event Viewer, System log, and sort by the source column. Look for.....

Disk,NTFS,atapi,ftdisk

Those would be REAL disk errors.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 36553375
Right-Click on your Start Menu shortcut to "Data Recovery" and choose "Properties".  Copy the full path that displays in the "Start In" field and paste it here, and include any other details as they appear in the other fileds unless they just say "none" and "normal window".  Click "Cancel" to close the Properties dialog.

Open Windows Explorer and navigate to the folder given in the "Start In" field of the properties dialog above.  Locate the program file it showed and Right-Click on it.  Choose "Properties".  For each of the items under the "Version" tab of the Properties dialog, take a note of what they say and post them here.  Click "Cancel" to close the Properties dialog.

Open a Command ("DOS") Window.  Start Menu > Run > and type   CMD   click OK or press Enter.  Type in the following command, replacing the "C:\Path_To\Prog_Folder" part with the path shown in the first Properties dialog you looked at, ie. the one for the Start menu shortcut.

dir /a /on /b /s "C:\Path_To\Prog_Folder" > C:\Suspicious.txt

When it stops, close the Command window, locate the file "C:\Suspicious.txt", and attach it here.  DON'T copy and paste the contents of the file here, just click the "File" link below your comment here and then browse to the text file.

Now look in your "Control Panel > Add/Remove Programs" and see if there is a listing that looks like the program named in the 2nd properties dialog you looked at, ie. the one for the program EXE file.  If so, take an accurate note of what the display name is in that list.  DON'T uninstall it at the moment as it could be a legitimate application installed by the vendor of your computer and may yield some diagnostics IF your hard drive is showing genuine problems.  Just tell us the display name in Add/Remove Programs.

A good way to provide a report about listings in your Add/Remove Programs is using Nir Sofer's free and standalone "MyUninstaller" program:
http://www.nirsoft.net/utils/myuninst.html
http://www.nirsoft.net/utils/myuninst.zip

Just unzip the contents of "myuninst.zip" to any folder.
Save the following batch file to the same folder where you unzipped the files and double-click on it.  Follow the instructions that display and attach the report with details ONLY of the program entry in question.
 Make-Report.cmd

From these intitial reports we should be able to make a reasonable assessment as to whether this program is a genuine one or a rogue and provide further instructions for its removal (if required), and about your hard drive IF the program has detected genuine issues and is prompting you legitimately for some kind of action.
0
 
LVL 62

Accepted Solution

by:
☠ MASQ ☠ earned 500 total points
ID: 36554216
Data Recovery is malware, it tries to "extort" payment to fix a non existent problem on your PC.

Quickest fix is to fool it into thinking you've already paid, then using malwarebytes antimalware to remove the debris.

Chances are there's nothing at all wrong with your computer other than your ability to pick up malware installers.

Removal instructions here
http://deletemalware.blogspot.com/2011/09/how-to-remove-data-recovery-uninstall.html
0
 

Author Comment

by:qvfps
ID: 36554317
Masqueraid, this is exactly what I see when i start the computer normally.  I will follow the removal instructions and post the results back here.   THanks for the link.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 36554604
That's good that Masqueraid knew of this one so that you could get cracking on its removal without trying to find out if it was legit of rogue first.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
The 21st century solution to antiquated pagers.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question