Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 550
  • Last Modified:

Data Recovery Window in Windows XP

I have a Windows XP PC which started displaying the popup below

WIndows - Delayed Write Failed
Failed to save all the components for the file \system32\0000039c.  Thie file is corrupted or unreadable.  This error may be caused by a PC hardware problem.  

After several of these pop up  another window pops up labeled Data Recovery.  It looks like an official program but I have not seen it before.  If I look under the start menu there is an installed program called Data Recovery but this is the only computer I see it installed on.    

The application windows says it has found problems with the hard drive, and RAM.

There is no information or help option to find out more about the application.    On the bottom it says to click here to activate full-functional version.

Does anyone have any experience with this?  Is it a valid application?  or is it something I need to be worried about?
0
qvfps
Asked:
qvfps
  • 3
  • 2
  • 2
  • +1
1 Solution
 
johnb6767Commented:
Sounds like a variation of many rogues....

Autoruns
http://live.sysinternals.com/autoruns.exe

Check the startups for this, and once you find it, you might be able to delete it. If not, see if you can disable it, and reboot....

After reboot (or if that doesn't help, I would go straight to MBAM, and run a good scan once it is updated....

Malwarebytes
http://www.malwarebytes.org

0
 
johnb6767Commented:
Alternatively.....

Perform a clean startup to determine whether background programs are interfering with your game or program
http://support.microsoft.com/kb/331796

0
 
qvfpsAuthor Commented:
Thanks for the suggestions.   The error is appearing shortly after startup.  Unlike some of the other fake applications I could still access items from the start menu but i could not get rid of the popup.     I was able to boot into safe mode without seeing the error which made me suspicious.

 I am currently running a full disk scan to check for bad sectors.   I will look into removing the application once it has finished.  
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
johnb6767Commented:
K, I am sure the disk is fine. Take a look in the Event Viewer, System log, and sort by the source column. Look for.....

Disk,NTFS,atapi,ftdisk

Those would be REAL disk errors.
0
 
BillDLCommented:
Right-Click on your Start Menu shortcut to "Data Recovery" and choose "Properties".  Copy the full path that displays in the "Start In" field and paste it here, and include any other details as they appear in the other fileds unless they just say "none" and "normal window".  Click "Cancel" to close the Properties dialog.

Open Windows Explorer and navigate to the folder given in the "Start In" field of the properties dialog above.  Locate the program file it showed and Right-Click on it.  Choose "Properties".  For each of the items under the "Version" tab of the Properties dialog, take a note of what they say and post them here.  Click "Cancel" to close the Properties dialog.

Open a Command ("DOS") Window.  Start Menu > Run > and type   CMD   click OK or press Enter.  Type in the following command, replacing the "C:\Path_To\Prog_Folder" part with the path shown in the first Properties dialog you looked at, ie. the one for the Start menu shortcut.

dir /a /on /b /s "C:\Path_To\Prog_Folder" > C:\Suspicious.txt

When it stops, close the Command window, locate the file "C:\Suspicious.txt", and attach it here.  DON'T copy and paste the contents of the file here, just click the "File" link below your comment here and then browse to the text file.

Now look in your "Control Panel > Add/Remove Programs" and see if there is a listing that looks like the program named in the 2nd properties dialog you looked at, ie. the one for the program EXE file.  If so, take an accurate note of what the display name is in that list.  DON'T uninstall it at the moment as it could be a legitimate application installed by the vendor of your computer and may yield some diagnostics IF your hard drive is showing genuine problems.  Just tell us the display name in Add/Remove Programs.

A good way to provide a report about listings in your Add/Remove Programs is using Nir Sofer's free and standalone "MyUninstaller" program:
http://www.nirsoft.net/utils/myuninst.html
http://www.nirsoft.net/utils/myuninst.zip

Just unzip the contents of "myuninst.zip" to any folder.
Save the following batch file to the same folder where you unzipped the files and double-click on it.  Follow the instructions that display and attach the report with details ONLY of the program entry in question.
 Make-Report.cmd

From these intitial reports we should be able to make a reasonable assessment as to whether this program is a genuine one or a rogue and provide further instructions for its removal (if required), and about your hard drive IF the program has detected genuine issues and is prompting you legitimately for some kind of action.
0
 
☠ MASQ ☠Commented:
Data Recovery is malware, it tries to "extort" payment to fix a non existent problem on your PC.

Quickest fix is to fool it into thinking you've already paid, then using malwarebytes antimalware to remove the debris.

Chances are there's nothing at all wrong with your computer other than your ability to pick up malware installers.

Removal instructions here
http://deletemalware.blogspot.com/2011/09/how-to-remove-data-recovery-uninstall.html
0
 
qvfpsAuthor Commented:
Masqueraid, this is exactly what I see when i start the computer normally.  I will follow the removal instructions and post the results back here.   THanks for the link.
0
 
BillDLCommented:
That's good that Masqueraid knew of this one so that you could get cracking on its removal without trying to find out if it was legit of rogue first.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now