Results 1 to 10 of 44

Thread: "Bad Image"&"Unexpected Error" Messages,

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Member northernunicorn's Avatar
    Join Date
    Feb 2006
    Location
    Northeastern Ont Canada
    Posts
    56

    Post "Bad Image"&"Unexpected Error" Messages,

    Hi:
    Im not sure if this is the forum I should be writing to for help, but I need to start somewhere . Im sure that some "bug" or "parasite" has done something but I dont want to do a reformat unless I absolutely have to.

    SITUATION/PROBLEM:
    1. Infected with Application.Adware.NewDotNet.Dropper according to [Bit Defender Virus scan].

    2. "Bad Image", & "Unexpected Error" messages come up for various programs/applications-see below for list & particulars.

    3. Cant access System Restore, Task Manager, or HiJack This.

    HISTORY:
    Starting on late evening Jan30/06, a message box showed up in the lower right side of task bar saying a chkdsk needed to be done. The message mentioned something about ICQ (ICQ is on the computer but hasnt been accessed in a few months).
    I was told about the message 1&1/2 hours after it appeared; I clicked the 2 boxes in the chkdsk window from "tools", & restarted the computer so the chkdsk could run.
    As soon as the chkdsk started, in the first section, all of a sudden there were "tons" of files scrolling down as if being added or accesssed. The chkdsk continued & finished.
    NOTE:I'm never quick enough to read the report so I didnt see what it said. (Also, I dont even know how to access the report after the chkdsk is done).
    When I opened up my user account, I noticed that the AVG icon on taskbar was grey. I clicked on it to update and a message said "no new updates".
    When I clicked the desktop AVG icon , I received a message (see message 1).
    I was able to open the AVG Control Center-Database said it hadnt been updated since Dec.17 2005(or approx.). However I KNOW I received an update just a few days before(I check daily for updates).
    Antivirus AVG is now up to date(I was able to get the Jan31/2006 update late evening that night).
    At first I kept receiving the "Bad Image" message for AVG desktop icon, but once the Jan31 update was on the computer, I dont get that message for AVG anymore.
    I continue to receive the "Bad Image" message for various other applications/programs.

    Windows Version: Windows XP SP2 Home Edition- 2 user Accounts set up (mine password controlled)

    Firewall: WindowsXP SP2 default firewall

    Anti virus program: AVG Free 7.1.375 database 267.15.0 249 02/02/2006-set to auto update daily but I check manually as well to make sure-auto scan daily.

    Other Protection Software:
    Spybot Search & Destroy1.4 detection date 2006-01-27 Default Mode-manual check daily for updates-scan daily

    Spyware Blaster-manual daily check for updates(BEFORE when I could access the program)

    Lavasoft Ad-Aware SE Personal Edition(downloaded Feb2/06(after the troubles happened-manual check daily for updates-scan daily-NO "Bad Image" or "Unexpected Error" message received-works great!!!

    Content Advisor Program activated & password controlled by me(I have 2 late teen boys)

    NOTE: Used to have Spyware Guard-deleted June2005 but I think restricted sites are still active on list.

    Exact error message 1: "The application or DLL C:/Windows/system32/.......is not a valid Windows image. Please check your installation disk." (not sure what that is-installation disk cause computer came new with pre-programmed operating system).

    Exact error message 2: "Unexpected Error".(for Spyware Blaster & HijackThis ONLY)

    Programs/applications affected (ones that Ive noticed so far):

    taskmgr.exe (see message1)...VDMDBG.dll . Task manager WONT load from right click on taskbar OR from CTRL ALT DEL keys.

    spybotSD.exe (see message1) ...Srclient.dll Program DOES load, scan & update.

    spywareblaster.exe see message 2)( Program tries to load page but then message appears.

    rundll.exe(see message 1)

    msnmgr.exe (see message1) ....msdmo.dll

    HijackThis

    System Restore (see message1) ...rstrui.exe
    I cant access system restore to turn it off OR to go back to a restore point. The window loads for me to choose a previous point or to create a new one; however, the "Bad Image" message comes up when I choose "previous restore point". It appears that I may be able to create a NEW restore point though.



    WHAT IVE DONE SO FAR:

    1. "How to clean an infected computer" (AVG Free forum instructions) -followed all instructions-thats when I discovered that System Restore couldnt be accessed.

    2. Ran Disk Cleanup utility [Cleanup]-program used 2X monthly
    on my computer since May2005 when "little eagle"-Spybot Moderator instructed me to download & use it.

    3. AVG Complete Scan (Normal & Safe modes)-NO VIRUSES

    4. Spybot S&D scan (Normal & Safe modes)-up to date definitions-NO PROBLEMS

    5. Ad-Aware scan-NO PROBLEMS

    6. Defrag

    7. Chkdsk -including fix & repair (Normal & Safe modes)

    8. Feb 2/06 Posted for help on Antivirus free forum[http://forum.grisoft.cz/freeforum]

    9. Directed from there to [aumha.org] to "The Parasite Fight" pages for info & a copy of Hijack his(I got it here instead)& told by moderator to go with info/situation to Spyware site where I trust the people.

    10. Today Read at Spybot "Before you post a log", followed instructions, did scan at [Bit Defender Virus Scan] site, Spybot scan & downloaded HJT files into [C:Antispyware2006] folder(there is a previous "Antispyware" folder from when I got help here in May2005-didnt know if I was supposed to erase it.).

