Omgili, forum search, forums search, search forums, discussion search,discussions search, search discussions, board search, boards search, search boards

	Advanced Search

Re: jumping in to old thread... Re: Reset "Windows failed to start..."

On  Thu, 09 Apr 2009 09:21:33 -0300,  John John - MVP <...@nbnet.nb.ca

The security subsystem on your box is completely compromised, there are 

6 critical Windows services and you have 3 of them that are borked!  You 

might get to fix this with a repair install but in my opinion you should 

flatten the box and rebuild it from scratch, you won't be able to fix 

the Security Subsystem when it is compromised.

If you are constantly being infected then you should take a close look 

at your Anti-Virus and Anti-Spyware solutions, they aren't doing their 

job very well!  Or give a second thought to your surfing habits and 

email practices, if you play with things like Limewire and if you open 

your file and printer services to every Tom, Dick and Harry out there 

you will be forever plagued with malware pests!

Flatten the box, format your hard drive and reinstall Windows cleanly. 

Make sure that you disconnect the computer from the internet when you do 

the reinstallation, pull the cable from the box before you begin, only 

reconnect the cable once Windows is properly installed and secured. 

Make sure that you have *at* *least* SP2 installed on the machine and 

make sure that the firewall is started before you even plug the internet 

cable to the computer!  If need be download the Service Pack and burn it 

to CD and install it before you plug to the internet.

John


	On Thu, 09 Apr 2009 14:29:04 -0700, sean bean <...@wizard.net i am behind a netgear router... my laptops' Win MCE had been updated to XP service pack three... before it travelled thru an airport and worked in a hotel wifi three weeks ago... for us, its a basic e'mail and surf the web computer... my main computer in the home network shows no infection... i don't play with limewire or download music... Avira-Anti Vir helped us get rid of the Antivirus 2009 malware last fall when Spybot, MalwareBytes and AVG thought it was part of the security suite... so all of those are now gone... but Avira obviously isn't working either... Does Service Pack three introduce more copies of csrss.exe into the system? or put it in the task manager? its my understanding its not supposed to appear there... nor winlogon.exe... ? at this point i'm considering replacing the hard drive... but don't know if i should even attempt to retrieve files off the old one... i'd thought about putting compromised one in an enclosure and using my copy of "recover my files" on it... but don't want to retrieve the malware which keeps reappearing somehow... thanks for letting me sound off... Sean -- Few skills are so well rewarded as lawyers' ability to convince parasites that they are victims ~ Thomas Sowell * TagZilla 0.066-bw2 * http://tagzilla.mozdev.org


	On Thu, 09 Apr 2009 19:19:17 -0300, John John - MVP <...@nbnet.nb.ca It should have be fine behind the Netgear router, perhaps you caught something when you traveled with it. Of course being behind a firewall means that uninvited guest can't come in but it doesn't mean that you can't download pests or get them in your email, the router doesn't stop user initiated actions. You seem to be a cautious user so it might just be bad luck that got you infected. More copies? Meaning that you have (or had) more than one of these showing in the Task Manager? If you have multiple instances of these services running then you almost certainly have malware at play on your machine. There are six critical NT system services, Windows XP needs these services to start and run porperly. Trying to kill these critical services will end the Windows session: - Csrss.exe (Client/Server Runtime Server Subsystem) - Lsass.exe (Local Security Authority Subsystem Service) - Smss.exe (Session Manager Subsystem) - Winlogon.exe (Windows logon process) - services.exe (Windows Service Controller) - RpcSs (Remote Procedure Call Server Service)* * Runs inside one of the SVChost.exe. RpcSs is not critical in its own right but hardly anything runs without it. These are the 6 critical NT processes, without these 6 items things don't work too well! Along with that the Task Manager would show: - System (the kernel or kernel-mode threads) - System Idle Process (Not a process or service but a single thread that runs on each processor, its sole task is to account for processor idle time or time spent doing nothing.) There you have it, the minimum 8 items that will or should always show in the Task Manager, add the Task Manager itself to the list and it will give you 9 processes. If you think that the drive is faulty then go to the manufacturers web site and download the diagnostic utility for the drive and run it. These utilities run in DOS, you download the utility and make a DOS boot CD (or floppy) and use it to boot the computer and test the drive. If the diagnostic utility tells you that the drive is OK then there is probably no need to replace the drive, you will be spending money for nothing. The disk diagnostic utility will probably have a zero write function, this will wipe your drive clean of any virus which may be on the drive, after you zero write it I assure you there will be nothing left on the drive! You should be able to put the drive in a USB enclosure and retrieve your personal files before you wipe it clean. You're welcome. John


	On Fri, 10 Apr 2009 11:04:04 -0700, sean bean <...@wizard.net not more than one copy in task manager... but more than one copy on machine in system32 subfolder... and elsewhere which some webpages told me was suspicious... after googling, i also read several places that these 4 services should not appear in task manager at all... obviously not reputable... don't recollect which place now... as in http://www.auditmypc.com/process/csrss.asp http://www.neuber.com/taskmanager/process/csrss.exe.html while this one led me to rename all copies found elsewhere... http://www.computerhope.com/issues/ch000916.htm once all other copies were renamed... i rebooted... and have had the STOP: error ever since


	On Fri, 10 Apr 2009 15:00:48 -0700, sean bean <...@wizard.net i managed to get ubuntu to boot so that i can attempt to retrieve files... would i be able to repair csrss.exe? sean -- Border Control Not Gun Control * TagZilla 0.066-bw2 * http://tagzilla.mozdev.org


	On Fri, 10 Apr 2009 19:48:48 -0300, "John John (MVP)" <...@nbnot.nb.ca You could try putting a new copy of it in the WINDOWS\System32 folder. I'm not sure when the file was last revised but you should use a copy that is the same version as the one that was deleted, try using a copy from your \WINDOWS\ServicePackFiles\i386 folder, (if you haven't deleted it...) John


	On Fri, 10 Apr 2009 15:56:58 -0700, sean bean <...@wizard.net attempting as i type... -- Heller's Law: The first myth of management is that it exists. Johnson's Corollary: Nobody really knows what is going on anywhere within the organization. * TagZilla 0.066-bw2 * http://tagzilla.mozdev.org


	On Fri, 10 Apr 2009 16:43:23 -0700, sean bean <...@wizard.net i managed to find the copy that i had renamed and moved... named it back... inserted back into original folder... and voila... i'm back online... making backups as soon as my updated avira-antivir makes a very deep system scan sean bean -- stumbling along like a bumbling tumbleweed... * TagZilla 0.066-bw2 * http://tagzilla.mozdev.org


	On Fri, 10 Apr 2009 16:01:01 -0700, sean bean <...@wizard.net nope no csrss to be found there... any in cab files? -- You step in the stream, But the water has moved on. This page is not here. * TagZilla 0.066-bw2 * http://tagzilla.mozdev.org


	On Fri, 10 Apr 2009 23:09:54 -0300, "John John (MVP)" <...@nbnot.nb.ca You can extract it from the XP setup cd or copy it from another installation. John


	On Sat, 11 Apr 2009 08:53:50 -0700, sean bean <...@wizard.net i'm online and actually typing from the laptop in question.... thanks so much for sticking with me... may i ask while we're on this subject... and all of this is way to fresh in my mind... Is there a reputable place to check which services "should be running" in task manager... while i know it depends which sort of programs are installed on my toshiba laptop... there is so much conflicting information out there... again, thanks for leading me down a happy trail... sean -- In order to see the rainbow, you must first endure some rain ** taglines brought to you by tagzilla 0.066 get yours from http://tagzilla.mozdev.org


	On Sat, 11 Apr 2009 15:17:04 -0300, "John John (MVP)" <...@nbnot.nb.ca I'm glad to see that you got things running again. What "should be running" is somewhat subjective, it all depends on what you do with your computer and on what you want running. You might find these to be useful: http://www.blackviper.com/WinXP/servicecfg.htm http://www.theeldergeek.com/services_guide.htm http://www.answersthatwork.com/Tasklist_pages/tasklist.htm http://www.runscanner.net/ http://www.pacs-portal.co.uk/startup_index.htm John


	On Sat, 11 Apr 2009 21:51:03 -0700, sean bean <...@wizard.net yes... subjective... i comprehend... and while i was updating drivers from toshiba today... i suddenly had a new program installed... "Security Task Manager" was a newly installed program in my windows start-up... i didn't install it... no longer have laptop online... so say we all... frakkin damn it all sean -- "It's not that I'm so smart, it's just that I stay with problems longer." ~ Albert Einstein 1879-1955 * TagZilla 0.066-bw2 * http://tagzilla.mozdev.org

Discussion Title: Re: jumping in to old thread... Re: Reset "Windows failed to start..."
Title Keywords: jumping thread... Reset "Windows failed start..."

Omgili Home

Usenet

About

FAQ

Omgili TV Shows

Privacy

International Omgili: חיפוש בפורומים | 掲示板検索