Unsolved
This post is more than 5 years old
2 Posts
0
974
Cannot boot to disk: Trojan 'svshost.dll' I could not quarantine
My Dell Latitude D520 running Windows XP Home SP2 caught a bug I could not quarantine with Trend Micro. I eventually moved the file 'svshost.dll' to Trend Micro's Program file\Quarantine but the situation deteriorated. I tried to upgrade to the 2010 version of Trend Micro but the system crashed in the process. The blue screen that came up said, "A problem has been detected and windows has been shut down to prevent damage to your computer.
DRIVER_IRQL_NOT_LESS_OR_EQUAL
If this is the first time you've seen this stop error screen...
Technical information:
***STOP: 0x000000D1 (0x0000000C, 0x000000FF, 0x00000000, 0xA815379b)
***hiber_atapi.sys - Adress A815379B base at A813D000, DateStamp 4802539d
I restarted the computer in Safe Mode and tried to uninstall IE8 because I was seeing some error messages that looked like it might be infected. When I tried to install IE7 from my USB flash drive, the system locked up. Small 'ERROR' boxes popped up reading, "BackConnectManagerThread" and "http://google-analisys.com:9090". Also a DOS C:\prompt type box appeared labelled C:\Program Files\Apoint\Apntex.exe. I downloaded MS Malicious Software Removal Tool to my flash drive and ran that on my laptop. It removed one file and partially removed another but on system restart, a program called XP Defender opened and appeared to be finding 25 viruses and offering to sell protection. I did not follow the link. Closing the program left a bare desktop with a "Personalized Settings" dialogue box in the upper left corner that read, "Setting up personalized settings for: IE7 Install Stub". The hard drive activity indicator flickered rapidly but no progress was made.
Currently I cannot boot to disk and the stop message reads:
Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.
Technical information:
***STOP: 0x0000007b (0xF7AEA524, 0xC0000034, 0x00000000, 0x00000000)
Using F8, F2 or F12 on restart offers only choices of:
Safe Mode, Safe Mode with Networking, Safe Mode with Command Prompt, Last Known Good Configuration, or Start Windows Normally. The selection of any of those choices results in the above Stop Error message.
Help?
Bugbatter
3 Apprentice
3 Apprentice
•
20.5K Posts
0
March 20th, 2010 07:00
Hi kbuterb,
If Trend Micro alerted you to svshost.dll, you have a Backdoor Trojan. It opens a random port where a remote malicious attacker can use to connect to the infected machine and execute malicious routines. Thus, system security is compromised.
http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_SMALL.EDI&VSect=P
In addition you have rogueware on there and possibly other infections. Upgrading the IE browser on an infected computer is never a good idea, and made the situation worse.
I would suggest a reformat/reinstall of the operating system. Here is some info on Backdoor Trojans:http://www.geekstogo.com/2007/10/03/what-is-a-backdoor-trojan/
Sorry that I do not have better news for you.
kbuterb
2 Posts
0
March 20th, 2010 15:00
I had hoped for some info on how to format and reinstall the operating system. I had contacted a hardware tech through dell support who directed me to instructions for the operation at: http://support.dell.com/support/topics/global.aspx/support/dsn/en/document?c=us&dl=false&l=en&s=gen&docid=D68EC8310D13. However when I got there and began the process by inserting the disk and restarting the computer, I found that I am not even able to boot from the reinstallation CD.
Do you think there's any way I can get started, or should I get professional help?
Thanks, I appreciate your help.
Bugbatter
3 Apprentice
3 Apprentice
•
20.5K Posts
0
March 20th, 2010 16:00
This is the link I use in case it is possible to use the alternative PC Restore to return to factory settings: http://support.dell.com/support/topics/global.aspx/support/dsn/en/document?c=us&docid=58E26A65A4388E4FE040AE0AB7E107E3&l=en&s=gen
Yes.