    11. Attempted to use HJT to scan but got "Unexpected Error" message.

    :o I sure hope that you can help me or direct me to where I can get help.
    I also hope I didnt give TOO much info BUT that I gave enough.

    Thank you from Dorothy-Im still hopeful that this situation can be fixed

  2. #2
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    hi

    can you install new programs ?

    i'd like you to do the following:


    Please download ewido anti malware it is a free version of the program.
    1. Install ewido security suite
    2. When installing, under "Additional Options" uncheck..
      • Install background guard
      • Install scan via context menu
    3. Launch ewido, there should be an icon on your desktop, double-click it.
    4. The program will now open to the main screen.
    5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    6. You will need to update ewido to the latest definition files.
      • On the left hand side of the main screen click update.
      • Then click on Start Update.
    7. The update will start and a progress bar will show the updates being installed.
      (the status bar at the bottom will display ("Update successful")
    If you are having problems with the updater, you can use this link to manually update ewido.
    ewido manual updates

    Once the updates are installed do the following:

    reboot your computer in SafeMode by doing the following:
    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.


    then launch ewido:
    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • You will be prompted to clean the first infection.
    • Select "Perform action on all infections", then proceed.
    • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report.
    • Save the report .txt file to your desktop or a location where you can find it easily.

    Close ewido security suite.

    reboot back to normal mode, post the ewido report here

    i'd really need to see the full contents of the error messages, especially if ther is a mention of a missing file.. could you try to write them ?
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!

  3. #3
    Member northernunicorn's Avatar
    Join Date
    Feb 2006
    Location
    Northeastern Ont Canada
    Posts
    56

    Default "Bad Image" & "Unexpected Error" messages

    Hi "illukka":

    Thank you for your reply and request. Yes...I can download new programs.

    Sorry I took so long to get back to you.I had to go out of town for a few days. I will do as you requested and get back to you as soon as I've finished.

    Thanks again. from Dorothy

  4. #4
    Member northernunicorn's Avatar
    Join Date
    Feb 2006
    Location
    Northeastern Ont Canada
    Posts
    56

    Default "Bad Image" & "Unexpected Error" messages

    Hi illukka:


    Here are the "ewido anti malware reports that you requested.

    I had to use the "manual updates" link.

    There were 2 choices of update databases that seemed to be both the same size, (didnt know which to choose),so I installed the "most recent database" choice first ,rebooted into Safe Mode, chose "Complete System Scan".
    A message came up that said "Remove"(I had no choice of "Clean") so I clicked it, saved the first scan in "My Documents".

    I then went back to the manual updates link, installed the full update database, rebooted to safe mode, chose Complete Computer Scan-, and saved that report as well (2nd report).

    ewido first report

    --------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 2:17:33 AM, 12/02/2006
    + Report-Checksum: 42C5A90A

    + Scan result:

    C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup


    ::Report End

    ewido 2nd report
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 3:41:52 AM, 12/02/2006
    + Report-Checksum: 71C78A61

    + Scan result:

    C:\System Volume Information\_restore{4FB30166-1CDF-4883-93F0-E2BED21D25AA}\RP154\A0057426.ocx -> Adware.Coupons : Cleaned with backup


    ::Report End

    Question:

    Should I do another scan? It seems that there were 2 different things found.

    Error Messages

    I will write out the error messages just as they appear so you can see the file names. I'll be back to post them in another reply.

    Thanks for your help. Please let me know what else I should do...another ewido scan, etc.

    from Dorothy...still hopeful

  5. #5
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    hi

    actually its the same detection, first its found in the filesystem> cleaned. then the second scan finds it in system restore

    no malware, at least visible malware there

    lets still check some more:
    Download and Save Blacklight to your desktop:

    Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

    You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

    Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!

  6. #6
    Member northernunicorn's Avatar
    Join Date
    Feb 2006
    Location
    Northeastern Ont Canada
    Posts
    56

    Default "Bad Image" & "Unexpected Error" Messages

    Hi:

    I downloaded & saved Blacklight as you requested.
    I didnt see "scan through Windows Explorer";
    I only saw a "box" for hidden processes,( was it supposed to scan more???)so I clicked scan, then next.

    The results were no hidden processes.

    Here is copy of the log that was on my desktop.

    Log fsbl-2--6-215190329

    02/15/06 14:03:29 [Info]: BlackLight Engine 1.0.30 initialized
    02/15/06 14:03:29 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    02/15/06 14:03:29 [Note]: 7019 4
    02/15/06 14:03:29 [Note]: 7005 0
    02/15/06 14:04:02 [Note]: 7006 0
    02/15/06 14:04:02 [Note]: 7011 472
    02/15/06 14:04:03 [Note]: FSRAW library version 1.7.1014
    02/15/06 14:05:41 [Note]: 7006 0
    02/15/06 14:05:41 [Note]: 7011 472
    02/15/06 14:05:41 [Note]: FSRAW library version 1.7.1014
    02/15/06 14:07:13 [Note]: 7007 0


    I hope this is okay & what you were looking for. Pls let me know.
    Im going to post the "Unexpected Error " essages & "Bad Image" message in a separate reply, just to keep things organized.

    Thanks...looking forward to hearing from you.
    from Dorothy

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •