PDA

View Full Version : OT - Weird Windows 7 problem



SGW
10-10-2011, 06:56 PM
I hope somebody has a clue to this one. My computer with W7 has suddenly started to run only small,older programs. It will run Notepad and calculator and Windows Explorer and many of the system admin programs (hooray!) but it won't run IE, Firefox, Thunderbird, Word, etc. Unfortunately the "etc." includes Zone Alarm, Avast! antivirus, MalwareBytes, and the Windows Firewall.

I used the computer around 8am to check email. When I tried around noon,the problem was there. I don't recall changing anything in between, although I might have. I thought it might be memory, but I ran a memory test and it reported no errors.

I tried Safe Mode, but it didn't help.

Anybody got an idea? I've got the OEM version of W7, which installs only on a clean disk, so I can't just reinstall Windows in place. Rebuilding the disk would be a Major Job I would prefer to avoid.

pgmrdan
10-10-2011, 07:01 PM
Is it only running 32 bit programs and is it the 64 bit version of Windows 7?

Sounds like a virus might have come in on your 8:00am emails.

Evan
10-10-2011, 07:02 PM
More info required.

Is it Win 7 32 bit or 64 bit?

When it fails to run a program what happens? Any messages?

Have you looked in the system error log?

Did you install any software just before the problem showed up?

Is it set to update automatically?

Did you agree to any permission changes or did you change any permissions on the system drive?

Din you change anything to do with users, passwords or logons?

Does anybody else have access to the machine?

SGW
10-10-2011, 08:41 PM
More info required.

Is it Win 7 32 bit or 64 bit? 64-bit Windows Professional. 8GB memory.

When it fails to run a program what happens? Any messages? Nope. Some programs get to the point of displaying the window that asks if you want to allow the program to make changes on the computer before they quit. Others just don't seem to do anything.

Have you looked in the system error log? Is that the event log? If so, yes, but I'm not too sure what I'm looking at. One thing that caught my eye though was that the Windows Update Agent ran at 11:18am. That is followed by a bunch of information messages, then there is an error, Event ID 70009, "A timeout was reached (3000 milliseconds) while waiting for the UMVPFSrv service to connect" followed by another error event, Event ID, 7000 The UMVPSrv service failed to start due to the following error. The service did not respond to the start or control request in a timely fashion."

Things seem to continue downhill from there.

Did you install any software just before the problem showed up? Not immediately before. A couple of days ago I started to install a program I got off C-Net but I cancelled the installation after reading the Terms. The computer continued to work.

Is it set to update automatically? Yes

Did you agree to any permission changes or did you change any permissions on the system drive? Not before it stopped working. Since then I've made C shareable so I can (I hope) do a virus/malware scan from another computer. After the scan I'll make C non-shareable again.

Din you change anything to do with users, passwords or logons? Nope.

Does anybody else have access to the machine? No.


Today 10:01 PM

MrSleepy
10-10-2011, 08:50 PM
That behavior sounds like the Sircam virus

to check/remove it ..

http://support.microsoft.com/kb/311446

"The W32.Sircam.Worm@mm worm virus can cause this issue. The W32/Sircam virus spreads itself through e-mail messages or unprotected network file shares and can reveal or delete information on your computer. To verify that your computer is infected with this kind of virus:
Restart your computer, press F8 at the Windows XP Startup menu, and then select Safe Mode with Command Prompt.
At the command prompt, type regedit, and press ENTER.
If the following registry key is set to C:\recycled\sirc32.exe "%1" %*, your computer is infected with the W32/SirCam worm virus:HKEY_CLASSES_ROOT\exefile\shell\open\command
Note If this registry setting is anything other than "%1" %*
your computer may be infected with a different virus."

Rob

armedandsafe
10-10-2011, 09:20 PM
This is an idea on getting MalWareBytes to run in safe mode.

http://mikescomputerinfo.com/viruses.htm

I also use Malwarebytes for Malware and it is also free and works very good. I actually used it yesterday on a ladies computer that had a scanner that infected her XP. I booted into Safe Mode and downloaded the install file from Malwarebytes.com to a USB drive, then dragged it onto the computers Safe Mode Desktop. Installed it and ran it, it found 499 infected files and registry entries, I ran her Anti-Virus program first Avast and it only found 3 Trojans. When I rebooted to XP I updated Malwarebytes and it found 39 more infected files and registry entries.

I use AVG (free) and MalWareBytes (free) and have had no problems with viri for years. They work very well with each other, whereas some antiviri programs used together can get into pissing matches with each other.

Pops

Evan
10-10-2011, 11:23 PM
Setting C: to shareable won't share all the folders unless you do it as the administrator. Note that even if you have administrator privileges that isn't the same as being logged in on the "administrator" account.

I don't think that the sircam virus can infect Win 7 64. If the file boots to the "do you want to open ...." screen it isn't sircam since it changes the registry entry so you can't open .exe files. If you can open regedit then it definitely isn't sircam.

Try downloading the Microsoft malicious software removal tool and run that. If that finds nothing then open a command prompt using "Run as administrator" and at the promp type sfc /scannow.

That will check for corrupted or changed system files.

winchman
10-11-2011, 04:07 AM
How's he going to download the malicious software removal tool if he can't use IE or FF? Is it possible to put the MSRT on a thumb drive from another computer, and use the thumb drive to install it on his?

I thought the MSRT came through automatic updates, so wouldn't he already have it? I usually see it on the list of updates being installed.

Evan
10-11-2011, 07:10 AM
You can download it through Windows Update.

pgp001
10-11-2011, 09:02 AM
A friend of mine has just let windows update run, since then it all went wrong and no matter what he tried he could not resolve it.

He finally had to wipe the disc and re-install a clean copy of windows 7 before he could get it working again.

Phil

SGW
10-11-2011, 09:19 AM
@ppp001: Yeah, I am beginning to suspect that the last Window Update screwed it up.

I downloaded the MSRT on another computer and moved it over. Unfortunately for data collection, I ran Evan's second suggestion (sfc /scannow) before the MSRT was anywhere near finished, so it fixed everything before the MSRT could find anything and report what it was.

I checked the sfc log, which could be used for wallpaper and is largely unintelligible (to me, at least). It did report errors, all of which were about

2011-10-01 03:44:05, Error CBS Failed to shred identity: Microsoft-Windows-InternetExplorer-LanguagePack

[HRESULT = 0x80070057 - E_INVALIDARG]

sfc seems to have repaired a LOT of files (does it always just go ahead and do the entire O/S, Evan?). Bottom line is, though, is that I'm up and running.

I sure do appreciate the help.

2

Evan
10-11-2011, 02:30 PM
Last week I had a problem that may have been related to Windows update. I can't be certain since I had been fiddling with permission levels just prior. The main symptom was that Windows Explorer (Not IE) would crash immediately when I tried to check properties of drive C. I keep frequent backups since it only takes a few minutes to back up the Solid State Drive so I restored from backup instead of doing a lot of troubleshooting. I have set Windows Update to "Notify Only" while I keep an eye out for reports of a problem with an update.

I am also running Win 7-64

If you run SFC without parameters it only checks the system without making changes.

SGW
10-11-2011, 06:07 PM
I haven't seen any notices of a problem with the last update, but perhaps Microsoft doesn't move that fast.

I've looked at my update history and there is no report of a Windows Update being done immediately before my system went kaflooey. There did seem to be indications of some sort of update event at that time in the Event Log, but I don't know for what.

So...maybe my theory that Microsoft shot themselves in the foot is erroneous, but I still don't rule out the possibility.