Here's one for the gurus
- Thread starter SirKenin
- Start date
According to this article it's the display drivers that are at fault (http://support.microsoft.com/kb/329293), have you got XP SP1 installed? In safemode it'll load failsafe drivers, not the main ones, hence the low-res.
tlarkin
VIP Member
Is data important?
You can run some things from the command line to help get it fixed, or do an overlay of the OS off an OS disc.
The problem is that it is trying to page something from memory that is corrupted or buggy.
look into the bootcfg /rebuild which will basically rebuild all the necessary files that are required for windows to load.
You can run some things from the command line to help get it fixed, or do an overlay of the OS off an OS disc.
The problem is that it is trying to page something from memory that is corrupted or buggy.
look into the bootcfg /rebuild which will basically rebuild all the necessary files that are required for windows to load.
GameMaster
New Member
Bwah...SirKenin...
If you think it's a virus, post a HIjackThis log. You have the instructions on the sticky topic and on every thread here.
But that doesn't seem as a virus, only you making joke of us.
Anyway. Do as you'd love to
If you think it's a virus, post a HIjackThis log. You have the instructions on the sticky topic and on every thread here.
But that doesn't seem as a virus, only you making joke of us.
Anyway. Do as you'd love to
GameMaster
New Member
RENAME HIJACKTHIS
Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Program Files\HijackThis\HijackThis.exe
Right-click on HijackThis.exe & select Rename to scanner.exe and post back a Hijackthis log.
Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Program Files\HijackThis\HijackThis.exe
Right-click on HijackThis.exe & select Rename to scanner.exe and post back a Hijackthis log.
Wheres the csrss file running from, its suppost to be in the system32 folder. Is it showing it somewhere else.
Last edited:
It was in the system folder.
Ok. I'll fess up... I know what it was, and I fixed it. I wanted to see if anyone here could identify it and effectively resolve it.
What it was was numerous infections (over 1000 in fact) that were anything from spyware to viruses that had attached themselves to lsass and other key windows files, plus loading at a vast array of entry points in the registry (including those lovely back doors that were monitoring for deletions, thus making MSCONFIG useless as well. Renaming the tools had no effect. No program would actually run, including autoruns, Norton removal tool, etc.
What I did was pull the drive out of the laptop, attach it to one of my computers and did a virus scan with Kaspersky. It identified and removed several hundred infections. I then put the drive back in the computer and ran Super Antispyware on it. It removed another 400 infections. Finally I was able to run the Norton Removal tool, get rid of that oh so fabulous Norton and put AVG on it. Combofix got rid of all the temp files and broken registry entries at the end.
2.5 hours, and not 1kb of data lost.
Man, were they ever happy.
Ok. I'll fess up... I know what it was, and I fixed it. I wanted to see if anyone here could identify it and effectively resolve it.
What it was was numerous infections (over 1000 in fact) that were anything from spyware to viruses that had attached themselves to lsass and other key windows files, plus loading at a vast array of entry points in the registry (including those lovely back doors that were monitoring for deletions, thus making MSCONFIG useless as well. Renaming the tools had no effect. No program would actually run, including autoruns, Norton removal tool, etc.
What I did was pull the drive out of the laptop, attach it to one of my computers and did a virus scan with Kaspersky. It identified and removed several hundred infections. I then put the drive back in the computer and ran Super Antispyware on it. It removed another 400 infections. Finally I was able to run the Norton Removal tool, get rid of that oh so fabulous Norton and put AVG on it. Combofix got rid of all the temp files and broken registry entries at the end.
2.5 hours, and not 1kb of data lost.
Man, were they ever happy.
I was going to suggest slaving it to jumper cables to your car battery, but I guess that would work.
Motoxrdude
Active Member
I was wondering why you came to CF for computer help. Seems like any technical problem never gets resolved on here.It was in the system folder.
Ok. I'll fess up... I know what it was, and I fixed it. I wanted to see if anyone here could identify it and effectively resolve it.
What it was was numerous infections (over 1000 in fact) that were anything from spyware to viruses that had attached themselves to lsass and other key windows files, plus loading at a vast array of entry points in the registry (including those lovely back doors that were monitoring for deletions, thus making MSCONFIG useless as well. Renaming the tools had no effect. No program would actually run, including autoruns, Norton removal tool, etc.
What I did was pull the drive out of the laptop, attach it to one of my computers and did a virus scan with Kaspersky. It identified and removed several hundred infections. I then put the drive back in the computer and ran Super Antispyware on it. It removed another 400 infections. Finally I was able to run the Norton Removal tool, get rid of that oh so fabulous Norton and put AVG on it. Combofix got rid of all the temp files and broken registry entries at the end.
2.5 hours, and not 1kb of data lost.
I just noticed I said combofix for the temp files. Umm.. Make that Ccleaner for the temp files... Gah. Car battery isn't a bad idea either.
