Solved

Data Recovery Window in Windows XP

Posted on 2011-09-16
8
529 Views
Last Modified: 2012-06-22
I have a Windows XP PC which started displaying the popup below

WIndows - Delayed Write Failed
Failed to save all the components for the file \system32\0000039c.  Thie file is corrupted or unreadable.  This error may be caused by a PC hardware problem.  

After several of these pop up  another window pops up labeled Data Recovery.  It looks like an official program but I have not seen it before.  If I look under the start menu there is an installed program called Data Recovery but this is the only computer I see it installed on.    

The application windows says it has found problems with the hard drive, and RAM.

There is no information or help option to find out more about the application.    On the bottom it says to click here to activate full-functional version.

Does anyone have any experience with this?  Is it a valid application?  or is it something I need to be worried about?
0
Comment
Question by:qvfps
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 36551845
Sounds like a variation of many rogues....

Autoruns
http://live.sysinternals.com/autoruns.exe

Check the startups for this, and once you find it, you might be able to delete it. If not, see if you can disable it, and reboot....

After reboot (or if that doesn't help, I would go straight to MBAM, and run a good scan once it is updated....

Malwarebytes
http://www.malwarebytes.org

0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36551854
Alternatively.....

Perform a clean startup to determine whether background programs are interfering with your game or program
http://support.microsoft.com/kb/331796

0
 

Author Comment

by:qvfps
ID: 36551981
Thanks for the suggestions.   The error is appearing shortly after startup.  Unlike some of the other fake applications I could still access items from the start menu but i could not get rid of the popup.     I was able to boot into safe mode without seeing the error which made me suspicious.

 I am currently running a full disk scan to check for bad sectors.   I will look into removing the application once it has finished.  
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 66

Expert Comment

by:johnb6767
ID: 36552438
K, I am sure the disk is fine. Take a look in the Event Viewer, System log, and sort by the source column. Look for.....

Disk,NTFS,atapi,ftdisk

Those would be REAL disk errors.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 36553375
Right-Click on your Start Menu shortcut to "Data Recovery" and choose "Properties".  Copy the full path that displays in the "Start In" field and paste it here, and include any other details as they appear in the other fileds unless they just say "none" and "normal window".  Click "Cancel" to close the Properties dialog.

Open Windows Explorer and navigate to the folder given in the "Start In" field of the properties dialog above.  Locate the program file it showed and Right-Click on it.  Choose "Properties".  For each of the items under the "Version" tab of the Properties dialog, take a note of what they say and post them here.  Click "Cancel" to close the Properties dialog.

Open a Command ("DOS") Window.  Start Menu > Run > and type   CMD   click OK or press Enter.  Type in the following command, replacing the "C:\Path_To\Prog_Folder" part with the path shown in the first Properties dialog you looked at, ie. the one for the Start menu shortcut.

dir /a /on /b /s "C:\Path_To\Prog_Folder" > C:\Suspicious.txt

When it stops, close the Command window, locate the file "C:\Suspicious.txt", and attach it here.  DON'T copy and paste the contents of the file here, just click the "File" link below your comment here and then browse to the text file.

Now look in your "Control Panel > Add/Remove Programs" and see if there is a listing that looks like the program named in the 2nd properties dialog you looked at, ie. the one for the program EXE file.  If so, take an accurate note of what the display name is in that list.  DON'T uninstall it at the moment as it could be a legitimate application installed by the vendor of your computer and may yield some diagnostics IF your hard drive is showing genuine problems.  Just tell us the display name in Add/Remove Programs.

A good way to provide a report about listings in your Add/Remove Programs is using Nir Sofer's free and standalone "MyUninstaller" program:
http://www.nirsoft.net/utils/myuninst.html
http://www.nirsoft.net/utils/myuninst.zip

Just unzip the contents of "myuninst.zip" to any folder.
Save the following batch file to the same folder where you unzipped the files and double-click on it.  Follow the instructions that display and attach the report with details ONLY of the program entry in question.
 Make-Report.cmd

From these intitial reports we should be able to make a reasonable assessment as to whether this program is a genuine one or a rogue and provide further instructions for its removal (if required), and about your hard drive IF the program has detected genuine issues and is prompting you legitimately for some kind of action.
0
 
LVL 62

Accepted Solution

by:
☠ MASQ ☠ earned 500 total points
ID: 36554216
Data Recovery is malware, it tries to "extort" payment to fix a non existent problem on your PC.

Quickest fix is to fool it into thinking you've already paid, then using malwarebytes antimalware to remove the debris.

Chances are there's nothing at all wrong with your computer other than your ability to pick up malware installers.

Removal instructions here
http://deletemalware.blogspot.com/2011/09/how-to-remove-data-recovery-uninstall.html
0
 

Author Comment

by:qvfps
ID: 36554317
Masqueraid, this is exactly what I see when i start the computer normally.  I will follow the removal instructions and post the results back here.   THanks for the link.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 36554604
That's good that Masqueraid knew of this one so that you could get cracking on its removal without trying to find out if it was legit of rogue first.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question