Data Recovery Window in Windows XP

Posted on 2011-09-16
Medium Priority
Last Modified: 2012-06-22
I have a Windows XP PC which started displaying the popup below

WIndows - Delayed Write Failed
Failed to save all the components for the file \system32\0000039c.  Thie file is corrupted or unreadable.  This error may be caused by a PC hardware problem.  

After several of these pop up  another window pops up labeled Data Recovery.  It looks like an official program but I have not seen it before.  If I look under the start menu there is an installed program called Data Recovery but this is the only computer I see it installed on.    

The application windows says it has found problems with the hard drive, and RAM.

There is no information or help option to find out more about the application.    On the bottom it says to click here to activate full-functional version.

Does anyone have any experience with this?  Is it a valid application?  or is it something I need to be worried about?
Question by:qvfps
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
LVL 66

Expert Comment

ID: 36551845
Sounds like a variation of many rogues....


Check the startups for this, and once you find it, you might be able to delete it. If not, see if you can disable it, and reboot....

After reboot (or if that doesn't help, I would go straight to MBAM, and run a good scan once it is updated....


LVL 66

Expert Comment

ID: 36551854

Perform a clean startup to determine whether background programs are interfering with your game or program


Author Comment

ID: 36551981
Thanks for the suggestions.   The error is appearing shortly after startup.  Unlike some of the other fake applications I could still access items from the start menu but i could not get rid of the popup.     I was able to boot into safe mode without seeing the error which made me suspicious.

 I am currently running a full disk scan to check for bad sectors.   I will look into removing the application once it has finished.  
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

LVL 66

Expert Comment

ID: 36552438
K, I am sure the disk is fine. Take a look in the Event Viewer, System log, and sort by the source column. Look for.....


Those would be REAL disk errors.
LVL 38

Expert Comment

ID: 36553375
Right-Click on your Start Menu shortcut to "Data Recovery" and choose "Properties".  Copy the full path that displays in the "Start In" field and paste it here, and include any other details as they appear in the other fileds unless they just say "none" and "normal window".  Click "Cancel" to close the Properties dialog.

Open Windows Explorer and navigate to the folder given in the "Start In" field of the properties dialog above.  Locate the program file it showed and Right-Click on it.  Choose "Properties".  For each of the items under the "Version" tab of the Properties dialog, take a note of what they say and post them here.  Click "Cancel" to close the Properties dialog.

Open a Command ("DOS") Window.  Start Menu > Run > and type   CMD   click OK or press Enter.  Type in the following command, replacing the "C:\Path_To\Prog_Folder" part with the path shown in the first Properties dialog you looked at, ie. the one for the Start menu shortcut.

dir /a /on /b /s "C:\Path_To\Prog_Folder" > C:\Suspicious.txt

When it stops, close the Command window, locate the file "C:\Suspicious.txt", and attach it here.  DON'T copy and paste the contents of the file here, just click the "File" link below your comment here and then browse to the text file.

Now look in your "Control Panel > Add/Remove Programs" and see if there is a listing that looks like the program named in the 2nd properties dialog you looked at, ie. the one for the program EXE file.  If so, take an accurate note of what the display name is in that list.  DON'T uninstall it at the moment as it could be a legitimate application installed by the vendor of your computer and may yield some diagnostics IF your hard drive is showing genuine problems.  Just tell us the display name in Add/Remove Programs.

A good way to provide a report about listings in your Add/Remove Programs is using Nir Sofer's free and standalone "MyUninstaller" program:

Just unzip the contents of "myuninst.zip" to any folder.
Save the following batch file to the same folder where you unzipped the files and double-click on it.  Follow the instructions that display and attach the report with details ONLY of the program entry in question.

From these intitial reports we should be able to make a reasonable assessment as to whether this program is a genuine one or a rogue and provide further instructions for its removal (if required), and about your hard drive IF the program has detected genuine issues and is prompting you legitimately for some kind of action.
LVL 63

Accepted Solution

☠ MASQ ☠ earned 2000 total points
ID: 36554216
Data Recovery is malware, it tries to "extort" payment to fix a non existent problem on your PC.

Quickest fix is to fool it into thinking you've already paid, then using malwarebytes antimalware to remove the debris.

Chances are there's nothing at all wrong with your computer other than your ability to pick up malware installers.

Removal instructions here

Author Comment

ID: 36554317
Masqueraid, this is exactly what I see when i start the computer normally.  I will follow the removal instructions and post the results back here.   THanks for the link.
LVL 38

Expert Comment

ID: 36554604
That's good that Masqueraid knew of this one so that you could get cracking on its removal without trying to find out if it was legit of rogue first.

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question