I just find it interesting how someone was just preaching the virtues of HJT to me this morning, then I'm called on site to deal with this issue the same day. Fascinating.
I just find it interesting how someone was just preaching the virtues of HJT to me this morning, then I'm called on site to deal with this issue the same day. Fascinating.
You get what you pay for I guess.
Actually, I've had one issue that baffled me for days. I posted it on here and nobody was able to help. In the end I figured it out myself. Meh.
It was in the system folder.
Ok. I'll fess up... I know what it was, and I fixed it. I wanted to see if anyone here could identify it and effectively resolve it.
What it was was numerous infections (over 1000 in fact) that were anything from spyware to viruses that had attached themselves to lsass and other key windows files, plus loading at a vast array of entry points in the registry (including those lovely back doors that were monitoring for deletions, thus making MSCONFIG useless as well. Renaming the tools had no effect. No program would actually run, including autoruns, Norton removal tool, etc.
What I did was pull the drive out of the laptop, attach it to one of my computers and did a virus scan with Kaspersky. It identified and removed several hundred infections. I then put the drive back in the computer and ran Super Antispyware on it. It removed another 400 infections. Finally I was able to run the Norton Removal tool, get rid of that oh so fabulous Norton and put AVG on it. Combofix got rid of all the temp files and broken registry entries at the end.
2.5 hours, and not 1kb of data lost.
Not fair-Not fair. Didnt give me enough time to ask more questions. How was I suppost to figure that out with nothing but PAGE_FAULT_IN_NONPAGED_AREA and Task manager shows CSRSS at 90%+,
tlarkin
VIP Member
Not fair-Not fair. Didnt give me enough time to ask more questions. How was I suppost to figure that out with nothing but PAGE_FAULT_IN_NONPAGED_AREA and Task manager shows CSRSS at 90%+,
I agree there was not enough information given about the problem to even deduct what it could possibly be or what the root cause was. The information I gave would have cleaned up all the start up items and allowed a boot into windows, where you could have ran all your removal tools.
Not fair-Not fair. Didnt give me enough time to ask more questions. How was I suppost to figure that out with nothing but PAGE_FAULT_IN_NONPAGED_AREA and Task manager shows CSRSS at 90%+,
The clue was the iexplore entry that kept bouncing around. Every time you moved your mouse over it it would move somewhere else so you couldn't end the task.
Tlarkin's suggestion was really good, and probably would have helped, but due to the nature and number of infections it would have only got me so far, then I still would have had to do a remote scan.
It's was an unbelievably complicated, tangled mess.. and there's no hope in hell that Hijackthis, even if it it would have run (renamed or not), would have even begun to put a dent in it. Too many back doors.
Cleric7x9
Active Member
im not saying you are wrong, because i havent seen the computer, but i think it is far more likely that your hard drive just had some minor corruption that could have been fixed with a checkdisk. its really hard to say, and its definitely possible that there were viruses and such. but hey, what the hell do i know.
Buzz1927
Digaredd
So you post this problem up, with minimal information, then post your solution about 5 hours later, when half the forum have been asleep. Plenty of people here could have fixed the problem, many in less time than you took. As I've said before, there is a big difference in having the comp in front of you and dealing with things over the net.
Uh huh 
It took 2.5 hours because 2 of them were complete disk scans with two independent tools on a laptop drive, which isn't exactly a speed demon to begin with.
I posted the problem after I had already fixed it. The point is that the strategy you yourself even use wouldn't have worked. HJT log.. Fabulous.. If you can get it to load I suppose.
Even using MSCONFIG to disable everything, including services, STILL didn't work.. The reason that I brought that up is because if I used your defacto solution and deleted all the entries, my time would have been wasted because the back doors would have reinstalled all the infections on the next boot.
So, the reason for this was to show that the strategy promoted repeatedly is flawed, as mentioned in the other thread, and to promote the idea of simplicity, efficiency, etc.
Think outside the bun, so to speak.
edit: Case in point. Your "training" in action
It took 2.5 hours because 2 of them were complete disk scans with two independent tools on a laptop drive, which isn't exactly a speed demon to begin with. I posted the problem after I had already fixed it. The point is that the strategy you yourself even use wouldn't have worked. HJT log.. Fabulous.. If you can get it to load I suppose.
Even using MSCONFIG to disable everything, including services, STILL didn't work.. The reason that I brought that up is because if I used your defacto solution and deleted all the entries, my time would have been wasted because the back doors would have reinstalled all the infections on the next boot.
So, the reason for this was to show that the strategy promoted repeatedly is flawed, as mentioned in the other thread, and to promote the idea of simplicity, efficiency, etc.
Think outside the bun, so to speak.
edit: Case in point. Your "training" in action
Last edited: